IEEE Computer Society's Tips of the Day for Cybersecurity Awareness Month 2019

October is National Cybersecurity Awareness Month, and the Computer Society is bringing you daily tips, tools, and resources to celebrate. Check back daily for your tip of the day and be sure to sign up for our webinar featuring Steven Bay, the former NSA boss of Edward Snowden, who will explore the Snowden breach and provide strategies to protect you and your business.

IEEE Computer Society’s Top Tips for Cybersecurity Awareness Month 2019

20. What really is cybersecurity? It’s time for a new term.

The bottom line here is that “umbrella” terms like “cybersecurity” do not lead researchers, practitioners, and the general public into any real understanding of the fundamental issues related to malicious behavior and malicious intent. Refreshing terms from time to time is usually futile and frustrating, but I think for this one it might be timely and beneficial.

19. Bonus Tip: Cyberphysical Systems and Security: Testing Must Reflect the Real World

Today, cyberphysical systems interact with the real world, with vastly more variables, most of which the system has no control over.  Such systems may be networked into “internet of things” configurations, with an enormous number of possible interactions with potentially less control over what is coming into the system; possibly unknown sources, or unpredictable numbers of connections.

Can we ever get a handle on assurance for today’s autonomous systems with vast interconnections and non-determinism?  Yes, one way forward is to provide measures for the degree to which the environments in which these systems are tested reflect the range of conditions that will be encountered in the real world.

18. Use multi-factor authentication.

MFA helps you protect sensitive data by adding an extra layer of security, leaving malicious actors with almost no chance to log in as if they were you. Even if a malicious actor had your password, they would still need your second and maybe third “factor” of authentication, such as a security token, your mobile phone, your fingerprint, or your voice.

17. Update your software regularly.

This is especially important with your operating systems and internet security software. Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.

16. Protect your home network (Wi-Fi).

It’s a good idea to start with a strong encryption password as well as a virtual private network. A VPN will encrypt all traffic leaving your devices until it arrives at its destination. If cybercriminals do manage to hack your communication line, they won’t intercept anything but encrypted data. It’s a good idea to use a VPN whenever you use a public Wi-Fi network, whether it’s in a library, café, hotel, or airport.

15. Protect your children’s privacy.

Be aware that many baby monitors and smart toys can collect information and perform surveillance on your child’s activities that are a clear invasion of privacy. Research the toy and find out ways to keep sensitive information off the manufacturer’s website.

14. Bonus Tip: A special podcast on how to secure your API

Our popular SE Radio podcast also offers free episodes this month about cybersecurity. The first such episodes is “Securing Your API” with Neil Madden, author of the API Security in Action book and security director of ForgeRock, who discusses the key technical features of securing an API. Host Gavin Henry spoke with Madden about API versus Web App security; choice of authentication tokens; the various security models you can follow, NIST-800-92, ISO27001, STRIDE, CIA Triad; audit log best practices; mistakes that have been made; what to log; how to protect yourself from bad users; when to log something; the benefits of HTTPS; using Encrypted JWT; and which is harder, API or Web App dev; and the ongoing security battle of change. Listen to the “Securing Your API” podcast.

13. Protect yourself and your children online.

Teach your children good online habits. Explain the risks of technology, and teach children how to be responsible online. Reduce their risk by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, tablets, etc.).

12. Bonus Tip: A VPN will only protect your privacy if it’s set up and working correctly

In 2019, using a secure internet network is more important than ever. Cybercriminals continually find new ways to gain access to personal information they later use or sell to others. If you’re not protected, your privacy is at risk.

In theory, a Virtual Private Network (VPN) is a good way to protect your privacy through encryption and a masked IP address. However, a VPN will only protect your privacy if it’s set up and working correctly.

11: Bonus Tip: The 7 Most Important Employee Habits to Establish for Higher Cybersecurity

As a business owner, you can invest in the latest and greatest technology to keep your data safe and your systems secure. You can employ VPNs, firewalls, and end-to-end encryption to keep everything on lockdown. But no matter how much time or money you invest, the security of your organization is still going to be in the hands of your employees. Read more for the seven important habits your employees should have.

10. Lock down and manage your social media settings.

Keep your personal and private information locked down. Social engineering cybercriminals can often get your personal information with just a few data points, so the less you share publicly, the better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you might expose the answers to two common security questions.

9. Follow these three steps to eliminate a ransomware infection:

  • Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities.
  • Turn off other computers and devices. Power-off and segregate (remove from the network) the infected computer(s).
  • Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.

8. Know when it’s safe to enter personal information.

  • Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.

7. Use these precautions with email.

  • Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know.
  • Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly.

6. BONUS TIP: While biochips are here to stay, know the security risks and rewards.

Now the ante is being raised as microchip implants are starting to be used in humans more frequently not only as a health tool but in the business environment as well.

5. Secure your company’s CCTV.

For IT management, few issues are more challenging or relevant than cybersecurity. And when it comes to CCTV and other forms of surveillance video footage, it’s important to implement a forward-thinking security plan to prevent confidential information and data from ending up in the wrong hands.

4. Prevent ransomware infections.

  • Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
  • Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches.
  • Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques.

3. Protect your data and networks from ransomware.

To guard against ransomware, perform frequent backups of your system and other important files, and verify them regularly. Your best move is to store your backups on an external hard drive or another device that cannot be accessed from a network. Lastly, companies should provide cybersecurity awareness training to their personnel.

2. Use a good password manager.

Juggling multiple online accounts with unique passwords can be daunting. A password management application can help you to keep your passwords locked down.

1. Build and maintain a strong password.

Make your passwords complex by using a combination of at least 10 letters, numbers, and symbols. Don’t use the same password on different sites, and change your passwords regularly.