Your family, home and small business need a cyber-resilience strategy, too!

Cybersecurity Awareness Month (CSAM) is upon us again. Much like European Cyber Security Month (ECSM), this important initiative is focused on raising awareness of the risks associated with the digital world we live in, and, hopefully, initiate changes in behavior.

CSAM’s theme for 2023 is very close to the message of last year’s edition of the campaign – strong and unique passwords, enabling two-factor authentication (2FA) and the need to be on the watch for phishing attacks. The fourth pilar for 2023 is to update the software on devices to ensure the latest security patches are stopping cybercriminals from exploiting known vulnerabilities.

These four pillars remain a constant message that cybersecurity folks drive home continually through the year, not just during CSAM. Assuming that as you are reading this, then you are likely to already know and appreciate the messages mentioned above and in the 2023 campaign. In addition, I suggest adopting another pillar, and giving it a very specific focus.

By failing to prepare, you are preparing to fail

Cybersecurity professionals are often heard saying ‘it’s not if you get hacked, it’s when’. This fait accompli is an acceptance that you need to prepare for the worst as an incident will happen at some stage and your preparedness has the potential to minimize the impact of the incident.

Whether you’re part of a small business, an individual or a family, there are some basic preparatory steps that can be taken:

• Back up data regularly: Emphasize the importance of regular data backups to prevent data loss in case of attacks or hardware failures. If possible, use both local and cloud-based backups for redundancy and test those backups regularly.

• Educate colleagues and family members: Make them aware of the latest threats, even if this is as simple as mentioning a well-crafted phishing email you spotted this week. And ensure they know how to respond to an incident.

• Define an incident response plan: The plan should outline how to respond to a cybersecurity incident, whom to contact, and the steps needed to mitigate and recover from an attack. Even if this is as simple as ‘call a parent or the family’s go-to tech person’.

• Stay informed: Check the cybersecurity news category in news apps at least once per week. If there is one takeaway, it should be knowing when devices need patching. The cybersecurity industry frequently posts content when there is an urgent need to update software.

• Discuss suspicious activity: Encourage everyone to discuss suspicious activity or security incidents. The UK has a sign on the London underground that states ‘See it, Say It, Sorted’ – adopting this in the family unit or a small business stops an incident being hidden until it has escalated beyond being a minor issue.

• Leave no device behind: larger businesses typically catalogue their assets and manage them on an ongoing basis. Understanding where all the devices are at home or in your business will help you keep them up to date.

• Monitor accounts and access on a frequent basis, any connection from a device using a service you subscribe too should be investigated – it could mean your password and personal details have been breached.

• Have contact details to hand (physically) for all financial accounts, phone carriers, the internet service provider and such like. If an incident occurs, you may need to contact some of these companies to have cards blocked, SIM cards disabled, or any other mitigating activity to stop further abuse.

Large companies have well-defined cyber-resilience plans and incident policies in order to minimize disruption and loss of business and reputation. It’s just as important at home and in small businesses; if you can minimize the impact, the stress levels will be kept in check.