The magnitude of the Equifax breach has stirred up more conversations than ever on what companies and consumers can do to protect themselves before and after a breach.
Much like the large-scale breaches of the past, the story and those implicated continues to unfold. Equifax is now saying that hackers have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.
The best advice seems to be to freeze your credit (and hope for the best). Not the best laid-plan, but at this point, the breach has already happened and everyone is in damage control mode – a frantic, reactionary position that leaves us plugging the holes in a ready-to-burst dam.
October is National Cybersecurity Awareness Month
Perhaps the timing could not be better, as October welcomes the Department of Homeland Security’s National Cyber Security Awareness Month (NCSAM). Designed to raise awareness of cybersecurity, the annual campaign’s goal is to make everyone – consumers and businesses – more aware of cyber ecurity threats and better prepared to protect themselves and their companies.
The year’s NCSAM focuses on the following themes, which we will cover over the next five weeks:
- Week 1: October 2-6, 2017 – Theme: Simple Steps to Online Safety. Week 1 addresses top consumer cybersecurity concerns, provides simple steps to protect against these concerns, and helps the public understand what to do if they fall victim to cybercrime.
- Week 2: October 9-13, 2017 – Theme: Cybersecurity in the Workplace is Everyone’s Business. Creating a culture of cybersecurity is critical for all organizations ‒ large and small businesses, academic institutions, non-profits, and government agencies – and must be a shared responsibility among all employees. Week 2 will showcase how organizations can protect against the most common cyber threats.
- Week 3: October 16-20, 2017 – Theme: Today’s Predictions for Tomorrow’s Internet. Smart cities, connected devices, digitized records, as well as smart cars and homes have become a new reality. Week 3 will remind citizens that their sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways.
- Week 4: October 23-27, 2017 – Theme: The Internet Wants YOU: Consider a Career in Cybersecurity. According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. It is critical that today’s students graduate ready to enter the workforce to fill the vast number of available cybersecurity positions. Week 4 will encourage students and other job seekers to explore cybersecurity careers. Key influencers – like parents, teachers, guidance counselors and state and local officials – will learn more about this growing field and how to engage youth in pursuing cybersecurity careers.
- Week 5: October 30-31, 2017 – Theme: Protecting Critical Infrastructure from Cyber Threats. The essential systems that support our daily lives – such as electricity, financial institutions, and transportation – are all dependent upon the Internet. Building resilience in critical infrastructure is crucial to our national security. Week 5 will look at cybersecurity in relation to keeping our traffic lights, running water, phone lines, and other critical infrastructure secure.
Week 1: Simple Steps to Online Safety – STOP. THINK. CONNECT.
Like last year, NCSAM states that the simple steps to online security comes in three – STOP. THINK. CONNECT. By stopping and thinking before you connect, it increases your chances of staying safe against cybercriminals.
British security software and hardware company Sophos provides three important steps anyone can take to ensure online safety.
Cyberware Step 1 – Try two-factor authentication, also known as two-step verification or 2SV, whenever you can. 2FA works by asking for your regular password, and then asking for a one-time code that is sent as a text message. Although 2FA creates a longer log-in time, it makes theft more difficult as cyberthieves can no longer steal your password and use it over and over.
Cyberware Step 2 – Try the longest mobile phone lockcode you can manage. Sophos suggests a lockcode of 10 digits.
Although 10-digit codes take 2.5 times longer to type in than 4-digit codes – let’s say close to three seconds instead of about one second – they are, at least in theory, a cool one million times more secure. (The arithmetic here is 10/4 = 2.5, but 1010/104 = 1,000,000.) That means that it’s easier to pick something unique and hard to guess, and harder for crooks – or for your oh-so-witty friends who are dying to send out off-color tweets in your name – to shoulder-surf by watching you typing in your code out of the corner of their eye.
Cyberware Step 3 – Try logging out from apps you are not using. Fully logging off from services like Twitter and Facebook ensures that you are less likely to share something unintentionally. Additionally, it protects your friends or followers from scams that appear to be “approved” by you.
Simple Steps to Online Safety – Understanding the Threats
Hackers use a number of methods to infiltrate the many types of integrated technology that individuals and businesses use today. The more devices that are out there, the more chances cybercriminals have to attack, so not only is it important to know the steps to take in securing your data, it is equally important to know what cyber threats exist.
To go along with NCSAM’s Week 1 theme, Symantec Corporation provides a list of the different types of cyber threats hackers use to exploit and steal sensitive information.
Social engineering: Social engineering is a way that cybercriminals can use a false sense of trust, urgency, or even scare tactics in order to trick you into divulging sensitive information. Social engineering is based on trying to elicit emotional reactions, in order to get you to act before thinking.
Phishing: Phishing emails are a good example of how social engineering can take place online. These emails can appear to come from a legitimate company, or possibly even someone you know. The objective of these emails is to seem like a familiar or known source, therefore relying on a person’s instinct to trust them. Phishers have been known to use real company logos, and will also use a fake email address that looks very similar to the company’s actual address.
Malware: Malware is “malicious software” designed to gain access to a compute or system. There are various types of malware including spyware, keyloggers, true viruses, worms, or any type of malicious code that infiltrates a computer – stealing data within the computer network to sell on the black market.
Passwords: Passwords are the key to your entire digital life. To ensure your digital security it is important to use strong and secure passwords for each website you use – and it’s even more important not to reuse the same password across multiple websites; if you were to do so, you’re essentially creating a digital master key.
You should also set up Two-Factor Authentication (2FA) whenever possible. This method adds another layer of security to any account you may be logging into. What makes this more secure is the fact that it is something that you have to provide in addition the usual username and password information. The third “thing” is usually one of the following:
- Something you know – a PIN number, password or pattern.
- Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
- Something you are – biometric authentication such as a voiceprint or fingerprint.
Software Updates: Not all software is created perfectly, so vulnerabilities in the software do pop up from time to time. Attackers use these vulnerabilities as a way to infect your computer with malware. This is where software updates come in. These updates push out what is called a “patch,” which is just as it sounds – a fix for the vulnerability, and one more way to ensure malware isn’t snuck onto your device.
Data Back-up: In the event that something happens and you do contract malware, or even if you have a physical accident with your device, backing up your data will save your (digital) life. Physical devices are always replicable; however, digital data is irreplaceable. Always back up your device on a regular basis, and be sure to unplug your backup device when not in use.
Internet Security Software: Last, but not least by a long shot – always use a good Internet security software suite on your device. Coupled with personal education about the cybersecurity landscape, a good Internet Security program such as Norton Security will catch what you miss and help block the hidden threats lurking on the Internet.
In next week’s blog, we will discuss NCSAM’s theme for week two, Cybersecurity in the Workplace is Everyone’s Business, which will include protocols and practices that can be used within an organization to prevent a data breach, and how technologies like Bluefin’s PCI-validate Point-to-Point Encryption (P2PE) can Devalue the Data, rendering it useless to cybercriminals.