It’s National Cyber Security Awareness Month: What Are Your Resolutions?
In case you hadn’t heard yet – for 10 years now October has been declared the National Cyber Security Awareness Month (NCSAM) by the National Cyber Security Alliance. An initiative designed to promote awareness of security issues, and educate people on how to mitigate or combat these issues.
In the spirit of NCSAM – we’ve put together a few tips and general advice for you to chew on. Hopefully at least some of you will take some steps today to improve your security habits.
1. Understand that security is a shared responsibility.
It often goes unsaid – and there are two ways to really think about this. The main concept that you need to keep in mind however, is that your security system is only as strong as your weakest link.
No matter how good your security policies are, this becomes meaningless if you (or someone else) is allowed to be lax about their security protections e.g. using weak / no passwords, not using encryption for sensitive data, not taking proper precautions to secure your work station etc.
There are two common types of thinking regarding security responsibility.
- You are the weak link, and think this is ok “because that’s a job for the IT / security people”. The reality is that you are putting others at risk through you poor security behavior, and this thinking is almost always the cause of over-arching and overly-strict security policy changes from top management.
- You are a strong link, surrounded by weak links that you know about. Meaning you’ve done your part, so anything else that happens is “someone else’s fault” – except when you put your company at risk because you didn’t bother to educate or report the issue.
The above points may sound harsh, and they certainly are more cumbersome than simply avoiding the issue. You can also imagine the frustration of coming across this exact same type of thinking time and time again when there is yet another security issue to fix.
2. Check your computer for malware – right now!
When was the last time you ran a malware scan? Most people focus on using antivirus (which is great) – but new malware also crops up all the time, and your automated filters don’t always catch them.
If you don’t have a malware scanner installed right now, you can easily get one for free using your favorite search engine. THIS ALSO GOES FOR YOUR MOBILE DEVICE – tablets and smartphones are just as vulnerable to malware as desktops, and often even more so because many people don’t think about it.
3. Go ahead and change your passwords right now.
If you’ve been using the same password for over a year – it doesn’t hurt to change them, and does a lot for improving your security. Just keep a few things in mind:
- Use a different password for each service you use – this way if one gets cracked, your other services won’t be affected. If you have difficulty remembering multiple passwords, you should get yourself a “password manager app”.
- Use a complex password that you can remember (yes that does sound like a contradiction in terms) – here is a basic password guide from Microsoft, which also has a tool to test your password strength.
4. Stop using WEP for your wireless security. Change it to WPA or WPA2.
WEP is broken. 100% done. It would take me less than a minute (with my eyes closed) to hack into your wireless network if you’re only using WEP security.
Seriously it is that bad – and it only takes 2 minutes to change this option on your router. Do it – now!
Here is a video from Sophos that also dispels some common myths about wireless security. Both home and business users would do well to check it out – especially if you use “network name hiding” and / or MAC address filtering.
Be aware and stay safe!