Cybersecurity Awareness Month
Since 2004, the president of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. While CISA works to increase cybersecurity throughout the government, its regions, and critical infrastructure sectors, NCA works with corporations and the general public to raise awareness of steps that internet users can take to advance digital security.
This year’s campaign theme — “See Yourself in Cyber” — demonstrates that everyone is responsible for their own online behavior. Throughout October, CISA and NCA will highlight key steps that everyone should take:
1. Enable multi-factor authentication (MFA): You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
2. Use a strong password: Use passwords that are long and unique.
3. Recognize and report phishing: If a link looks a little off, think before you click.
4. Update your software: Keep macOS up to date by regularly checking for software updates under System Preferences > Software Update. Never install software from unknown or untrusted locations.
The Fox Chapel Area School District is pleased to be a partner with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) in the celebration of Cybersecurity Awareness Month.
Why should your region or sector take part in Cybersecurity Awareness Month? Cyber attacks are a threat to national security, affecting small and large businesses and individuals. Everyone must do their part to secure their corporate data and personally identifiable information (PII), reducing the risk of cyberattacks.
Cybercrime is defined as any crime committed electronically, such as theft, fraud and even physical threats and endangerment. It is important to know your cyber basics and know how to take action to protect yourself. Being safe on the computer is similar to being safe in your daily offline routine. You would not leave your car unlocked in the middle of a crowded city, so why not apply those same safety principles to your online life?
Physical Cyber Attacks - What Are They?
Cyber attacks do not always have to come from the internet, and malware can hide easily on some of the data storage devices we trust and use daily. Physical cyber attacks use hardware, external storage devices, or other physical types of attacks to infect, damage, or otherwise compromise digital systems. The attack can hitch a ride on USB storage devices or flash drives, CDs, hard copies of video games, and Internet of Things (IoT) devices such as smartphones, smart watches, and even signal devices such as key fobs.
Other Avenues of Attack
Any device that stores information or is connected to the internet can be a way for cyber criminals to gain access to your information systems – or, in some cases, use your devices to attack someone else. Assume that you are vulnerable and take measures to understand and mitigate risk.
Why Should You Care?
These kinds of attacks are frighteningly versatile, challenging to identify and detect, and painfully difficult - sometimes close to impossible - to remove. Always try to keep track of where your storage devices have been, and do not plug “lost-and-found” USB drives into your computer. Keep your personal and workplace data storage and other devices separate to avoid transferring malware from one system to another, just like washing your hands to prevent the flu from spreading.
Protect Yourself Online
Phishing is when a threat actor poses as a trusted source and sends fraudulent digital messages, such as emails, with the intent of manipulating individuals into revealing personal information and gaining unauthorized access to a system through a download or link.
Why should you care?
Phishing attacks are some of the most commonly successful types of attacks. Learning how to recognize fraudulent messages by paying close attention to detail and never clicking on embedded hyperlinks, as well as remembering to report phishing attempts when you are targeted, are the best ways to defeat this kind of cyber attack. Ensure that URLs begin with “https:” when clicking on links. The “s” indicates encryption is enabled to protect users’ information. Learn the signs of these types of attacks and think before you click. Check that emails and links are legitimate. Verify all attachments come from a trusted source.
Malware, short for “malicious software,” is software intended to damage, disable or give someone unauthorized access to your computer or other internet-connected device. This includes adware, botnets, ransomware, rootkits, spyware, viruses, worms, and numerous others.
Why should you care?
Malware can disrupt networks, interrupt business operations or lead a person to malicious sites to scam them for money or harm their reputation.
Ransomware is a type of malware in which the attacker encrypts the victim’s data to make it as inaccessible as possible, often by locking a person completely out of their computer. The hacker then demands a ransom to release or unencrypt that information.
Why should you care?
The fees extorted by ransomware can be extreme or prohibitive — not to mention that there is no guarantee that your data will be returned after a ransom is paid! In addition to keeping your software and antivirus programs up to date, regularly back up your system on the cloud or on an external hard drive. That way, you always have a spare copy of the information that is most important to you or your business.
Bots can carry out useful functions or be invasive and harmful. Bots are automated with pre-defined tasks that can imitate or replace human user behavior.
Why should you care?
Bots can come as malware and gain total control over a computer system. They can scan or obtain contact information, send spam or perform other harmful acts.
Sometimes threat actors do not need computers to gain access to your information. With social engineering, threat actors gather common information about you to trick you into giving unauthorized access to information systems. Social engineering attacks can be quite sophisticated and are not always easy to recognize. This includes attacks such as phishing, swatting and more.
Why should you care?
Social engineering attacks do not require sophisticated programming skills to be successful. The information you post on social media and other sharing platforms may make you especially vulnerable to these attacks.
Safe at Home
Stay Safe on Social Media
- Use discretion each time you post. Your posts will be on the internet forever.
- Limit what information you post online. Do not share your personal information. Turn location notifications off and only post what you feel safe and comfortable sharing.
- Enable virus and malware protection on all devices you use when posting.
- Update your privacy settings; make sure you understand who is seeing your posts.
- Connect only with the people and the networks you know.
Identity Theft and Internet Scams
A common internet scam is identity theft, leaving your bank account, credit card or even your social media profile vulnerable. The most important thing you can do is to keep your personal information to yourself — avoid providing personal information to any unknown sources or acquaintances.
Working from Home
With the large shift from traditional to remote work since 2020, people must secure their devices with usernames, passwords and MFA to protect personal and professional information.
Protecting Your Digital Home
Every year, more of our home devices, such as thermostats, door locks, and lighting, are connected to the internet to create a smart home. These advances in technology improve efficiency and safety but pose a new set of security risks.
Use different passwords on different accounts
One of the leading causes of unauthorized access to accounts is the reuse of login credentials.
Use the longest password allowed
The longer and more complicated a password is, the harder it will be for someone to access your accounts. Use 11 characters or more, a short sentence, or a mix of letters, symbols, and numbers to strengthen your passwords.
Reset your password every few months
Reset your passwords regularly, especially when these passwords allow access to confidential accounts, such as banking or medical data. It is vital to reset passwords, as it takes most companies an average of six months to notice that a data breach has happened. By the time a data breach is reported, a threat actor could already be using and/or selling your data.
Use a password manager
With just one master password, a password manager can generate and retrieve passwords for every account that you have – encrypting and protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.