Read on Twitter
Day 1: Complex password don’t always mean more secure. A longer difficult to guess password is much better. Use phrases, and mix it up a bit for an even stronger password, For example “bumbling phrase”could become “buMbl1ng&pHrase”. #CybersecurityAwarenessMonth
Day 2: Use MFA where ever possible, even if SMS/Text MFA if no other options are available. It helps protect against attacks such as brute force and credential stuffing. #CybersecurityAwarenessMonth
Day 3: Update, update, update. Security updates are really important, they are there for a reason. So update as soon as you possibly and feasibly can. #CybersecurityAwarenessMonth
Day 4: Encrypt all things! As data starts to reside more and more outside of your network, encrypting data becomes more and more important. In many cases it also helps prevent tampering. #CybersecurityAwarenessMonth
Day 5: Often good enough is all that is needed. You don’t always need the latest and greatest. You just need something which will thwart off the threat actors.
Day 6: Use a password manager. They are great! As you find yourself using more and more services, you will have more and more accounts. Having a password manager allows a unique strong password for each account. Also online managers allow syncing between devices.
Day 7: User MFA wherever possible. It’s not a magical bullet but it does add another layer of protection, often which is enough to frustrate an attacker so they go else where.
Day 8: Use a VPN (or VPN service which you can trust) when using a public network such as wireless hotspot at a coffee shop. Not all connections will be encrypted.
Day 9: Use a OTP app such as Authy to generate your OTP passwords. TOTP is a protocol so it will work with any system which uses TOTP for MFA. The benefit it you can have the app backup your tokens so you can restore them if you ever replace your device.
Day 10: Backups are important. Things fail from time to time or you find yourself an unfortunate victim to something like ransomware. Make sure at least 1 set of backups are stored off site off your network.
Day 11: With working from home becoming a bigger thing, look to create network segmentation if you can. This could even be buying a cheap router to create an isolated work network. It helps both you as well as your employer.
Day 12: Don’t roll your own crypto. Cryptography is pretty tricky, and very easy to get wrong. Use a well established library for crypto. It’ll likely be well tested and vetted already.
Day 13: In much the same way as “don’t click that link”, “don’t install that app” if you don’t know the developer of the app too well. Do a bit of research on the developer if you still feel the need to install the app (such as user reviews). Also review the permissions required.
Day 14: Security is primarily about managing risk. Don’t attempt to solve everything. Make sure that you prioritise and address the higher priorities first, working your way down the list of priorities.
Day 15: Many IoT devices have questionable security at best. So in similar vain to segmenting your network for work related devices, do something similar for your IoT devices. That way a rogue device should have limited to access to more sensitive data on your network.
Day 16: Invest in a shredder. They aren’t too expensive and far cheaper than having someone steal your identity. Much like your online identity, you don’t want to expose your details on physical pieces of paper.
Day 17: Security is everyone’s responsibility. It often can take a slight slip up from anyone to allow an attack inside a network or to be able to spread their malware. Which is why education and awareness are so important.
Day 18: Let’s Encrypt certs FTW!!! Firstly that are free. Secondly they are requested and delivered by the ACME protocol, which means the entire lifecycle of the certificate is automated. Using something such as certbot means potentially never having to worry about expired certs.
Day 19: Asset management is a vital part of any organisation’s security. You can’t protect what you don’t know about. Many organisations have been hit by that 1 box which no one knew even existed.
Day 20: Microsoft Defender is completely free and competes extremely well, and in some cases even better, than some of the paid for AntiVirus products. Security doesn’t always have a cost associate with it.
Day 21: Lie! Well lie where you can, when filling in personal details on accounts where you are not legally obligated to file in your correct details (such as social media accounts). If a breach happens, the attackers then don’t get your personal details.
Day 22: Look to leverage SSO. Users then only have a single account to manage and it makes their lives so much easier, making happier users. It also makes managing users in an org much more efficient and less of a chance of leaving unnecessary accounts open.
Day 23: Avoid selling used drives and flash key devices, unless you can be 100% sure that the data has been securely wiped. It’s best to err on the side of caution and not sell them at all, rather having them securely destroyed. Deleted files can often be restored.
