This week, we will experience the longest day of the year: June 21. For IT professionals, more daylight means more time to handle tasks on the back burner, start new projects or even — gasp — take a step back from the cybersecurity front lines. Here’s a look at some top contenders for security tasks worth tackling this summer solstice.

Address New Threats

The cybersecurity skills gap is real — and growing — with a potential shortage of 2 million positions by 2019, according to Forbes. As a result, chief information security officers (CISOs) and IT teams don’t always have time to dig deep on emerging threats while they’re trying to manage day-to-day operations and secure corporate networks.

If slower summer days permit, it’s a good idea to take a hard look at existing security infrastructure and see how it measures up against new threats such as ransomware — WannaCry, anyone? — machine learning-based social engineering and hacktivism efforts. In effect, this task comes down to reading up on new attack vectors and their potential impact.

Dig Into Alerts

Users don’t pay attention to security alerts, and the same goes for IT security professionals. As noted by Phys, users ignore security alerts up to 90 percent of the time, often because they’re attempting to complete multiple tasks at once.

Despite their job description, security experts are at increased risk, since many alerts are effectively false positives and staff members can’t spare the time investigating every single one. If the solstice permits, it’s a great time to tackle the task of determining which alerts are actually useful and which need to be scaled back to avoid the problem of oversaturation.

Resecure Routers

Next on the list of security tasks for this year’s longest day is routers. Compromising a router allows access not just to a single computer, but often an entire network, making it difficult for IT professionals to track down and eliminate all sources of infection and mitigate total damage.

But despite the risks, many companies don’t bother to change stock passwords and login credentials when they roll out new routers. For cybercriminals, this is almost too easy — they can simply use “admin” as the username, visit a site that collects default router passwords to gain entry, and wreak havoc. Security professionals can virtually eliminate this problem by updating all router usernames and passwords.

Handle the Human Factor

While technical safeguards may be circumvented by attackers to gain network access, employees remain a weak point in the cybersecurity equation. According to a study by the School of Comupter Science and Informatics at De Montfort University, half of all analyzed breaches had “human error at their core.”

If security professionals find themselves with a few extra hours this June, take the time to examine staff behavior. Are they clicking on malicious links or opening unknown email attachments? Do current security policies do enough to address these practices? Do staff members have enough knowledge to steer clear of potential risks?

Update Old Software

Windows 7 was a significant avenue of attack for the recent WannaCry ransomware. Although Microsoft released a patch for the OS vulnerability months before the attack, not all businesses applied the security upgrade, leaving networks vulnerable. Some computers running Windows XP were also compromised, but since Microsoft no longer actively supports this OS, IT professionals were on the hook to pay for updates and ensure they were properly implemented.

The takeaway? It’s a good time of year to take a hard look at legacy software and platforms to determine if they’re properly updated or under threat. What may seem like a small patch or minor problem could lead to major compromises down the line. It’s better to take action than to sit back and hope for the best.

Implement Intelligence

Got most of these critical security tasks locked up? Considering new technology to future-proof your defenses? It’s worth taking some time to investigate new avenues such as cognitive security, which looks to improve intelligence analysis, predictive maintenance and risk management using new tools that can actively make connections between security events, existing frameworks and available resources to empower new responses.

Evaluate Current Models

Sometimes it’s best to start from square one. For many companies, months or years of technological improvements, innovations and adoptions have created a security landscape more Frankenstein’s Monster than unified intelligence. This leads to scenarios in which IT security professionals are desperately trying to keep up with new threats even as they walk the tightrope of keeping current systems online and operational.

Instead, security teams should consider an outside assessment. Find a trusted security partner and let it examine your network infrastructure, then suggest security transformation strategies that both integrate across legacy systems and defend against emerging threats.

Take a Breather From Security Tasks

It’s a novel idea, but what about taking some time to rest, refocus and then reimagine organizational security? Think of it like this: There are always security tasks that need attention that could help boost the bottom line or reduce total risk. But even CISOs need a break occasionally to get away from servers, routers and user requests and see things from a different perspective. The result is increased focus, decreased stress and improved ability to focus on the problems at hand.

Listen to the podcast series: Take back control of your cybersecurity now

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…