Why Cybersecurity Must be First

If you think that cybersecurity is something that only people who manage data centers need to worry about, you’d better think again.

The reasons why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

And ransomware volume continues to break records. Through the first three quarters of 2021, SonicWall Capture Labs recorded another historical 148% spike for the year-to-date. Through September 2021, we’ve seen more than 495 million ransomware attempts globally.

Again, much of this rise is credited to the highly distributed workforces caused by the pandemic. However, these stats point to an underlying weakness in cybersecurity, and it’s all about OUR behavior.

Skipping Security, Raising Risk

Working from home blurs the lines between personal space and corporate security. A recent story in CPO Magazine revealed that a shocking 30% of remote workers who consider themselves IT professionals say that they circumvent or ignore corporate security policies when they get in the way of getting work done.

Another surprise: 91% of survey participants agreed that they felt pressure to compromise security for productivity, with 76% saying that sometimes security had to take a backseat to business needs. But then, 83% of the respondents admitted that these attitudes had created a “ticking time bomb” for a breach. And these are people who should know the risks very well.

Why does it matter?

Times have changed. The criminals are out there in droves. They are motivated by profit, and they want your data and, ideally, your money too. Unfortunately, our primary means of communication – text, email, instant messaging – make everyone accessible targets. Those of us who don’t know the basics of security, or worse yet, ignore security measures, are the ones who are putting everyone else at risk.

Bottom line, if you’re not making security a priority today, a hacker will come along – eventually – and help change your mind. The new generation of hackers are bold, and they know that people are the weakest link and they’re ready to attack.

Cybersecurity is everyone’s business.

There’s an expectation in polite society for people to think about good manners and hygiene. This is because such rules make it easier for everyone to feel comfortable in social situations. So when we follow social hygiene rules – like washing hands and covering our mouths when we cough or sneeze – we convey expectations on social quality.

Odd then that we don’t think about good manners and hygiene when it comes to using computers and our digital devices. Think about people who do things like let their antivirus software expire or insist on using old tech that we know is hackable. What about folks who cavalierly use passwords like ‘12345678’? What do these behaviors say to everyone who is in our sphere of communication?

Stop thinking about technology and hackers for a moment and look at this as a holistic problem. If the survey about IT professionals is remotely accurate, and if the threats are as real as the data says, it means our attitude toward security needs serious adjustment.

Establish a #CybersecurityFirst Mindset

How do we get to a level of care that avoids security risks? We start by making sure that everyone is aware and able to make themselves more resilient to hacking. It sounds complex but comes down to knowing the difference between what’s considered poor and good behavior.

For instance, poor behavior may cause people to assume that computers and digital devices are safe and that nobody cares about the single user plugging away at an accounting spreadsheet in a coffee shop. Good behavior takes personal responsibility and recognizes that being online has definite and inherent risks. Some risks are far more severe than others, but above all poor behavior (like denying there’s a risk) raises not only your chances of getting hacked but also raises risks for everyone who connects with you.

Prevention is a Full-Time Job

Even experts who take the best precautions can’t always prevent hacks and virus infections. So, along with accepting personal responsibility, we make it harder for hackers by creating layers of security:

• Use and maintain antivirus software and a firewall. Contrary to some myths, people who use PCs, Macs, phones and pads are equally exposed and should have active antivirus programs, firewalls, malware sniffers, and VPN. Install patches (automatic updates) and keep your firewalls up-to-date. Hackers scan for people with old or expired software. And, if you don’t have either, you’re just a sitting duck.
• Establish your own personal online usage guidelines. You can start with the rules and guidelines from your company. The rules are usually simple enough. Many are simple common sense: don’t share passwords, use good passwords, think before clicking (any link) and always be cautious about installing unknown or untested software and IoT devices.
• Double-check email attachments. When it comes to phishing and ransomware, you can never be sure about an unexpected text message, email, or phone call. Hackers are very clever and adept at making email look like it comes from someone you know or a company you trust. Before opening attachments or clicking links, verify the identity of the sender.
• Trust your instincts. Attackers are constantly releasing new viruses. So, scan documents and attachments with antivirus software before opening them. If an email or text message looks suspicious, delete it. Suppose it’s really important, someone will try to contact you again. Always remember technology can only help so much, so trust your instincts!

Be Cyber-Resilient

The entire Cybersecurity Awareness Campaign create by the CISA is intended to raise our awareness about the risks WE ALL FACE. For example, when we share #CybersecurityFirst we encourage everyone around us to be more watchful and vigilant about our security. But the effort goes far beyond hashtags and slogans.

When we educate ourselves and help stakeholders, we’re taking a firm stand about where we are in the long-term journey to safety. Read SonicWall’s Ultimate Enterprise Ransomware Guide and see where we are in developing systems that are secure and resilient to ransomware and other threats.

But remember, there’s no quick fix, no “set-and-forget” software, no universal rules for cyber-resilience. Good cybersecurity technology like virtual firewall platforms, physical firewalls, and other security services help, but good behavior is where the real work begins.