cyberconIQ’s Cybersecurity Awareness Month

Taking the FEAR out of Cybersecurity

October 1

Threats Thursday

Welcome to cyberconIQ's Cybersecurity Awareness Month! Join us this October as we give you some simple tips and information that will help you take the fear out of cybersecurity! Let’s change the narrative and save yourself from yourself!

October 2

Human Firewall Friday

Week 1: Let’s talk about usernames and passwords!

Do you remember how many accounts you’ve registered for in your lifetime? While I may not be able to tell you an exact number my guess is a lot. In the past, even if I couldn’t remember if there was an existing account, I more than likely could tell you exactly what my username and password would be. It is well known by the general public and cybercriminals that when people register for a new account they reuse or make a slight variation to an old password. This is good news for criminals because when one account is hacked, then there is not much effort needed to hack any other accounts.

Reusing passwords, or variations of passwords can be dangerous and cause you to be less cybersafe online. Not only is reusing the same password dangerous but so is sharing your username and password with others. Even those you trust.

Have you ever shared your Netflix or Hulu profile? How many people have access to it? If you shared your login information, then every person who has access to your profile also has a username and password that you’ve probably used in the past on other accounts or maybe current accounts. Even without malicious intent, account sharing can be dangerous, it opens the door for you to be compromised. Once someone has your login credentials your information can no longer be controlled, and it is out of your hands. It is your account, so any actions taken under your login falls to you. The person you shared that information with may have shared with a friend or family member and pretty soon a friend of a friend is in your account and anything can happen.

Here are some suggestions to make you safer online. Enable multi-factor authentication whenever you are able to. Enabling this security measure will notify you through email or text if a new person or device tries to access your account. If you do not recognize the login, change your password. Use long and or complex passwords. Instead of keeping a physical password (sticky notes are a big no) utilize a password manager on your phone. This can ensure all your passwords are stored on a device that only you have access to. Use passwords that are unfamiliar, not a regular password.

In the world of cybersecurity, it is better to be safe rather than sorry. Take the necessary precautions and don’t share your login credentials.

October 5

Malware Monday

Week 2: Safe website

Malware is crawling all over the internet, and false and unsecured websites are a typical place that cybercriminals tend to hide this malicious software. Here are some simple tips to make sure you're safer online. Make it a priority to check that the website has HTTPS before it's URL. HTTP stands for Hypertext Transfer Protocol, and the S symbolizes that it is, in fact, secured. The function of the HTTPS is to encrypt communications and to prevent criminals from stealing sensitive information. A secure site is particularly crucial if you are planning on doing online shopping or accessing any sensitive data such as your bank. You should also check for a padlock symbol in the URL bar. A padlock will indicate that the website is using a trusted SSL (Secure Sockets Layer) digital certificate. This will encrypt the link between the server and your device. If the padlock symbol is not there, it is not safe to enter passwords or credit card information.

Finally, look for a privacy policy. All legitimate webpages utilize them. Once the policy is found, use the Ctrl-F function to search for keywords such as "third-parties," "data," "store," "retain," and similar terms. The policy will give you a better understanding of what is private and what the company could share about you.
At the end of the day, you have the power to close a malicious webpage. The next time you're browsing the internet, keep these tips in mind to stay cyber safe!

October 6

Texting Tuesday

Week 2: Online Purchase/Confidential Information

You can shop for just about anything online, and with COVID-19, people are even more inclined to utilize the convenience of having everyday essentials delivered right to your door. However, if you are not careful, this can lead to you becoming the target of cybercriminals. Keep these tips in the back of your mind the next time you shop!

Do your research. Before entering your card information, look at reviews and not just the ones on the webpage. Search for the vendor and the product online to see what comes up. It is also a good idea to check for any customer service information or the physical location of the vender to verify it is legitimate.

Don't use your debit card. Credit cards are much safer to shop with because there are more customer protections, and it is not a direct link to your bank account. Some card companies also have a notification system that lets you know via text if any purchases are made on your card. If you do not have a credit card, fear not! Utilize a third-party payment service such as PayPal, Venmo or, Google pay. Doing this removes the direct link to your bank account, and you still have the ability to report and file claims.

As frustrating as it may seem, do not store your payment information in your shopping profiles. Because if that company is hacked then there is less sensitive information about you for a criminal to use.

Finally, check your bank and card statements regularly. I suggest minimally checking once a week to be sure no suspicious charges have been made.

Be alert, be aware, and be cyber smart.

October 7

Wacky Wednesday

Week 2: Shopping

Cybercriminal turned cyberwarrior.

Yes, this really happened!

The year was 2008, and Walker, a young 18-year-old hacker with Asperger's (a mild form of autism), pled guilty to six charges of cyber-crime. He had been homeschooled since he was thirteen, and in his free time, he taught himself about programming and encryption. Walker was responsible for an international hacker network that infiltrated over a million computers and led to the theft of $20 million. Through this, he only made about $32,000 from his efforts. The program he created enabled a cyber-gang to use their botnets, a group of computers infected with malicious software that can be controlled without the owner’s knowledge, to infiltrate computers. Anti-virus software couldn't detect his encrypted malware, and at the time, it was considered one of the most advanced encrypted malware that investigators had encountered. The code he created would disable anti-virus software and prevent it from being updated, causing the computer to be unaware that the anti-virus software was inactive.

However, due to his age, remorse, condition, and lack of criminal intent, the judge dismissed the guilty plea and asked that he instead pay $11,000 in damages. Today he is now working as a cybersecurity consultant for a telecom company in New Zealand.

 

Hahn, J. (2020, April 17). The Stories Behind 15 of the Most Dangerous Hackers Ever. Retrieved September 24, 2020, from https://www.complex.com/pop-culture/2015/02/the-most-dangerous-hackers-and-groups/owen-walker

Martin T. Biegelman, C. (n.d.). Fraud Magazine. Retrieved September 24, 2020, from https://www.fraud-magazine.com/article.aspx?id=412

Teen hacker turns cyber-crime consultant. (2009, March 26). Retrieved September 24, 2020, from http://www.nbcnews.com/id/29875907/ns/technology_and_science-security/t/teen-hacker-turns-cyber-crime-consultant/

October 8

Threats Thursday

Week 2: IoT

First, let's begin with what is IoT (Internet of Things)? Essentially it is a network of physical objects that have the ability to gather and share electronic information. So, when you think IoT, imagine smart devices ranging from a Fitbit to industrial machinery. Nowadays, just about any device could be considered "smart," so how do you protect yourself from items that are not only constantly around you but necessary and vital to your job/life. Here are some tips that may help you better protect you and your devices.

Change your passwords, and don't leave it at its factory settings. Instead of using a single word, use a phrase you would remember and change out some letters for numbers and symbols. This way, it's easier for you to remember and harder for a hacker to guess.

Many smart devices are accompanied by a mobile application. Many of these apps could be running in the background or using default permissions you may not have approved. This allows them to gather personal information without your knowledge. Only download apps from trusted sources and always check the permissions on an application. If you are not comfortable with the permissions they allow, it is best not to download it.

Secure your network. You will hear this suggestion throughout the month, but it is vital. It is an excellent baseline of defense. However, do not forget about it once it is established. Make sure to update your network continually, and if you are worried about forgetting, then enable automatic updates during low use time. You are the security officer for your home.

October 9

Human Firewall Friday

Week 2: Use Multifactor Identification (Apply to personal lives and not to organization)

What is Multifactor Identification?

You are probably most familiar with it when logging into your bank account. Once past the initial username and password login, the bank will typically ask to send you a code via text or email from the information linked to your account.

It is essentially another layer of verification utilizing something you know, have, or are. In order to gain access, your credentials must come from two of the three categories.

The category of something you know includes usernames, passwords, and pin numbers. The category of something you have could consist of a verification text, call, or email. The category of something you are includes fingerprint, vocal, or facial recognition.

If given the option to enable Multifactor Identification, take the initiative and do so to protect your information and identity.

October 12

Malware Monday

Week 3: Check for System Updates

Stop disregarding those little pop-ups asking you to install your software updates. We all get them! Even though they are a bit disrupting, they are critical to your computer’s safety and wellbeing. Software updates typically have both vulnerability fixes and bug fixes.

While browsing the internet, you are at the mercy of your computers' current protective measures. These fixes can aid in keeping malicious software out of your computer. It is like locking the door to your house, it won't keep everything out, but you’re not leaving an open invitation for a nefarious person to access your home.

These system updates don’t always have to be tedious. An anti-virus program can be set to automatically install, and if available, you can even schedule the updates in low use hours. We recommend scheduling automatic updates for your operating system, security software, and browsers whenever they are available.

The Importance of General Software Updates and Patches. (n.d.). Retrieved October 02, 2020, from https://wp.umaryland.edu/the-importance-of-general-software-updates-and-patches/

IT at Yale. (n.d.). Retrieved October 02, 2020, from https://cybersecurity.yale.edu/patchyourdevices

October 13

Texting Tuesday

Week 3: Unsecure Public Wi-Fi

There are two types of public Wi-Fi networks: secured and unsecured. A secured network requires a user to agree to legal terms, register an account, or type in a password before being allowed access to the network. A secure network can also supply some encryption for your Wi-Fi connection. An unsecured network can be connected to without any type of security features like a password, encryption or a login page.

You should always use public Wi-Fi with caution, especially an unsecured network. Let us look at some dos and don’ts, according to Norton, when it comes to public Wi-Fi:

Do not: Shop online when using public Wi-Fi. Shopping does not seem like it involves sensitive data, but making purchases online requires personal information that could include bank account information.

Do not: Access personal bank accounts, or sensitive personal data, on unsecured public networks.

Do: Turn off automatic connectivity. Most smartphones, laptops, and tablets have automatic connectivity settings, which allow you to connect from one hotspot to the next. While this may be convenient, it can also connect your device to networks you would not ordinarily use.

Do: Check your Bluetooth connectivity. Leaving Bluetooth on while in public places can pose a huge risk to your cybersecurity. It allows various devices to communicate with each other, and a hacker can look for open Bluetooth signals to gain access to your devices. Keep this function locked down when you leave your home or office.

Do: Think about using a virtual private network (VPN) solution to ensure your privacy is protected when using public Wi-Fi. VPN services can encrypt all the data you send and receive while using public Wi-Fi. Securing your information from other users should be a top priority. An example of a VPN service is Norton Secure VPN.

Norton. (2020, July 06). The Do's and Don'ts of Using Public Wi-Fi. Retrieved September 30, 2020, from https://us.norton.com/internetsecurity-wifi-the-dos-and-donts-of-using-public-wi-fi.html

October 14

Wacky Wednesday

Week 3: Wait, This Really Happened?!?

If you were a gifted hacker, would you join the forces of good or evil? If your Kevin Poulsen why not both. By day he worked as a security expert and programmer for SRI international. A technology company with government contracts. But by night, he donned his pseudonym “Dark Dante” and gained access to government secrets and a Porsche.

As a young kid growing up in the 80s, Poulsen was fascinated with the avenue’s computers opened for him. He enjoyed testing the limits and seeing what he could get away with. In his early years, he hacked the pentagon ARPANET, the foundation of the internet, and stole sensitive military and government documents. Poulsen was only caught because he logged in under his actual name. Since he was underage at the time, he was never officially charged.

He learned from his past mistake and adopted the name “Darke Dante” for his black hat hacker activities. However, those days came to an end when he missed the payment on a storage locker. When this locker was then opened, some strange electronic equipment was discovered, along with payphones, and printouts, including the Soviet embassy's unpublished number, was found within. The authorities were contacted, and Poulsen’s possessions were taken, causing him to run and hide. He enjoyed the game that being on the run created. He would call the authorities searching for him and mock them for letting him get away. When they attempted to trace the call, it would circle back to within their own facilities.

He spent a total of seventeen months on the run. He was only apprehended when store clerks recognized him from an episode of Unsolved Mysteries. The clerks grabbed and held him until the authorities could come to pick him up. While being arrested, he began begging to remove his contact lenses and retrieve his glasses. An FBI agent complied but not before he searched the bag. Hidden within the case for Poulsen glasses was a handcuff key.

Although he was a high-profile hacker, His most well know scam is when he jammed the phone lines of a radio station to win a Porsche 944 S2 Cabriolet. By jamming the lines, he made it so that it was guaranteed he would be the required 102nd caller to win the car. He also did not just pull this off once. He and his accomplices ran this scam on multiple radio stations, winning two Porsches, two trips to Hawaii, and 22 thousand dollars in cash.

Now Poulsen is a journalist and appears to have left his criminal past behind. He handles writing a script that was able to search for Myspace’s membership database for registered sex offenders. This script found a total of 744 sex offenders who had Myspace profiles. The question remains, has he really left his black hat hacker days behind him?

Jeff, Britt, Manojkumar, Chanita, Fozzie, [Larks], . . . Anonymous. (2020, September 07). Kevin Poulsen. Retrieved October 02, 2020, from https://unsolved.com/gallery/kevin-poulsen/

Kevin Poulsen. (2019, March 23). Retrieved October 02, 2020, from https://www.hackerscrackersandthieves.com/kevin-poulsen/

The Last Hacker: He Called Himself Dark Dante. His Compulsion Led Him to Secret Files and, Eventually, the Bar of Justice. (1993, September 12). Retrieved October 02, 2020, from https://www.latimes.com/archives/la-xpm-1993-09-12-tm-34163-story.html

October 15

Threats Thursday

Week 3: Deepfake

Deepfakes are images and videos created using software to appear real and from a legitimate source that are then used to spread misinformation. A fantastic example of a deepfake that did no harm was when one of the earliest deepfake developers, DerpFake, recreated the final scene from Star Wars: Rogue One. He used deepfake technology to recreate the scene with a young Princess Leia. He was able to perfectly mimic Carrie Fisher’s acting so thoroughly that Star Wars fans wish his technology could have been used in the film rather than the CGI that was released. However, pleasing a fandom is not the only purpose of deepfakes. Deepfakes are used in global politics to discredit electoral candidates and push falsehoods on the public.

The software can transfer not only the appearance of an individual but also their facial movements and voices. Neural-network structures called an “autoencoder” are used to make deepfakes successful. They can learn efficient data coding without being supervised. It encodes the image that it wishes to project and then reconstructs it over another image. Typically, deepfakes can be figured out because the reconstructed image is not as detailed as the original. However, this technology is ever-improving.

Deepfakes can be difficult to detect. Even with the technology developed to decode deepfakes, the best way to continue combat it is to think critically and do your own research. Do not believe everything that comes across your internet feed.

Dickson, B. (2020, March 04). What Is a Deepfake? Retrieved October 02, 2020, from https://www.pcmag.com/news/what-is-a-deepfake

Read, C., & Scott Ikeda·February 22, 2. (2019, May 28). Deepfakes and Cybersecurity: How Much of a Threat Are They? Retrieved October 02, 2020, from https://www.cpomagazine.com/cyber-security/deepfakes-and-cybersecurity-how-much-of-a-threat-are-they/

Sahelirc. (2019, December 18). Automated hacking, deepfakes are going to be major cybersecurity threats in 2020. Retrieved October 02, 2020, from https://www.cnbc.com/2019/12/18/automated-hacking-deepfakes-top-cybersecurity-threats-in-2020.html

October 16

Human Firewall Friday

Week 3: Keep Business and personal life separate

The majority of professionals are working in busy, fast-paced environments and multitasking between personal and business life. Using mobile devices for business and personal reasons could not only put you at risk for company checking but also leave you open to security and privacy threats.

BYOD or “Bring Your Own Device” is something some companies encourage. BYOD allows you to use your own mobile phone or tablet for work. This also means that your company could have the right to remotely wipe your device when you leave the said company.

Here are some things to keep in mind if you are using BYOD. First, continually backing up your data. There are also apps you can download that separate your work and personal life. Divide is an example of an app that allows you to enjoy privacy on your personal device as well as accomplish your business tasks on the go. Another consideration is to separate your primary hard drive into two partitions: one for work and one for personal use. If you feel some pressure, as an alternative, you could purchase a second phone or tablet specifically for business purposes. Having a second device not only keeps your data private, but it can keep you focused on work throughout the day, since your personal life won’t exist on your work device.

Lucas, S. (n.d.). The Pros and Cons of a Bring Your Own Device (BYOD) to Work Policy. Retrieved September 30, 2020, from https://www.thebalancecareers.com/bring-your-own-device-byod-job-policy-4139870

Murphy, D. (2018, March 30). How to Separate Your Work and Personal Life on Your Devices. Retrieved September 30, 2020, from https://lifehacker.com/how-to-separate-your-work-and-personal-life-on-your-dev-1824208389

October 19

Malware Monday

Week 4: Install Anti-malware Software

What is malware?

Malware is software specifically designed to do harm to your computer, server, and network. This can include but is not limited to viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.

What exactly does anti-malware do?

Anti-malware software is a safety net for the everyday person. It offers a line of protection from becoming a victim of threats like identity theft, it can help prevent your data from being corrupted, and it saves both time and money by preventing most threats before they strike.

How does anti-malware work?

Anti-malware programs typically contain malware protection along with sandboxing technology. Sandboxing technology will isolate suspicious files. It will then hold that file in a contained environment “sandbox” to analyze further. If the file is deemed threatening, it will then be removed while non-threatening files will be allowed through; however, the files will be consistently monitored. Another technique of anti-malware technology is behavior monitoring. It will look at each file individually and assess if its behavior is suspicious without comparing it to any known threats. If the behavior is suspicious, then it will be flagged. This technique allows it to look at each file individually without comparing it to any known threats.

Malware Removal.

Ideally, anti-malware software will prevent malware from installing altogether. However, when malware is identified, it will attempt to remove it from the computer to prevent the computer from infection. Identifying and removing malware seems like a long process but, in reality, it is done in a matter of seconds.

What are the pros of installing anti-malware software?

You are protected from hackers trying to gain access to your computer using malware. Your privacy is protected from software that steals personal information from installing on your computer. Your files are not only secured, but your data is protected if malware does install on the device. Anti-malware will also keep your software up to date, and most will remind you when it is time to do so.

Why is anti-malware software important?

Especially today, with more people working from home, it is important to protect yourself. Technology is changing, and you never know when hackers could access your computer. Most technology can remain undetected until the malware does a major change, and installing this software could detect it before that occurs. It will prevent computer infections such as worms, bugs, and viruses; and is designed to protect your computer at all times.

Security Tip (ST04-005). (n.d.). Retrieved October 12, 2020, from https://us-cert.cisa.gov/ncas/tips/ST04-005

What is Anti Malware?: How Anti Malware Software Works? (2018, November 30). Retrieved October 12, 2020, from https://enterprise.comodo.com/what-is-anti-malware.php

What Is the Importance of Antivirus Software & Why Use It? (2017, October 26). Retrieved October 12, 2020, from https://computer-fixperts.com/security/importance-antivirus-software/

October 20

Texting Tuesday

Week 4: Passphrase/Fingerprint

Have you kept track of your digital footprint? Most people have not and the reality of that is most have been exposed to phishing scams, data breaches, and the sale of personal data. Anti-malware software is fantastic and should be installed but there are even more basic steps to protect your safety. Passwords, or better yet, passphrases.

A passphrase is a better alternative to a complex password. Most passwords are a combination of letters, symbols, and numbers, typically from an easy to remember piece of information like a word, name, or date. No matter how complex you make the word, it is still guessable. A passphrase, on the other hand, is a full sentence that the hacker needs to guess. Adding complexity to this as well makes it nearly impossible for hackers to access using computation, algorithms and even brute-force trial and error approaches.

When building a secure passphrase, it is important to take two things into consideration, the length and complexity. However, in the end, the length is more important than complexity. You could use the title of your favorite book or an inside joke. So long as it is not easily guessed by anyone but you, it will be effective. Then add some punctuation and capitalization differences to secure it further. By doing this, you have made it nearly impossible to gain entry to anyone but those intended.

As mentioned earlier in the month, two-factor authentication is also important to keeping your data safe. Fingerprints and the new face id technology are a great example of this. It adds an extra layer of protection and should always be taken advantage of. Check out Oct 9th of cyberconIQ’s cybersecurity awareness month for more in-depth information on multifactor authentication.

Palmer, D. (2017, September 26). Face, fingerprint, passwords, or PIN: What's the best way to keep your smartphone secure? Retrieved October 12, 2020, from https://www.zdnet.com/article/face-fingerprint-passwords-or-pin-whats-the-best-way-to-keep-your-smartphone-secure/

Wetherill, J. (2018, August 02). Council Post: Cybersecurity 101: Practical Tips To Protect Your Personal Data. Retrieved October 12, 2020, from https://www.forbes.com/sites/forbestechcouncil/2018/08/02/cybersecurity-101-practical-tips-to-protect-your-personal-data/

Winder, D. (2020, February 23). The FBI Wants You To Stop Using Passwords And Do This Instead. Retrieved October 12, 2020, from https://www.forbes.com/sites/daveywinder/2020/02/22/the-fbi-wants-you-to-stop-using-passwords-and-do-this-instead/

October 21

Wacky Wednesday

Week 4: Wait This Really Happened?!?!

COVID-19 has brought along a new set of challenges. People have been made to rely on e-commerce now more than ever. Cybercriminals have kept up with this new development and new threats have been found. Most begin with a simple email. For example, in the United Kingdom, NCSC’s (the UK’s National Cyber Security Center) allows for the reporting of suspicious emails and from this we can gain a better understanding of the methods used in new phishing scams. Some scams are easy to recognize such as the request for $250 in iTunes gift card for “essential lockdown supplies”, but others can be harder to spot. It is important to remember that if an email seems suspicious then do not open it.

Since COVID-19, the demand for certain products has exceeded the inventory and has created some chaos for online retailers. This chaos opens avenues for counterfeiters, opportunistic people like hackers. Some shoppers have no choice but to rely on ecommerce for products and counterfeiters are well aware of this fact. Retailers, such as Amazon, have banned over a million products that make a claim to protect against or completely cure COVID-19. In addition, there have been millions of knockoff face masks that have been taken off the market. Counterfeiters have been selling face masks, lab coats, and even gas masks on platforms such as Facebook, Craigslist, Etsy, and Amazon.

With so many counterfeits on the market it is important to understand how to spot fake products or stores. A key point is price. A great rule of thumb is if it is too good to be true then it probably is. Counterfeits are typically cheaper and made from poor-quality materials that do not comply with safety standards. If you are still unsure then contact the seller and ask questions about the product and their policies. Most importantly, you need to perform your own research before purchasing a product. A good way to do this is by checking out online reviews by looking at the number of reviews, dates, and if photos are attached. You could also buy from a company you are familiar with and have purchased from before rather than third-party sellers.

You are in charge of your own wallet. If you are unsure of a product or a company and cannot find the right answers then maybe it best to play it safe and do not enter your payment information.

Bowden, J. (2020, April 02). Man accused of smuggling fake coronavirus 'miracle cure' into US. Retrieved October 12, 2020, from https://thehill.com/homenews/news/490857-man-accused-of-smuggling-fake-coronavirus-miracle-cure-into-us

Coronavirus: UK forces hundreds of scam Covid-19 shops offline. (2020, April 20). Retrieved October 12, 2020, from https://www.bbc.com/news/technology-52361618

How to Spot a Fake Online Store in 5 Easy Steps. (2020, July 22). Retrieved October 12, 2020, from https://clark.com/scams-rip-offs/how-to-spot-a-fake-online-store/

Miracle cures? UK investigators go after fake coronavirus medicines. (2020, April 03). Retrieved October 12, 2020, from https://www.reuters.com/article/us-health-coronavirus-britain-fake-idUSKBN21L3DH

Nardi, C. (2020, March 25). Beware of COVID-19 scams - like free masks from the 'Red Cross' or fake test kits. Retrieved October 12, 2020, from https://nationalpost.com/news/beware-of-covid-19-scams-fraudsters-offer-free-masks-from-the-red-cross-or-fake-test-kits

Schwab, K. (2020, May 01). Counterfeiting is a billion-dollar problem. COVID-19 has made it far worse. Retrieved October 12, 2020, from https://www.fastcompany.com/90500123/counterfeiting-is-a-billion-dollar-problem-covid-19-has-made-it-far-worse

October 22

Threats Thursday

Week 4: Physical Security

Cybersecurity should be a business’s priority, and while software, firewalls, and security appliances. are great, what about your physical cybersecurity. It is a topic that is not often talked about in this context, but it is just as important as the software you install. Every organization should consider every possible way someone could compromise them. In our experience, most employees are not clear on what constitutes physical security. You may think that you are being kind by holding the door for someone when in reality it is call tailgating and could lead to a security breach. Other examples of a physical security breach entail losing physical equipment such as computers or flash drives, throwing away old files, burglary, shoulder surfing and obviously holding a door for someone to a locked facility.

Here are some tips for physical security from a cybersecurity point of view.

Keep track of all devices. Our lives have become increasingly more mobile and with that the possibility of lost or stolen devices also increases. In the case a device is lost you should know your contingency plan and who to contact immediately. If your organization uses mobile device management, then leverage this to locate or wipe your device.

When disposing of old files, anything that is thrown away can legally be obtained. Dumpster diving is a practice among cybercriminals because it is a legal way to obtain sensitive information. A simple solution is, do not throw away items that have sensitive information. Shredding is an easy way to protect your company and destroy these documents.

This may seem obvious but is still crucial to physical security. Lock it up! Computer windows are not the only ones in need of protection. Secure all your windows and doors in your office space and at home. A simple walk through your office could cause a security risk due to the presence of sensitive information and company technology. Ensure all windows and doors are locked and secured before exiting the premises. If your office has a window that people can walk by and look in, then make sure no sensitive information is left lying around or open on the computer. Be aware of all angles and the visibility of the everyday passerby. Try to limit who has access to the premises.

For additional security to your office space add video surveillance. Even the presence of a security camera can deter potential threats and if the threat happens to get through then you can potentially identify the perpetrator.

In regards to cybersecurity it is vital not to forget the importance of physical security. When taken into consideration this can potentially save you time, money, and stress in the long run.

Physical Security. (2019, May 10). Retrieved October 12, 2020, from https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/physical-security

White, S. (2018, December 12). 10 Things You Should Do to Ensure Physical Cybersecurity. Retrieved October 12, 2020, from https://www.agileit.com/news/ensure-physical-cybersecurity/

October 23

Human Firewall Friday

Week 4: Strengthen Your Passwords

Passwords can be a pain to remember, but they are necessary for your online protection. However, passwords are able to be compromised.

Here are some helpful tips to give you the best password protection. Try using a longer passphrase. Passphrases are more challenging to guess than a password and can have more variations. Do not include personal information such as a portion of your name or your pet’s name in your password. This is easy to guess and easily attainable due to social media. Replace letters in your passphrase with symbols or numbers. Use phonetic replacements like PH instead of F or even misspellings such as luv instead of love. Do not reuse passwords this just opens more avenues of attack for cybercriminals. By switching it up if one account gets hacked, then access cannot be obtained to your other accounts.

If you cannot think of a good passphrase, there are password generators that are available online. Wolfram Alpha knowledge engine is a great example. Look online to see what you can find as well. Several online companies when you register for an account have already included a password generator feature in their process. I encourage you to use this whenever possible. At the end of the day you can easily recover your password if you forget it, but data once stolen is not so easily recoverable.

Lightner, R. (2011, September 09). How to improve your password strength. Retrieved October 12, 2020, from https://www.cnet.com/how-to/how-to-improve-your-password-strength/

Stahl, A. (2019, May 02). 4 Simple Ways to Strengthen Your Passwords. Retrieved October 12, 2020, from https://www.kelsercorp.com/blog/4-ways-to-strengthen-your-passwords

Vigo, J. (2019, May 02). 6 ways to strengthen your password. Retrieved October 12, 2020, from https://www.techrepublic.com/article/6-ways-to-strengthen-your-password/