cybersecurity first

Are you putting cybersecurity first? 7 questions you should be asking

Print Friendly, PDF & Email

The 2021 National Cybersecurity Awareness Month is coming to an end, and the theme for the final week is ‘Cybersecurity First.’ This is meant to underscore the importance of building security into products, processes, workflows, standards, communications, and anything else that touches the internet or some other network.

One of the greatest challenges in cybersecurity is knowing your vulnerabilities. Without enough controls in place your network could fall victim to vulnerabilities in web applications, shadow IT, or any of the 13 types of email threats. Some people resist basic security procedures just because they are inconvenient, and some fail to consider the hidden dangers around IoTOne company was hacked through the IoT sensors in a fish tank. The attackers connected through these sensors and moved laterally throughout the unsegmented business network to further their attack.

This example is one of many that shows the fundamental cybersecurity awareness problem with IoT. It’s easy to assume that a fish tank cannot be hacked, but it’s just as easy to assume that a connected device can be hacked. People tend to think about the fish tanks, not the network-connected sensors.

Key cybersecurity questions

The Cybersecurity First theme reminds you to ask some basic questions to protect your company. For example:

  • How are we training employees to protect their credentials and recognize security threats?
  • Can this remotely controlled thermostat / coffee pot / fish tank be secured from intrusion and bot activity?
  • Is this application being developed with security in mind?
  • Are we using the principle of least privilege to protect data and assets?
  • Is the business network properly planned and segmented?
  • Are there any mobile devices that could introduce a threat to the company network?
  • How are we preventing data loss through accidental disclosures or malicious activity?

Every company must be able to answer these questions and many others like them, depending on the environment. It can get much more complicated when companies take on large IT projects or move to new facilities that have greater automation built into operations.

For tips on building a more secure company, see this tip sheet from the U.S. Cybersecurity & Infrastructure Security Agency (CISA).

Scroll to top