Happy National Cybersecurity Awareness Month!
October is the month of spooky scares, so it makes sense that National Cybersecurity Awareness Month is also recognized at this time—after all, what’s more scary than, for example, having someone phish for your personal information and using said info to ruin your credit or losing your password to hackers so they have access to your bank account?
For those reasons and many more, National Cybersecurity Awareness Month is an important time for us PagerDuty—particularly for, surprise surprise, our Security Team. It’s also a time for everyone, not just security, to reflect on the importance of security awareness. And in honor of National Cybersecurity Awareness Month, we’d like to share what we do at PagerDuty to keep security top of mind for everyone.
PagerDuty Security Best Practices
At PagerDuty the philosophy of our Security Team is to make being secure as easy as possible for employees. They do this by making the Security Team approachable and accessible to everyone, not assigning blame or calling anyone out when a mistake happens, and making it easy to report potential security issues via email or Slack. Some questions they have received in the past include:
- What should I do if I think I got phished?
- When is it okay to open an email attachment?
- How can I get rid of spam from my email?
The team also presents risky security scenarios at our monthly company all-hands meetings and kicks off the annual, company-wide Cybersecurity Awareness Game. All employees are encouraged to participate in the game and earn points for a prize by:
- Finding and returning suspicious devices, such as random USB thumb drives lying around, to the Security Team in our San Francisco and Toronto offices
- Reporting phishing emails to the Security Team, which is also something we encourage year round
- Reporting any PagerDuty secrets or credentials found on PagerDuty sites (and other sites, too!)
There’s a lot you can do to increase security awareness at your organization; after all, just one innocent mistake can lead to a data breach, putting your company’s data and possibly your customers at risk.
Finally, if you haven’t already, check out our open-source employee security training (we have one for everyone and one for engineers). It provides some best practices and tips for employees to improve their security awareness, including:
- Keeping an eye out for social engineering
- How to keep the office and equipment secure
- Identifying suspicious pop-ups and links
- What to do with an email from an unknown sender
- How to choose a strong password and using multi-factor authentication
- How to handle data securely
- When to ask the Security Team for help (answer: when in doubt, ask!)
National Cybersecurity Awareness Month may just 31 days out of a year, but at PagerDuty, we make security everyone’s responsibility every day of the week—and we highly recommend the same to all organizations.