October Cybersecurity Awareness Month: Vital Business Tips

October Cybersecurity Awareness Month: Vital Business Tips

Cybersecurity Awareness Month, observed every October, was launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security in 2004 to ensure every American has resources needed to stay safer and more secure online. The month of Halloween is an apt time to consider “horror stories” of insidious cyberattacks that impact businesses across the U.S., and how threats can be mitigated by implementing a system of cybersecurity defenses.

Protecting every connected device

Cybersecurity threats are constant and unpredictable. All devices and systems carry some kind of sensitive information and those with Internet connectivity must be appropriately secured. The practice of securing every device is especially crucial as IoT — the Internet of Things, referring to “smart devices” with Internet connectivity — becomes more and more integrated into business operations.

Organizations can adopt a number of measures to prevent network devices and infrastructure from being exploited. Setting strong passwords seems intuitive, though up to 15% of IoT users don’t change the default factory-set passwords of devices. Other safety measures include keeping IoT devices separate from the main corporate data network on which sensitive information is stored, and disabling the Universal Plug and Play feature that allows devices to easily connect with other computers on the same network. While convenient, Universal Plug and Play provides cybercriminals an entry point into company devices.

Observing prudent home and work habits

In addition to setting company security policies and processes, employees must observe prudent cybersecurity practices both at work and home. Employees should know how to avoid malvertising campaigns (cyberattacks disguised as ads), as these are often the medium through which hackers distribute malware. Team members should set unique, complex passwords to mitigate the risk of account hijacking. Based on the latest research, Roebuck Technologies recommends longer passwords using nonsensical phrases, combined with multifactor authentication, which are challenging for an automated cyberattack system to crack. Furthermore, companies should require employees to keep secure backups of important files, use VPNs when connected to unsecured Wi-Fi hotspots, and never leave devices unattended in public areas.

Recognizing the dangers of phishing

Phishing involves tricking users into sharing sensitive information, such as login credentials or passwords, with outsiders. Phishing scams usually come in the form of fake emails or misleading links that pretend to come from legitimate organizations.

To avoid being scammed, users need to be able to identify the signs of a phishing email and take appropriate action. Fraudulent emails will often appear to come from financial institutions, legitimate businesses, and even co-workers to establish trust. The emails may create a sense of urgency by mentioning expired memberships or frozen accounts to entice victims to click on harmful links and attachments.

Developing a healthy skepticism of every email, link, and attachment is the best defense against phishing scams. Employ phishing simulations to educate employees about how to recognize scammers’ tactics.

Implementing a zero-trust policy

A zero-trust policy posits that “good guys” cannot be separated from “bad guys,” and network access is, therefore, never given on the basis of trust. Implementing a zero-trust policy involves verifying every user, validating every device, and limiting access to classified systems. By applying these three principles to every user and scenario, the threat of cyberattack can be minimized. Companies can establish a zero-trust security framework by implementing multifactor authentication and setting strict access restrictions based on job roles, locations, and devices.

The Future of Connected Devices

The future will bring more life-changing breakthroughs along with potential vulnerabilities. We all need to make cybersecurity a part of our lives at home, work, and play. If we all take ownership for making cyberspace safer, a secure cyber world could become as commonplace and second-nature as a locked front door.

Defending against cyberthreats requires businesses to be more vigilant than ever. Roebuck Technologies has the advanced tools and expertise to keep precious data and assets secure. Contact our cybersecurity consultants today to fortify your company’s defenses.


Doug Coleman

Doug Coleman

Chief Operating Officer

Doug possesses over 20 years of expertise in corporate finance, information systems, logistics, supply chain management and competitive strategies. He has served in executive management not only for The Roebuck Group, but also Commercial Carrier Corporation, a nationwide transportation and logistics provider. Additionally, he served in senior management at Vology, a global value-added reseller of technology solutions. Doug earned his Bachelor of Science in Chemical Engineering and Master of Business Administration degrees from the University of Florida as well as a Juris Doctorate degree from Stetson University College of Law.