Cyber awareness month, and security serious week both kicked off today.
An awareness-campaign is, by its very nature, promotional, so SC Media UK is putting aside its policy of avoiding marketing initiatives and adding its support to this worthy initiative.
Some of the advice below is basic for cyber-security professionals, but we would suggest it can be used as part of your staff awareness campaigns for the entire organisation, beyond the just the cyber-security team.
One of the first events was held today when a Flash Mob took place at 12:30pm outside Tower Hill tube station in Trinity Square Gardens, with government and businesses representatives joining to provide security advice, hints and tips for being more secure.
Among those participating were Channel 4, Publicis Groupe and Canon UK, together with the Home Office, Department of Culture Media and Sports, and the City of London Police. Vendors included Imperva, Mimecast, Tripwire and AlienVault, as well as start-ups such as Tessian and Immersive Labs.
Yvonne Eskenzi, founder of Eskenzi PR, and organiser of the event said in a press statement: "Scams, breaches and ID theft are at an all-time high, and the idea of this event is to gather words of wisdom from those in the know so that we can learn from the best and hopefully become a more secure country and pave the way for others to follow!"
As part of the initiative, Mimecast introduced its MimecastSM Awareness Training, offering content, risk scoring and real-world simulation attack scenarios on key cyber awareness topics such as ransomware, phishing, wire fraud, password hygiene, PCI compliance, HIPAA and GDPR. A free awareness training kit is also offered on Mimecast’s blog, including details on how to protect against phishing, vishing, wire transfer fraud, inadvertent leaks, and understanding the security risks with public Wi-Fi.
Also seeking to raise awareness in support of Cybersecurity Awareness Month, Chris Goettl, director of product management, security, Ivanti, announced in a press comment: "We’ve compiled a list of top tips everyone should follow to help mitigate exposure to vulnerabilities and threats:"
- 1. Always use password best practices. Every user should change passwords often and create unique passwords with 13 characters or more that use a combination of words, numbers, symbols and both upper and lower-case letters. Never use a network username as a password or easily guessed terms such as "password" and avoid simple combinations such as "1234."
Tip: Try using an unusual passphrase or the first letter of each word of a song lyric or memorable quote mixed with a few numbers and symbols. It can help you remember long passwords.
- 2. Be cautious when using public WiFi. When travelling or working at your local coffee house or even in a hotel room, always be aware that public WiFi can be easily compromised. Proceed on public WiFi as if someone is watching and don’t make purchases or login to sensitive accounts such as a bank account.
Tip: When working out of the office, immediately connect to your corporate VPN before connecting to email or opening your browser. Your VPN will add an extra layer of encrypted protection from prying eyes.
- 3. Regularly update all applications and operating systems. No endpoint device should go without regular patching and updates to the operating system and applications used. Be sure that all computers used to connect to the corporate network – both company-owned and personal – have the latest software installed.
Tip: Turn off or restart your computer regularly to allow updates to install and download new updates for your applications as soon as they become available.
- 4. Protect your money. Just like you wouldn’t leave your cash on the table in a crowded restaurant, you need to be careful where you use your debit and credit card information. If the information falls into the wrong hands, it can result in credit card fraud or identity theft.
Tip: Use a protected credit card when shopping online. If you use a debit card, be sure that your bank offers strong fraud protection policies and be aware that your account balance could be temporarily compromised until the bank policy kicks into action.
- 5. Don’t click until you’re sure. Phishing is a cyber-security attack that uses a deceptive email or website to steal personal data, such as your login or credit card information. It’s one of the most common ways cybercrime is committed and anyone can be a target.
Tip: Never click on a suspicious website pop-up or email link and don’t open an attachment from an unknown sender. Suspicious emails can often look very legitimate. Carefully check the domain name of the sender to see if it aligns with the company they say they are from. It’s also a good practice to hover your mouse over a website link before clicking to see the destination so you can double-check that the link is going where it says it goes. If you do click a phishing link, alert IT right away so they can contain the attack quickly before other systems are compromised.
- 6. Backup your data. To ensure that your company data is protected, be sure that it is part of the company-managed backup and recovery process. Without proper backups, your data could be lost for good in the event of a cyber-attack.
Tip: Load your vital data onto corporate file shares or in company-sponsored cloud storage where it will be a part of the enterprise data protection process. Thus, if your data is part of a ransomware attack, the company can recover it.