Today is the first day of October, and as promised this kicks off our month-long campaign promoting Cyber Security Awareness Month.
This weeks theme that is promoted by the Department of Homeland Security is: Stop. Think. Connect. This campaign is a collaborated effort designed by many actors in the United States Federal government, non-profits, and state and local government agencies.
The purpose of Stop Think Connect is to encourage everyone to consider the security implications of their actions while they are online. As the world becomes more and more digital, it is important that we all remain educated about how to keep our data safe. Up until now, understanding the risks and threats spectrum has not been good enough to protect citizens. Recent studies have reported that more than one billion data records have been compromised worldwide and 348 million U.S. Internet users’ identities were exposed by breaches in 2014 alone.
Staying secure online is the best way to protect your information. By understanding the basic principles of cyber security, the hope is that everyone can start to make security a habit. In this blog post, we are going to walk through what should be going through your head as you Stop Think Connect.
Step 1- Stop: Before you use the Internet, take the time to understand the risks and learn how to spot potential problems.
Just as you would apply common sense to protecting yourself physically, when crossing a street or driving your car, you should protect yourself online as well. Make sure you are aware of how to watch out for schemes.
According to the Verizon 2015 Data Breach Investigations Report, 92% of attacks that have occurred in the past 3 years have been able to be broken down into nine categories:
- POS Intrusions
- Web App Misuse
- Insider Misuse
- Physical Theft/ Loss
- Miscellaneous Errors
- Card Skimmers
- DoS Attacks
- Cyber Espionage
Making sure you know how to look out for these various types of attacks is essential to protecting yourself online.
Step 2- Think: Consider how you should proceed online with these risks in mind.
What do you have that Hackers want?
Of course, the other aspect of thinking about how to proceed online is to consider what valuable information you have that a hacker would like to have access to. Some of these items regularly include:
- Intellectual Property
- Client or Personal records
- Personally identifiable information
- Payment info
- Access to a website
This of course is just a small sampling.
Once you understand the information a cyber criminal would have interest in harboring, you should take some steps to check your security posture before you connect to the Internet. Make sure that:
- You are using a secure Internet connection
- Your browser is fully updated and patched
Quick Note: Understanding Fake Prompts for Updates and Patches
One of the biggest threats that usually comes to mind is fake prompts to update software that is installed on your computer.
This problem actually became the focus of many news outlets this past summer as fake Windows 10 updates caused many PC users to become infected with malware. The file attachment was sent via email from an address that a casual onlooker would deem legitimate. Once the file was unzipped, it became clear that the file was actually a variant of CTB-locker (Critroni) ransomware that would encrypt users files and hold them for a ransom that had to be paid within 96 hours in Bitcoin over the Tor network.
This is far from an isolated incident.
When it comes to protecting yourself online, one of the best things you can do is learn best practices for updating your software. This is trickier than it used to be, as malware applications have become increasingly sophisticated. In fact, many of them are so close to what you would expect a legitimate update to look like that only a trained professional would be able to tell the difference.
Rule #1 – If you are prompted via a pop-up, even if it is a legitimate application that is installed on your system, do not click on the window. Instead, see if you have been notified by any other means.
- If it is an enterprise or company application, see if your IT department has notified you of an update. If they have not, reach out to them and ask. If it is a legitimate update, they will provide you a safe way to install.
- If it is a free application that has been downloaded from the Internet, go to the application’s website and see if there are any notifications and instructions on how to download.
Step 3- Connect: Enjoy the Internet with greater confidence, knowing you have taken the steps to safeguard yourself.
Here are a few things that we suggest:
- Disconnect your devices from the Internet when you are not using them.
- Only connect to the Internet over secure, password-protected networks
- Backup your Data
- Protect all devices that connect to the Internet from viruses and malware- Including gaming systems and mobile devices
- Make sure you trust any site that you download a document from.
- Make sure that your applications and operating systems are always patched and updated with the most recent versions before accessing the Internet.
- Enforce strong privacy controls on social media networks
- Limit the work you do while on a free Wi-Fi hotspot
- Use strong password policies (learn more about how to do this in our blog post)
When all else fails, Orion supports the “when in doubt, throw it out” mindset.
If you are unsure of whether or not something is safe or could cause problems to your computer, the best thing you can do is to not take the chance. Anything from a web site popup to an embedded link or attachment in an email could be harmful. This applies even to emails that come from accounts you recognize. Overall, the best rule of thumb is to avoid it if anything about it makes you suspicious.
Our Last Tip: Stay Informed
When pausing to make sure that you understand the risks that are associated with the Internet, we want to make the emphasis on how quickly the modern threat landscape changes. With this in mind, you should regularly check the news for any new threats or vulnerabilities that have been reported.