“Do Your Part. #BeCyberSmart”
October is Cybersecurity Awareness Month and this year’s theme is “Do Your Part #BeCyberSmart,” signaling that each of us has a responsibility to protect ourselves online and help protect one another. Now in its 18th year, Cybersecurity Awareness Month gives ORAM Corporate Advisors the extra opportunity to raise awareness about the importance of cybersecurity. By raising awareness of online threats we all face every day, we can ensure our clients and readers have the resources to stay safer and more secure online both at home and in the workplace.
The Department of Homeland Security (DHS) offers a list of sobering cybersecurity statistics that everyone should be aware of including that one in three homes has a computer or computers infected with malicious software and 65 percent of Americans who went online received at least one scam offer. Globally, consumers lost $358 and more than 21 hours per year dealing with online crime. What’s more, a whopping 47 percent of American adults have had their personal information exposed by bad actors. Imposter scams are now the number one form of cybercrime with one in five people reporting financial losses as a result.
It’s not just the older generation that is being impacted by cyber threats. Each day, the DHS reports that 600,000 accounts are hacked on Facebook and 44 percent of Millennials have been the victims of crime online in the last year alone. Millennials share passwords more than any other age group with 31 percent reporting that they have shared their passwords with others. Eighty-three percent of millennials agree that cybersecurity awareness programs in schools and in the workplace are important for helping to address the issue of cybercrime.
The Human Element
Alexander Pope, a poet of the Enlightenment, wrote in his 1711 treatise An Essay on Criticism, “To err is human.” It’s still true today that we all make mistakes and those mistakes can lead to breaches and data loss. According to a report by Usecure, human error was a contributing factor in 95 percent of cybersecurity breaches.
Study after study shows the largest threat to any business is its employees. The 2021 Data Breach Investigations Report by Verizon reported that employees were responsible for 265 incidents within the study. That same study revealed human error was responsible for data disclosures more than 97 percent of the time!
The good news is that while people do err, the number of mistakes can be reduced with proper awareness, training, and experience. This year’s theme for Cybersecurity Awareness Month stresses personal accountability. Every individual and organization is encouraged to take responsibility for their role in protecting themselves online by taking the necessary steps to improve their cybersecurity.
Just the fact that you are reading this blog increases your cybersecurity awareness. There are many steps that you can take as an individual and as a business leader to help increase awareness and reduce the risks of a breach or data loss. Keep reading for ways to improve your cybersecurity awareness and that of your employees.
The keyword here is ongoing. Cybersecurity training is not a one-and-done scenario. The threats we face online every day are constantly changing which means the need for updating yourself and your employees is constant as well. Training has become even more important as remote work has increased and more people are using their personal devices for business.
The first cybersecurity training should occur during the onboarding process. After that, ORAM Corporate Advisors recommends offering cybersecurity training to every employee on a monthly basis, even if it’s short and sweet through computer-based training. This provides updates for you and your staff regarding common threats happening in real-time and can be done in just a few minutes.
On an annual basis, you will want to provide a longer, more in-depth training to bring them up to date on threats facing their industry and remind them how they can help reduce the risk of a cyberattack. Whenever a potential threat is identified or a cyber incident has occurred within your organization, take the time to train everyone again.
It’s helpful if your training isn’t a dry, long PowerPoint presentation. It should be interactive. Cybersecurity can seem overwhelming for some employees and not everyone learns in the same way so training should be easy-to-follow and topics will vary based on the roles of different employees. This means role-based training in small, digestible portions with great frequency is the best method. This can be done easily with cybersecurity software training programs and can be delivered directly to your employees through their email each month. A third-party provider such as ORAM Corporate Advisors can help you set up regular, ongoing cybersecurity training.
Utilize Multi-Factor Authentication Everywhere
By using multi-factor authentication (MFA) for everything from apps to email, you are doubling your login protection. This is true on a personal and professional level. Yes, there is an extra step involved and a little more time, but the added security makes it worth the effort and time.
Multi-factor authentication is an added layer of security that requires more than one form of verification of a user’s identity. This can range from requiring passwords to be changed periodically to requiring a one-time PIN provided via smartphone for access to email, an app, or a virtual private network (VPN).
Regardless of the length and strength of your passwords, a breach is always a possibility. As soon as a cybercriminal has your personal information, you and your organization can be hacked. Enabling MFA ensures that the only person who has access to your accounts, email, apps, and more is you. This is true for everything from social media accounts to your banking account and business email. Even if a cybercriminal figures out your login and password, with MFA, they won’t be able to access your data.
Wi-Fi Smart Safety
Know that whenever you are working online, you’re vulnerable. Acknowledging this will allow you to tread more safely. Should your devices or networks become compromised or hackers sneak through a firewall, you could be under surveillance. This may be where someone is tracking your online activity, eavesdropping on conversations, or even spying on you through your computer’s camera.
You can practice safer web surfing by looking for the “green lock” or padlock found on the top left of your browser bar. When you are away from your secure home or office networks, avoid using free internet access, especially where there is no encryption. If you absolutely must use unsecured public internet, avoid conducting sensitive activities such as banking or making retail purchases that require your credit card number. Learn how to use your personal hotspot in lieu of free public Wi-Fi.
At home, change the default name of your Wi-Fi known at the service set identifier (SSID). Many manufacturers set wireless router products to a default SSID which is often the company’s name. When someone searches in your area for nearby networks, it shows the SSID for each one in the area. This means potential hackers can see your network if they conduct a search nearby. Change your network’s SSID to something that does not contain personal information such as your family name or address. Be sure to also set your network to private and require a password to access it. This will help keep bad actors at bay.
In the workplace, keep your network secure and only provide access to your employees, clients, and business partners as necessary. Also, ensure that network encryption is enabled and that you have a strong firewall in place. Use VPNs such as Norton Secure VPN for remote workers to help secure your data.
Another step to take both at home and in the office is to keep your router’s software updated. A router’s firmware can sometimes contain vulnerabilities that can make it susceptible to a hack. Updates correct those flaws to reduce the odds of a hack.
When you download an application or wish to use it from time to time, it may ask for permission to your device’s features such as the microphone, camera, contact, photos, etc. While applications can be helpful, entertaining, or fun, they can also lead to problems such as draining your battery quickly or running default permissions you may not be aware of. This means apps can gather personal information and report it back to bad actors.
Avoid giving applications access to your personal data. Give your app the least amount of permissions it needs to operate and delete the app when you are no longer using it. You can deny a request for access by apps. Oftentimes, they can run without such access. Finally, be sure to look at reviews of apps before installing them and download them from trusted sources such as the Google Play Store.
Forget Geotagging and Oversharing
It might seem like fun to announce your upcoming trip out of town on Facebook or announce where you are getting your current cup of joe, but that can lead to a breach. What people fail to realize is that these random details about your life can give the bad guys too much information about you, making you an easy target.
Fight the inclination to share too much about where you are, who you are with, and what your plans are. Announcing that you will be out of town next week on social media makes your home an easy target for a break-in. Even sharing the name of your favorite pet online, which is a common security question, can make you an easier target for would-be thieves. Disable geotagging on your mobile devices and share the great pics of your vacation after you have returned home safely.
Don’t Get Hooked by Phishing Scams
There are many forms of phishing attacks that you need to be aware of. For example, you may get an email from a service provider such as PayPal or your telephone company saying your account has been suspended. The email may ask you to click a link to fix the issue. Don’t do it! Clicking the link may lead to a malicious website or download malware into your network.
If you get an odd message from a colleague, friend or family member, service provider, or retailer, call them directly before clicking a link or opening any attachments. Oftentimes, they have been hacked and haven’t realized it yet or someone is posing as them. This happens on Facebook quite often as people’s profiles are “spoofed.”
For example, you may get a friend request from someone you are already friends with. Check the profile for red flags such as a low number of friends, old images, or missing images and incomplete profile pages. If you’re already friends with the person, notify them that they may have been spoofed and never click on links included with the direct messages through Messenger or via text without making a call first to verify it’s from a credible source.
Spear phishing is an attack that targets a specific person and appears to come from a trusted source. One of the easiest ways for cybercriminals to find a target is through social media or through a company website. For instance, if your CFO’s name is listed on the company website, a cybercriminal may use their identity to get a secretary to wire money to them by pretending to be the CFO just with the information they have found online. Before making any purchases or wiring funds for work, pick up the phone and make a call. It could save millions of dollars and your job.
Just by being aware of the threats you face online every day and taking the small steps above, you’re already in a better position to “Do Your Part and #BeCyberSmart.” For more information about becoming cyber smart or for more about common scams, visit the Department of Homeland Security or contact ORAM Corporate Advisors at (617) 933-5060.