October is Cyber Security Month
Let’s face it, in a world in which major cyber security breaches seem to happen on a regular basis, every month should be cyber security month. However, October has been officially designated Cyber Security Month, so let’s celebrate!
With more personal information being made accessible online, maintaining the security of your cyber operations is critical for all organizations. Fortunately, there are some essential things you can do right now to help maintain a safe environment.
We recently teamed with Sera-Brynn, a leading cyber security firm, to perform cyber security audits on a pilot group of parishes, schools, and institutions. The Sera-Brynn team identified the following as the top security challenges among our locations.
1. Install security updates as early and as often as possible
Turn on automatic updates for your operating system. In recent assessments, it was determined that third party patching and updating of Abode products and other ancillary software is not being routinely performed. Software patching means applying available updates for operating systems and applications such as browsers, plugins, desktop apps, etc. The lack of patch management opens significant vulnerabilities to all computers.
2. Use strong and complex passwords, and change them often
Never ever re-use passwords on other sites or accounts. Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or “crack” passwords. But if you choose good passwords and keep them confidential, you can make it more difficult for an unauthorized person to access your information. Our audits showed that many computers do not have simple security measures in place, such as login account passwords. This is the very minimum that every location should be doing. For more on passwords, go to the US-CERT website.
3. Update or disable old and outdated computers/servers
Our audit discovered that multiple locations are still utilizing Operating Systems that are “end of life,” such as Windows XP, Server 2003 and Server 2000. These unsupported operating systems represent significant risk as Microsoft is no longer developing and providing security patches and updates for them.
4. Allocate the necessary resources
Each location assessed initially justified their cyber risks due to lack of appropriate budgetary funding. However, during site visit debriefs, the cyber security engineer provided education related to the criticality of the risks uncovered and the potential impacts if not addressed. Many sites during debrief re-appropriated their budgets to resolve immediate critical weaknesses. These are examples where simple awareness of the severity of the threat can influence internal resource allocation to improve cyber security.