Welcome to Week 3 #CyberAware

Standard

This week’s National Cybersecurity Awareness Month theme is “It’s Everyone’s Job to Ensure Online Safety at Work.”  While you’d think this is obvious, it’s still not.

educate-all-employess-v1.png

Consider these stats:

  • Verizon‘s 2018 Data Breach Report, a highly respected annual report on the state of cybersecurity, notes that 58% of cybercrime is taking place in small and mid-size businesses (SMB’s).
  • The cost of cyber attacks to SMB’s was more than $2,235,000, on average.
  • The Better Business Bureau finds that more than half of small businesses would be unprofitable within a month, if they were to permanently lost access to their critical data.
  • Nine of our ten small business report some basic security in place.  This consists of anti-virus protection, firewalls and employee education.

The first topic for this week is indentifying your digital “crown jewels.”  This remains an annual part of National Cybsecurity Awareness Month as knowing what is important is the first step to protecting it.

Check out the CyberSecure My Business resource page related to “Identify.”

There you will find a wealth of resources to help you identify your most important data and systems.  I encourage you to review all of the resources listed on that page.  I strongly recommend you watch the National Cyber Security Alliance webinar titled “Learn to Identify Key Assets and Data.”

Before you can implement an effective plan to protect your organization, you must take the necessary steps to understand what needs to be protected.  These resources will help you do this efficiently.  Get to it!

Why Careers in Cybersecurity? #CyberAware

Standard

teach-kids-about-cybersecurity-careers-v1

As we continue along in Week 2 of National Cybersecurity Awareness Month, the focus is on careers in cybersecurity.  Consider some of these stats:

  • There will be 3.5 million cybsecurity jobs by 2021.
  • Cybercrimes cost victims $3 trillion dollars in 2015 and is predicted to double to $6 trillion by 2021!
  • The median salary for an information security professional was $95,510 in 2017, more than double the median average of all U.S. careers.
  • Most millennials look to their parents for career advice (40%).  That percentage rises to 57% when talking about cybersecurity careers.
  • Over the last several years, the number of teachers who talk with their students about cybersecurity has tripled.  This is great!

Here’s what you can do, especially if you are a parent:

  1. Volunteer at a school and talk about the growing career options in cybersecurity.  We can’t start too young.  Check out this link for resources you can use to start the discussion.
  2. Check out CyberPatriot and think about mentoring kids in a cybersecurity challenge event.
  3. If you know someone who works in the cybersecurity field, see if you can get them to come and talk with students or host an open house for students at their company.
  4. Educate youself about cybersecurity careers so you can help spread the message.
  5. Work with your schools and school boards to educate them on the importance of cybersecurity education to help prepare our kids for their future.
  6. Visit CompTIA, the Computing Technology Industry Association and explore the resources related to cybersecurity education and workforce development.

Welcome to Week 2 #CyberAware

Standard

week-2-twitterToday starts week two of National Cybersecurity Awareness Month.  This week’s theme is “Millions of Rewarding Jobs: Educating for a Career in Cybersecurity.”

It’s estimated that there will be more than 3.5 million cybersecurity jobs by 2021.  According to the Bureau of Labor Statitistics, that’s a 28% growth rate over the 10 year period from 2016 to 2026.  It’s not just about coding anymore!

The most important thing we can do to help build our cybersecurity workforce is talk with our kids.  Too much of our public education system is focused on coding as the only IT career path.  To be clear, software development is an important and needed skill, but it’s not the only skill that our kids can pursue.  It’s our obligation, as parents and professionals, to educate our kids on all of the IT career options available to them and cyberecurity is a significant area of growth and need.

There are some excellent resources available at this link to help start these conversations.  Download the tip sheet on that page and share it with your kids and your schools, to help start the discussion.

Veterans make up a significant group of individuals entering the workforce who have a strong foundation in cybersecurity.  Hiring veterans for careers in IT is a great way to bring highly qualified and motivated technical professionals into your company.  Many university’s are now offering degrees in cybersecurity, so for college age kids or those pursuing higher education at a later age, there are more options now than ever.  If you are a cybersecurity professional, think about becoming a mentor in the workplace or at local schools.

If you know kids that may be interested, have them check out the excellent CyberPatriot site where they can learn more and participate in online learning and competitions.  Together, let’s build the next generation workforce of technical professionals that our country needs.

 

It’s National Cybersecurity Awareness Month

Standard

The following article was published in todays Fosters and Seacoast Sunday.

oct-is-ncsam-twitter-v2.png

Every October the National Cyber Security Alliance and Department of Homeland Security declare National Cybersecurity Awareness Month. In this age of ever-increasing cyber threats, this is such an important initiative everyone should pay attention to at home and work.

This year is the 15th year for National Cybersecurity Awareness Month. The themes this year are about our shared responsibility for protecting ourselves online. Each week has a specific theme with useful recommendations to help you be more secure. Week 1 is just wrapping up and the theme was “Make Your Home a Haven for Online Safety.” The following are some suggestions for doing this:

Lock down your login: Visit www.lockdownyourlogin.org for recommendations to improve the safety of your logins. Where ever you are able, you should enable multi-factor authentication and leverage biometrics to secure your login so it’s just not your login name and password that’s required to access your accounts and systems.

Back it up: Back up your important information. Large-capacity external USB hard drives are affordable. At a minimum, you should back up your data to an external drive and store it outside your home for safe keeping. Even better, an online Cloud backup solution can back up your data in real time and safely store it offsite.

Personal information is like money. Value it. Protect it: Be careful with what you share online, especially on social media. You should always safeguard your personal details, not just online, but even over the phone. Be careful what information you share and be absolutely certain of who you are sharing it with.

Keep a clean machine: Always keep computers, mobile phones and tablets up to date and protected with proper security tools. If you no longer need a previously installed software application, remove it. Don’t let it sit there as over time, it may become a risk.

Pay attention to the WiFi router in your home: Change the factory password to something very secure and enable the highest level of security for your wireless password to keep non-authorized people from connecting to your wireless network. Lastly, keep the router software up to date so any known risks are patched and eliminated.

Share with care: Those online games that ask you how many states you’ve been to or naming your first pet, the street you grew up on, etc. can be used to steal your identity. Just don’t play them.

Next week’s theme is “Millions of Rewarding Jobs: Educating for a Career in Cybersecurity.” The IT workforce is experiencing a massive shortage of skilled talent. IT careers, especially cybersecurity, are widely available. Encourage schools to expand curriculum beyond coding. We need to get our kids interested in IT careers as our economy continues to evolve to a technology driven engine. We are importing more technical talent than we are developing at home. This is an economic and national security risk. We need a grassroots effort to change the mindset of parents and teachers so kids are exposed to all of the opportunities available to them.

The week of Oct. 15 has the theme “It’s Everyone’s Job to Ensure Online Safety at Work.” No matter where you work or the size of your company, you play a critical role in ensuring your business is safe. All employees need to be aware of your company’s most important data. You handle easily replaced material very differently from material that is expensive or hard to replace. The same should hold true for your digital data. Every person in the company has a responsibility to protect the data they work with even it’s as simple as swiping a customer’s credit card on care reader in a restaurant.

Companies need to have processes to identify potential cybersecurity risks and trigger a response plan should an incident occur. It’s critically important for your teams to know how to detect an event and how to respond. It’s also critically important for your teams to know what they are authorized to do or say in these situations and who needs to be made aware.

The final week has the theme “Safeguarding the Nation’s Critical Infrastructure.” Critical infrastructure encompasses a wide range of industries. Public utilities, the financial system, health care entities and information technology firms make up some of the major components of our nation’s critical infrastructure. These firms must have robust and cybersecurity plans and collaborate with many government agencies in real time to ensure the safety of these systems for the good of all.

For more about National Cybersecurity Awareness Month, visit https://staysafeonline.org/ncsam/ and follow the hashtag #CyberAware on social media.

Your Facebook Account May Not Be Hacked

Standard

But telling all your Facebook friends not to accept your fake friend requests may actually be helping the hackers, so you may want to think about deleting those posts.

Facebook Fake AccountI don’t know about you, but my Facebook feed was inundated with friends warning me not to accept friend requests from them as their account got hacked and these are fake.  While the requests may be fake, the account has probably not been hacked.  Yes, Facebook had a significant security breach recently, with over 50 million accounts potentially impacted.  You may have noticed after that news broke, that you were logged out of your Facebook account and had to log back in and create a new password.  This was Facebook’s proactive response after the breach, to try to require all its members to be safe.

Here’s the reality of the situation:

  1. Your account may not be actually hacked.  An account does not have to be actually hacked in order for a hacker to copy your profile picture and pretend to be you and send out friend requests.
  2. Your friends should know if they are already friends with you.  They should not accept a friend request from you if you are already friends.  This is simply common sense.
  3. By posting not to accept friend requests, you may be playing in to the hackers hands.  They want to disrupt Facebook and clutter feeds to make people frustrated with Facebook.  Don’t help them.
  4. Definitely don’t forward messages on Facebook messenger.  Those could spread a potential virus without you knowing.  Just ignore and delete the messages.
  5. You should never copy and report Facebook statuses like this or others that seem innocent enough.  These often let the hackers know who is vulnerable to their ploys and they will use this against you, now or in the future.
  6. If you want to know if you account has actually be duplicated, just search Facebook for your name.  If you see more than one of you, then someone is trying to impersonate you.  Follow Facebook’s process to report a fake account.  That’s the best way to deal with these things.

At the end of the day, just use common sense.  Ignore friend requests from people you are already friends with.  Don’t help the hackers out by telling all your friends to ignore those requests, just ignore them and move on.

Wrapping Week 1 of #CyberAware

Standard

The last two themes for this week of National Cybersecurity Awareness Month are “Pay Attention to the WiFi Router in Your Home” and “Share With Care.”

You want to be sure that you don’t simply purchase a WiFi router and plug it in, connect and jump online.  Hackers love to find WiFi routers that still use the default username and password and are left open for ease of access.  It’s one of the simplest and still widely used ways to steal identities.

Be sure you set a strong password for your router and enable the maximum level of wireless encryption, so that devices that connect to your router and protected and the wireless traffic encrypted and hidden from pyring eyes.

When it comes to sharing information online, do so with care.  The more you share, the more you risk accidentially exposing personal information or enough details about you to impersonate you.  Less is sometimes more.

Also, think about what you share online as if it were tomorrow’s lead headline in the newspaper.  If you wouldn’t want it there, don’t share it online because that’s exactly where it could wind up, now or in the future.

Visit staysafeonline.org for all the tips on maintaining your online safety.

Keep a Clean Machine #CyberAware

Standard

keep-a-clean-machine-v3

Keep all software on internet-connected
devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware.

 

 

  • Keep your mobile phone and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
  • Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.

Personal information is like money. Value it. Protect it. #CyberAware

Standard

Information about you, such aspersonal-info-v2 purchase history or location, has value – just like money.  Be thoughtful about who gets that information and how it is collected by apps, websites and all connected devices.

Your devices make it easy to connect to the world around you, but they can also pack a lot of info about you and your friends and family, such as your contacts, photos, videos, location and health and financial data. Follow these tips to manage your privacy in an always-on world.

  • Secure your devices: Use strong passwords, passcodes or face/touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.  Also consider a privacy screen, especially on your mobile devices, to keep prying eyes from seeing what you see.
  • Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.  Don’t play social media games that ask you for information about you, like what your first car was, the name of your first pet and other uniquely personal information.  Bad actors use this to build a profile about you so they can steal your identity.
  • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.  There’s no need to tell everyone around you that your phone hotspot is available.  It’s just an invitation for a hacker to come after you.
  • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.  THis applies when you’re on the bus, plane or train as well.  Even though those networks only connect those who are there with you, there still could be a nefarious actor nearby who would be happy to snoop on what you are doing.

Be #CyberAware!

Testing Today at 2:18 PM – Wireless Emergency Alert (WEA) System.

Standard

IPAWSPlease be aware and spread the word that beginning at 2:18 PM today, Wednesday, October 3rd and lasting for approximately 30 minutes, the federal government will test the Wireless Emergency Alert (WEA) system for the first time.  This test was originally planned for last month, but delayed due to Hurricane Florence.

While this has been politicized as President Trump wanting to be able to text every cell phone in the nation, this is merely an extension of the Emergency Alert System (EAS) that we are all familiar with.  That distinct tone and screen you hear and see on radio when the Emergency Alert System is tested is being extended to devices that can receive text messages from the cellular networks.  This is part of the Integrated Public Alert and Warning System (IPAWS).  You may download a fact sheet about this test here.

The following are the details about today’s test:

The National EAS and WEA test will be held on the backup date of October 3, 2018, beginning at 2:18 p.m. EDT.

The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a nationwide test of the Wireless Emergency Alerts (WEA) and Emergency Alert System (EAS) on the backup date of October 3, 2018 due to ongoing response efforts to Hurricane Florence. The WEA portion of the test commences at 2:18 p.m. EDT, and the EAS portion follows at 2:20 p.m. EDT. The test will assess the operational readiness of the infrastructure for distribution of a national message and determine whether improvements are needed.

The WEA test message will be sent to cell phones that are connected to wireless providers participating in WEA. This is the fourth EAS nationwide test and the first national WEA test. Previous EAS national tests were conducted in November 2011, September 2016,  and September 2017 in collaboration with the FCC, broadcasters, and emergency management officials in recognition of FEMA’s National Preparedness Month.

Cell towers will broadcast the WEA test for approximately 30 minutes beginning at 2:18 p.m. EDT. During this time, WEA compatible cell phones that are switched on, within range of an active cell tower, and whose wireless provider participates in WEA should be capable of receiving the test message. Some cell phones will not receive the test message, and cell phones should only receive the message once. The WEA test message will have a header that reads “Presidential Alert” and text that says:

“THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”

The WEA system is used to warn the public about dangerous weather, missing children, and other critical situations through alerts on cell phones. The national test will use the same special tone and vibration as with all WEA messages (i.e. Tornado Warning, AMBER Alert). Users cannot opt out of receiving the WEA test.

The EAS is a national public warning system that provides the President with the communications capability to address the nation during a national emergency. The test is made available to EAS participants (i.e., radio and television broadcasters, cable systems, satellite radio and television providers, and wireline video providers) and is scheduled to last approximately one minute. The test message will be similar to regular monthly EAS test messages with which the public is familiar. The EAS message will include a reference to the WEA test:

“THIS IS A TEST of the National Emergency Alert System. This system was developed by broadcast and cable operators in voluntary cooperation with the Federal Emergency Management Agency, the Federal Communications Commission, and local authorities to keep you informed in the event of an emergency. If this had been an actual emergency an official message would have followed the tone alert you heard at the start of this message. A similar wireless emergency alert test message has been sent to all cell phones nationwide. Some cell phones will receive the message; others will not. No action is required.”

The test was originally planned for September 20, 2018 but has been postponed until October 3, 2018 due to ongoing response efforts to Hurricane Florence.

Make Your Home a Haven for Online Safety #CyberAware

Standard

When I was a kid, we were taught to recognize signs of danger.  There was McGruff the Crime Dog, there were stickers in windows of certain homes along the walk to school, where we knew we could go if we were scared or threatened, it was drilled into us to never talk to strangers, especially if they pulled up in a car and offered us a ride.  Sound familiar?

Why don’t we do the same thing when it comes to our online safety?  That’s what National Cybersecurity Awareness Month is all about and the Week 1 theme is all about online safety at home.  Consider these sobering statistics:

  • By 2021, more than half of all U.S. households are expected to be “smart” homes.  Talk about a target rich environment!
  • More than 1 million children, half of whom were 7 years old or younger, we victims of identity theft and online fraud last year.
  • 34% of teens indicate they are the most knowledgeable family member when it comes to cybersecurity.  24% say they think their father is and only 18% think their mother is.

Here are some things you can do to make your home more #CyberAware:

Today’s tip is Back It Up!back-it-up

Protect your valuable
work, music, photos and other
digital information by making
an electronic copy and storing it
safely. If you have a copy of your
data and your device falls victim to
ransomware or other cyber threats,
you will be able to restore the data
from a backup.