How often do you think about cybersecurity? Probably not often enough. But as part of National Cybersecurity Awareness Month (NCSAM), the U.S. government wants to change that.
The annual October campaign seeks to ensure everyone has the resources necessary to be safer and more secure online. That starts with recognizing that it’s our individual responsibility to take proactive steps to enhance cybersecurity at home and in the workplace.
Fortunately, many cybersecurity best practices are both straightforward and effective. Below are some quick tips that align with NCSAM’s overarching message: “Own IT, Secure IT, Protect IT.”
Own IT
The number of internet-enabled devices is skyrocketing. Already, there are seven billion internet-connected devices globally, and that number will more than triple to over 21 billion by 2025, IoT Analytics predicts.
The hyperconnectivity of the Internet of Things holds great economic potential, estimated by McKinsey Global Institute at up to $11.1 trillion a year by 2025. But it also carries serious cybersecurity risks. If you thought “Bring Your Own Device” was bad, imagine a world where nearly everything we use is an attack surface linked with mission-critical systems.
Securing this environment requires “owning” your digital profile. That means taking stock of the apps, appliances and other IoT devices that hold and use personal and corporate data on a daily basis. For example, take a look at the permission and privacy settings on your social media platforms. Even seemingly innocuous information can be used in common and effective social engineering attacks.
Understanding what devices are connected to what (i.e. digital profile) is even more important for industries looking to harness IoT applications. In healthcare, many common medical devices automatically connect to hospital networks, creating easily overlooked network access points. Just recently, the Food and Drug Administration warned of cybersecurity flaws in insulin pumps and pacemakers.
Solutions from the likes of BlackBerry Certicom, which use things like public key infrastructure, code signing and a key management platform, provide visibility into and security for complex, interconnected IoT systems. It also helps ensure devices are authenticated and data/control information is free from tampering. Still, making the decision to deploy a solution from BlackBerry Certicom starts with “owning” your organization’s digital profile and realizing the potential vulnerabilities that exist.
Secure IT
Only after building a complete picture of your personal and organizational cyber landscape can you begin securing it. The Department of Homeland Security is rightfully focused on the use of multi-factor authentication and secure workspaces to protect against common cyberattacks like phishing scams.
As we’ve written previously, 95% of successful attacks on enterprise networks result from spear phishing scams. As that stat suggests, workers are quite oblivious at detecting these types of attacks. That’s because cybercriminals are adept at using social engineering to trick users into giving away sensitive information. In fact, a recent study tested nearly 20,000 people and found that the average person fell victim to one of every four phishing attempts.
Protecting against phishing attacks isn’t necessarily as difficult as the above stat makes it seem, and we explained easy ways to detect phishing attempts here. On a technological level, the use of multi-factor authentication and dynamic security policies can mitigate even successful phishing attacks.
BlackBerry Intelligent Security, for example, adeptly administers and enforces security policies across an organization’s endpoints so that a cybercriminal with the correct login credentials is still thwarted based on other characteristics for which BBIS screens. (For a deep dive on BBIS, check out this post).
The most important thing to remember about cybercriminals is that more often than not they rely on human error to gain access to systems. Deploying technologies like BBIS can help strengthen cybersecurity defenses by lowering the risks associated with human error.
Protect IT
You’ve owned it and secured it—now, it’s time to protect it through ongoing cybersecurity hygiene.
A great first step is using different passwords for personal and business accounts. A Verizon security report found that over 70% of employees reuse the same password at home and at work, meaning a breach of either threatens to compromise both.
Second, keep your software updated to the latest version available because updates often include fixes for disclosed vulnerabilities. The infamous Equifax hack in 2017, for example, resulted from the use of out-of-date software with known weaknesses.
Third, be wary of public WiFi, especially when connecting in new locations. As we previously wrote when providing tips for cybersecurity on the go, hotels are common targets for cybercriminals due to their unsecured networks. The same can be said of many other public spaces as well.
Most importantly, though, is maintaining a general awareness of cybersecurity in everything you do. By factoring in simple best practices and easily accessible cutting edge technologies, you can get through NCSAM with nothing more to fear than your local haunted houses.
For more information on National Cybersecurity Awareness Month, visit https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019.