National Cybersecurity Awareness Month, initiated by the National Cybersecurity Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, is observed in October. The purpose is to raise awareness about the importance of cybersecurity, which is essential to the business operations of MRO. As our company’s information systems security officer, I saw an opportunity to review some important cybersecurity points to protect your online presence this month and beyond.
IT Security Basics for Breach Prevention
Though sophisticated measures are an important part of an effective cybersecurity plan, it is essential to always remember the basics:
- Use passwords – Not only should you have one, you should create one that includes numbers, symbols, and upper- and lower-case letters. And never use your name, birthday or an existing password. Use different passwords across systems, so that if a hacker accesses one system, they cannot easily access all the others. Finally, never share your password. Just because you trust someone does not mean they will protect your password.
- Lock your device – When you are away from your device, lock it to prevent people from viewing sensitive information or using the device. This goes for computers, mobile devices, tablets, etc. Set your device to lock automatically after a certain period of inactivity for stronger data breach prevention.
- Use a secure WIFI connection – Connections at hotels, coffee shops, airports and other public places are not secure. Even if a password is required to use the WIFI at a trusted business or location, those connections are by no means secure and are vulnerable to hacking.
In a phishing attack, cyber criminals use an email to lure you into giving them more information. These emails usually look real and are excellently designed to trick you. They will try to collect financial information, login credentials or other sensitive data. Sometimes these criminals use malicious web links, attachments or fraudulent data-entry forms to install harmful software called malware on your device. Falling for a phishing attempt can have serious long-term impacts on your work and home life. Many companies have had billions of confidential personal data leaked, and many people have had their bank accounts cleared out, all due to successful phishing by cyber criminals.
How can you protect yourself against phishing? Follow these simple, but effective steps:
- Think before you click – Does it sound too good to be true? Do you know the sender? Does it have any links or attachments? Does it ask for money, credentials or any other sensitive information that you would not give to a stranger?
- Verify attachments and links before you open them – Hover over the link to see where it is taking you. Do you know that site? Visit the site on your web browser (NOT by clicking the link, but by doing a quick search), and then call the number on the site to inquire about the email message.
- Double and triple check – Email addresses can be “spoofed” meaning they appear to be from a trustworthy source, when in fact they are not. Brands and logos can be copied and pasted from the real, reputable site. Even links can be disguised as legitimate when they are not. Before you do anything, you need to be 100 percent sure that everything is legitimate. When in doubt, simply do not open, click or respond. Report it to your IT security team.
Ransomware is a malicious software that cyber criminals use to deny access to your system or data. These criminals will hold your system/data hostage until ransom is paid. After the initial infection, there will be attempts to spread the ransomware to shared drives and systems. If the demands are not met, the system could remain unavailable or even be deleted altogether.
How do you know if you have ransomware on your computer? A window will pop up telling you that you have XX amount of time to pay a certain amount of money to avoid losing your system or data.
If that happens, take the following steps:
- Unplug the power cord from the back of your PC—don’t just turn it off
- Contact your IT department (via phone) for assistance
- Contact your supervisor
Ultimately, the best way to ensure this does not happen is to avoid unknown links, ads and websites. Do not download unverified attachments or applications. At home, keep your software up to date, and back up data files to a secure location daily. As always, if it looks suspicious, simply do not open, click or respond.
Social Engineering Tactics
Social engineering attacks are directed specifically at human beings. Hacking a human is much easier than hacking a business, so be on the lookout! There are three basic tactics used in this type of hacking. Be aware, and don’t fall for these common tricks:
- In person – Someone gains access through an open door or pretends to be a service technician, someone buys you a drink and tries to extract information, someone looks at your unattended device, or someone is left unattended to use your computer, perhaps during a troubleshooting session
- Phone – Someone calls you pretending to be from an organization asking for donations, pretending to be your bank with a pre-recorded message and asks you to call back to confirm information, or pretending to be a person in authority who intimidates you to give them information
- Digital – Someone uses phishing, someone mimics a trusted social media page to get you to click on malicious links, or someone uses common typos for brand URLs to make you think it’s the real site and click on malicious links
National Cybersecurity Awareness Month: Sobering Stats
Homeland Security recently published some sobering statistics about cybersecurity. Don’t fall victim and be a part of these statistics:
- 47 percent of American adults have had their personal information exposed by cyber criminals
- 600,000 Facebook accounts are hacked every single day
- 65 percent of Americans who went online received at least one online scam offer
Though National Cybersecurity Awareness Month is observed during October, the advice and resources provided above can and should be used all year round to improve cybersecurity in the office and at home. Be a strong link in the cybersecurity chain and practice what you have learned every day.