W. Greg Price, Ph.D., is the Chief Security Officer at Troy University and Director of the Alabama Digital Forensics Institute.
Held each October, National Cybersecurity Awareness Month is a collaborative effort between government and industry. The primary goal of the effort is to provide citizens access to resources to stay safe and secure online, all while strengthening the Nation’s cyber posture.
In short, we seek to raise cybersecurity awareness among the consumers of technology.
The 2019 theme is “Own IT. Secure IT. Protect IT.”
As an individual, you play a vital role in the security of not only your own information, but those of your communities. Whether at work, school, or recreation, the importance of taking proactive steps to enhance cybersecurity can’t be understated.
I’ve worked in a variety of capacities in cybersecurity for over 25 years. As a security practitioner, I’ve witnessed firsthand the incredible potential and danger of technology.
Two questions always arise after a cyberattack: “Why did this happen and what could I have done to prevent this?”
Generally speaking, cybercrime is a crime of opportunity. Would-be cybercriminals seek opportunity through numerous paths.
The most common are the result of poor end-user awareness and practices. The evildoers take advantage of weak systems, poor behaviors and, frankly, a lack of vigilance.
So how do you defend your technology and data?
Secure You. Raise your awareness and appreciate that technology fails; technology is synonymous with change and as a result, you must stay current and be observant.
Making the most of your technology while securing it can seem overwhelming and a bit confusing. However, regardless of your gear or services, four simple steps will help secure you against would-be evildoers.
First, appreciate that technology isn’t always perfect. You are your best defense. Human behavior can be targeted and altered through simple, yet, clever social engineering attacks.
Attackers are aware that vendors work hard to update and secure software and services; therefore, targeting you is the easiest way to enter your digital footprint.
Attackers always go after the users first.
If they want a password, credit card information, or access to a device, tricking an end-user is the first offensive tactic.
Often the social engineering attacks are riddled with a sense of urgency or pretense of offering assistance. The electronic payload can be delivered via email, text, malicious website – practically any path through which the attacker can frighten you into clicking a link or revealing sensitive information.
With these attacks, you are your best defense. Use common sense and you will be able to spot and stop these efforts.
Secondly, unfortunately, passwords continue to haunt all of us. Exciting changes are in the works for new authentication systems, but, for now, we must do all that we can to strengthen the outdated system.
Use passphrases, a series of words that are easy for you to remember. The longer the passphrase, the stronger protection it offers.
Use unique passphrases for each account. Relying on a single password will expose all of your accounts in the event of credential theft. Use a password manager to store your passphrases for safekeeping and easy recall.
Enable two-step authentication wherever possible. In doing so, you add another obstacle that the potential evildoer must overcome.
Third, update your devices and applications. Cyber attackers are constantly looking for new vulnerabilities; similarly, developers are working hard to close those deficiencies.
Enable automatic updates and you won’t have to worry about patch management.
Lastly, back up your data. Despite your best efforts to raise your awareness, to create complex passphrases and to patch your devices, sometimes, the attackers win. Backing up your data and checking the availability of those backups will enable you to recover if something horrible happens to digital assets.