October is National Cybersecurity Awareness Month, and the Computer Society is bringing you daily tips, tools, and resources to celebrate. Check back daily for your tip of the day and be sure to sign up for our webinar featuring Steven Bay, the former NSA boss of Edward Snowden, who will explore the Snowden breach and provide strategies to protect you and your business.
IEEE Computer Society’s Top Tips for Cybersecurity Awareness Month 2019
31. Protect your customers’ financial data.
- Encrypt transmission of credit card data across both open and public networks.
- Restrict all access to cardholder data to only key roles within your business.
- Restrict all physical access to cardholder data.
30. Protect your customers’ personal data.
- Create and maintain a firewall configuration for the purpose of protecting customers’ data. Take steps to protect all stored customers’ data.
- Avoid using vendor-supplied defaults for passwords and security parameters throughout your system.
29. Train your employees to recognize phishing attempts.
Cyber attackers use phishing techniques such as spam emails and phone calls to find out information about employees, obtain their credentials, or infect systems with malware.
Your basic defense involves getting a properly configured spam filter and ensuring that the most obvious spam is blocked. Educate your employees about handling popular phishing techniques.
28. Be aware of phishing scams
- Clicking a malicious link, or opening an attachment can infect your system with malware, a trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts.
- Don’t open email from people you don’t know.
- Know which links are safe and which are not. Hover over a link to discover where it directs to.
- Be suspicious of the emails sent to you in general. Look to see where it came from and if there are grammatical errors.
- Malicious links can come from friends who have been infected too. So, be extra careful.
27. Bonus tip: Our popular SE Radio podcast also offers free episodes this month about security:
Zero-Trust Networks: Evan Gilman and Doug Barth, authors of “Zero Trust Networks: Building Secure Systems in Untrusted Networks” discuss zero-trust networks. The discussion covers the perimeter network architecture; the threat model in modern networks; the meaning of “trust in the network”; why we should not trust our networks (it’s probably already owned); the concept of zero trust in the network; design of the zero-truest network; the control plane and the data plane; trust scoring – behavioral, policy-driven, and uses of ML/AI. encryption; running your own internal CA; trusting apps; the secure build pipeline; DevOps and the zero-trust model; tools and frameworks; and where are we in the adoption curve?
People are the weakest link in cyber systems. The first line of defense against cyber malfeasance is human awareness of what is happening, what can happen, how it happens, how it can be kept from happening. IEEE Security and Privacy is a magazine devoted to increasing the awareness of its readership to issues like these.
25. Know who your friends are.
Be careful accepting friend requests from people you don’t know. People can create fake accounts or impersonate someone you know in order to friend you and gain access to the private social media information you share only with friends. Don’t accept requests from strangers, and don’t automatically accept a request from someone on your friend list. If it’s a fake account, report the account and block the user.
24. Protect your sensitive information.
Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data.
23. Practice physical cyber safety.
Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
22. Practice safe clicking.
Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
21. Protect your personal information.
Limit availability of personal information. Limiting the number of people who have access to contact information or details about interests, habits, or employment reduces exposure to bullies that you or your child do not know. This may limit the risk of becoming a victim and may make it easier to identify the bully if you or your child are victimized.
The bottom line here is that “umbrella” terms like “cybersecurity” do not lead researchers, practitioners, and the general public into any real understanding of the fundamental issues related to malicious behavior and malicious intent. Refreshing terms from time to time is usually futile and frustrating, but I think for this one it might be timely and beneficial.
Today, cyberphysical systems interact with the real world, with vastly more variables, most of which the system has no control over. Such systems may be networked into “internet of things” configurations, with an enormous number of possible interactions with potentially less control over what is coming into the system; possibly unknown sources, or unpredictable numbers of connections.
Can we ever get a handle on assurance for today’s autonomous systems with vast interconnections and non-determinism? Yes, one way forward is to provide measures for the degree to which the environments in which these systems are tested reflect the range of conditions that will be encountered in the real world.
18. Use multi-factor authentication.
MFA helps you protect sensitive data by adding an extra layer of security, leaving malicious actors with almost no chance to log in as if they were you. Even if a malicious actor had your password, they would still need your second and maybe third “factor” of authentication, such as a security token, your mobile phone, your fingerprint, or your voice.
17. Update your software regularly.
This is especially important with your operating systems and internet security software. Cybercriminals frequently use known exploits, or flaws, in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.
16. Protect your home network (Wi-Fi).
It’s a good idea to start with a strong encryption password as well as a virtual private network. A VPN will encrypt all traffic leaving your devices until it arrives at its destination. If cybercriminals do manage to hack your communication line, they won’t intercept anything but encrypted data. It’s a good idea to use a VPN whenever you use a public Wi-Fi network, whether it’s in a library, café, hotel, or airport.
15. Protect your children’s privacy.
Be aware that many baby monitors and smart toys can collect information and perform surveillance on your child’s activities that are a clear invasion of privacy. Research the toy and find out ways to keep sensitive information off the manufacturer’s website.
14. Bonus Tip: A special podcast on how to secure your API
Our popular SE Radio podcast also offers free episodes this month about cybersecurity. The first such episodes is “Securing Your API” with Neil Madden, author of the API Security in Action book and security director of ForgeRock, who discusses the key technical features of securing an API. Host Gavin Henry spoke with Madden about API versus Web App security; choice of authentication tokens; the various security models you can follow, NIST-800-92, ISO27001, STRIDE, CIA Triad; audit log best practices; mistakes that have been made; what to log; how to protect yourself from bad users; when to log something; the benefits of HTTPS; using Encrypted JWT; and which is harder, API or Web App dev; and the ongoing security battle of change. Listen to the “Securing Your API” podcast.
13. Protect yourself and your children online.
Teach your children good online habits. Explain the risks of technology, and teach children how to be responsible online. Reduce their risk by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, tablets, etc.).
In 2019, using a secure internet network is more important than ever. Cybercriminals continually find new ways to gain access to personal information they later use or sell to others. If you’re not protected, your privacy is at risk.
In theory, a Virtual Private Network (VPN) is a good way to protect your privacy through encryption and a masked IP address. However, a VPN will only protect your privacy if it’s set up and working correctly.
As a business owner, you can invest in the latest and greatest technology to keep your data safe and your systems secure. You can employ VPNs, firewalls, and end-to-end encryption to keep everything on lockdown. But no matter how much time or money you invest, the security of your organization is still going to be in the hands of your employees. Read more for the seven important habits your employees should have.
10. Lock down and manage your social media settings.
Keep your personal and private information locked down. Social engineering cybercriminals can often get your personal information with just a few data points, so the less you share publicly, the better. For instance, if you post your pet’s name or reveal your mother’s maiden name, you might expose the answers to two common security questions.
9. Follow these three steps to eliminate a ransomware infection:
- Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities.
- Turn off other computers and devices. Power-off and segregate (remove from the network) the infected computer(s).
- Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
8. Know when it’s safe to enter personal information.
- Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.
7. Use these precautions with email.
- Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know.
- Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly.
6. BONUS TIP: While biochips are here to stay, know the security risks and rewards.
Now the ante is being raised as microchip implants are starting to be used in humans more frequently not only as a health tool but in the business environment as well.
5. Secure your company’s CCTV.
For IT management, few issues are more challenging or relevant than cybersecurity. And when it comes to CCTV and other forms of surveillance video footage, it’s important to implement a forward-thinking security plan to prevent confidential information and data from ending up in the wrong hands.
4. Prevent ransomware infections.
- Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
- Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches.
- Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques.
3. Protect your data and networks from ransomware.
To guard against ransomware, perform frequent backups of your system and other important files, and verify them regularly. Your best move is to store your backups on an external hard drive or another device that cannot be accessed from a network. Lastly, companies should provide cybersecurity awareness training to their personnel.
2. Use a good password manager.
Juggling multiple online accounts with unique passwords can be daunting. A password management application can help you to keep your passwords locked down.
1. Build and maintain a strong password.
Make your passwords complex by using a combination of at least 10 letters, numbers, and symbols. Don’t use the same password on different sites, and change your passwords regularly.