By Lori Sampson, MBA, EA, CAM
Own IT. Secure IT. Protect IT
That’s what the Department of Homeland Security and the National Cyber Security Alliance want you to do for this year’s National Cyber Security Awareness Month.
Cyber Security Awareness month has existed for 15 years to encourage people to think about how their actions affect cyber security. It’s common to think of Cyber Security as the responsibility of software engineers and IT departments. But the actions of individuals pose the biggest risk to cyber security for both individuals and organizations.
Nine out of ten cyber attacks start with a phishing email that’s opened by an unsuspecting recipient and 92 percent of malware is delivered by email. Only tiny portion of cyber attacks are achieved via vulnerabilities in software.
The malevolent emails are getting harder to spot. Cyber criminals can now spoof addresses so the emails appear to come from trusted sources like Microsoft, PayPal, Amazon, Netflix, or Apple. More sophisticated attacks have come disguised as spoofed emails that look like they came from a co-worker’s email.
It’s no longer enough to avoid clicking links or attachments that appear odd or have the .exe file extension. Cisco’s 2018 Annual Cybersecurity Report shows that 38 percent of malicious file extensions are mundane-looking Microsoft Office files. This is followed by archive file formats (.zip and .jar) at 37 percent and PDF files at 14 percent.
And the threat is growing. Symantec’s 2019 Internet Threat Report found that the use of malware is increasing, as are the incidents of cryptojacking. Cryptojacking is when a hacker hijacks your computer and then uses its CPU power to mine cryptocurrencies
Cyber criminals are also capitalizing the rise of objects and devices (cars, watches, appliances, etc.) that are connected to the Internet, called the Internet of Things. These connected devices can open you up to vulnerabilities.
The Department of Homeland Security recommends users always change the factory passwords on connected devices. The network on which the devices are connected should be secure and password protected. And be sure to install any updates that come out for the device or it’s associated applications.
Here are more cyber security tips from the Department of Homeland Security:
Be very conscientious about what information you share on Social Media. Criminals can use your activity to track you and your activity. Don’t accept friend requests from people you are unfamiliar with.
Use the longest password or passphrase permissible and don’t reuse the same password for multiple sites or accounts. You can use a password manager application to track your passwords.
Use multi-factor authentication when available to log in online accounts, apps, and any other service that requires logging in. Multi-factor authentication requires two or more pieces of information which uniquely identifies the user when logging in.
Disable geotagging on your social media apps. This allows anyone to see where you are at any given time.
Keep security software, web browser and operating systems updated to the latest version available and allow automatic updates.
Set your security software to run regular scans.
Do not logon to sensitive accounts, such as your banking app, or enter your credit card information when online shopping if using a public network. Only use sites that begin with “https://” when online shopping.
Do not set your devices to auto connect to available wireless networks or Bluetooth devices. You should only actively choose to connect to networks you know and feel are safe.
Do not open suspicious emails. Do not open links or attachments unless you are absolutely sure the email and the link are legitimate. Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.
Be wary of fake social media accounts or stories originally posted by unfamiliar sources. Look at an account’s activity history. If it’s legitimate, the account will show a variety of interests and posts over time.
Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar—this signifies a secure connection.
Find more tips and even a cybersecurity trivia game visit the Department of Homeland Security’s National Initiative for Cybersecurity Careers and Studies, or visit the National Cyber Security Alliance’s Stay Safe Online for more news and resources.
Lori Sampson is a partner with Myers, Brettholtz & Company, PA and manages the accounting services department. Her years of experience include working with nonprofit organizations, small business, and homeowner and condominium associations performing part time CFO, controllership and consulting services.? She has been with the firm since 1993.