October is Cybersecurity Awareness Month (NCSAM). At Wipfli/Brittenford, we take cybersecurity seriously every day of the year. As part of this, we would like to provide you with tips and resources to protect yourself and your company. So without further ado, here are 7 tips and ideas to celebrate NCSAM at your organization.
1: Check Out Weekly Activities During NCSAM
The Department of Homeland Security has a wide range of cybersecurity resources, but shares the following weekly themes for NCSAM 2016:
- Week 1: October 3-7, 2016 – Every Day Steps Towards Online Safety with Stop.Think.Connect.™
- Week 2: October 10-14, 2016 – Cyber from the Break Room to the Board Room.
- Week 3: October 17-21, 2016 – Recognizing and Combating Cybercrime.
- Week 4: October 24-28, 2016 – Our Continuously Connected Lives: What’s Your ‘App’-titude?
- Week 5: October 31, 2016 –Building Resilience in Critical Infrastructure.
The NCSAM “One Pager” Offers tips for each week. Click here to view it. Additionally, StaySafeOnline offers both in-person and online events on their calendar. Another good resource is the SANS Securing the Human NCSAM Toolkit which offers templates, tools, and videos for each day in October.
2: Get Shredding
Crime is a combination of means, motive, and opportunity. Cybercrime is no different. While a good deal of cybercrime can be accomplished by technological means, another part of a proactive cybersecurity solution is to remove the non-technological vulnerabilities (passwords on paper, invoices, printed credit card information).
We recommend hosting a shred day for employees to bring in papers to shred, and practicing the same for your business. Not looking to host your own? Many banks, credit unions, and realtors offer free shred days many times per year.
3: Get the Facts on Ransomware
Ransomware attacks are on the rise—affecting both businesses and consumers. Ransomware is a type of malware that accesses your files, locks and encrypts them and then forces victims to pay a ransom to get those files back. Think of it as the “digital kidnapping” of your most valuable data – from personal photos and memories to client information, financial records and intellectual property.
Stay Safe Online offers the following tips:
- Keep all machines clean. Immediately update all software on every Internet-connected device. All critical software including PCs and mobile operating systems, security software and other frequently used software and apps should be running the most current versions.
- Get two steps ahead and protect core accounts such as email, financial services and social networks with two-factor authentication (also known as two-step verification or multi-factor authentication).
- Back it up: Make sure you have a recent and securely stored back up of all critical data.
- Make better passwords: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
4: Remind Your Employees of Proper Password Use and Talk Two-Factor
The human is the weakest point in the password security chain. From writing down passwords to keeping them on spreadsheets to reusing the same password on multiple sites, empowering employees to take the right steps to secure their information is the first step in helping them to improve password security. The first step is to know the worst passwords, which according to SplashData are as follows:
Keeper went further, analyzing a recent leak of MMOKings and found that of the 67,547 passwords recovered, only 24-percent of them were more than 8 characters in length, and 11,593 were six characters or less. Read more in their CSO Password Management Survival Guide.
Another good resource is the LastPass “How Secure is My Password” Tool.
5: Subscribe to the Security Awareness Company on YouTube
Cybersecurity is often a dry topic, but the Security Awareness Company has brought some edginess to the discussion. The company offers many lessons on cybersecurity, but some of the more easily digestible bits are their parodies of popular songs, which teach the basics of cybersecurity with a bit of flair. Subscribe to their channel, and watch some of the following videos:
- Hacker’s Paradise: A Security Awareness Music Video
- Thinkin’ 9 to 5
- Social Media Privacy Awareness: Parody of Every Breath You Take
6: See Your Risk Using the EMC2 Workplace Security Risk Calculator
Do you know which common behaviors are putting your workplace data at risk? Things as common as accessing email from a mobile device or home office, playing online games at work, or using a USB drive could be increasing your risk.
As part of its 2015 Cybersecurity Month Campaign, EMC2 released an informative quiz for calculating cybersecurity risk. The quiz asks common questions and will offer a risk score based on your answers. Click here to take the quiz.
7: Take Advantage of 10% off of Cybersecurity Training and Services from Wipfli
Wipfli is again joining the growing global effort to promote online safety awareness as a NCSAM Champion. In honor of NCSAM and the spirit of keeping our clients vigilant and prepared, we are offering a 10% discount on our most popular cybersecurity training and services if redeemed by the end of October. Click here to learn more about the discount and to get in contact with a Wipfli Cybersecurity expert.