Ahh, the month of October. A time when the leaves change color, the air turns crisp, and we all start drinking pumpkin spice lattes. But those aren't the only reasons why I love October. In 2004, the U.S. Government declared October "Cybersecurity Awareness Month," in order to raise awareness about security in our digital age.
To celebrate Cyber Security Awareness month, I turned to a few of our wonderful customers and asked them: If you could share one cybersecurity tip or best practice, what would it be?
Here are the tips they shared:
“Make sure to enable multi-factor authentication (password + something you have/are, etc) to add an extra layer of security that protects accounts in case of password compromise.”
- Blake Hoge, Senior Risk and Compliance Engineer at Instacart
This applies to all of us both professionally and personally. Enabling MFA across all accounts will minimize the attack surface.
“Enforcing SAML authentication via your IdP such as Okta for as many of your SaaS apps will not only keep you secure, but make auditing user access that much easier.”
- Matt Roeckel, Director of IT and Information Security at Split
From a business perspective, Matt makes an excellent point. Here at SafeBase, we’ve implemented Okta a few months ago and it’s been life-changing.
“My first rule about recognizing social engineering attempts is to remember that things are not always what they seem. This is the first rule of investigation as well. Approach every unexpected message with a healthy level of skepticism. Trust but verify. This means validating an email sender and any links or attachments before acting. To do this well, slow down your reactions and try to control your involuntary click reflex.”
- Susie Bernard, Security Compliance Manager at Abnormal Security
Susie is right. Things are certainly not what they seem. We live in such a fast paced world. Our instincts and reflexes are quick. But if we stop and think for just an extra second, we can reduce the chances of falling prey to a phishing attack.
“Download an app like Authy or Google Authenticator and enable MFA on every account you can.”
- Chris Castaldo, CISO at Crossbeam
We use apps like these at SafeBase, and for our personal accounts as well. It's an easy way to add an additional layer of security.
After catching up with our customers, I also have a piece of advice that I’d like to share: Make cybersecurity an ongoing conversation. Not once a year during the month of October, or on a quarterly basis when a phishing campaign is released. Keep the discussion going! It’s up to professionals in the industry to educate those around us because a technology-centric approach to security is simply not enough. People can be your weakest link or your strongest asset of defense. So spread the word!