Blog
← Back to Blog
October 05, 2019 cybersecurity

Cybersecurity Awareness Month 2019: Own IT. Secure IT. Protect IT.

Cybersecurity awareness 2019 Cybersecurity awareness and digital protection

October again. Cybersecurity Awareness Month, year four for this blog. The national theme this year is "Own IT. Secure IT. Protect IT." Which, honestly, is a pretty good summary of everything we've been saying since April 2016.

Own IT: Know What You Have

You can't secure what you don't know about. The first step in cybersecurity is inventory:

  • What devices are on your network? Every computer, printer, camera, smart TV, IoT device. If it connects to your network, it's an attack surface.
  • What software do you run? Every application, every version number, every license. Outdated software is vulnerable software.
  • What data do you have? Patient records, financial data, employee information, vendor contracts. Where does it live? Who has access?
  • What accounts exist? Active users, shared accounts, service accounts, former employees. Every account is a potential entry point.

If you can't answer these questions, that's your starting point.

Secure IT: Implement the Basics

Four years of writing, and the fundamentals haven't changed:

  1. Two-factor authentication on email, cloud services, and remote access
  2. Password manager for unique, strong passwords on every account
  3. Automatic updates for operating systems, browsers, and applications
  4. Network segmentation to limit lateral movement
  5. Email filtering to block phishing and malware
  6. Endpoint protection beyond basic antivirus
  7. Encryption on all devices (BitLocker, FileVault)

None of these are new. None of them are expensive. None of them are optional.

Protect IT: Prepare for When (Not If)

Protection isn't just prevention. It's preparation:

  • Tested backups with offline/cloud copies that ransomware can't reach
  • Incident response plan so your team knows what to do when something goes wrong
  • Cyber insurance to cover the financial impact of an incident
  • Security awareness training so your team recognizes threats before they click
  • Vendor assessment to ensure your supply chain isn't your weakest link

The Four-Year Report Card

In four years of writing:

  • Awareness: A (everyone knows cybersecurity matters)
  • 2FA adoption: B (growing but not universal)
  • Backup quality: B- (more practices have them, but testing is still rare)
  • Patch management: C (still the most commonly exploited gap)
  • Password practices: C- (password managers adoption still low)
  • Incident response planning: D (most practices still don't have a plan)

Room for improvement. But the trend is positive. Keep going.