FIVE WAYS TO BE CYBER SECURE AT WORK from the Stop.Think.Connect. of the Department of Homeland Security in commemoration of the National Cyber Security Awareness Month 2017

Businesses face significant financial loss when a cyber attack occurs. Cybercriminals often rely on human error – from employees failing to install software patches to clicking on malicious links – to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of every employee to keep data, customers, and capital safe and secure.

SIMPLE TIPS:

Follow these simple tips from the Stop.Think.Connect.™ Campaign to help foster a culture of cybersecurity in your organization:

1.   When in doubt, throw it out. 

Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cyber criminals compromise your computer. If it looks suspicious, it’s best to delete it.

2.  Back it up. 

Make electronic and physical back-ups or copies of all your important work. Data can be lost in many ways including computer malfunctions, malware, theft, viruses, and accidental deletion.

3.  Guard your devices. 

In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.

4.  Secure your accounts. 

Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. When available, turn on stronger authentication for an added layer of security, beyond the password (such as two-factor authentication or even more as a defense in-depth measure).

5.  Report anything suspicious. 

If you experience any unusual problems with your computer or device, report it to your IT Department.

FIVE EVERY DAY STEPS TOWARDS ONLINE SAFETY from the Stop.Think.Connect. of the Department of Homeland Security in commemoration of the National Cyber Security Awareness Month 2017

Cybersecurity is present in every aspect of our lives, whether it be at home, work, school, or on the go. Regardless of one’s technical ability or background, there are simple steps everyone can take to stay safe online.

SIMPLE TIPS:

Protect yourself online and help to make the Internet safer and more secure by following these simple tips from the Stop.Think.Connect.™ Campaign:

• Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account. For more information about authentication, visit the new Lock Down Your Login Campaign at www.lockdownyourlogin.com.

• Make your passwords long & strong. Use complex passwords with a combination of numbers, symbols, and letters. Use unique passwords for different accounts. Change your passwords regularly, especially if you believe they have been compromised.

• Keep a clean machine. Update the security software, operating system, and web browser on all of your Internet-connected devices. Keeping your security software up to date will prevent attackers from taking advantage of known vulnerabilities.

• When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious (even if you know the source), delete it.

• Share with care. Limit the amount of personal information you share online and use privacy settings to avoid sharing information widely.

Cyber Warfare:  How Lack of Due Care, Due Diligence, and Negligence are Quickly Turning the World’s “Nightmare” into an Unwelcome Everyday Reality

It is October, and once more, we at Cyberwyze join our nation in observing the yearly Cybersecurity Awareness Month with hope and confidence for a more secure America, a luxury that we once took for granted, but not anymore; the difference is so obvious, as cyberwarfare rages on.

With the daily headline news, most times, highlighting information security breach, it is obvious to all of us now that cyber warfare is no longer a probability; it is now a global reality, more so for the United States government and its citizens.  However, the United States is more than capable to confront this monster and its perpetrators head-on and prevail.  This, also, is a reality.  Cyber warfare is no longer a “nightmare”, that can be wished away; rather it has become a complex, nagging headache that won’t go away with an over-the-counter medication.  Therefore, it demands to be ruthlessly responded to and eliminated, regardless of how long the battle rages on.  This is the reason the United States cannot relax until she has overwhelmingly helmed in all who are bent on destroying the U.S. government and its citizens regardless of the level of their “frequency and sophistication of intrusions into United States networks, and I confidently attest to the great job that the information security professionals in this nation are doing to stop this monster.

However, considering the frequent breaches and intrusions into our nation's networks, it is becoming increasingly disconcerting how the lack of due care, due diligence, and negligence continue to make all the efforts of some conscientious and selfless information security professionals nothing but a load of frustration.  Fair enough, the enormous number of daily attacks is enough to engender security fatigue, however, there is a maxim that wisely states that “he who is surrounded by adversaries is always on guard for his life”.  Therefore, to directly face this challenge effectively and prevail regardless of the daunting nature of this undertaking, the management and key stakeholders who are responsible for governance need to seriously and diligently ensure that every “t” is crossed and every “i” is dotted; nothing left undone with constant audit and monitoring of the activities occurring in their respective organization's networks.  Talk of going the extra mile all the time―that is exactly what the information security threat environment calls for, absolutely no dilly-dallying, or unnecessary bureaucracy.  This is war; it is either fight, with absolute vigilance, or die. Period.

The importance for the U. S. government to mandate putting in place sophisticated advanced persistent threats (APTs) and risk-mitigation strategies to detect backdoors, trojans, and malicious codes to protect all the nation’s computer networks, public and private, taking cue from what Microsoft and other computer technology companies have done for their organizations and supply chains can never be overemphasized .  These strategies must, of paramount importance, take into consideration speed as a frontline defense strategy as well as due diligence (extra care and vigilance 24/7) among other things if it plans to prevent any further intrusions into the nation's computer networks, both public and private including individual citizen's homes and businesses, and, of course, to remain the world leader in information technology.  This type of action is necessary to effectively guard against the theft of our sensitive information and destruction of our nation's critical infrastructure, logistical and operational plans, the commercial information and intellectual properties and trade secrets of her citizens and their businesses.

                So, without mincing words, I ask us, what will it take for us to wake up and smell the coffee, and understand the handwriting on the wall, and start taking the security of our nation’s assets and customers’ sensitive information seriously, and desist from mortgaging them at the altar of business margins or bottom line?  This nation can no longer condone negligence, and lack of due care and diligence, the most basic, non-technical house-keeping countermeasure in the cybersecurity domain, which is annoyingly and unacceptably so rampant within our organizations, as most have failed to put the security of their customers as a primary security responsibility, choosing rather to secure their bottom line at the expense of the source of their existence―their most valuable asset―customers and their information.  That is the reason that the recent information security breaches perpetrated on organizations such as Equifax, Yahoo, Target, to name a few, due to gross negligence and lack of due care and diligence is downright unacceptable, and must stop already!  Our nation has stringent information security laws, and now is the time to start seriously putting those laws into execution to waking up security-irresponsible organizations, because failure to do so becomes tantamount to aiding law breakers to the doom of this nation, that is already unimaginably under enormous millisecond-cyber-attacks daily.

Cybersecurity is everybody’s business, and the least that we all, responsible citizens and users of information and the cyberspace, can do, is to have a culture of due care and diligence, that goes a long way in the current cybersecurity threat environment to securing our assets and peace of mind to strengthen the efforts being made by security professionals in this nation to effectively combat and eradicate cybercrimes.  It is not enough to merely deploy and implement expensive security technologies, while shirking the responsibility of maintenance and conscientiousness (due care and diligence), which is what sets apart mediocrity and excellence; just as it would be futile and total waste of taxpayers’ money to build a road infrastructure, without the normal ongoing maintenance work.

The fact is that we are engaged in an unconventional warfare, and the American citizens need to understand it ; therefore, due care and diligence and active vigilance 24/7, is of utmost importance for achieving resilience, victory, and thriving over cyberwarfare; anything less will be self-defeating and very sad, because none of us would like the outcome, and that is the crux of the matter!

Nuggets of Wisdom

The Global Ransomware Menace: How to be Cyberwyze

Ransomware?

Yes, Ransomware!  It is a form of malware that is used by adversaries or cyber criminals to encrypt files on computers or network system rendering the system and/or data unavailable to the legitimate users, and then demand ransom from the legitimate owners of the data to release the data, or be destroyed by the ransom seekers. The attacker may or may not release the information or data only after being paid, usually in a non-traceable means such as bitcoin. 

The best practice to avoid being held hostage for your data if attacked with Ransomware is to routinely backup data and store in a safe at an offsite location, far from an organization’s network system or an individual’s computer or storage devices.

Please read the following Nuggets of Wisdom from the Federal Trade Commission (FTC) on Ransomware worries? and Fake emails could cost you thousands.