Don’t Get Spooked: Tricky Tips for Cybersecurity Awareness Month
Boo! It's Halloween which means the end of Cybersecurity Awareness Month. Starting at Halloween, cybercrime spikes. In fact, one report found that global organizations experienced a 57.5% increase in cyberattack activity during the holiday shopping season. Here are some tricky tips to ensure you keep evildoers away from your digital doorstep.
Own IT, Secure IT, Protect IT
Hosted by the National Cyber Security Alliance, the theme of this year’s Cybersecurity Awareness Month is “Own IT, Secure IT, Protect IT.” The goal is to address the following online safety challenges and pinpoint opportunities to change behaviors:
- Own IT. Be circumspect about sharing information on social media. Update your privacy settings to make sure organizations and apps aren’t getting data you don’t want to share.
- Secure IT. Go beyond passwords by creating strong, unique passphrases. Double your login protection by turning on multi-factor authentication. Learn how to shop safely online and how to spot and avoid phishing scams.
- Protect IT. Make sure that you constantly update to the latest security software, web browser, and operating systems. Learn the rules of Wi-Fi safety. For organizations that collect customer and consumer data and information, make sure you are complying with all regulations to keep it safe.
Best Tips from the Respond Software Team
Mike Armistead, CEO
Maintain good cyber hygiene. “I’m not a big app downloader; it needs to be something I really need and trust. I’ve also gotten into the habit of changing passwords every few months, as well as doing some form of multi-factor authentication with the most important sites and apps I interact with.”
Think about each email as a potential phishing attack. Ultimately, “adversaries can be really sophisticated and clever, yet most threats are defeated with good hygiene.”
Chris Triolo, VP of Customer Success
Be vigilant and trust your instincts. “If something looks suspicious, use caution. Many attacks today are not sophisticated, because they don’t need to be. An email arrives in your inbox with a malicious attachment or a link to a malicious website; one click, and you're owned. These simple attacks are a typical way that hackers gain a foothold in your organization or home network and are the kinds of attacks that you actually have the ability to stop. Ultimately, hackers take the path of least resistance, so don't fall prey to their tricks and they'll move on.”
Second, do a little research. “Whenever I see something suspicious – a strange email address or URL, for instance – I'll run a quick web search to see if there's any information about it. If you've ended up with something malicious in your inbox, 9 times out of 10, you will find it at the top of your search results, informing you that it's malicious.”
Ryan Black, Director of Customer Operations
Here’s Ryan’s list of top cybersecurity dos and boos:
When client-side goes to the dark side:
- Do: Be aware of issues with sensitive credentials stored in page source or exposed configuration files server-side.
- Boo: Don’t trust client-side input or client-side protection of sensitive information. Instead, separate responsibilities and validate the expected input server-side for sensitive actions.
- Do: Only trust hosts you can control, properly identify and validate expected input from in order to protect against spoofing and account takeover.
- Boo: As Chris Triolo recommends do your due diligence, don’t trust an email without validating its domain.
Apparitions of integrations:
- Do: Be aware of the integrations you use for collaboration and convenience; they may expose your users and infrastructure to attackers. Educate your staff and use the principle of least privilege so that sensitive secrets across are controlled across your development team.
- Boo: Don’t be tricked by a small mistake that opens what might be your organization’s central collaboration tool.
Best Tips From the Interwebs
Check out the Cyber Safety Tips at the FBI’s website: https://tinyurl.com/y5q9a77l
Enterprise Strategy Group senior principal analyst Jon Oltsik offers these three actions to take: https://tinyurl.com/y2dqle72
And Forrester Research discusses six things CISOs need to do to maximize Cybersecurity Awareness Month: https://tinyurl.com/y6l3ppmv
It’s important to shine a light every year for a whole month on the need for strong cybersecurity policies and practices, particularly as cybercriminals prepare for the biggest shopping season of the year. Let’s take this awareness and turn it into year-round data and network safety. Make sure you have a clear plan to Own, Secure and Protect IT that includes good cyber hygiene, keeping data private and secure, and awareness of phishing and other email schemes.