This October brings the 10th anniversary of the Department of Homeland Security's Cyber Security Awareness Month, and there has truly never been a better time for enterprise and public leaders to buckle down on their network protection strategies. According to IT Business Edge, the year that has passed since the previous observation of the event may have been the most challenging stretch of digital security obstacles so far encountered in the Information Age. As an IT leader, you should take this opportunity to reassess your organization's security profile and make changes for the better.
The DHS' security awareness month isn't about pointing fingers, but it's safe to say that everyone can contribute to the improvement of their personal and organizational defensive efforts. The source pointed to a report from the Digital Citizens Alliance and Blackfin Security, revealing that end users in a range of corporate, public and community environments are neglecting their responsibilities to uphold optimal security measures, especially when it comes to using personal devices such as laptops, tablets and smartphones. While BYOD has taken off as a mobility staple, it does heighten certain risks.
Among the findings in the survey, it was shown that more than one-third of respondents follow strangers on social media or use public Wi-Fi networks that don't require passwords to access. With regard to app selection, two-thirds reportedly throw caution to the wind and fail to properly vet the services they download onto their hardware. This not only increases the chances of infected devices, but also raises the likelihood of malware at the organizational level. Furthermore, a lack of best practice awareness was made apparent, with less than a quarter of individuals claiming an understanding of multi-factor authentication measures. Of those who did recognize the importance of the technology, 16 percent said it was too much of a burden to use on a regular basis.
"The hackings of Home Depot, Target and other large retailers may be lulling Americans into thinking that it's big corporations that are rogue operators' prime targets, but that's a mistake," Adam Benson, deputy executive director of the Digital Citizens Alliance, reportedly stated. "Hackers want personal data - credit card numbers, passwords, Social Security numbers. They'll look for open windows - and the online behavior we see reflected in this survey tells us that millions of Americans are leaving the windows open, the doors unlocked, and even giving some hackers the key to get in."
Although your responsibilities as an IT professional are primarily technical, your duty to spread security awareness and optimal practices ranges far beyond the data center. Recognizing the significance of end user education is one of the most common missing links in an organization's data protection efforts, according to Columbia Missourian - all the infrastructure optimization efforts in the world won't do much unless employees understand how to protect their mobile devices and personal workstation environments.
The source highlighted a recent event hosted by the state of Missouri which offered IT expertise to a host of local and state government leaders. As mitigating cyberattacker threats becomes a more ubiquitous aspect of public IT, officials at every level must acknowledge the crucial role that education plays in overall security success.
"(T)hat human element is going be there regardless of how many technical controls you put in place. One person can mess it all up," said Patti Dudenhoeffer, security analyst at the Missouri Research and Education Network, as quoted by the news provider.
Even if you've struggled with security in the past, it's never too late to bolster your networks and prepare for the next generation of cyber protection.