It’s October which means it’s National Cybersecurity Awareness Month (NCSAM)!! This year the Cybersecurity & Infrastructure Security Agency (CISA) has chosen the theme, Do Your Part. #BeCyberSmart. Being cybersmart is important for each one of us. Nowadays, nearly every member of the family is accessing their home’s Wi-Fi network via electronic devices. For instance, take a minute and look around your house. How many items in your home connect to cyberspace? Don’t just count your computer, and printer. Remember, this also includes all your smart devices. For example, your phone, tablet, watch, doorbell cam, fitness tracker, medical sensors, and your home’s virtual assistant. So, now that you’ve counted everything, is it more than you thought? You’ll no doubt agree that all this connectivity is convenient as well as necessary. However, it can expose you to hidden dangers… if you’re not cybersmart.
In this month’s newsletter we will discuss how you can #BeCyberSmart and protect your cyberspace. We feel our expertise in social engineering complements the NCSAM theme. Inherent to being cybersmart is understanding how bad actors try to obtain your personal information to invade your cyberspace. At Social-Engineer.org (SEORG) this is a topic that is at the very heart of our mission statement, “Security Through Education.” We think you’ll see the close connection between understanding social engineering tactics and cybersecurity, whether it’s protecting your personal network and devices, your virtual workspace, or your classroom.
Let’s start with the basics; securing your home Wi-Fi router, protecting the devices you connect to it, and inspecting your mobile applications.
If You Connect It — You Must Protect It
As we mentioned earlier, connecting to cyberspace is convenient as well as necessary. But it can expose you to hidden dangers. Your home’s Wi-Fi router, what you connect all your electronic devices to, is the primary entry point for cybercriminals. Think of your Wi-Fi router as your front door and make it as secure as possible.
Secure your Wi-Fi newtwork
To #BeCyberSmart, secure your Wi-Fi router by changing the factory-set default username and password. Overlooking this important step is like closing your front door, but not locking it. This informative post by NetSpot takes you step by step through the process. When selecting a password, choose one that does not include personal information such as your name, pets’ names, or birthdays. Bad actors can often find this information on social media accounts, making it easy for them to guess your password and hack your network. To thwart this danger, select a password for your Wi-Fi router that is at least 20 characters long and includes numbers, letters, and various symbols. Are you finding it difficult to create a strong password? This NCSAM tip sheet provides helpful suggestions.
Protect the devices you connect to your Wi-Fi network
Now that you have secured your Wi-Fi network, it’s time to protect the devices you connect to it. To begin with, update your laptop, PC, tablet, and smart phone to the latest security software, web browser, and operating systems. You can make this process easier by enabling automatic updates. Next, strengthen this protection by enabling multifactor authentication (MFA) for services that require logging in to sensitive data such as, your primary email, financial accounts, health records, or social media. If using MFA is new for you, this valuable NSCAM tip sheet provides useful guidance. We also found this helpful resource that lists websites that support MFA.
Inspect your mobile applications
Most of your connected appliances, devices, or toys are supported by mobile applications, commonly known as apps. Without your knowing it, suspicious apps could be running in the background on your mobile device. Or perhaps you unwittingly gave permission for an app to gather personal information that puts your identity and privacy at risk. To #BeCyberSmart and protect this area of your cyberspace, check your app permissions. App permissions are the privileges an app has, such as being able to access your phone’s camera, or your laptop’s contact list. If you need help setting your app permissions, we found this useful post. It provides app permissions information for Android, iOS, Windows, and MacOS users. Lastly, if an app is requesting a permission that doesn’t make sense, deny it.
Now let’s talk business.
#BeCyberSmart – Protect Your Virtual Office
Data breaches don’t typically happen because a criminal has “hacked” into an organization’s infrastructure. Instead, cybercriminals frequently rely on human error. Breaches can often be traced back to a single security vulnerability that included the use of social engineering tactics. For example, an untrained employee who clicks on a malicious link in a phishing email can lead to criminals gaining access to systems. Or, the point of entry could be a vishing call, that scores privileged credentials, such as what happened to Twitter.
Additionally, consider the damage that can result from a picture posted on social media which reveals the company’s uniform style, badge type, or computer system in the background. With that information, a malicious social engineer can impersonate an employee, leading to a physical breach of your company. That is why, to #BeCyberSmart, every employee, from the C-Suite to the newest employee, needs to be vigilant to keep the organization’s data, customers, and capital safe and secure.
To that end, CiSA provides this valuable NCSAM tip sheet, to help every business big or small #BeCyberSmart. Here are a few of their helpful tips:
Treat business information as personal information
The information a business typically has includes a mix of personal and proprietary data, such as your employees’ personally identifiable information (PII) on payroll or tax forms. So, whether it’s trade secrets, company credit accounts, or employee PII, protect your cyberspace and do not share the data with any unknown parties.
Don’t make passwords easy to guess
As smart technology changes, it’s important to remember that, for security measures to work, employees must use them correctly. Taking proper precautions to secure these devices will give your businesses an added layer of security. This includes not only ensuring the correct configurations are in place, but making sure there is a strong, not easily guessed, password. This includes everything from your smart phone and computer to wireless printers and similar devices.
Be up to date
Once your device is configured and has a strong password, it is crucial to make sure your software is updated to the latest version available. This helps maintain your settings and ensures the device is equipped to defend against an attack. If the device no longer supports updates, then upgrading to a new device with supported software should be considered.
Social Media is part of the fraud toolset
A quick Google search may easily give a cyber criminal the information they need to breach your company. Employees need to know the value of the information they are sharing. They need to avoid oversharing on social media and should NEVER conduct business, exchange payment, or share PII on any social media platforms. If you’re looking for a good way to educate your employees, read CISA’s Social Media Cybersecurity Tip Sheet.
School’s back in session. Time to head to class.
#BeCyberSmart – Protect Your Virtual Classroom
The Covid-19 pandemic triggered a hasty switch to remote learning for most school districts in the U.S. Due to this switch, a flurry of ransomware attacks began targeting school systems. Oklahoma, Connecticut, Las Vegas, Florida, and North Carolina all reported ransomware attacks within the first week of classes starting. Notably, Hayward County schools in North Carolina shut down for more than a week. Unfortunately, sensitive data belonging to employees and students was compromised in the attack. Indeed, schools quickly realized that their systems were not adequate to protect against cyberattacks.
Like many businesses in 2020, schools are using services and systems they have never used before. A student data privacy compliance consultant stated, “The critical piece for schools and districts is to really refresh the fundamentals of privacy. Don’t just try something new because it’s new. Think really carefully.” So, how do schools and teachers make sure that their security foundation is in place?
3 Steps to Improve Your Security Foundation
- Protect remote users’ devices — Install security software to stop malware and viruses. Update all applications and install security patches immediately.
- Secure your cloud applications – According to a recent report, nearly 80% of companies have experienced a cloud data breach in the last 18 months. This fact highlights an important point, it’s important to practice good cyber security hygiene. Especially when using applications that access your email, calendars, and file-sharing tools via the web. Use strong passwords for the application accounts and refrain from reusing those passwords for other applications. Multi-Factor Authentication (MFA) should be setup to give added layers of security.
- Educate – teachers (and all staff) should become the students. Educating your staff on the dangers of phishing emails and vishing phone calls is vital to protect your school.
In addition to these security measures, to #BeCyberSmart, young people must understand how to recognize online dangers. Schools, teachers, and parents, you play a key role in this education!
Schools, Teachers, and Parents — Protect Your Students and Kids!
Virtual learning may be with us for the foreseeable future. While it’s necessary, it does mean that students/kids may be venturing into cyberspace at a younger age and for longer periods of time. They need guidance that will help them #BeCyberSmart. So, what can schools, teachers, and parents do to help their K-12 students and kids? Here’s three areas to look at.
Provide a Responsible Use Policies (RUPs)
Many schools are providing laptops and other electronics for their students to use for their virtual classes. To help outline the school’s expectations of the student’s behavior with these devices, schools are encouraged to have RUPs for the students to read and sign. A RUP is an agreement written in simple and accessible language among parents, guardian’s students and student personnel that outlines the terms of responsible use and consequences for misuse. The RUP should highlight the school’s expectation of online behavior, resources that can be accessed, academic integrity when using technology, and how student data and information will be used by the school. A good example of a RUP can be found via the NYC Department of Educations website.
Filter and Block Content
Preventing students from accessing inappropriate content by using filtering and blocking software allows users to only access preapproved websites. Teachers and staff should help determine what sites should be blocked. Regular audits should be conducted to ensure appropriate online education material can still be accessed.
Education and Training
Teachers, staff, and parents educate your young people on online safety. NCSAM provides this excellent online safety tip sheet for kids grades K-8. And, resources from Stop.Think.Connect, a campaign ran by the U.S. department of Homeland Security, provides videos, an interactive toolkit, and blogs to help raise awareness of cyber threats and how to stay safe online.
#BeCyberSmart — A Way of Life
As our connectivity to cyberspace increases, we must remain alert and vigilant to protect it. These helpful links we provided to NSCAM tip sheets will keep you on the cybersecurity path. Whether it’s home, business, or school systems, understanding the value of the information you hold is the first step. Once you understand it’s value, you must recognize the social engineering tactics that bad actors use to steal it. Finally, you must lock that information down. This is how we can all #BeCyberSmart and protect our cyberspace. Not just in October, but… as a way of life.
SEORG is preparing a special blog which examines in closer detail the NCSAM Week 2 topic, “Securing Devices at Home and Work”. Look for it here on our website. But wait… there’s more! “Securing Internet-Connected Devices in Healthcare” is the focus for Week 3 of the NCSAM campaign. In view of this, our corporate website, Social-Engineer.com is examining this topic in a special blog. Look for it in the SENews section.
Written by: Social-Engineer