Decrypted | Insights from Virtru to Unlock New Ideas

31 Actionable Tips for Cybersecurity Awareness Month

Written by Megan Leader | Oct 2, 2023 3:23:00 PM

October is Cybersecurity Awareness Month, which gives security leaders and executives an opportunity to raise fresh ideas and conversations around cybersecurity.

Cybersecurity is everyone’s job — but, sometimes, it can be difficult to get people engaged around security and best practices. But with the escalating volume and frequency of global phishing and social engineering attacks, each employee’s decisions are more impactful than ever.

Here are 31 cybersecurity tips — one for each day of Cybersecurity Awareness Month — to spark some creative thinking around how you can foster greater security awareness at your organization.

1. Don't reuse passwords.

Data breaches often leak user credentials, including passwords. This can be hugely damaging for people who reuse the same passwords across accounts — and each additional account amplifies your risk. Protect yourself by using a password manager (such as 1Password) to create complex, unique passwords for each account. This might be a weekend project for some, but it’s absolutely worth the effort, and a great way to start off Cybersecurity Awareness Month. For more security tips, check out our Empowered Employee Report.

2. Optimize your email security settings.

A staggering amount of information is sent via email every second, so it’s essential that all that data is properly secured. For practical ways to get started, check out our guide for 5 steps to secure your data in Gmail.

3. Apply multi-factor authentication (MFA).

It may add an extra step to your login process, but it’s well worth the extra 20 seconds. This way, if someone gets a hold of your password, they won’t be able to access your accounts without access to your phone or other verification information. Check out other best practices for email security.

4. Add end-to-end encryption to your email.

Email encryption doesn’t have to be cumbersome. In fact, it can be an easy, natural part of users’ workflows. Virtru's email encryption is free for personal use — so you can take action to protect data flowing through your personal email right now. Install Virtru for personal use here. 

5. Slow down.

We’re all busy. But slowing down before you open an email, or thinking twice before you click on a link, could be the difference between a close call and a massive data breach. We sat down with KnowBe4’s Roger Grimes, who shared some great insights for spotting and preventing phishing and social engineering attacks — and his interview is a great resource to share with employees for Cybersecurity Awareness Month. Check out our interview on the psychology of social engineering.

6. Deploy a domain-wide "insurance policy" for sensitive data.

Every employee has access to at least some sensitive information — and those employees are also humans who make mistakes. Security leaders can have greater peace of mind by deploying behind-the-scenes tools like the Virtru Data Protection Gateway that detect and protect sensitive information before it leaves your organization. As one of our customers says, "It's kind of my insurance coverage that we have here. I can sleep at night knowing that Virtru is in control of our data security when it comes to email encryption."

7. Make cybersecurity accessible.

As we mentioned above, cybersecurity is everyone’s job. Are your teams equipped with simple tools and a clear understanding of their role in protecting data? Select easy-to-use data protection tools like Virtru Secure Share, which allows simple, person-to-person encrypted collaboration in any browser.

8. Secure your cloud-hosted data.

Did you know that you can shield your cloud-hosted data from third parties — including the cloud providers themselves? Virtru data protection makes this possible: As an example, we are a Google-recommended key management partner for Google Workspace Client-Side Encryption. Check out our blog post on 5 myths surrounding cloud migration, and how you can ensure total privacy and control of your data in the cloud.

9. Unusual requests are red flags.

Even if an email appears to come from someone you know and trust, be cautious of any message that asks you to do something that could put you or your organization at risk — even if it appears to come from your boss or an executive. Phishing attacks now commonly use industry-specific terms, jargon, and client scenarios to foster a false sense of trust. As they learn, hacking groups can make these emails look increasingly realistic. Learn more in our blog post on social engineering.

10. Focus on the most impactful priorities.

“Everyone is seeing threats like bubbles in a glass of champagne, and they’re not being told, ‘Two of those bubbles matter more than all the other bubbles.’ Because of that, they’re not focusing correctly,” says KnowBe4’s Roger Grimes, author of A Data-Driven Computer Defense. Those two most important “bubbles” have been the same for 30 years, he says: social engineering and unpatched software. Discover more insights on how to effectively prioritize your security efforts in our Empowered Employee report.

11. Assess data protection across departments.

Whether you’re a global manufacturer, a small retail shop, a healthcare provider, a school, or a nonprofit organization, you have sensitive information that hackers can profit from, and that data can be found across every corner of your business. Every department needs data protection. Have conversations with team members across every department to get a sense of the kinds of sensitive information they’re handling, and whether it’s being protected: Employee and customer information, proprietary strategic data, financial records, PHI, PII, and more. You might be surprised by how much data you uncover.

12. Put AI to work for you. 

Virtru's customer-favorite “Revoke Access” feature lets you revoke access to shared data at any time — even if that data has already been shared and accessed outside your network. This helps you take immediate action to mitigate your risk.

13. Revisit your breach prevention plan.

With ransomware attacks and data breaches on the rise, it’s important to ensure your breach prevention and response plan is up to date, and that everyone understands their role in preventing and responding to an incident. When evaluating your breach prevention plan, ask yourself: Are we just protecting our systems, networks, and endpoints? Or are we protecting the data itself, everywhere it travels?

14. Examine how you manage and share customer data.

Most companies have some kind of Customer Relationship Management (CRM) software to maintain client data. This information is often sensitive in nature, containing personally identifiable information (PII) and credit card/billing information. Ensure the data flowing through those platforms remains secure. For more on how to protect customer data, listen to our webinar on adding a layer of encryption to your SaaS applications.

15. Build trust with a commitment to security.

Trust can be your competitive advantage. In a world where so many companies take a lax approach to protecting their users’ privacy, you can build stronger relationships by demonstrating a commitment to security — for your customers, employees, and partners. Cybersecurity Awareness Month presents a great opportunity to communicate this with your audience, as well. Discover six ways to protect customer data and win trust.

16. Bridge the gap between work and home.

By highlighting the risks of ransomware to employees’ personal as well as professional lives, security teams can convey the consequences of cyber attacks in a more tangible way. When individuals understand the potential personal impacts of a data breach — such as the compromise of their own personal accounts — they’ll start to take security more seriously. Our Empowered Employee Report includes conversation starters and tips for connecting with employees.

17. A Zero Trust strategy creates maximum confidence.

Zero Trust treats every user and every system with equal caution. Everyone is on the same playing field, and it frees up your organization to create and collaborate with greater confidence that their data remains safe. Check out our tips for explaining Zero Trust to employees during Cybersecurity Awareness Month.

18. Know who holds the keys to your data.

For strong security, you’ll want to manage your own encryption keys — or select a trusted partner who can manage them for you, separately from your data. Check out our encryption key management guide for details on how to evaluate the right key management framework for your organization.

19. Highlight your organization’s security heroes.

Have an IT team of rock stars? What about colleagues who do a great job of encouraging strong security behavior among their peers? Celebrate these employees and give them some well-deserved recognition. This can go a long way to cultivate openness and engagement around cybersecurity. 

20. Calculate how much data is leaving your organization.

Data flows in and out of organizations at high velocity. It’s important to understand just how much data is being shared externally so you can effectively protect it. Use the Virtru Data Sharing Calculator to understand your potential risk for a breach — and learn how you can mitigate the impact.

21. Find your cybersecurity advocates.

You know those colleagues who are always the early adopters of new technology? How about those who are passionate about blockchain, or ethical AI? These can be your most powerful cybersecurity advocates. Harness the passion and interest of these individuals to help your organization adopt a consistent, strong security mindset — one of continuous learning and knowledge sharing. After all, data security is everyone’s responsibility.

22. Start an insider threat prevention program.

Most companies face far more danger from lack of attention or training by insiders than from actual malice, but it’s still crucial to understand the security risks both pose. Fostering a collaborative culture of security will earn employee buy-in, and provide better results (and morale) than a top down “everyone’s a suspect” approach. Check out our Guide to Creating an Insider Threat Program for tips on how to cultivate engagement.

23. Make it easy to collaborate securely.

For your teams to actually use your security tools, they have to be easy to use. In a Virtru case study, Chartered Management Institute’s Information Security Manager, Leroy Cunningham, said it well: “It’s great having all the bells and whistles, but if your end users don’t know how to use it, they won’t use it, and it’s as simple as that. I like how clean and simple Virtru’s product is, it’s a simple toggle switch to turn it on or off, and it gives us more autonomy.” Read our Chartered Management Institute (CMI) case study to see how they used Virtru to help break down data silos.

24. Approach security conversations with positivity.

There’s enough messaging around fear, uncertainty, and doubt in the cybersecurity world. We’ve found it’s far more effective to empower teams with simple tools, clear education, and positive messaging that gives them the confidence to do their jobs while protecting data. Page 3 of our Empowered Employee report contains several tips to evaluate the way you position your security messages to teams.

25. Examine your supply chain connections.

Whether it’s third-party software or hardware throughout the enterprise supply chain ecosystem, even “trusted” networks quickly become a risk in the absence of data access controls. Here are some of the supply chain risks to be aware of, and why data-centric access controls can help you mitigate those risks.

26. Connect with the “why."

For schools, it’s protecting students’ safety and privacy. For healthcare providers, it’s safeguarding patients’ well-being. For companies, it’s protecting confidentiality and maintaining trust. Whatever your “Why” is, it’s vital to make that a central part of your story for the importance of protecting data.

Our “Why” — helping create a world where your data remains under your control, everywhere, without limiting your ability to innovate, share, and collaborate.

27. Don’t overlook data flowing through SaaS apps.

The average enterprise has over 500 applications, and every app amplifies your risk. Determine which of those applications transmit sensitive data (e.g., customer records, employee PII, data for analytics), and evaluate whether that data is being protected everywhere it’s shared. See how Virtru can help you apply a layer of encryption for apps like Salesforce, Zendesk, and Looker.

28. Make it simple for distributed teams to share information.

More teams than ever are moving to a remote-first or hybrid environment. These distributed teams need sophisticated tools to collaborate and share information quickly  — with both internal and external partners. Virtru's Secure Share encrypted file-sharing platform makes it simple for teams to send and receive information with external partners (like clients, business partners, board members, and others) with the confidence that it's always protected. 

29. Make a strong first impression.

The competition for top talent is high — and it’s important for companies to make a strong first impression on prospective new hires, both during the interview process and during onboarding. Show that you take security seriously and are committed to protecting their private data. Read our blog for more information on how HR teams and hiring managers can protect onboarding data.

30. Understand end-to-end encryption and how to use it.

End-to-end encryption ensures your data remains safe from the moment it’s created, to the moment it’s shared. (Check out our blog for the answer to the question, “What is end-to-end encryption?”) If you're sharing sensitive information, the default TLS encryption may not be sufficient to protect that information across its full lifecycle, and end-to-end encryption gives you greater confidence that the information you're sharing remains secure at all times. 

31. Continue the cybersecurity conversation year-round, not just during Cybersecurity Awareness Month.

The key to engaging your employees around cybersecurity is to make security a habit, an everyday part of your organization’s life. Just like any other habit, it’s about small, continuous shifts that add up to a big impact.