October marks National Cyber Security Awareness Month (NCSAM). A month-long public awareness campaign designated by the United States Department of Homeland Security (DHS), NCSAM is designed to help users in the United States learn about cyber security. It includes resources and tools that people can use to stay safe on the web.
NCSAM occurs at the same time as European Cyber Security Month (ECSM), an initiative which promotes cyber security best practices among users in the European Union
The first week of NCSAM starts off essentially the same as that for ECSM. Each campaign's Week One theme focuses on how everyone can strengthen their digital security. Acknowledging that topic, here's some tips that you, your family, your friends, and your co-workers can all use to augment your online safety.
Attackers are constantly looking for ways to first make contact with a potential victim. One of the most common attack vectors is email. Bad actors understand we as users are curious, so they like to exploit our human nature by sending us phishing emails sometimes laced with ransomware and other malware.
Fortunately, we can easily avoid phishing scams by exercising caution around suspicious links and email attachments. To protect against spam-borne ransomware, we should maintain an anti-virus solution on our computers and back up our data regularly in the event we fall victim to a crypto-malware infection.
For more information on how you can counter phishing and ransomware, please consider attending Metacompliance's upcoming webcast "Is Phishing and Ransomware a Critical Issue for You Yet?" on 19 October at 2pm GMT/9am EST.
Our web account security begins and ends with passwords. To be fair, that might not always be the case. Alternate forms of authentication could replace passwords one day. But for the time being, we will continue to rely on passwords to verify ourselves for most web services.
We can make the most out of passwords' persistence by choosing strong passwords for our web accounts, that is, combinations that do not contain dictionary words; that incorporate upper- and lower-case letters, numbers, and symbols; and that ideally extend for at least 16 characters. Each and every web account should receive its own password that meets those criteria.
Once we have chosen strong, unique passwords, we should store them in a password manager so that we don't have to remember them or write them down. Users should also enable two-step verification (2SV) on any and all web services that support the security feature.
Not a day goes by when there isn't word about a new software vulnerability, which is why all reputable software companies these days have security teams who look for coding errors and patch them in security updates.
In most cases, however, patching is not an automatic process. We need to make sure we receive alerts from the companies whose software we use about new vulnerabilities and exploits.
If a patch is available at the time of disclosure, we should implement those fixes as soon as possible. Doing so will protect our computers against exploit kits, malicious software packages that scan for unpatched vulnerabilities with the hope they can leverage a flaw to install ransomware or other malware onto our computers.
If a fix isn't immediately available, it's up to us to learn when a patch will become available and whether we can implement any mitigation techniques in the meantime.
Social media platforms such as Facebook and Twitter enable members to connect with people from around the world. But let's face it: even though we might have 10,000 friends or followers, not all of those people might have our best interests in mind. Which is why we need to be careful about how we navigate social media sites.
Social networking platforms might be all about sharing information. But that doesn't mean you shouldn't be careful about what data you share. You should never share your birthdate, Social Security Number, or other sensitive information. Bad actors could use those details to steal your identity.
Additionally, it would behoove us to not overshare other bits of information, such as by when we're on a vacation. That kind of update could be all one of our "friends" needs to know so that they can rob our homes without worrying about us coming back.
Bad actors are more often than not after our personal information. To fend them off, we need to do everything in our power to keep our personal information safe.
At the most basic level, we should never do any banking on a Wi-Fi hotspot or over public Wi-Fi. You never know who might be listening in on the network, so it's better to just not take the chance and wait until we can connect to a private, password-protected Wi-Fi network.
After taking our first steps, we can move on to some more advanced defensive measures. That includes shredding all important documents containing our sensitive personal and financial information that we don't need anymore, as well as restricting our privacy settings on all of our public-facing web accounts.
NCSAM is a month-long initiative during which organizations are encouraged to instruct their employees about how to stay safe online. One of the ways they can do that is by creating or strengthening their security awareness training program to incorporate phishing, ransomware, policy management, and number of important themes that are important in today's workplace.
Does this sound of interest to you?
If so, contact Metacompliance and learn how its e-learning solutions can drive home each NCSAM theme to your employees.