Every October since 2004, the U.S. Department of Homeland Security and the National Cyber Security Alliance have co-sponsored NSCAM — National Cybersecurity Awareness Month. And now that we’ve just wrapped up NSCAM for 2018, it’s a good time to review all the key takeaways that will help you stay safe in the coming year, securing your data and your digital assets.
The unfortunate truth is that cybercrime continues to increase exponentially, and as a result, the cybersecurity field continues to explode. To help you sort through the constant (sometime overwhelming) avalanche of cybersecurity news, suggestions, and reports every year, the sponsors of NSCAM have chosen four themes with long-term impact.
4 Key Cybersecurity Themes to Remember
This year’s overarching theme, “Our Shared Responsibility” is kind of like the “See something, say something” motto that’s often heard in other security venues, meaning cybersecurity is not just the responsibility of a single person or an organization. It takes a village, if you will. Anyone who touches the internet (and that means smartphones, too) for school, work, personal business, or entertainment – for anything — has a responsibility to help protect not only their own data, but that of others as well.
NSCAM’s four official subthemes span the spectrum, from your electric garage door opener to our electric power grid:
- Make Your Home a Haven for Online Safety
- It’s Everyone’s Job to Ensure Online Safety at Work
- Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
- Safeguarding the Nation’s Critical Infrastructure
So what do these lofty-sounding titles mean to you? Let’s explore.
Home As A Safe Haven
This means you’re securing the things you own personally, such as protecting your finances from credit and debit card fraud. StaySafeOnline, the website of the National Security Alliance, suggests you lock your credit with the three credit bureaus, only unlocking when you want to make a purchase. They point out the importance of using unique and difficult -to-crack passwords (your birthday, your spouse’s birthday, or your dog’s name do NOT qualify!) and recommend using two-factor authentication whenever possible. One other super-important tip: avoid using a public network when accessing your financial accounts. Last but not least—and the only real way you can be sure that you detect any fraudulent use of your cards or accounts—check your statements regularly.
Online Safety At Work
You know those sticky notes you post on your monitor or desk with your password? Get. Rid. Of. Them. Now and forever! Get yourself some password management software so all you need is a single password to access all of your many accounts. And please don’t write that one down on a sticky note, or put it in your wallet. Commit it to memory.
It’s always so tempting to cut a few corners here and there. You’re overloaded with work, the boss is breathing down your neck, and besides, there’s an IT department that will catch hackers, right? Actually, no. As NCSAM emphasized, you have to play your part too. Starting with your own password is a good start, especially because that’s one of the easiest ways a hacker can compromise an organization’s entire infrastructure. That’s right, your weak or compromised password can create a much larger security hole. And a common cybercriminal technique is to find one password—through maybe a clever phishing attack—and try that same password again and again on various other accounts within the same organization. So, use a different password for each different login, and don’t share passwords with colleagues. Again, a password manager helps.
Emails are also a common entry point for cybercriminals, which means you need to carefully scrutinize the ones you receive, always keeping an eye out for suspicious stuff. If you’re asked to click a link, or download an attachment, and anything seems “off” about it, don’t do it—and immediately report your potentially bad email to the IT department. And don’t let account credentials like your username and password reside in your inbox. Better yet they should not even be sent in any email, especially passwords.
Millions of jobs
Since the cybersecurity field is growing by leaps and bounds, that means job opportunities are everywhere. The need is already recognized in many countries, such as Australia. The Cybersecurity Jobs Report 2018-2021 estimates that by 2021 there will be 3.5 million unfilled global cybersecurity jobs. And the NCSA suggests that you don’t necessarily need to enter this field by traditional paths; recruiters will be looking for people who can think two steps ahead of cybercriminals. Creativity and flexibility are important in addition to technical skills. Many online courses exist in the field, making it easier for newcomers to get training and skills.
Critical Infrastructure
NSCAM defines 16 sectors of critical infrastructure in the U.S., which supply us with such daily needs in our modern world such as electrical power, food, water, financial services, communications, and even public health. Even if you don’t know details such as how GPS is integrated into our power grid, it’s easy to see how a disruption to the operation of these sectors could have serious if not catastrophic effects.
NSCA emphasizes that securing this infrastructure must be a joint effort between the public and private sectors. Some key points:
- Any organization must have a trustworthy network, meaning that technology, processes, controls and are in place to verify the validity of any part of that network, at any time.
- Well-architected cybersecurity technology and processes must be in place to enable fast, virtually immediate response to a cybersecurity incident. This security must be integrated throughout all operations and should not be a hodge-podge of unrelated methodologies which can lead to a lot of confusion for forensics investigators when an attack happens.
The bottom line is, cybersecurity awareness never really ends, even when October is long gone. All of us need to stay vigilant and stick together if we hope to win the arms race against hackers—every day of the year.
#