October is Cybersecurity Awareness Month, with 2022 marking the 19th such occasion. Throughout October, the CNYRIC will be shining the spotlight on a variety of cybersecurity awareness topics, in the pursuit of stronger everyday practices that will help empower employees to make smarter, safer decisions to protect themselves, their organization, and our school districts. |
Updating Your Devices
This category is often overlooked, and in the proper context, that could be a good thing. Making sure the software you use is as up-to-date as possible is hugely important, as many times “updates” include patches that may address critical vulnerabilities that hackers may have found a way to expose. And make no mistake, they are trying to find a way in. By making sure you’re downloading updates to your software from the source itself, you’re putting yourself in a better position to continually thwart these attempts. Some of these official sources might even have an option to “keep your software updated automatically,” which you’re able to toggle on for an added layer of protection without the need to involve yourself manually.
We’ve used the words “official source” a couple of times already, and while that may be obvious on the surface, the implementation can be muddier than you may think if you’re not paying close attention. Similar to phishing attempts, cybercriminals may try to trick users into “downloading an important update” by clicking on some kind of action item; particularly if it’s a pop-up ad on a website. A lot of the same scrutiny you may apply to potential phishing emails can be applied here, and in the end, it’s better not to click on anything that looks like it may be suspicious.
Video credit: National Cybersecurity Alliance
Updating Your Office
As it pertains to your organization, having a good patch management solution in place (or a procedure for how to otherwise achieve it) is hugely important.
“According to Verizon's 2022 Data Breach investigation report, data breaches that originated from an action of exploit vulnerability is up to 7% in 2021, doubling from 2020,” said CNYRIC Assistant Director Josh Becker.
And while this type of breach still lags behind “credentials compromise” and “phishing” in terms of successful attack vectors made by bad actors, it’s still nevertheless a critical concern.
“Once attackers gain access to public-facing assets, they are able to use unpatched vulnerabilities such as PrintNightmare or Log4J to gain privileged access to non-public- facing assets, and the ability to move laterally throughout a school network,” warns Josh. “Having a good patch management procedure and systems in place will help mitigate these attacks.”
To check out our previous Cybersecurity Awareness Month features, please click below!
Week 1: MFA | Week 2: Passwords | Week 3: Phishing