As I’m sure most of you know, October is National Cybersecurity Awareness Month. The point of this yearly event is to stimulate awareness of the importance of cybersecurity in the workplace and at home. Every year, it seems, cybersecurity becomes more important in the lives of all of us. Identity theft, ransomware, denial of service attacks and a plethora of other cyber-dangers are running rampant and becoming more sophisticated every day. Awareness of these problems and following a few simple security rules can go a surprisingly long way in keeping your networks safe. So why not take advantage of National Cybersecurity Awareness Month to bring awareness to your own personnel and families?
The number one tip I wish to emphasize is this: be wary, think and make sure before you click on a link or answer questions posed by unknown telephone callers. We are all human which means we get in a hurry, we get bored, we lose focus, we get preoccupied and a dozen other frailties. Cybercriminals rely on these human weaknesses to make their cash, and very successful they are at it. As an addendum to this advice, I want to emphasize caution when clicking on links or accessing websites having to do with the Covid-19 emergency or the impending national election. These two subjects are the subjects of more than half of all current phishing attacks.
Next tip: ensure that all of your devices, software applications, operating systems and firmware applications are included in your security maintenance program. Relying solely on WSUS and patching Windows vulnerabilities just doesn’t do the job. All your non-Windows network entities should be updated and patched as well. Also, updating and patching should be applied as soon as possible. You can bet that cybercriminals will not be slow in attacking vulnerable systems.
Tip number three: be very wary of social media use. The amount of private information that we blithely upload to social media sites is astounding! Having been in the intelligence field myself, I know how much information analysts can glean and infer from seemingly harmless business or family facts. You should remember that the information you provide your friends or colleagues on social media is only as private as their own security settings and habits. A good rule of thumb is to not post anything you wouldn’t want a stranger to see. Once again, think before you post!
The last tip I’ll provide here is to use very strong access controls and encrypt every connection and bit of private information you can. With so many of us working from home now, web conferencing is at an all time high. Make sure you use a service that will allow you to encrypt communications. If at all possible, employ multi-factor authentication for web conferences and other sensitive communications as well. If MFA is impossible, use a nice long passphrase instead of some weird nonsensical eight-digit password you can’t remember anyway. Entropy is where it’s at!