By Anthony Murray and Christopher Lombardo

October is National Cybersecurity Awareness Month, which was launched in 2004 by the National Cybersecurity Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance. This year more than ever, cybersecurity is extremely important in keeping individuals and companies safe when online. Protect your online presence this month and beyond by following the tips below.

Connect and Protect

In today’s world, the line between our online and offline lives is no longer clear. While this situation creates opportunities, it also creates many challenges for individuals and organizations around the globe. To reduce your security risk, make sure to regularly update your security software, browsers and operating systems. And set up auto-updates for all of your home devices, so they are always up to date.

All internet-connected devices are a possible entry point for a cyber criminal. Therefore, if you connect it, you’ll need to protect it. For example, earlier this year Ring doorbells were hacked because updates were not applied and strong passwords were not used. Examples of such devices include GPS/distance trackers, fitness and medical monitors, Wi-Fi enabled baby monitors, home security cameras, climate and lighting control systems, and smart appliances. Though we may not think about some of these things being susceptible to hacking, they are often targeted by cyber criminals. To stay safe, keep your devices up to date, frequently change your password and even update your home network security.

Phishing Awareness

Links in emails, tweets, texts, posts, social media messages and online advertisements are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links for downloading anything that comes from a stranger or that you were not expecting. If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from, even if the details appear accurate, do not respond and do not click on any links.

• Follow your gut. If it doesn’t look right—the message is too good to be true, for example—trust your instincts.
• Is the message directly aimed at you? What does the salutation say? Could it be sent to anyone? Of course, knowing your name isn’t always a sign that an email sender can be trusted, but not knowing is a good starting point.
• What are they requesting? Spoofed emails are finely crafted to trick you into giving up your login information for important sites, like your bank account. Have a level of distrust and don’t blindly click a link to log in to important accounts without verifying the URL is correct.
• Are they trying to scare you? This is a favorite tactic for hackers. Maybe they’re telling you your account has been breached, or a payment was rejected. They want you to take action without thinking. Don’t be fooled. Take a moment and think things through.
• How’s their spelling? Yes, the bad guys are getting better with grammar, but poorly written messages are still a sign something is phishy.

Securing Devices

2020 saw a major disruption in the way many people work, learn and socialize online. Our homes and businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet-connected devices for both personal and professional use.

Passwords

• P@s$w0rds_d0n’t_hav3_2_b_th!s_Complic@teD! Seriously, who can remember that? Make your password a passphrase. Remember that length trumps complexity when creating a strong passphrase.
• When it comes to passphrases, it’s best to mix it up. Keep them long, easy to remember and unique for each account.
• No matter how long and strong your passphrase is, a breach is always possible. Make it harder for cyber criminals to access your account by enabling multi-factor authentication.

Applications

• Do all of your apps need to track your location? No! Take a moment now to configure the privacy and security settings of your apps and, while you’re at it, help someone in your household configure theirs.
• Do you know how many of your apps access your contacts, photos and location data? Time to find out! Configure your privacy and security settings to limit how much data you give away.
• Enable automatic app updates in your device settings so your software runs smoothly and you stay protected against cyber threats. Don’t ignore a software update. It can be what protects you from a cyber criminal.
• Keep all software on all internet-connecting devices current. This improves the performance of the devices and your security.
• Rules for keeping tabs on your apps: 1) Delete apps you don’t need or no longer use. 2) Review app permissions. Limit how much data you share with the app. 3) Only download apps from trusted sources.

Social Media

There are few people today who don’t have a social media presence. Cyber criminals know that, and they especially love it when you overshare on social media. They can learn all about you! Be cyber smart and make it harder for them by avoiding posting real names, places you frequent, and your home, school and work locations. Keep Social Security numbers, account numbers and passwords private, as well as specific information about yourself including your full name, address, birthday and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time. Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, limit your connections to people you know and trust. Remember, there is no delete button on the internet. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone may have seen it.

Disinformation

We live in a world of facts and information that we use to form our opinions and make decisions. Sometimes those facts are incorrect, and we make poor decisions. But what if the information we receive is maliciously created to be incorrect?

Disinformation campaigns aren’t limited to individual victims and are often created by sophisticated groups. Organizations are often targeted, resulting in great harm. Here are three reasons why:

1. Damage to reputation: Some attacks are intended to damage an organization’s reputation and create ill will with its customers.
2. Financial gain: Some attacks are created to allow the scammer to profit financially. One example is known as a “pump and dump,” where false press releases and social media are used to promote a company and pump up its stock value. Then the scammer sells, or dumps, the stock for a large gain.
3. Destroying public confidence: Some attacks are carried out by foreign actors, countries and individuals, looking to harm organizations in other countries and drive customers to competitors that they prefer.

How do hackers pull off disinformation?

• Bots: Bots, short for computer “robots,” are software programs that can perform automated tasks and can mimic typical online human actions, such as making, liking and sharing social media posts. Computers infected with malicious bots can be used to spread disinformation and inflate the popularity of selected posts and items.
• Deepfakes: Deepfakes are audio files, videos or photos that have been tampered with to look and sound like something they are not.
• Targeting: Targeting takes all of the information available about you and makes predictions about disinformation you might be receptive to.
• Trolls: Trolls are Individuals who deliberately say false things online to cause negative reactions, create controversy and ruin reputations.

This year, more than ever before, cybersecurity has played an integral part in the daily lives of many people. And though National Cybersecurity Awareness Month is observed during October, the advice provided here can and should be used all year round. Thought leaders are constantly publishing new best practices to keep you safe at home personally and professionally. As we continue to live in a virtual world, cybersecurity should always be top of mind.

I encourage you to register for our upcoming webinar, presented by myself and my colleague, Angela Rose, Security in a Virtual Environment: Protecting Your Workforce at Home.

National Cybersecurity Awareness Month, initiated by the National Cybersecurity Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, is observed in October. The purpose is to raise awareness about the importance of cybersecurity, which is essential to the business operations of MRO. As our company’s information systems security officer, I saw an opportunity to review some important cybersecurity points to protect your online presence this month and beyond.

IT Security Basics for Breach Prevention

Though sophisticated measures are an important part of an effective cybersecurity plan, it is essential to always remember the basics:

• Use passwords – Not only should you have one, you should create one that includes numbers, symbols, and upper- and lower-case letters. And never use your name, birthday or an existing password. Use different passwords across systems, so that if a hacker accesses one system, they cannot easily access all the others. Finally, never share your password. Just because you trust someone does not mean they will protect your password.
• Lock your device – When you are away from your device, lock it to prevent people from viewing sensitive information or using the device. This goes for computers, mobile devices, tablets, etc. Set your device to lock automatically after a certain period of inactivity for stronger data breach prevention.
• Use a secure WIFI connection – Connections at hotels, coffee shops, airports and other public places are not secure. Even if a password is required to use the WIFI at a trusted business or location, those connections are by no means secure and are vulnerable to hacking.

Phishing

In a phishing attack, cyber criminals use an email to lure you into giving them more information. These emails usually look real and are excellently designed to trick you. They will try to collect financial information, login credentials or other sensitive data. Sometimes these criminals use malicious web links, attachments or fraudulent data-entry forms to install harmful software called malware on your device. Falling for a phishing attempt can have serious long-term impacts on your work and home life. Many companies have had billions of confidential personal data leaked, and many people have had their bank accounts cleared out, all due to successful phishing by cyber criminals.

How can you protect yourself against phishing? Follow these simple, but effective steps:

• Think before you click – Does it sound too good to be true? Do you know the sender? Does it have any links or attachments? Does it ask for money, credentials or any other sensitive information that you would not give to a stranger?
• Verify attachments and links before you open them – Hover over the link to see where it is taking you. Do you know that site? Visit the site on your web browser (NOT by clicking the link, but by doing a quick search), and then call the number on the site to inquire about the email message.
• Double and triple check – Email addresses can be “spoofed” meaning they appear to be from a trustworthy source, when in fact they are not. Brands and logos can be copied and pasted from the real, reputable site. Even links can be disguised as legitimate when they are not. Before you do anything, you need to be 100 percent sure that everything is legitimate. When in doubt, simply do not open, click or respond. Report it to your IT security team.

Ransomware

Ransomware is a malicious software that cyber criminals use to deny access to your system or data. These criminals will hold your system/data hostage until ransom is paid. After the initial infection, there will be attempts to spread the ransomware to shared drives and systems. If the demands are not met, the system could remain unavailable or even be deleted altogether.

How do you know if you have ransomware on your computer? A window will pop up telling you that you have XX amount of time to pay a certain amount of money to avoid losing your system or data.

If that happens, take the following steps:

• Unplug the power cord from the back of your PC—don’t just turn it off
• Contact your IT department (via phone) for assistance
• Contact your supervisor

Ultimately, the best way to ensure this does not happen is to avoid unknown links, ads and websites. Do not download unverified attachments or applications. At home, keep your software up to date, and back up data files to a secure location daily. As always, if it looks suspicious, simply do not open, click or respond.

Social Engineering Tactics

Social engineering attacks are directed specifically at human beings. Hacking a human is much easier than hacking a business, so be on the lookout! There are three basic tactics used in this type of hacking. Be aware, and don’t fall for these common tricks:

• In person – Someone gains access through an open door or pretends to be a service technician, someone buys you a drink and tries to extract information, someone looks at your unattended device, or someone is left unattended to use your computer, perhaps during a troubleshooting session
• Phone – Someone calls you pretending to be from an organization asking for donations, pretending to be your bank with a pre-recorded message and asks you to call back to confirm information, or pretending to be a person in authority who intimidates you to give them information
• Digital – Someone uses phishing, someone mimics a trusted social media page to get you to click on malicious links, or someone uses common typos for brand URLs to make you think it’s the real site and click on malicious links

National Cybersecurity Awareness Month: Sobering Stats

Homeland Security recently published some sobering statistics about cybersecurity. Don’t fall victim and be a part of these statistics:

• 47 percent of American adults have had their personal information exposed by cyber criminals
• 600,000 Facebook accounts are hacked every single day
• 65 percent of Americans who went online received at least one online scam offer

Though National Cybersecurity Awareness Month is observed during October, the advice and resources provided above can and should be used all year round to improve cybersecurity in the office and at home. Be a strong link in the cybersecurity chain and practice what you have learned every day.