October is not only the month of pumpkins and costume parties but also a time to focus on something equally spooky: cybersecurity. Just as we recognize the ghosts and goblins on Halloween night, it's essential to acknowledge the cyber threats lurking in the digital world. In this special Halloween-themed episode of Stimulus Tech Talk, we delve into the intriguing landscape of Cybersecurity Awareness Month and what it means for businesses.


Stimulus Tech Talk: Candy, Costumes, and Hackers: A Cybersecurity Awareness Month Special


A Haunting Reminder: Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, making it an ideal time to shed light on the ever-present and evolving threats in the digital realm. While cybersecurity should be a year-round priority, this designated month serves as a helpful reminder for businesses to revisit their strategies, bolster their defenses, and educate their teams about potential risks.

A Witches Brew: Hacking and Ransomware

In the digital age, hackers and ransomware attacks have become a formidable threat to businesses of all sizes. These nefarious actors can wreak havoc on your organization, disrupting operations, stealing sensitive data, and demanding ransoms for its safe return. It's crucial to recognize these digital threats, understand their potential consequences, and take proactive measures to mitigate them.

A Frighteningly Good Start: Recognizing Cybersecurity Threats

Awareness is the first step toward safeguarding your business against cyber threats. By tuning in to discussions like this podcast, you're already on the right path. Business owners, CEOs, and General Managers should seize this opportunity to engage with their teams and emphasize the importance of recognizing digital threats. Cybersecurity isn't a one-time effort; it's an ongoing commitment to protecting your organization.

Ghoulishly Good Training: Educating Your Employees

When it comes to bolstering your cybersecurity defenses, training is paramount. There are numerous training options available, from weekly security emails to comprehensive security training programs. Educating your employees about cybersecurity best practices and the latest threats ensures they play an active role in safeguarding your organization. After all, even the most advanced software can't protect your business if your team inadvertently clicks on malicious links or falls victim to phishing schemes.

Month-Long Vigilance: Cybersecurity Activities for Businesses

Cybersecurity Awareness Month isn't just about recognizing the threats—it's also an opportunity for businesses to engage in month-long activities to bolster their defenses. Here are a few suggestions:

    1. Cybersecurity Training: Implement ongoing training programs that keep your employees informed about the latest threats and best practices.

    1. Sharing Knowledge: Leverage resources like webinars and podcasts to share cybersecurity insights with your team.

    1. Security Assessments: Conduct annual cybersecurity assessments, both internally and externally, to evaluate your defenses and adapt them to evolving threats.

    1. Insurance Review: Review your insurance policies annually, ensuring they align with your organization's evolving cybersecurity needs.

    1. Compliance Check: Confirm your compliance with federal, state, and local regulations related to IT security and cybersecurity.

Remember that cybersecurity and compliance often go hand in hand, and strengthening one can bolster the other. By conducting regular assessments and staying informed about the latest threats, you can continuously improve your security posture.

IT Asset Management: An Essential Building Block

To protect what you don't know you have, businesses should consider conducting IT asset management. This involves auditing your IT assets, from laptops and desktops to servers and network infrastructure. It allows you to identify outdated equipment, plan hardware lifecycles, and allocate budgets effectively. When you know what you have, you can take proactive steps to protect it and keep your digital realm secure.

The Perils of Unwanted Clicks

Even the most security-conscious individuals can fall prey to cleverly disguised threats. The podcast shared an example of a seemingly harmless email that contained potentially harmful links. It highlights the importance of vigilance and the need to strike a balance between the software that safeguards your organization and the awareness of your employees. As the digital landscape evolves, so too must your cybersecurity practices.

Don't Let the Digital Shadows Haunt Your Business

Cybersecurity Awareness Month serves as an annual reminder to take a closer look at your organization's cybersecurity practices. While the threats are ever-present, businesses can strengthen their defenses through continuous training, assessments, compliance checks, and IT asset management. By striking the right balance between software and employee awareness, you can reduce the risk of becoming a victim of cyber threats.

So, as you prepare your Halloween costumes, take a moment to think about your business's digital costume: its cybersecurity defenses. A well-prepared organization will be able to ward off the ghosts and goblins that roam the digital realm and ensure a safe and secure future.

Subscribe to our Weekly Cyber Security Tips to boost your cyber security know-how.


Stimulus Tech Talk: Candy, Costumes, and Hackers: A Cybersecurity Awareness Month Special transcript

SUMMARY KEYWORDS

cybersecurity, company, threats, good, businesses, software, compliance, recognizing, links, clicked, employees, stimulus, put, day, hackers, training, talk, vulnerability, protect, weekly

SPEAKERS

Sherry Lipp, Nathan Whittacre

Intro  00:00

You're listening to Stimulus Tech Talk. A conversation based podcast created by Stimulus Technologies covers a range of topics related to business and technology.

Sherry Lipp  00:13

Welcome to Stimulus Tech Talk. I'm Sherry Lipp, marketing manager here at Stimulus Technologies. And I am here as usual with our CEO Nathan Whittacre. And today we are going to be talking a little bit about Cybersecurity Awareness Month, which is what October is Hello, Nathan.

Nathan Whittacre  00:32

Oh, sure. And Hi, everybody, it's great to be here as always.

Sherry Lipp  00:37

So I figured this was a good time since it is October to talk about what what Cybersecurity Awareness Month is and what maybe businesses can do to recognize it, because I've seen it's a kind of a broad topic. And I think probably people hear it, but they don't really know if there's anything they can do for it.

Nathan Whittacre  00:57

Well, it's interesting that Cybersecurity Awareness Month coincides with Halloween. So recognizing all the ghosts and goblins that are out there in the internet's and digital worlds. So, you know, it's definitely a time that we, I mean, it's definitely not a thing that we just do once a year. But it's a time that we can recognize the threat that it is to our businesses, of hacking and ransomware. And all these events that could happen to take down our businesses. And I think just you turning in today is a first start of it is just recognizing that there is a threat to our companies, and talking to our employees about it. So you know, it's a good opportunity, if you're a business owner, CEO, General Manager, whatever your title is, inside the company, you know, bring it up with your team, that they need to be, you know, recognizing the threats that are out there. And working towards mitigating those, I would also say, you know, if there's something you can do, we have a lot of topics we've talked about on this podcast, or webinars and blogs, there's something you can do inside your company, just take one thing that you can improve on, in one area you can improve on that would be a good start, you know, it's just, you can't go from unsecure to completely secure one day. So it takes little incremental changes over time. And so if you could do something this month, towards that of improving your cybersecurity, inside your company, I think that's a good start too.

Sherry Lipp  02:33

Then what kinds of things do you think employers could do with employees, it's kind of like a month long activity or activities to do.

Nathan Whittacre  02:44

Oh, there's certainly a lot of training, I think would be an option. You know, one of the things that we do as a company, if you're at all interested, we do have weekly security emails that go out just aware of different threats that are out there. So if you're interested in signing up for one of those, you can visit our website and just fill out a contact form and say that you want to sign up for the weekly tips. That's a good way, get some of your employees on there, and she'll share those with your team. You know, you could do if you have trainings that you deal with your team or monthly meetings, weekly handles whatever it may be, maybe share one of our webinars or our podcast that we talked about cybersecurity with your team. I think training is really the biggest thing that we should be doing inside our companies this month is just, you know, take note, identify that the threats are out there, maybe talk about some case studies, you know, look at some big ones out there, like MGM here in Las Vegas was a big issue recently. So you know, just look at different threats that are out there. And you know, if you're, if you're interested in engaging with us, we're happy to give you some materials that you can share with your team.

Sherry Lipp  03:58

And so obviously, we want to, like you said, we want to be aware of cybersecurity all the time, but what kind of things do you think businesses should do, you know, on a yearly basis, you know, kind of bring this front of mind they all like an audit or, you know, what should they be thinking about maybe on a yearly basis that they could schedule around this time.

Nathan Whittacre  04:18

So, you know, a few things that are an annual basis should be done inside of business, you should have an annual cybersecurity assessment done on your company. And that's it both internal and external test of your defenses and what's going on and, and what happens in cybersecurity as things change year over year. So maybe what you were doing last year is not sufficient than what you need this year. And so having that security audit done is a good way to see where you're at. The other thing is, is review your insurance policies. Usually you have to renew your insurance annually, and it would be a good time to call your broker up and say you Has anything changed with our cyber insurance and should we implement or increase our cyber liability or employee crime policies and see what we need to do to improve those. The other thing is, is a lot of companies I find, have to fill out these forms for their insurance companies to get that type of insurance. And it would be a good place to review that with your insurance company, along with your IT professionals and security professionals to make sure that the things that are required of you as a company to have implemented to get that insurance are in place. And I think finally, kind of along those same lines is making sure you're compliant with any federal state or local regulations related to IT security of cybersecurity. So maybe talk to whoever is handling your compliance, whether it's your IT company, your security company, or law firm or something like that, it's just take a review your state of compliance, and making sure that you don't have any holes as things have changed. Also, with that, because compliance and cybersecurity do go hand in hand, they're this very similar in a lot of people's minds. But you know, being compliant doesn't mean that you're secure. And being secure, doesn't mean you're compliant. But a lot of compliance dictates the things that you have to do on the security side, and maybe additional things, too. So doing both of those, I think dramatically improves your security posture.

Sherry Lipp  06:32

And what what kind of things uncovered, we just did you know, the webinar on IT Asset Management is that then that's, like, you talked about that being a part of compliance. And where does that fit in cybersecurity, kind of, you know, a little, a little brief overview of what that is.

Nathan Whittacre  06:53

Yeah, so I often say that you can't protect what you don't know you have. And so doing a audit of your IT assets, everything from your laptops, and desktops, all the way to your servers, network infrastructure, everything that you have related to it is, is the first building block, developing a cybersecurity plan or security plan. And then that ties into compliance to so you know, doing an inventory of all your infrastructure, seeing what's out of date, at not out of date, and then coming up with a plan of anything that is, you know, antiquated, create a hardware lifecycle that you're replacing things that should be replaced, that might be out of date, or you're not getting security patches anymore for software and do a refresh. So this would be kind of cool, coinciding with developing an annual budget to once you've done that inventory, it gives you an opportunity to sit down and say, Okay, next year, you know, according to our hardware lifecycle, we probably need to replace the computers and the server. So you can put that in your budget for next year. So it's not a surprise, and in March or June that you need to fix that, before you can be compliant again, that you're forecasting that and planning for that for the next year. So you have that in your budget. So that's really, you know, IT Asset Management is the building block, because it gives you an idea of what you need to do, and what you need to protect. So it's a good thing to do, and also kind of coincides with annual budgeting for the end of the year.

Sherry Lipp  08:36

And yeah, like I said, there is we do have a presentation on that, that week, you can still access if you're listening, if you're interested in it, asset management, we actually have presentations, probably a little podcast or webinar on all the subjects we're touching on here today. Because this is a you know, a broad overview of where you can, where you can figure out what you want to do, as you're, you know, putting cybersecurity front of mind, but where can people go for to learn about the kind of latest threats.

Nathan Whittacre  09:06

So we have our blog that we often talk about, blog, that stimulus tech.com A lot of the threats that are out there. You know, if you if you want to get into the nitty nitty gritty, there's a lot of websites that post what vulnerabilities are out there, it really it's security professionals that are looking at those. It I think the best thing to do is you know, look at the resources that we have, or you know, other experts in the industry that are watching what's going on in the industry and summarizing and putting the information out there. Because there's a lot of noise. We have companies that we work with that are providing us as a company a lot of information and you know the immediate threats that are out there if there's what we call it The Zero Day threat, which means something that, you know, there's a vulnerability in, let's say Windows or Mac OS or certain product that has not been patched yet that doesn't have a fix. That's called a zero day vulnerability that there's no fix for this threat. And so we'll put those out there. If you want to join our mailing list, we send that information out when those when those occurs. So you can know, hey, I don't want to use Adobe for this today, or I need to make sure that I stop using, you know, whatever version of Chrome that you might be using, you know, there's vulnerabilities that come out periodically, that are really big threats. And we'll put those notices out. I also mentioned at the beginning, we have our weekly tech tips, we put some information out on that. And then finally, we do have an inexpensive product that we offer of security trading. So this is an annual security training that you can get for your team. It's an annual assessment that your team has to take. And then they also get weekly micro trainings that are about five minute videos every week with a little quiz at the end. And it's a good update for what's what trends are going on. And, and for. I mean, it's really an inexpensive training option for your team. There's a lot of companies that put it out, we have it available, just because I think that's an essential component of cybersecurity is just just bringing that awareness, hey, you're on this podcast, you're doing it, we can give you some resources to help your team to

Sherry Lipp  11:34

All right, and so what, you know, where's the line we were talking about? We're talking a lot about training. And then we have, you know, if you have cybersecurity as a service, you know, monitoring, where is the line between what an employee or employer needs to learn, as opposed to what the company your service providers taking care of?

Nathan Whittacre  12:01

That's a good question. So you know, the threats are multifaceted, right, and employees aren't going to be able to protect against all threats. Nor is software going to protect against all threats, we often talk about, you know, cybersecurity is a layered approach, you know, you have to have multiple layers, you can't just, you know, have one single system that is protecting everything. And so where the line delineates is not a clear line, it's you kind of, they kind of overlap each other, you have to have your software that's really taking care of 99% of things that are going on. But you can't have your team just you know, blatantly, you know, jumping in the deep end of the pool every time they want, and can't swim and expecting the lifeguard to come and save them. So I don't know if that's a good analogy. I just made it up on the spot. But I mean, really, that's that's what the expectation of, you know, the software always saving you. And you can do whatever you want. You have to you have to be a partner with the software and make sure that we have the right guardrails set up for the employees, but also, you know, you're not doing stuff that is going to cause damage to the network. Because we all make mistakes. I'll just give an example. The other day, I got an email from somebody that I actually interfaced with periodically, their their vendor, and the email, I was expecting some contracts coming in. You have those Docusign. So there'll be signs that come in all the time. And, and this, this vendor emailed me, I wasn't particularly expecting a contract for them, but it looked like a contract renewal. So I clicked on the link, the link was a valid domain, it was for adobe.com. So it was a valid domain. But it was a shared PDF. And then had some additional links in the PDF. And immediately I recognized that it was some hacker that hacked the vendors email account that was sending out these links, the PDF was fine. But if I clicked any additional links in that PDF, it could have caused some damage. Ironically, I got an alert later in the day that told me I clicked something that I shouldn't have, which is good. I, you know, I started out I shouldn't have probably clicked it. But I did. And then once I recognized that, hey, this is invalid. This is something I asked for was expecting, and I immediately shut it down. But my tool also notified my team that there was something wrong to do this. I didn't go any further and then the software caught it on the back end too. So you know, even if you're doing everything right, you're checking domains, it all looks right. The center looks okay. It's not coming from malicious senders. You know, even it security experts can make mistakes to or be socially engineered to do something they shouldn't do even, because a lot of the hackers are doing it perfectly. So it's a kind of a balance between the two, that the software has to take over. Even if you know the humans make some mistakes, and vice versa, you know, I caught that there was something wrong going on with that, with those links, and that document that was sent to me, so it's a the document is valid, but the links inside the document we're on. So there's just always things that are weird, that are going on new things learn all the time. And that's why there's has to be a partnership between the software.

Sherry Lipp  15:42

Yeah, definitely, email is a big one and clicking links. And one thing I learned or was reminded of from the micro training that you just mentioned, was not to click the even the unsubscribe button on an email, that's bad. So a lot of people might think, well, we're gonna get rid of it, and not have them send me anything before without thinking about like, the whole thing is the all links are bad and in certain emails. So definitely, you know, if you don't know you're doing it wrong, then you don't know you're doing it wrong. Because sometimes, so training is important.

Nathan Whittacre  16:20

Absolutely, absolutely. And that, you know, things change all the time. The attacks are, you know, getting better each day. And they're, they're definitely I think that's a great example that, you know, you gotta be careful about everything you do. And sometimes we make mistakes. Sometimes we do things that we shouldn't do. And that's why you got to have everything to protect you.

Sherry Lipp  16:43

Yeah, yeah. Any final thoughts on the scary Cybersecurity Awareness month for October?

Nathan Whittacre  16:51

Well, I guess I want to see if there's any, you know, send us links if there's any great costumes related to hackers, you know, anybody running around in the anonymous, you know, the hoodie with the with the funny anonymous face? I don't know if you guys are dressing up, you know, with that might be the scariest for businesses, certainly the scariest costume out there. But yeah, just obviously, you know, it's 24/7 we have to be vigilant, but it's a good reminder, once a year to you know, take a look at those things and just review where you're at inside your company and, and make a commitment to change at least one thing to improve your company.

Sherry Lipp  17:30

All right, well, if only the hackers were really dressed like that all the time. We can.

Nathan Whittacre  17:36

They are not but

Sherry Lipp  17:39

All right. Well, thanks so much, Nathan, and happy Cybersecurity Awareness Month, everybody.

Nathan Whittacre  17:44

Thanks, Sherry. And thanks, everybody for joining us today.