In short: a lot.

For starters, our first blog on National Internet Safety Month (on June 12, 2017) didn’t even mention ransomware. Remember that world? While we could all stop for a collective, nostalgic sigh, it’s time for a recap of the trouble the industry has gotten into over the past six years through the lens of how we can do better.

National Internet Safety Month is designated by the U.S. Congress and supported by the National Cyber Security Alliance. For starters, NCSA advises everyone to follow three easy steps before going online: Stop. Think. Connect.™ At Nomic Networks, we think that makes a lot of sense. But we’re also going to bolster that with some specifics.

If your job is to protect your organization, the National Cyber Security Alliance is an organization that can help you do that, and this month is one of their key value-adds to the community.

In honor of the event, we’re going over several big security themes to keep on your mental horizon this year when peering down the cybersecurity turnpike. We’ll see what others focused on, then add some notes of our own.

• K-12 schools and cyber incidents – A lot of our clients are smaller businesses throughout the community,including schools and school districts. This one hits close to home, although this great blog was created by Alaina R. Clark, Assistant Director, CISA Stakeholder Engagement Division. In her blog, she notes, “Schools are a target for cyberattacks because they hold valuable information such as staff and student personal data, but they often lack resources to build a comprehensive cybersecurity program.” This is absolutely true, and we see it all the time. Small organizations like these – and ones lacking resources – should start by applying the CIS Controls and look to managed cybersecurity services to help bear the load. In our experience, if they don’t take steps to do the fundamentals (and get help), there are a lot of security doors that don’t get shut and bad actors are let in.
• Ransomware – How can we not mention this? Ransomware grabs all the headlines, and deservedly so. The Verizon 2023 DBIR notes ransomware still accounts for roughly one-fourth of all data breaches, with some opining that figures are holding steady just so threat actors can respond to increasing defensive technology and “retool.” Either way, this doesn’t bode well for dreams of a ransomware-less future, and staying security aware this month means taking extra steps to retool before they do, even when times are tough. Organizations strapped for resources can skip the “expensive platform” line and get into creative solutions like Nomic’s Network CloakingTM to reduce malicious inbound threats by an order of magnitude – without paying through the nose for AI.
• 2FA and Multi-factor Authentication – This is a must, and it has been for ten years. Any rundown of Internet Safety Month would be incomplete without stating the obvious – that it’s high time any organization within any industry buckled down and accepted nothing less than at least some form of two-factor authentication for all points of entry post-pandemic. And let’s not even get into password managers (because you already should be).
• Compliance – If there’s a cybersecurity watchword for the foreseeable future, it could easily be compliance. What with international data privacy laws, domestic data privacy laws (and more on the docket), industry-specific requirements, federal strategies and more, you almost can’t take a step forward without checking to see if you’re compliant. And the more complex digital ecosystems become, the more tricky it becomes. Nomic can give you the tools to help you get compliant with regulations like HIPAA, PCI DSS, GDPR, Sarbanes-Oxley (SOX) and more.

All in all, it all comes down to staying aware as security decision-makers and passing that awareness down the line. Security Awareness Training has become essential for bringing everyday employees, technical or not, up to speed on how to not punch a hole in the boat. Everything is a threat – from their inbox to their LinkedIn chats to how they sign in and where they share their files – and it’s up to us as security practitioners to realize if ‘every company is now a software company,’ then every employee has the potential to land the company in hot digital water.

You can only protect your enterprise if you keep threats top of mind and give a thought to internet safety. It’s obvious, but letting our guard down on fundamentals is one of the reasons human error continues to contribute to 74% of all data breaches, as this year’s DBIR states.

Stay safe out there.