This article was was originally posted on the National Cyber Security Alliance blog.
Cyber security is everyone’s responsibility. In a world where the cyber threat landscape continues growing rapidly in size and sophistication, that’s the key message driving the focus of 2019’s National Cyber Security Awareness Month (NCSAM) this October. Held every October, NCSAM is a collaborative effort between government and the private sector to promote cyber security awareness and the need for every American to come up to speed with the knowledge and resources they need to combat cyber threats online at home and in the workplace.
This year’s NCSAM overarching theme, “Own IT. Secure IT. Protect IT.”, doubles down on the essential role individuals need to play in this nearly existential struggle. Today’s post focuses on the second of the three legs of this year’s theme, “Secure IT,” and how individuals can help support securing their personal data and the personal data contained in their organizations.
One doesn’t need to look too far to realize that cyber criminals are really good at getting personal information from unsuspecting victims at every level of our nation’s public and private sectors. Data hacks are seemingly becoming the norm for businesses of every size, type and industry. And just recently, the wave of ransomware attacks on cities across America, enabled in part by the theft of cyber weapons from the National Security Agency (NSA), reinforces the sense that cyber criminals are not only very good at what they do, but that they ̶ the bad guys ̶ are winning the cyber security contest.
So, what can individuals do to help reverse this trend?
Securing Your Digital Profile
The number of cyber attacks demonstrates the need for greater vigilance and proactive security measures on the part of individuals. The simple fact is that regardless of the target of these cyber crimes, it is individuals – you and I – who are the ultimate victims. NCSAM’s 2019 “Secure IT.” theme represents a clarion call to individuals to take the steps necessary to aid in their collective and individual cyber security.
The good news is that many of these steps are easy to take. NCSAM’s call to action recommends that individuals begin to protect themselves against cyber-threats by learning about the security features available on the devices and the software they use. This can be as simple as understanding the need for creating strong and unique passwords for each device and application. But creating strong passwords, while a great start, is not all that’s needed. Security experts agree that changing these passwords periodically is important to their effectiveness. A consensus best practice many organizations share is to mandate their employees change the passwords on their organization-issued devices every 90 days. That’s a great best practice for individuals to follow on their own personal devices as well.
Users are also almost always prompted to supply a different password than one already in use for a different application and device. If individuals find themselves with too many passwords to easily commit to memory, another great tip is to consider investing in a password manager to keep track of all the passwords in use.
Updating the software on their user devices is another example of how individuals can improve their personal and digital security by simply learning about ̶ and using ̶ the security features already available on their devices. Updating user software is easy, very often the manufacturer will prompt the user and install the update automatically. Automatic updates also allow the manufacturers to patch security vulnerabilities quickly before they can become security failures to the user’s detriment.
Applying Additional Layers of Security
Perhaps the strongest, and yet again, another simple step to take to significantly improve the security of personal information is to use multi-factor authentication (MFA) wherever possible.
In essence, MFA renders an individual’s password virtually useless to a potential hacker. Individual accounts anchored to MFA require a cyber criminal to obtain a second level of proof before gaining access. Typically, this second level of proof is another user device, such as a smartphone, or increasingly, some kind of biometric marker like a fingerprint. The great news for individuals is that virtually every major online service now offers MFA as a security option, if it is not already mandatory. A key NCSAM message is that adding this easy to follow best practice will significantly increase the security of any user’s personal information.
The Zero Trust Mantra
Finally, NCSAM recommends that when individuals are online they adopt the tenets of what is becoming the hottest buzz in the cyber security field: zero trust. Zero trust basically means to trust no one, or thing online and so verify the identity of everyone or everything. Whole security systems architectures by major cyber security vendors, such as Symantec, are based on the zero trust model. Zero trust reflects the reality that perimeter defense models are ineffective in today’s boundaryless networking world of distributed applications and microservices.
Extending the zero trust concept to shopping online and email dramatically lowers the chances that bad guys will gain access to personal information. Simply put, if one only uses a credit card or other payment system in an encrypted, secure payment website, the chances of that information being stolen is greatly decreased. Similarly, if an individual takes the attitude that I will want to verify the identity of any email that seems different or odd in even the slightest way, the chances of falling for a phishing attempt decrease significantly as well.
Taken in aggregate, these simple, easy-to-apply steps are intended to make it more difficult for cyber criminals to access an individual’s personal accounts or devices. Even if they are successful in gaining access to one, they will find it far more difficult to access any others.
While the cyber security risks can be daunting, technology and an increasingly online world will provide the opportunity to incredible global innovation in the next several years!
To learn more, Symantec invites you to join us, as well as TechSoup and the Michigan Small Business Development Center, for a discussion on how to apply added layers of security to your devices and online accounts. Panelists include Dina Steinke, Director, Information Security, Lifelock, Michael Enos, Senior Director, Community and Platform, Techsoup, and Zara Smith, Strategic Programs Manager, Michigan Small Business Development Center.
Listen in for free here: https://www.brighttalk.com/webcast/13361/371709