In this cyBARR Chat, Senior Consultant Zack Wash describes best practices for a digital spring cleaning.
[00:00:00] Claire McKenna: Hello everyone. And welcome to today’s episode of cyBARR Chats. Today will be joined by senior consultant, Zack Wash, to discuss how to do a digital spring cleaning, improving your cybersecurity posture online. According to PON Institute state of cybersecurity report, 66% of small to medium size businesses have experienced some form of a cyber attack in the past year.
And on the individual level, the rate of cybercrime has been steadily increasing too. So with that in mind, let’s learn what we can do about it. Zack, why is it important to continuously stay on top of your security practices?
[00:00:39] Zack Wash: Well, first off millions of people in organizations are unaware of how their data’s used online every day. Security isn’t something that you can just do one time and forget about it. It’s a continual process. Um, over time, threat actors and risk have grown and evolved and we’ll continue to do so. So, uh, cybersecurity posture has to grow and evolve to match that increase in. Threat landscape while the practices, uh, we discuss may be enough to keep you secure. You gotta be prepared to implement new practices, like as they emerge.
[00:01:10] Claire McKenna: Yeah, that’s a great point. So for a lot of people that don’t work in the cybersecurity industry, threats like hacking malware, ransomware might seem distant and complex something that they read about in the news, but never really expect to experience themselves. Why do you think everyone needs to take cybersecurity seriously?
[00:01:31] Zack Wash: Well here at BARR, we say that cyber security matters, cuz it’s all about the people. Every time we read about a hacking or cyber security threat in the news, it’s typically full of big numbers, numbers of accounts, hacked or credentials stolen.
So it’s important to remember that behind every piece of data is a real person who’s less secure because of that breach, whether personal information, credit card data. Or their credentials were compromised. That that person is less secure. When you realize what the threat actors can do with the information. That’s why it’s important. We educate and empower people to take control of their online security or online security without using fear tactics.
[00:02:05] Claire McKenna: That’s a great point, especially about not using fear tactics. That’s such a big problem in our industry. So for those individuals, what are some immediate actions that they could take today to protect themselves online?
[00:02:18] Zack Wash: Well, some basic action someone can take or first off awareness, as simple as it sounds. It’s simply being cognizant while being online can make a difference. Are you using public wifi? Maybe you don’t enter your banking details while at the local copy shop. Does your website, does the website you’re talking about enter your credit card information on the secure icon at the top, beginning with that, with the HTTPS rather than just HTTP, these are important.
Things to check that you could be aware whether or not your connection is encrypted, uh, then implement multifactor authentication on your accounts. Uh, otherwise known as MFA. A lot of people talk of that, uh, use a password manager to store your credentials make sure your device and software is up to date regularly. And then, uh, always check the privacy settings on social media.
[00:03:11] Claire McKenna: Awesome. Those are really good ones for everyone to be aware of. And so on the organizational level, what are some immediate actions that organizations can take to improve their security posture online?
[00:03:21] Zack Wash: Well, there are plenty of long and complex guides on everything an organization can and should do to improve their cybersecurity posture. I can simplify the basics and the six steps to improve your cyber hygiene in short term, uh, establish and communicate your cybersecurity standards, uh, as basically as it sounds, all security should start with good governance regardless of the size of your organization. Uh, it’s sensible and accessible security policies and procedures in place is a great first step to strengthen your cybersecurity overall.
Then define accountability within your organization. Cybersecurity starts with culture. It’s important for one person to own cybersecurity, whether it’s the chief security officer at the enterprise level organization or virtual CSO security partner for your startup. Uh, back to MFA. It seems like we hear about that all day, but it’s proven over and over again, to be, uh, effective, protecting your credentials.
Keep your systems patched and up to date, almost all software has vulnerabilities at some point that are looking to be exploited. Uh, so automate patching and upgrades on software and apps can say up to. Uh, schedule regular penetration tests or vulner vulnerability assessments. Uh, this kind of testing is really about information sharing you, gain visibility in your network and can communicate between security and development teams and on any issues that arise.
And then lastly, encryption, this is one of the simplest and cheapest security practices and encrypting your data can render it unreadable to threat actors who break through your security in today’s world. There’s no excuse for leaving it out. Work. Leaving it out of workflows.
[00:05:00] Claire McKenna: Awesome. That’s really great information for all organizations of every size. So really appreciate that answer. One last question for you. So now that we’ve discussed some action items for both individuals and organizations, what are the immediate benefits that these organizations and people could see after implementing these practices?
[00:05:20] Zack Wash: Well, outside of the obvious benefit, being more secure, the first benefit that comes to mind is peace of mind, uh, with how much you hear about cyber threats in the news, knowing that you’ve taken a few immediate steps to be more secure, should, should provide some peace of mind, especially for individuals for organizations consider how these actions can prevent a breach that could cause significant financial reputational damage.
Staying on top of your security posture means, uh, protecting both yourself and your customers.
[00:05:50] Claire McKenna: Awesome. Well, that was my last question for you today, Zack. So thank you so much for all of the valuable information on how to do a digital spring cleaning and stay on top of our security postures. I know I will be double-checking that I have MFA enabled and I’m updating all of my devices. So I hope our listeners do the same.
And thank you everyone for tuning in to today’s episode of cyBARR Chats, and we look forward to seeing everyone next time. Thanks Zack.