EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

What’s It Mean to Be Cyber Smart?

Joep Gommers October 8, 2021

stock-1-1

October is Cybersecurity Awareness Month. For most organizations, maybe yours, cybersecurity is not their primary business or area of expertise. And for organizations who don’t live and breathe cybersecurity, the whole idea of trying to protect your assets, your intellectual property, and your customers’ private information can seem daunting. There is a lot to cybersecurity, and much of it can be very specialized.

There is good news though.

There are a some smart and relatively easy things you can do to protect your organization – a few fundamental steps can put you ahead of the game in terms of preparedness and protection. Some of these precautionary measures don’t require any technical tools at all, and others are relatively simple to employ using modern tools.

First, take care of the basics: Passwords, Patches, and Proven Plans for data backup and restoration. Second, make sure your IT policies and practices have been updated to account for remote access, even if your organization doesn’t support work from home (WFH) per se. Finally, support your employees with the right information to make good decisions, both at work and on social media, to avoid a data breach or other cyber compromise.

Basic Security Policies Reap Huge Benefits

A few basic security policies will put your organization ahead of the curve in terms of avoiding a cyber intrusion. Enforcing something as simple as a proper password policy is one of those basics. A decent password policy on endpoints can be enforced directly by the OS in most cases. In addition, you should investigate utilizing a company-wide password manager to prevent so-called credential stuffing attacks. Finally, you should implement multi-factor authentication (also called MFA), specifically two-factor authentication (2FA) – this really not optional anymore, as evidenced by Google’s previously announced push to enforce their 2-step verification (2SV) process by default by the end of 2021. Oh, and consider signing up for domain monitoring with Have I Been Pwned (free) or SpyCloud (enterprise).

The next basic security policy you want to have in place is keeping up-to-date on patching the operating systems and applications in your organization. Your vulnerability or patch management process should be centrally managed by IT – don’t leave it up to your end-users to upgrade on their schedule.

Another basic security policy you want to have in place is an exercised and proven data backup and restoration process. This is a key part of a business continuity plan for disasters, both natural and manmade. Make sure you understand the time needed to recover, and how that fits into an overall business continuity plan. And make sure you test your backup and disaster recovery process regularly.

Remote Workers Have Your Data

Remote access to your network is a fact of life these days. Even if your organization does not support remote work, the odds are that one or more of your vendors, or their vendors, does – which could result in so-called supply-chain attacks which have been in the news lately.

For your own remote work force, from traveling salespeople to WFH employees, make sure that security considerations are taken seriously in the practical implementation of supporting them. Be sure that the organization’s needs and expectations are understood (and not just what, but why), that you have provided them with the proper tools and training during onboarding (and regularly thereafter), and that your security team has adapted appropriately to the realities of expanded remote access to your systems.

In addition, if any of your outside vendors have remote access to your systems or customer data, you should meet with them to understand what their remote access and remote worker security policies are. Be sure that your security policies, compliance requirements, and liability transfer concerns are covered in your contracts – to ensure that there is a good mutual understanding of the necessary security foundations, and that you and your customers are covered legally.

People Need More Information

The most common vector of compromise is, and has long been, through people. Cyber Security Awareness Month is a great time to train your people to recognize something suspicious when they see it. Help them learn to recognize phishing attempts and other efforts at social engineering. And don’t neglect physical security, like shredding paper documents and password protecting access to laptops & computers. Finally, help them to appreciate the dangers of social media – sure, sharing is caring in some instances, but oversharing can lead to an expensive cybersecurity misadventure.

Take These Simple Steps Today

For small and mid-sized organizations, you probably don’t need a team of IT security professionals on staff. Remember, successfully implementing even these cybersecurity basics significantly increases the effort required to breach your network. Password policies, up-to-date patching of OSes and applications, and a truly viable data backup and recovery plan will all help in a big way.

Remote access is here to stay, and requires a new mindset to protect your endpoints, network and data. Make sure your remote workers are educated and set up for success. Also, make sure you know which of your vendors have remote workers, and how your data is being handled by them.

Finally, make sure your employees are aware of phishing techniques and other forms of social engineering, know what over-sharing on social media looks like, can shred sensitive documents at home, and so on.

Cyber Security Awareness Month is a great time to identify resources available to you, to help get started on – or indeed continue on – your cybersecurity program. Here are some useful links:

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (127)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo