We often have 100 things on our minds during the holiday season, from Thanksgiving get-togethers, Christmas shopping, volunteer work, and kids in school. Quite often, the last thing on our minds is, “Did I remember to change my password on my devices?” Cybercriminals know many people use their credit cards for online shopping worldwide and often save that information in their browser password key. We also store Personal Identifiable Information (PII) and banking statements on our devices, leaving us open to identity theft.
Fortunately for us, November 30th is National Computer Security Day. This comes just before Christmas and reminds us to act against cybersecurity threats. The focus of this day is to raise awareness of cybersecurity issues. These threats can come in the form of malware, phishing emails, spoofed links, and viruses. Cybercriminals are always looking for the newest exploit in an operating system. This is not exclusive to computers either. Your phones, tablets, smartwatches, modern vehicles, and any other device you use that can connect to a network is at risk. In this interconnected age, safeguarding our digital presence is not just a recommendation – it’s a necessity.
When Did National Computer Security Day Start?
National Computer Security Day was established 35 years ago, shortly after a cyber attack on ARPANET. ARPANET was the first public packet-switched computer network and was the early internet processor. This attack affected 10 percent of the computers on the network. Fast forward to today, and you will see just how vital cyber awareness is to the population. According to Packetlabs, here are the following stats on cybersecurity for 2023:
- There will be an estimated 800,000 cyberattacks in 2023–with that number predicted to continue to rise annually.
- 97% of security breaches are exploiting WordPress plugins.
- Every 39 seconds, a threat actor targets a business’s cybersecurity infrastructure.
- An estimated 300,000 new malware is created daily.
- 92% of malware is being delivered via email.
- In 2023, it takes organizations an average of 49 days to identify a cyberattack.
- Over 4.1 million websites on the Internet have malware
These numbers are concerning. Even more concerning are people who have their whole lives on a digital device and do not take the necessary precautions against cyber criminals.
Everyone with a smart device is not expected to be a certified cybersecurity professional. While that would protect everyone’s information, it is unrealistic. Instead, we must take steps to help thwart efforts employed by cybercriminals.
The Government is Taking a Stance Against Cyber Criminals
Cybersecurity is priority number one with all the classified information and encrypted data the Government handles on their enterprise systems. They are continuously observing breakthroughs in protection on the commercial side, finding ways to integrate the “latest and greatest” into their current systems, and hiring the best professionals knowledgeable in cybersecurity.
Recently, there was an Executive Order on Improving the Nation’s Cybersecurity situation. The key points from the Executive Order included:
- Improve software supply chain security.o New baseline requirements must be met to sell software to the Government. These requirements will let the Government and the public know the software was developed securely.
- Establish a Cyber Safety Review Board.o Establishes a Cyber Safety Review Board, co-chaired by government and private sector leads, with the authority to convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity.
- Create a standardized playbook for responding to cybersecurity vulnerabilities and incidents.o The playbook will ensure all federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat and serve as a template for the private sector to use in coordinating response efforts. This will enable a government-wide Endpoint Detection and Response (EDR) system and improved information sharing within the Federal Government.
- Improve investigative and remediation capabilities.o Create cybersecurity event log requirements for federal departments and agencies to improve an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact.
- Modernize and implement more robust cybersecurity standards in the Federal Government.o Integrate secure cloud services and a zero-trust architecture and mandate multifactor authentication and encryption deployment within a specific timetable.
These key points are an effort to ensure that Government systems stay on top of cybersecurity while constantly evolving to prevent future attacks.
What Can I Do to Stay Protected?
First, we must note that nothing is 100 percent, and criminals constantly adapt and exploit the latest and greatest technologies. However, you can take several steps to help keep your PII protected.
Time to Change Your XYZ123 Password
So, do any of these look familiar?
If so, you have a huge problem on your hands. According to cybernews, these are the top 10 most common passwords globally in 2023. Some additional popular items included names (Eva), year (2010), sports team (sun), and food (ice). All these terms make your password more susceptible to a hacker decoding it in seconds.
The Cybersecurity and Infrastructure Security Agency (CISA) has your back if you need tips on improving your password. CISA states that most people will use passwords that are easy to remember and include either a birthdate, phone number, or address. This is all the information a cybercriminal could find without much effort. Another question is if the password could be found in a dictionary. CISA recommends trying to use “a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of obscurity.”
As for the length of your password, the National Institute of Standards and Technology (NIST) recommends using as many characters as possible. This can range from eight to 64 characters, depending on the system. In addition to length, uppercase, lowercase, numbers, and special characters should be used when possible. Note that some systems will only allow specific special characters when creating a password. Also, remember to change your password every 90 days or so to ensure your password stays safe.
Multifactor Authentication (MFA)
MFA, also known as Two-Step Verification, is a second way to authenticate that the user is who they say they are. Because passwords can be easy to crack, MFA provides the extra protection of needing to authenticate again before allowing access to an account. An authentication factor is a way of confirming your identity when you try to log in. A password is one factor; it is a thing you know. The three most common types of factors are below:
- Something you know—a password or memorized PIN.
- Something you have—a smartphone or a secure USB key.
- Something you are—a fingerprint or facial recognition.
Once you enter your password, the system will send a text with a PIN to your phone and ask you to enter a specific number into your authentication app; a face/fingerprint ID will be used. If these two factors pass, you will have access to your information. The best practice is always to set up MFA where possible to protect your devices and online information.
Beware of Modern Tactics
It’s vital to be aware of various cybercrimes, including those that occur during shopping experiences:
- RFID (Radio-Frequency Identification) Skimming: Criminals can discreetly scan your contactless cards, intercepting your credit card data. Use RFID-blocking wallets to safeguard against this.
- Online Shopping Scams: Be cautious when shopping online to avoid fake e-commerce websites that can lead to financial loss and identity theft.
- Phishing Emails: Stay alert for phishing emails that impersonate trusted retailers, aiming to collect your personal and financial information. Verify email legitimacy and avoid suspicious links.
- Point-of-Sale (POS) Attacks: Protect your card information when using POS terminals to prevent unauthorized charges. Monitor your credit card statements regularly.
- Mobile Payment App Risks: Secure mobile payment apps with strong passwords and enable two-factor authentication for added protection.
- Social Engineering at Checkout: Shield your card and PIN at checkout counters to prevent criminals from memorizing your details.
- Protecting Personal Devices: Secure your devices with strong passwords, PINs, or biometrics. Keep mobile apps up to date for enhanced security.
Update, Update, Update
We know it is annoying, and it is so easy to hit the snooze button/remind me later; however, when your device has an update, it should be updated immediately. Tech companies constantly push out updates for their products, not just because they have nothing better to do. Quite often, when you look at the update notes, security patches and improvements will be included in the download. Whenever a vulnerability is discovered or a hack occurs, companies immediately remediate the problem, determine where the exploit occurred, and then send out an update to protect its users. Protecting your information is much more important than waiting five minutes for your device to update.
Organizations and National Computer Security Day
Organizations can play a significant factor in spreading cybersecurity awareness to their employees. Whether you work for the Private sector or the Government, training will teach employees how to protect data and their devices from internal and external threats. Here are some additional ways organizations can spread the word on National Computer Security Day (cybertalk, 2023):
- Host a lunch-n-learno Treat employees to a special lunch. Use it as an opportunity to reinforce positive and motivational messages about cybersecurity.o Build in thought-provoking discussion questions. Allow for a genuine conversation to follow.
- Run a contest.o Material from a seminar can be used in a trivia contest.o For IT professionals, run a contest that requires resolving simulated cyber-attacks.
- Gamify cybersecurity training. Here are some great ideas for you.o Allow employees to ‘earn’ 100 points for correct answers.o Rewards and leaderboards can help.
- Conduct a seminar.o Include information about the latest phishing tactics and other popular methods of propagating cyber threatso Answer employee questions. Your organization may have unique programs, policies, and best practices. Help employees understand material for which they need help finding online answers.o Explain who to contact if you have questions about a specific online interaction or email.
Any way an employer can help get their employees to think about cybersecurity will benefit the company and the employee’s cyber preparedness at home.