October 2020 is the 7th year of National Cybersecurity Awareness Month (NCSAM). NCSAM continues to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online.
The Department of Homeland Security and the National Cyber Security Alliance (NCSA) are proud to announce this year’s theme: “Do Your Part. #BeCyberSmart.” This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability, and the importance of taking proactive steps to enhance cybersecurity. NCSAM emphasizes“If You Connect It, Protect It.”
For each week of Cyber-Security Awareness Month, CIS will present a short but entertaining video emphasizing simple steps you can take to #BeCyberSmart! Take these steps so, "If you connect it, you can Protect it," both at work and at home. These videos were produced by Adobe in conjunction with the National Cyber Security Alliance (NCSA)staysafeonline.org where you can find a wide range of topics, to include information and resources to share with your kids to help keep them safe in this digital world.
Do Your Part. #BeCyberSmart
Security Awareness Week 1: Passwords
Passwords provide the first line of defense against unauthorized access to your computer and personal information. The stronger your password, the more protected your computer will be from hackers and malicious software.
Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone with an authenticator app like DUO!
Shake up your password protocol. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
Security Awareness Week 2: Data Handling
The use of data helps make our lives more convenient and streamlined which likely means the proliferation of online data and devices are here to stay. There is one best practice that each of us can apply that will help personal data stay more secure – only share on a need-to-know basis.
Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab a coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when online shopping or banking.
Security Awareness Week: 3 Computer Theft
Having something stolen from you tends to leave an indelible feeling of violation and injustice. If what is stolen is an electronic device (e.g. laptop, phone, flash drive), not only is the property gone but so is your data. Stolen data can be a more damaging long term than the loss of the physical device itself. The data could be personal or company data. If the device is able to be used by the thief, there are many ways the device can become of value.
The most important best practice is to not leave devices unattended in public places. This includes a locked car. In many cities, car break-ins are extremely common. Even if you think your risk might be lower, don’t take a chance. Take your devices with you!
Security Awareness Week: 4 Phishing and Ransomware
Phishing, we’ve heard of it, but what does it mean? In summary, it is a tool and method attackers use to try and coerce people into clicking on a malicious site or download, potentially leading to a security issue.
Ransomware is an especially dangerous consequence of falling for a phishing attempt. Ransomware is software that locks down data by encrypting it and won’t be unlocked through decryption until a ransom is paid. To protect yourself from ransomware:
Be waryof suspicious emails and look for the signs.
Make sure your antivirus software is up to date and running. It’ll help stop the ransomware in its tracks.
If ransomware is installed, then if you’ve backed up your data, you can ignore the threat and restore the data. Unfortunately, in many cases and especially for large enterprises, the cost of the ransom is significantly less than the cost to restore the data, even if it’s backed up. Therefore, the first and second layers of protection are critical.
Removable media and devices are portable hardware. The most common is a USB flash drive but other forms could be an external hard drive or SD card.
When it comes to cybersecurity best practices, removable media and devices must only be plugged or inserted into your computer if you trust/know the source.
Security Awareness is not just for computers. “Vishing” which is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to trick individuals to reveal personal information, such as bank details and credit card numbers.
How to spot a vishing scam
Here are some of the tell-tale signs of a vishing scam:
The caller claims to represent the IRS, Medicare, or the Social Security Administration.Unless you've requested contact, none of these federal agencies will ever initiate contact with you by email, text messages, or social media channels to request personal or financial information. In fact, be skeptical of anyone who calls you with an offer.
There's a frantic sense of urgency.Scammers will try to tap into your sense of fear, using threats of arrest warrants and problems with your account. If you get one of these phone calls, remain calm and never give out your own information. Hang up and do your own investigation.
The caller asks for your information.They may ask you to confirm your name, address, birth date, Social Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.