We all serve a role in cybersecurity

Key Takeaways

As you “See Yourself in Cyber," remember this is a journey. There will be known and unknown dangers along the way. Ransomware will continue to be prevalent (according to Cybercrime Magazine, a ransomware attack is launched approximately every 14 seconds). And phishing attacks will continue to become harder to identify (according to KnowBe4, phishing attacks now account for over 90 percent of successful attacks on businesses). While those statistics can be discouraging, together, we can make a difference.

This final October 2022 tip focuses on the importance of updating your software. Bad actors are constantly exploiting flaws in software and computer systems. Software and product owners are working hard to fix them as soon as they can, but ultimately the success of their work rests with their customers to apply those updates.

For many of us in the workplace this is mostly automated. Organizations have put in place processes where your work computer will automatically apply critical updates. In some cases, you may have the option to delay the update, but eventually the update will be applied.

I would urge you to go one step further and update the operating system on your mobile phones, tablets, and personal laptops. Do not forget as well to update your applications – especially the web browsers – on all your devices. Just like at work, you can also turn on automatic updates for these devices, applications, and operating systems.

With all this advice, I still hear friends, family and work friends say they ignore them. One may ask, “why do we ignore them.” The answer is three-fold. The updates can be inconvenient, they may bring change to features in your application that you are not ready to adopt, or you do not understand fully why the update is needed.

In simple terms, it is just like maintaining your car. Would you ignore a recall on your automobile. Of course not! Would you ignore that engine light or the low tire pressure light that is glowing bright red. Of course not. So why are you avoiding or delaying those updates?

• That small annoying alert in the bottom right-hand corner, that you keep hitting delay on. Stop it!
• The alert on your phone reminding you there is an update waiting to install. Don’t delay!

Everyone can be more proactive in applying updates. Here are a few guidelines:

• Update often. By controlling when updates are applied, then you can avoid both your computer shutting down at inopportune times while at the same time raising your virtual defenses
• Get the update from the source rather than from a link on an Ad that might come to you through social media. Signing up for product notifications is one way to get updates from the source.
• Watch for fakes. Yes, the bad actors use phishing emails that look like the real thing to entice you to apply an update that in reality contains malware or a virus.
• Set automatic updates, which is really the best way to ensure your computer and applications stay as secure as possible.

These recommendations work for your personal equipment as well. In addition to having multi-factor authentication in place, turn on automatic updates. If that feature is not available or it requires an additional step, make sure to abide by the notices you receive to apply updates; and do not delay. Every second counts in the cyber world.

In closing out October cybersecurity awareness month, I would like to leave you with a few words and resources.

• Participate in the quarterly NACo cyber simulations. These simulations help you practice what to do if a cyber-attack occurs. The next one on Nov 14-18 will focus on a procurement situation where IT was not involved during the procurement process. Hence, security safeguards and measures were not reviewed. NACo Cyberattack Simulation
• Have your IT leadership join the NACo Tech Xchange. Check with your IT Leadership and ask them if they are on the NACo Tech Xchange Network, where county IT Leaders from all over the United States are sharing daily. Useful information including problem solving solutions are shared. County Tech Xchange
• Take advantage of the Cybersecurity and Infrastructure Security Agency services (CISA) catalog of services. CISA Services Catalog: Second Edition and the Center for Internet Security (CIS) solutions. Many at no or low cost. CIS Center for Internet Security 
• Partner with other government stakeholders on cybersecurity initiatives. State agencies, the national guard, higher education, local school districts, local municipalities, health care, to name a few. This whole of state approach on partnerships is endless, and much benefit can be gained by becoming united on Cybersecurity. What is a Whole-of-State cybersecurity strategy? - Route Fifty