Happy Cybersecurity Awareness Month! We realize that most people don’t celebrate this month to the extent that we do, but since security is what ISA is all about, we’re putting on our party hats and raising the banners (and there’d better be cake in the lunchroom all month long). Consider this your invitation to get in on the fun and celebrate with us by changing your passwords, patching your software, and deleting all those emails you’ve been holding onto promising millions from a deceased relative you’ve never heard of.
Cybersecurity Awareness Month is a globally recognized campaign held each October. The goal is to inform the public and raise awareness around cyber threats and cybersecurity throughout the month. This awareness campaign is focused on helping all Canadians – individuals and businesses alike – to be more secure online, by being advised and understanding the steps to take to protect themselves, their families, their businesses, and, of course, their devices. To get this month-long cyber-party started, let’s look at some cybersecurity basics that everyone should know.
First off, just to be clear, let’s define what a cyber threat is.
According to the Government of Canada, “A cyber threat is an activity intended to compromise the security of an information system (such as a computer network, a website or even a social media page) by altering the availability, integrity, or confidentiality of a system or the information it contains. These activities take place in the online space.”
Then cyber threat actors are?
Cyber threat actors are the individuals or organizations who want to show off their hacking abilities, hurt an individual or organization, or make money from illicit cyber activities. While their motives and their skill level (from state-sponsor experts to complete amateurs) might vary, everyone needs to have measures in place to protect against them. Threat actors seek out vulnerabilities, a lack of cybersecurity awareness and technological advancements to exploit, so that they can gain access systems and get their hands on, or manipulate, data, devices, and networks.
If you’re thinking, “I have a firewall on my computer at work and anti-virus installed on my computer at home, so I’m safe,” think again.
Firewalls are essential in the workplace, but you also need to understand that they don’t protect your data from everything. Firewalls can’t protect you from malicious traffic coming through authorized apps and protocols. They also can’t do much to prevent phishing and socially engineered scams. To put it another way, firewalls can’t stop human error or repair poor cybersecurity policies. Also – firewalls are a little needy and require constant attention. New cyber threats appear every day, and firewall developers must see a cyber threat “in the wild” prior to creating and releasing an update to stop it. Therefore, both hardware and software firewalls must be updated as often as possible.
In fact, updating on all operating systems and applications needs to be done regularly.
To help your home devices or organization’s system run smoothly, install updates and patches regularly across all devices, applications, and operating systems used on the network. Updating is a pain we all feel – it takes time, you’ve got to restart the device, and it seems unimportant when you’re busy, in the middle of a game, or listening to a book on audible, or under deadline. However, by not updating your devices, you are making it far easier for threat actors to breach your cybersecurity defenses and corrupt your device. Make patching and updating part of your day, or your week. Add it to your calendar and set a reminder. It’s one of the most straightforward cybersecurity practices to do and has a big cybersecurity payoff in keeping your device or your network protected.
The easiest way to protect your devices is through pins and passwords. Sorry, let me clarify – good and unique pins and passwords.
Create and set unique passwords for each device and app. Use biometrics (like fingerprints) and two-factor security whenever possible. Programs like LastPass, that store all of your passwords, coded, are handy. Whatever you do, don’t write the passwords on sticky notes or in a list on your phone.
When it comes to the password itself, stay away from anything that can be guessed from social media (like your kids/pets/mom’s name). Use a quotation that you like, a lyric, or a favourite line from a poem or movie – preferably something with a number in it, and then turn it into an acronym. Here’s an example, “To be or not to be, that is the question” becomes “2Bon2Btit?.” With that you’re making it ridiculously hard for a hacker – even one who is a fan of Shakespeare, to guess. Then, to keep those hackers guessing, change your passwords frequently. And, please keep home and work separate, do not use the same passwords while at both work and play.
Do not fall for the old hook, line, and sinker.
Phishing and socially engineered scams are the reason for most data breaches. Verizon reported that 32 percent of the data breaches in 2018 involved phishing activity. In addition, “phishing was present in 78 percent of Cyber-Espionage incidents and the installation and use of backdoors.” Threat actors get user’s personal and banking information by tricking them into clicking on a link or socially engineering a situation to look legitimate. The malicious link can be emailed, sent via text, or through an app, or a threat actor could impersonate a bank, vendor, or other legitimate persona and call you. Be careful what you give away without thoroughly checking it out. If it seems suspicious, it most likely is.
Cybersecurity is usually not top of mind when we’re online shopping, streaming movies, or doing work – if anything, it’s an afterthought to the task at hand. For the month of October, let’s bring cybersecurity to the forefront. We encourage you to develop good cyber hygiene at work and on your devices – and no matter where you connect and on what equipment, stay cyber-safe.