October has been designated Cyber Security Awareness Month and the US Department of Homeland Security has issued a series of 5 weekly topical themes. This week’s theme in Simple Steps to Online Safety NACo in partnership with the Public Technology Institute (PTI) have developed a series of useful checklists and commentary that are specifically aimed at the public manager.
Cyber security breaches have grown some 26 percent over last year with ransomware continuing to rise. Local governments have always been particularly attractive targets since they collect and store such massive amounts of personal information. And with more mobile devices and social media apps, there are more entry points for mischief than ever before.
According to research from Egress Software Technologies most data breach incidents in local government were caused by human error. There some rather simple and straightforward steps one can take to protect themselves as cyber security awareness most always starts with the individual. It is important to keep in mind there is another group that is observing us – our employees. We must set an example by following key best practices ourselves. Surely we can’t expect our employees to adhere to best practices for mitigating cyber threats when we ourselves exempt ourselves. Here we must lead by example.
- Passwords still matter. Using different passwords that contain and include at least 8 characters with numbers and symbols. Try and come with a formula where you can remember them too. For example, you may use and old address as a starter or transpose a letter for a number or symbol. Passwords should not begin with a capital letter, and underscore is a good way to separate a bunch of numbers.
- Use Multiple Passwords. By using multiple passwords for different accounts, you spread the risk of having one breach expose you to everywhere you have a login account. Too many passwords to remember? Consider using a “password manager” like LastPass or Dashlane. Most offer free versions that one can try out. While these systems require a complex master password, password managers do the rest. You can elect to have them assign complex random passwords and most have an autofill feature that fills in the necessary fields automatically. Another advantage is most password managers remember and recall passwords and payment information across your devices if you so choose. This includes PC, laptops, and all your mobile devices.
- Think Before You Click. Ransomware and phishing attacks have increased dramatically the past 2 years. Many of these attacks can be traced to employees clicking and opening attachments. Before you open an attachment are you sure it is from a person or entity they say they are? Do you see suspicious signs like misspellings, using a salutation such as “dear customer” instead of your name, a return URL/address that is different from the senders? For example, if you receive something that appears to be from your bank, is the URL taking you to the bank or is it directing you somewhere else. It’s always best not to click on such emails regardless of how real they look. Instead simply go directly to the company’s site and see if there is any real issue for you to resolve. Finally, if in doubt always contact your IT folks as they have ways of checking authenticity without risk to others.
- Limit Address Book Entries. It is shocking to learn how many professionals use their mobile device address books to store credit card numbers, passwords, family social security numbers and birthdates. As temping as it is don’t use your mobile device’s directory as your personal information database! Most cyber breaches attack your address books and yes, these same rogue software programs are programmed to search for this type of information in addition to all your contacts. Remember, the bad-guys goal is to exploit ever bit of information they can and use it to cause further havoc which could lead to identity theft, use passwords to enter systems to obtain further a perhaps more important information.
- Update your Devices. Computer and mobile device manufacturers are routinely updating their operating systems to help improve performance as well as actively addressing known security vulnerabilities. It should go without saying, make sure you not only have the best virus and malware protection – but it is updates in real-time to gain maximum protection.
- Avoid Public WIFI. It is always tempting for on-the-go-people to connect every time they see a WIFI hotspot. There are plentiful offerings at airports, trains, coffee shops, hotels, and conferences. Unfortunately, public Wi-Fi (free or not) can easily be exploited by the bad-guys who can “see” what you are logging into with not much effort and be able grab your passwords. Never conduct business in public places offering Wi-Fi that requires passwords which might include logging into your office or your bank. Consider having your own mobile hotspot offered by all wireless carriers. Even though you are still connecting via Wi-Fi it is far more difficult to snoop and the data is usually encrypted and ultimately converted to more secure cellphone frequencies.