It’s Time for a Security Checkup during National Cyber Security Awareness Month

Posted on October 05, 2017 by Mike Janke

Most of us in the world of cybersecurity spend our days trying to solve complex security problems in one form or another as managers, engineers, researchers, investors or policy makers. Yet it is the fundamental basics of digital daily life that are to blame for the massive amount of money lost by the average citizen, not to mention all the aggravation.

So, appropriately, October is National Cyber Security Awareness Month for the fourteenth year. It’s jointly sponsored by the National Cyber Security Division of the Department of Homeland Security and the non-profit National Cyber Security Alliance, and it encourages security vigilance by all computer users.

It may seem superficial, as national campaigns highlighting various themes sometimes do, but nothing could be further from the truth. Members of American families are chronically hacked or misled online in staggering numbers, especially children and non-computer savvy seniors, and victims’ financial costs can be staggering. One study, funded by cybersecurity firm McAfee and published by the Center for Strategic and International Studies, has estimated that hackers cost consumers and companies $375 billion to $575 billion annually.

In particular, parents need to be cognizant of the safety of their children online.

Admittedly, this is not an easy task for most American adults – they often turn to their youngsters for technical help, and it is their youngsters, not them, who typically have a device in their hands from an early age. Nonetheless, parents must make a point of learning the ins and outs of family computers and the internet in order to provide some level of digital oversight. Say, for example, you want to block your children’s access to websites with offensive language or unhealthy radical views. If you set up parental controls and your child knows how to skirt them, you have wasted your time.

More important, you need to be more knowledgeable about computers and the internet so you can better appreciate their dangers. You might hear, for instance, that an internet predator managed to kidnap a child and assume your child is no such danger. In fact, however, until you know a good bit about the ever-changing landscape of devices, the internet and what your children are doing on it, you are clueless.

What if your child is on social networking websites? Today, most are. Did you know that he or she could be easily susceptible to someone creating a fake identity and instigating all kinds of mischief?

If you’re one of millions of Americans with an online business, National Cyber Security Awareness Month is also a good time to check the safety of your online business. Hackers could steal vital information, or viruses could demolish your computer system and with it, your business. You must have good safeguards in place.

Here are some consumer and online business security tips you should know.

Let’s start with some consumer tips:

Take pains to secure your home Wi-Fi network and private accounts. It’s great that all family members can easily access the internet throughout the house. But WiFI needs to be secure to avoid a multitude of problems. Someone in the household or an outside technician needs to enable wireless encryption, and you should make a point of using a strong router password. In the same vein, make sure everybody in your family creates secure passwords on private accounts. A simple password won’t cut it. Each family member should develop a system to keep track of these passwords, or use a commercial password manager. In addition, change passwords regularly.

Teach your children and perhaps family seniors about safe social networking. Family member profiles should not use full names, addresses or birthdays. In fact, try to keep a lid on most personal information. Planning a vacation? Don’t talk about it. Don’t share photos with identifiable details, either, such as a license plate number. Similarly, make sure your children don’t reveal their identities while playing online games. They should use a nickname – and an avatar as well.

Avoid phishing scams. Perhaps you know enough to stay clear of a URL seemingly sent from your bank or a friend, but how about the rest of your family? Tell them about phishing. Instruct them to be particularly wary of emails requesting charity donations, or informing them of lottery wins or bank account closures. In fact, tell them to avoid clicking on URLs altogether. A simpler solution may be buying a security program that blocks suspicious URLs.

Have a thorough security solution installed on all home computers. The best solutions have both anti-virus and anti-malware programs that can spot the newest types of attacks and protect multiple computers. Not sure which one to buy? Check with your local computer repair shop.

Make sure you also pay attention to your mobile devices. Your smartphone and tablet need as much protection as your PC or laptop. Each also needs a full security solution, as well as a strong password.

Use credit cards when you purchase online and take a hard look at the website URL. Credit cards are generally insured against fraud. Debit cards are not. As for URLs, look for https:// in the URLs of websites from which you make purchases. The “s” in https stands for “secure” and should appear in every bank or online store address.

Keep all your computer programs up-to-date. Outdated software has security holes that can easily be exploited by hackers and viruses. If you’re still using Microsoft Office 2013, seriously consider upgrading to Microsoft Office 2016, or Microsoft Office 365, an online subscription service that is always up-to-date. At minimum, make sure software updates keep the older program relatively safe.

Remember that cybersecurity doesn’t stand still. New security threats are a chronic and serious headache. Be conscientious about downloading the latest security updates and patches. Also be mindful of news about breaking threats.

Here are a few online business security tips:

Make sure you provide a secure way for your customers to complete transactions. Also secure any personal information stored by your business, and make a point of checking in with your payment gateway provider to better prevent online payment fraud. Ultimately, you need to protect every piece of information collected from a customer to be in compliance with the Privacy Act of 1988.

Make sure you have diversified and broad-based security software on your business computers. Servers also require much of this. Keep your software up-to-date, including security patches. Monitor server reports, such as security logs, for irregular patterns.

Ensure your communication tools, such as emails and instant messages, are encrypted. Install security software and make sure you advise employees not to click on email links from unknown senders. Also protect the information on mobile devices.

Use spam filters to reduce the spam and phishing emails that your business receives. This is not foolproof but should minimize the odds of employees opening a phishing email.

Limit access to sensitive information to those who need to know. In addition, software is available that can monitor outbound communications to prevent leaks. For employees who need remote access to the computer system, do not settle only on a user name and password for system access. It’s much better to require two-factor authentication.

Contributors

Mike Janke

Co-Founder, DataTribe

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.