In this podcast, we look at Cybersecurity Awareness Month with Mathieu Gorge, who is CEO of Vigitrust.
We talk with him about how Cybersecurity Awareness Month can be used to refocus organisations and employees on cyber security fundamentals and compliance, especially in the light of the huge changes to working practices brought about by the Covid-19 coronavirus.
Antony Adshead: What is Cybersecurity Awareness Month and why does it matter?
Mathieu Gorge: Cybersecurity Awareness Month is an initiative that has been going on for nearly 20 years. It originated separately in different regions globally, but primarily in the US and Europe.
The US Department of Homeland Security has been working on initiatives for a number of years. So has ENISA, the European Network and Information Security Agency in Europe.
The idea is to bring together industry, governments and researchers to raise the level of awareness around cyber security risks and to filter this down to large enterprises, small businesses and citizens so we are all more secure and more aware of the risks.
Those risks cover a wide range of areas within cyber security: ransomware, phishing, secure email, passwords, GDPR [General Data Protection Regulation] and privacy, mobile device security, social engineering and strong authentication. This year, there is a specific focus on remote working and being aware of scams around Covid as well as malware.
Antony Adshead: What are the implications for storage and backup and compliance that we can draw from the messages around Cybersecurity Awareness Month?
Mathieu Gorge: This month is a great opportunity to go back to basics and get everybody involved. Storage and compliance is not necessarily only the job of the chief security officer, the compliance officer, the security team or the operations team. Everybody has a role to play.
My advice is to take this opportunity to ensure that your staff are aware of the data classification you use, the value of data, the difference between structured and unstructured data, how people want to access data, and the risks.
For example, there are a lot of scams around Covid-19. You may get an email saying there’s a new vaccine or that restrictions have been lifted. You should always be careful if you get an email that looks too good to be true or that looks potentially suspicious or from a source that you don’t know.
Mathieu Gorge, Vigitrust
We’re also seeing a lot of stuff going around the US presidential election.
In terms of storing data, because a lot of folks are working from home now we are seeing the blur between personal and work life have a much bigger impact on cyber security.
So, it’s a good opportunity to train people and explain to them the need to treat company data the same way at home as they would in the office. In fact, some people going back to the office are going to need to be retrained because the office environment has completely changed in terms of where you can store data, whether it is physical or logical data, and who can access it.
This presents a great opportunity right now to either revisit or design and implement a new security awareness programme that covers data storage and the ongoing management of data.
We’ve been covering that for a number of years, but every year we have two opportunities. That’s the month of October and, after that, in January we have a global privacy day.
These are very good times for organisations to make people aware of the value of data and how they need to store, or not store, data.