As a cybersecurity executive, cybersecurity analyst, an employee that receives annual security awareness training or someone aspiring to enter the cybersecurity field, we all must do our part. National Cybersecurity Awareness Month is a global initiative created by the Department of Homeland Security in 2003 to recognize the significance of digital security for consumers and organizations. Over the past 17 years, the goal of National Cybersecurity Awareness Month has been to inform the public about the importance of cybersecurity. As the rate of cybercrime continues to rise, everyone can benefit from being informed.
This year’s theme “Do Your Part. #BeCyberSmart.” challenges us as professionals to lead the charge from the front lines by informing, providing guidelines and setting the standard for end users.
The executive’s part is to remain visionary and innovative from a higher plain of security strategy. As an analyst, your part is to constantly remain aware of the latest tactics, techniques and procedures as a data defender. Employees receiving annual security training also have a part: to remain vigilant, report suspicious activity and help spread the culture of “If you see something, say something” within your organization. To the aspiring person or student looking to break into cybersecurity, your part is to bring and maintain the passion you have for technology and security, and implement what you learn and contribute as you develop your skill set. We’ll all have a part to play in this field.
How can you #DoYourPart? Enable two-factor authentication.
Two-step verification—also known as two-factor authentication (2FA)—is an additional layer of protection, beyond your password, that decreases the risk of a hacker accessing your online accounts. It combines your password—something you know—with a second factor, like a cell phone or tablet—something you own. Thankfully, a majority of the world’s most commonly accessed websites has made 2FA readily available.
Although using this feature is highly recommended, it’s up to you to activate it within your online account settings. With large-scale breaches happening more frequently, turning on two-factor authentication has never been more important.
TwoFactorAuth.org is a great site to help you discover which sites and services use two-factor authentication. It lists websites that support 2FA, and the sites that currently do not, with categories such as banking, cloud computing, social and email, among others. Each category is even broken down further to display which type of two-factor authentication is used for the respective site.
TwoFactorAuth.org also provides options to ask webmasters to consider using 2FA, with a clever email or a Twitter or Facebook button labeled “Tell them to support 2FA.” Aside from entering your username and password into your respective site, when enabled, 2FA can deliver a security code to you via SMS texting, phone call, email or with the use of an authenticator application. The type of 2FA delivery method is determined by the security direction of the business.
Two-factor authentication has many benefits: it’s free, it improves security and it reduces data theft. Most importantly, 2FA protects your identity, which is priceless. Using the recommended website above will provide you with a better sense of which sites go the extra mile to help you protect your identity online.
#BeCyberSmart. Protect your online banking accounts.
As the trend of using of mobile banking apps continues to rise, most likely due to increased time at home, the FBI anticipates that malicious actors will exploit these platforms more emphatically. Malicious actors constantly improve their attack techniques and often take advantage of users in times of opportune weakness. A vast majority of Americans are increasingly using their mobile devices to conduct banking activities such as transferring funds and paying bills. To do your part in avoiding malicious attacks, here are a few ways to avoid being targeted by malicious actors.
1. Don’t use public Wi-Fi for online banking.
Never review your bank account using a public Wi-Fi connection. Network activity via public Wi-Fi is quite easy to steal. Malicious actors can use a Wi-Fi packet sniffer to read network activity over the air. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN). A VPN is a secure connection that can be used over a public Wi-Fi connection. A VPN provides a layer of network security that prevents over the air information leakage.
2. Download official bank applications to avoid installing malware.
When you download your respective bank’s mobile application from the App Store or Google Play, be sure to check the app reviews, check the maker of the app and read the summaries carefully. There have been many instances of malware-laced apps that resemble various phone apps that people use constantly.
3. Remain vigilant against suspicious emails.
Your bank will never email you requesting your personal information. Phishing emails are an attempt to look like they are sent from your bank. The malicious intent of phishing emails is to steal your personal account information by leading you to a credential-harvesting website that captures your credentials.
If we all do our part by implementing and using stronger security practices, raising community awareness, educating vulnerable audiences and training employees, our interconnected world will be smarter and more resilient against the darker side of the Internet.