Today is the last day of October 2013, and so sadly, this is our last NCSAM primer blog. We're hitting on a number of potential threats in this one to help drive the core point home – users need to be vigilant, not just with regards to their physical security, but also the security of their information and the systems used to access and store it.
For those that are new to this series, a quick recap – every week this month we have created a short primer piece that could be copied and pasted into an email to send around your organization. The goal is to promote better security awareness and thoughtfulness amongst your users by educating them on the risks they face and how to protect themselves. So far we've covered phishing, mobile threats, basic password hygiene, and avoiding cloud crises.
In all of these posts, the underlying message is the need for vigilance, so I thought we'd really hammer the point home with this final post. I considered creating a primer that would just say BE VIGILANT in enormous, flashing letters, but I figured you probably already have one of those, right?
So, here's your 5th and final primer. Thank you to those that have followed the entire series. We hope they have been valuable/ useful.
Since you were a child you have likely been taught about obvious risks to your person, and encouraged to adopt certain types of vigilant behavior to protect yourself, to the point that it's become second nature. You look both ways before crossing the road. You don't stick your hand into boiling water. You wear a seatbelt when driving. And of course we tell children not to talk to strangers. We are encouraged at every point to take our physical safety seriously and to protect ourselves.
Yet we do not widely exercise the same degree of vigilance when it comes to our online safety, despite having reached a point where we all practically exist online. Your bank is online, your friends are online, and all of your data is online, from photos and videos, to birth records and mortgage agreements. Your level of exposure is immense, both on a personal and professional level, and while you may never see your attacker or feel their knife at your back, they certainly have the potential to cause you serious injury.
We need to adopt the same kind of vigilance to protect ourselves when we're engaging with technology as we would walking down a dark street late at night. Be aware, consider the risks, and limit your vulnerability.
The main ways to do this were covered in the previous emails we sent, concerning phishing, mobile threats, passwords and cloud applications. Here are a few other things to consider:
- Don't visit shady websites! Sometimes it is tempting to visit a site that promises to show you how to see who is looking at your Facebook profile, or how to make money while you sleep, or how to find love right now, tonight, but when faced with such an opportunity, resist it. Sites like this probably won't deliver, and are likely to lead to other shady parts of the internet, or include malicious software.
- Don't give information out to strangers. This should be a familiar one – beware “Stranger Danger”. Don't simply trust that people are who they say they are, and don't give information out without first verifying that it's OK to do so. For example, if someone calls in to the company and asks you for information, it could seem pretty innocent, but you could be arming them with what they need to launch a phishing attack that may provide an entry point to compromising our systems.
- Don't connect to untrusted networks. If you're working in a public place, be suspicious of the wifi. Connect to the VPN as soon as possible. Ensure your internet at home is password protected and change the password regularly.
- Don't accept flashdrives/ USB keys from people you don't know. They could carry some kind of malicious software that could infect your computer.
- Turn off Bluetooth when you're not using it. An attacker can use it to connect to your device and access your information without your knowledge.
- Lock your computer when you step away. This goes for any environment, but especially when you are in public. Leaving your laptop on a table while you are logged in is analogous to leaving your car keys in the door.
Above all – remember that the IT and security team is here if you have any questions or concerns. And BE VIGILANT!