5 things to learn from the DoD on Cyber Security
I recently just had the unique privilege of sitting in a briefing given by a senior DoD Cyber expert to a bunch of middle state CEOs about the how and why their companies were probably not cyber secure.
The part that took the cake was when the briefer put himself on a 5 min clock, randomly selected a person from the audience and used open source means to find out anything and everything he needed to know about that individual to execute identity fraud: These items included names of children/spouses, addresses, religious association, voting tendencies etc…to say the least there was a visible jaw dropping of these CEOs when they saw just how easy it was.
So…what can the average American and small business alike learn from the DoD who is hoping to spend nearly $5.5 billion in cyber security next year alone to bolster its cyber defense? Well here is a simple list of five items gathered through US Army’s Cyber Command tips of the day page.
1. You: First and foremost, keep in mind that technology alone can’t protect you. Attackers have learned that the easiest way to bypass most security technology is by attacking you. If they want your password or your credit card, the easiest thing for them to do is to trick you into giving them this information. For example, they can call you pretending to be Microsoft tech support and claim that your computer is infected, when they are really just cyber criminals that want you to give them access to it. They could even send you an email explaining that your package could not be delivered and asks you to click on a link to confirm your address. You are then taken to a malicious website that will hack into your computer. Ultimately, the greatest defense against attackers is you. Be .suspicious. By using common sense, you can spot and stop most attacks
2. Updating: Make sure your computers, mobile devices, apps and anything else connected to a network are running the latest version of their software. Cyber criminals are constantly looking for vulnerabilities in the technologies you use. When they discover these weaknesses, they use special programs to exploit the vulnerability and hack you including your network, your computer and your mobile devices. To stay current, enable automatic updating whenever possible. This rule applies to ,almost any technology connected to a network ,including Internet-connected TVs, baby monitors home routers, gaming consoles or even your car. I
3. Passwords: The next step to protecting yourself involves using a strong, unique password for each of your devices, online accounts and applications. The key words here are strong and unique. A strong password means one that cannot be easily guessed by hackers or by their automated programs. Instead of a single word, use a long passphrase of multiple words with some symbols and numbers thrown in for good measure.
4. Encryption: Next we recommend the use of encryption. Encryption makes sure that only you or people you trust can access your information. Data can be encrypted in two places: at rest and in motion. Encrypting data at rest means protecting it when it is stored as files on places like your hard drive or a USB stick. Most operating systems allow you to automatically encrypt all of your data using features such as Full Disk Encryption. We recommend you enable this whenever possible.
5. Backups: Sometimes, no matter how careful you are, one of your devices or accounts may be compromised. If that is the case, often your only option to ensure your computer or mobile device is free of malware is to fully wipe it and rebuild it from scratch. The attacker might even prevent you from accessing your personal files, photos and other information stored on the compromised system. Your only option might be to restore all of your personal information from a backup. Make sure you are doing regular backups of any important information and verify that .you can restore from them. Most operating systems and mobile devices support automatic backups
