National Cyber Security Awareness Month (NCSAM) has come to a close. This year’s NCSAM was a success with over 100 “Champions” (including Wentworth) and 200 institutions participating. There were a lot of great topics covered throughout the month. The Twitter chats brought folks from all over private/public and higher ed to talk about subjects from online safety to recovering from cybercrime.
One of the regional events took place down in Rhode Island, hosted by the Community College of Rhode Island. Their “Security Awareness Day” event brought together folks from the cybersecurity field to share ideas and their top concerns. Topics ranged from technical concerns regarding the “Internet of Things” to more administrative topics regarding information risk management. Regardless of the topic, the message is clear, there is a lot to protect ourselves from and we need to make sure we are all doing what we can to follow cybersecurity best practices.
What are some of these best practices? Here are a few:
- Use two factor authentication whenever possible and/or available. Two-factor (also referred to as Two-Step authentication) means that to successfully authenticate into a service/site/application, you need something in addition to your traditional password. These can be anything from a fingerprint to a pin that is sent to you via text, the later being the most popular method for personal services, like Dropbox or Facebook. The good thing about 2-factor authentication is that if your password is ever compromised, the attackers would also need the other factor to successfully log into the service that your compromised password would access.
- Learn to recognize, avoid, and report phishing emails. Phishing emails are one of the least technically sophisticated methods to compromise accounts, yet one of the most effective. The attacker(s) will send out an email to an entire organization or segment of an organization and all it takes is one person with the right level of access to share their credentials and
- Use a different password for each site you sign in to. Phishing and other social engineering techniques work. What they often aim to grab are your credentials (usernames and passwords). Why? If they can get you to share your username and password, they can access your systems/accounts, and if you use the same credentials at work, they can potentially access sensitive databases and grab information on everyone at your workplace and/or customers. By using a different password for each site, you limit the scope of a potential compromise.
- Patch your applications, operating systems, and plug-ins. A lot of the malware our computers are compromised by can be due to just not staying current with updates and fixes that the vendors send out to address vulnerabilities in their applications. Malware can be introduced to your system through a variety of ways (email attachments, using a compromised USB drive, visiting websites with malicious content) and sometimes they can be installed without any user interaction. Staying current with your applications, mainly browsers and plugins, can greatly reduce your vulnerabilities that can be exploited.
Cybersecurity awareness doesn’t end because NCSAM is over. Stay connected with us by checking in on our Blog (which you’re reading now), by subscribing our Newsletter (subscribe here), and by following us on Twitter (@InfoSec_WIT). If you have any ideas to help make any of these resources better and/or have topics you would like us to cover, please email us at firstname.lastname@example.org.