Cybersecurity continues to be tested with an increase in breaches, and hackers are becoming more ingenious with the methods they use to steal consumers information. DoorDash was one of the most recent breaches, with 4.9 million of their customers hacked. And in the first six months of 2019, 4.1 billion records were exposed in data breaches, and that is only in the first part of the year!
Consumers need to understand how to be safe online and proactively protect themselves. “It’s no longer enough to be on the lookout for something in your inbox that appears suspicious,” said FBI Cyber Division Assistant Director Matt Gorham. “As criminals have grown savvier and their efforts more targeted, individuals and organizations need to scrutinize messages and requests that appear legitimate.”
History of National Cybersecurity Awareness Month
Every October is National Cybersecurity Awareness Month (NCSAM). NCSAM was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 to aid Americans in becoming safer and more protected online.
“When NCSAM first began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time,” says the NCSA.
Why was NCSAM started? Nathan Thornburgh wrote an article for Time, “Inside the Chinese Hack Attack,” that dives into what hackers were doing in China and gives a very good explanation of the need for NCSAM. In his article, Thornburgh states:
“Hackers breaking into official U.S. networks are not just using Chinese systems as a launch pad, but are based in China. Their story: Sometime on November 1st, 2004, hackers sat down at computers in southern China and set off once again on their daily hunt for U.S. secrets. Since 2003, the group had been conducting wide-ranging assaults on U.S. government targets to steal sensitive information, part of a massive cyberespionage ring that U.S. investigators have codenamed Titan Rain.”
Many people think Chinese and Russian hackers are a recent development, but they have been around for decades.
OWN IT. SECURE IT. PROTECT IT
October 2019’s theme is “OWN IT. SECURE IT. PROTECT IT.” The theme stresses taking proactive steps to increase cybersecurity at home, in the workplace, and when you are traveling.
- If you connect, you must protect. Whether it’s your computer, smartphone, or other network device, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
- Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in.
- Update your privacy settings. Set the privacy and security settings to your comfort level for information sharing. Disable geotagging, which allows anyone to see where you are—and where you aren’t—at any given time.
- Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
- Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from – even if the details appear accurate – do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.
- Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
- Debt Collection scams occur when criminals attempt to collect on a fraudulent debt. Signs the “debt collector” may be a scammer are requests to be paid by wire transfers or credit cards. In 2018 there was a spike in requests for gift cards and reloadable cards as well.
- If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Identity theft is the illegal acquisition and use of someone else’s personal information to obtain money or credit. Signs of identity theft include bills for products or services you did not purchase, suspicious charges on your credit cards, or new accounts opened in your name that you did not authorize.
You can follow these tips every month, not just in October. For more information on how to get your organization involved in NACSAM or for a toolkit, click here.