October is Cybersecurity Awareness Month. Is it Time to Update Your Software?
It’s that time of year again—Cybersecurity Awareness Month—when organizations around the country are reminded about what they should and should not be doing to better protect their data, applications and other IT resources against the latest attacks.
In truth, no one should need a reminder of the need to provide robust cybersecurity. But the initiative offers some helpful guidance that security leaders and teams should welcome even if they think they are already up to speed on everything related to security.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA) launched the program in 2004 as a collaborative effort between government agencies and the private sector to make sure that all Americans have the resources they need to stay safer and more secure online.
Each week of the month focuses on different steps companies and individuals can take to enhance security, with the overall theme being “See Yourself in Cyber.”
That theme “demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people,” according to the organizers. “This October will focus on the ‘people’ part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school—now and in the future.”
One of the security tips provided by CISA and NCA as part of the campaign is to be cautious about suspicious links that could be part of a phishing attack. They advise users to report those incidents to security.
Another is to use strong passwords, such as those that are long, unique, and randomly generated. “Use password managers to generate and remember different, complex passwords for each of your accounts,” the agencies say. “A passwords manager will encrypt passwords, securing them for you.”
Organizations and individuals should also enable multi-factor authentication (MFA), because users need more than a password to protect their online accounts. Enabling MFA makes users significantly less likely to get hacked.
And perhaps one of the most significant best practices noted by the agencies—given the large number of security breaches resulting from software vulnerabilities—is to update software. “If you see a software update notification, act promptly,” the agencies says. “Better yet, turn on automatic updates.”
For organizations that develop and use software, addressing vulnerabilities quickly is vital. The problem is, many are experiencing a backlog of patches and a delay in fixing bugs because their methods of dealing with vulnerability management are outmoded and inefficient.
The key to effective vulnerability management is to automate the various processes, including finding, prioritizing and remediating vulnerabilities. By automating these steps, they can focus on addressing only those vulnerabilities that post a risk to the organization. More effective updating of software leads to more robust cybersecurity overall.