Lessons Learned from Cybersecurity Awareness Month

October 28, 2020By C8 ConsultingInsights

As some of you may know, October has been Cybersecurity Awareness Month and here at C8 we have been working with our clients on a variety of exciting initiatives aimed at shining a light on some of cybersecurity’s most pressing concerns.

The team has learned a lot during this time, so we caught up with each team member to discuss one take away that has particularly interested or surprised them.

Paula Elliott, Managing Director

I think two aspects have really come into sharp focus for me around Cybersecurity Awareness Month. The first is the sheer rise in attacks, particularly in relation to COVID-19 and work from home orders. I saw a stat from one of my clients, VMware Carbon Black, that ransomware has increased by 900% in 2020 which is just astounding. It makes you realise just how prolific these types of attacks are and how easily you can become a victim.

The second comment was from another client, HelpSystems, talking about the protection of IoT devices, and user education programmes around them. It made me think about how lax the security is around IoT devices. Internet-enabled fridges, smart TVs, Amazon echo, doorbells like Google Nest and all sorts of other devices are all well and good, but sometimes I think as consumers we don’t connect the dots and realise that this is another networked device that could be providing a window into our system. As all these devices increase, making our lives more convenient, so do opportunities for adversaries to compromise them.

Michael Bartley, Deputy Managing Director

I sometimes take for granted that everyone, regardless of their place or industry of work has the same awareness of cybersecurity as I do. Obviously this is remiss of me, but when you’re surrounded (virtually) on a day to day basis by like-minded PR practitioners or cybersecurity strategists you just assume that everyone out there is having the same conversations as we are. Taking it one step further, I read the key security titles daily. If I’m not nose-deep in Infosecurity Magazine, I’m reading the Daily Swig and if not that then most likely listening to the podcasts on Enterprise Times or Enterprise Management 360 and it gives me this false sense of security that everyone is aware of the ways in which the cybersecurity adversary is scheming and plotting against us. But, alas, this is not the case. In fact, when I spoke to my friends last week about Cybersecurity Awareness Month, I could tell from their blank expressions that none of them knew what I was talking about. Some of these guys work in retail, others are tradesmen (electricians/plumbers) and it occurred to me that for the most part the only people really escalating their awareness are those that are already in the industry or have a keen interest in it.

So, what does this mean? In short it means that until the mainstream media jump on board Cybersecurity Awareness Month will remain a niche campaign that garners the interest and attention of those in the industry, but regrettably the general public will most likely be unaware it is even taking place.

Jim Pople, PR Director

Looking back on the immediacy of the UK’s national lockdown in March 2020, necessitating an enforced, nationwide stay-at-home order, all seems like a bit of a blur. At the time, we probably didn’t appreciate how quickly businesses and employees had to adapt overnight, in terms of their working practices, which seem to be here for the long haul. However, reading Bitglass’ 2020 Remote Work Report, conducted at the height of the COVID-19 pandemic in May, I was shocked to see that 41% of surveyed organisations had not taken any steps to expand secure access for the remote workforce. Although this survey was conducted in the United States, this has far-reaching, global implications; the number of businesses within any one organisation’s supply chain can run into the tens of thousands. This is a shudder-inducing thought for CISOs and CIOs, who are trying to suppress the widened attack surface that COVID-19 has introduced for hackers, whilst at the same time, not seemingly doing the basics right that protect their data, integrity and reputation.

Kiri O’Leary, Senior PR Executive

It is no surprise that with so many clients in the cybersecurity space, we live and breathe the latest news and research on cyber threats here at C8. However, despite so much insight into the evolving threat landscape, it’s easy to become complacent and feel like you’re exempt from becoming a victim of the next big breach. What has really hit home for me this Cybersecurity Awareness Month, is the notion that every single person has a role to play in ensuring they adopt safe cyber practices. With such a major (and rapid) shift to working from home, employees have a huge responsibility to not only protect themselves, but also the companies they work for.

Tom Kellermann, Head of Cybersecurity Strategy at VMware Carbon Black, often refers to the concept of “digital distancing” which means using precautions to limit the risk of cyberattacks on personal and business networks. I think this is an effective way to describe what will become a widely-practised and effective technique for many businesses with a remote and distributed workforce. According to Tom, you should utilise two networks on your home Wi-Fi router, one for business and the other for personal use. He advises that all other personal devices – including your family’s – should not be using the same network as your work computer. Other steps include protecting the networks and routers in your home with a unique and complex password, using a VPN, and installing Next-Gen Antivirus on all devices. All of these steps can be easily implemented and can be crucial for preventing widespread, fast-moving risks such as island hopping, and mitigating potential cybersecurity breaches.

Ellen Oliver, Senior PR Executive

One thing I have learnt from Cybersecurity Awareness Month is not only the need for organisations to defend their networks, users and data is becoming increasingly important, but how as employees we need to protect ourselves on a personal level. During COVID-19 a lot of things have changed. With employees working remotely they have now become increasingly prone to threats driving the need for organisations to rethink their security strategies. One of C8’s clients, A10 Networks, stated that with many employees now working from home organisations need to offer more support around connecting IoT devices on their home networks, as sharing data on an insecure network could lead to outsiders accessing company data. Additionally, whilst working remotely employees need to ensure that they are adhering to the manufacturer’s recommendations for device security, allowing them to work from home securely. Going forward into this new way of working, organisations need to adopt a Zero Trust approach to ensure that their employees and their IoT devices are protected, and employees need to take personal responsibility for their security at home.

Jessica Kelliher, PR Executive

When we are first given our work computers and phones, most business have already set up multiple security tools on all the devices to keep the business’s data safe. Some businesses, such as HelpSystems, can even provide software to prevent human errors from occurring – for example stopping users ‘accidentally’ sending out valuable business data. However, as much as your work device can hold your hand through cybersecurity, the wider picture is that we rely on much more than one computer and one phone during our busy working lives. Everyone is guilty of occasionally checking work emails at the weekend and often this would be on a personal device. Similarly, with so many people working from home, away from offices and technical support, if your work computer is going through updates on a busy morning, we wouldn’t think twice about opening a personal device and continuing with work on there. But the reality is, that although our personal devices may be convenient to use alongside our work devices, our personal laptops and phones are set up completely differently, they are not as secure and do not give the same level of protection that our employers require when handling their data.

Source: https://www.infosecurity-magazine.com/news-features/ncsam-connected-protected/

Ameesha Patel, PR Executive

As we near the end of Cybersecurity Awareness Month, we hope that businesses and individuals alike have taken the time to reflect on their safety habits online and understand the increasing importance of cybersecurity. As we moved to remote working, it may seem appealing to seek a quiet, distraction-free work environment such as hotel room. However, today’s WiFi standards are flawed and should not be trusted. It may seem like a bargain to trade some personal private information for ‘free’ WiFi but is it really free if we do so? And do we really know what these companies are doing with our private data? We also risk our networks and our devices especially company-issued items being exploited by hackers. These threats are not new, many also apply to cafes and other open networks and it may seem a low risk to work in areas like these but the consequence could be high and mighty from data theft to a ransomware attack. If you’re work simply cannot wait for a secure network than “Do Your Part. #BeCyberSmart” by understanding the risks that come with public WiFi; this may prevent you from becoming a victim of an attack.

Source: https://www.zdnet.com/article/this-fbi-wi-fi-warning-could-spoil-your-working-from-home-escape-plan/

We hope that Cybersecurity Awareness Month has been just as insightful for everyone as it has been for us here at C8. Hopefully, this month has made you aware of the current threats out there and the most pressing issues in cybersecurity, whilst also being able to take some key messages away which you or your organisation can put into practice. And remember, “Do Your Part. #BeCyberSmart”.