The cybersecurity month has arrived! This is where campaigns such as European Cyber Security Month (ECSM) and National Cyber Security Awareness Month (NCSAM) in the United States come into play. It's been a special year for IT departments all over the world, due to the COVID-19 health crisis and the sudden shift to enable work from home for millions of employees. So now is a good moment to take another hard look at the cybersecurity measures that were put into place to enable this transition, and where we can do better.
The NCSAM theme for 2020 is: "Do Your Part. #BeCyberSmart." This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
NCSAM emphasizes "If You Connect It, Protect It." to emphasizes the potential vulnerability of all Internet-connected devices. This year has seen major disruptions in the way we work, learn, and socialize, driving many of these activities online. With our homes, schools, and business more connected than ever making the need to "Protect It" more important than ever. More information on the NCSAM activities can be found here.
Aligned with this campaign is the European Cyber Security Month (ECSM), the EU's annual Cyber Security awareness campaign that takes place each October across Europe. 'Think Before U Click' is the official motto of ECSM 2020. The EU Agency for Cybersecurity and its partners will be publishing reports, organising events and activities such as trainings, strategy summits, presentations and more. The aim is to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organizations; and provide resources to protect themselves online, through education and sharing of good practices. You can find more information on the ECSM program here.
All these cybersecurity initiatives carry out the common overarching message that "cybersecurity is a shared responsibility". After all, we all have a role to play when it comes to responding to the growing threat of cyber threats and staying ahead of cybercriminals.
A Critical First Step in Cybersecurity
At Lansweeper, cybersecurity is one of our cornerstone use cases. Why? The first step in protecting anything is knowing that an asset exists. It sounds so simple, but a solid cybersecurity program requires reliable inventory and discovery as its foundation.
The discovery of hard- and software data plays a critical role in maintaining an up-to-date synopsis of your entire IT estate to protect yourself against cybersecurity attacks. Leveraging that collected network data is a fundamental starting point for implementing security measures across your organization. So this campaign is a big deal for us to put the spotlight on cybersecurity awareness.
Leverage These 5 Useful Cybersecurity Resources
Once you've established your asset inventory baseline, you can start to dig deeper. We've listed 4 resources below which you can leverage throughout cybersecurity awareness month and beyond.
1. Vulnerability Updates
Lansweeper holds more than 450 built-in network reports in the report library, but ad-hoc vulnerabilities mostly require a custom Vulnerability Report to assess if you're vulnerable and need to update. We regularly create custom hardware and software reports to address known security issues. For instance, we created a report that checks if your network is still vulnerable to the Top 8 Most Exploited Vulnerabilities, and more recently we released a special report that discovers devices vulnerable to the Windows Zerologon Flaw vulnerability.
Receive the Latest Vulnerability Reports for FREE
2. CIS 20 Critical Security Controls®
You can't protect what you don't know exists. The top 6 CIS Critical Security Controls® of the Center for Internet Security® highlights how crucial it is to know what devices you have and which software is running on them. A well-maintained Asset Inventory Database is key in building a more comprehensive security program based on the CIS Security Controls. Learn how you can leverage your asset inventory database to tackle the first 6 critical CIS controls.
3. Patch Tuesday Audit Reports
Every second Tuesday of the month, Microsoft releases a scheduled security fix, also known as 'Patch Tuesday'. Every month, we create a Patch Tuesday Audit Report which checks if the assets in your network are on the latest Windows Patch Tuesday update. It gives you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched.
4. End of Life Audits
Every Windows product has a lifecycle, and the product lifecycle ends when it's no longer supported. The biggest risk of running End-of-Support software is flawed security. Your computer literally becomes a gateway for malware. Since the manufacturer no longer provides security updates, any vulnerabilities found by hackers can be exploited over and over again. Additional issues of running EOL software include compliance & audit issues, poor reliability & performance, higher operating costs, and software incompatibilities.
We regularly create EOL Audit Reports so you prepare your network for the upcoming End of Life software. Windows 7 has already reached End of Life (EOL) on 14 January 2020, but a large number of corporate workstations are still running the nine-year-old system...
5. Remote IT Asset Management During the Covid-19 Crisis
The global Covid-19 health crisis has affected all of us. One of the impacts we see with most of our customers is a very sudden shift to remote work, regardless of the organizational and infrastructural readiness. We realize this is imposing significant pressure on IT departments around the globe, and we want to offer some guidance and resources to help you manage this forced and rapid change successfully. Read our dedicated blogs on this topic to help you get started:
- Remote IT Asset Management During the Covid-19 Crisis
- Surprise: Cybercrime Doesn't Do Social Distancing
- Working from Home: Tips to Secure Your Remote Workforce.
And of course, in this world of IoT and connected smart devices, don't forget: cybersecurity threats can come from anywhere. Even from coffee machines.