CISO Update #29: October
October is National Cyber Security Awareness Month
October is National Cyber Security Awareness Month (NCSAM), and as we close the month out it seems like whoever decided back in 2004 that NCSAM would occur every October must have had a crystal ball tuned directly to 2020. Never before has information security been so clearly a front-and-center topic. There are several reasons for this. I’ll highlight three:
We are so dependent on technology. It is so central to our lives—from our banking to our medical care to our thermostats—that it’s difficult to secure and can be dangerous if it’s disrupted.
The pandemic has created lots of opportunities for scammers to pose as the World Health Organization, to publish fake reports about miracle cures, and to attack potentially unsecured home networks on which we have all come to rely for work.
The hyper-partisan political atmosphere combined with the election and the census raise people’s emotions and can induce us to click before we think. Scammers can leverage this complexity and passion to create attacks. Just this morning, I received the following from the FBI.
The FBI has observed entities not associated with the US Census Bureau registering numerous domains spoofing the Bureau’s websites, likely for malicious purposes. These suspicious spoofed domains are easily mistaken for legitimate Census Bureau websites and can be used for advertising, credential harvesting, and other malicious purposes. Spoofed domains (aka typosquatting) mimic legitimate domains by either altering character(s) within the domain or associating another domain with similar characteristics to the legitimate domain, such as “Censusburea[.]com” or “census-gov[.]us”
Sometimes these scams are the work of con artists looking to make a quick buck, which is easy to do because malware kits are inexpensive and for sale on the dark web. But make no mistake: Often this activity is the work of large organizations and foreign governments looking to make millions of dollars, sow confusion, influence political outcomes, and disrupt life in America.
What can you do?
Despite FIT’s continued vigilance and investment in people and tools to reduce the cyberthreat, each of us continues to be the single biggest defense against hackers. During NCSAM, we have focused on three elements to help keep us safe and highlighted one each week during the month of October. In case you missed it, we are linking them here:
The 4 Don’ts is our campaign focused on how to protect yourself from phishing attacks. Don’t assume emails aren’t malicious. Don’t open emails that don’t make sense (like a refund from a store you don’t shop in). Don’t download anything from any unverified sources. And don’t provide personal information unless you are VERY sure where it’s going.
Update your software and devices. Make sure your computers, software, and anti-virus are set to install the latest patches. And, check those home devices: TVs, routers, and home security systems are all internet devices. Make sure they are running current software and default passwords are changed.
Know which apps have permissions to see your personal data. Every time you use Google or Facebook to authenticate to a game or a plug-in, you’re giving the people who make that plug-in some amount of permission to see your data. There are easy ways to check.
There are lots more tips available on the Cybersafe website, and we’ll continue to cover more topics IT’s social media. We appreciate the partnership!
Stay aware, and stay cybersafe!