October is National Cyber Security Awareness Month (NCSAM). Since 2003, NCSAM has been a shared effort between the U.S. government and industry partners to help educate Americans on cybersecurity topics and to promote a safer Internet. Vantage recognizes the importance of everyone being safe and secure online, and we regularly work with universities, colleges and others to review their information security goals and implement programs that balance their security, privacy, compliance and governance needs. Strategic Consultant, Valerie Vogel, shares some good practices to be cyber secure and gathered tips from fellow Vantage colleagues.
I recently wrote about creating (or resuming) a good habit that makes your heart happy. While that post was more personal and written to help myself and others think about our mental and physical health, this blog focuses on choosing to start a new habit (or hit reset on a practice you’ve been neglecting) that will help keep you safe online. With the start of Cybersecurity Awareness Month, this is the perfect time to think about a good, healthy habit that’s fairly easy to practice on a regular basis.
For me, I use a password manager daily to keep track of my business and personal passwords across sites and devices. Over the summer, I decided it was time to create password manager accounts for my children (9th and 6th graders). For years I have been their personal password manager, but with the kids attending school virtually in the fall, I wanted to make sure they could easily access all of their online accounts quickly and easily. My kids are already tech savvy, and this was a good opportunity to encourage good online habits in a fairly simple way.
As students return to classes (in person or virtually), information security staff need to be mindful and remain flexible and responsive to the changing needs of end users. This fall presents an opportunity to get back to the basics. If you had to prioritize one thing for an information security awareness campaign this fall, what would you focus on? What is one security tip would you share to help reduce risk and make an end user’s life a little simpler during this time of so many changes and unknowns?
Here are some examples that might help spark an idea for your awareness efforts – at home or at work – this year.
My colleague, Joanna Grama, is going to focus on eliminating duplicate or similar passwords used across non-critical accounts like generic listservs or accounts that she opened to get coupon codes.
Matt Morton reminds us that keeping the antivirus (AV) software up to date on the machines in your home is important. Even though signature-based AV appears to be losing its effectiveness, he suggests that it is still the best last defense for most home machines. Many ISP’s offer a package for use that you can download for free. There are also next generation products available for home from vendors like Sophos and Bitdefender. Just remember that when you use a “free” antivirus or malware protection product, it is not really free – your data is the payment for the service.
Cathy Bates is paying more attention to installed software and tools. Sometimes updates are delivered, but in other cases you may need to check tools and apps for updates and see what new configurations may be needed to maintain proper privacy settings.
With the proliferation of Zoom and other web-conference applications, Phil Crompton has talked to everyone in his family about being careful when sharing their screen. Sharing Chrome and other browsers allow others on the call to see what other tabs they have open, what is on their favorites bar, and other information they may not want to share. As a “pro tip” (but probably not for everyone), if you are using a laptop with a second screen (or dual monitors), try getting used to sharing the second screen. That way, you can clear off all the apps on that screen and then share without worrying about what is being shared. Phil also cautions that browsers can pre-fill the search bar and you may not want those pre-fill suggestions popping up during an important meeting! Consider clearing your search history in the browser you will be using before sharing your screen.
Jon Young suggests enabling multi-factor authentication (MFA) everywhere you can, particularly for banking and email. Another trick is to use Google Voice (with MFA!) as your SMS provider everywhere to limit your risks of having accounts stolen due to fraudulent SIM swaps, which has been a common attack vector exploiting the loopholes in customer service from the cellular carriers.
If you’re looking for additional (free!) resources, check out the EDUCAUSE Awareness Campaigns website, the National Cyber Security Alliance’s resource library, Fraud.org, or the SANS Security Awareness resources.
Also, don’t forget to follow Vantage on Twitter for daily Cybersecurity Awareness Month tips and resources.
This post was authored by Strategic Consultant Valerie Vogel, who advises clients on information security program education and awareness initiatives. Connect with Valerie to discuss information security solutions.
Vantage is an independent technology consulting firm with no ties to vendors, manufacturers and installers. The products listed in this article are meant as an example of the types of solutions we recommend, not the specific vendor type.