Cybersecurity Awareness Month 2021.

October is Cybersecurity Awareness Month!

For Cybersecurity Awareness Month this year, we are sharing a fun, free resource from The National Cybersecurity Alliance (NCA).

We’ve used the NCA resources at clients before, as they are well-made and can be used as an effective training campaign – whether during the month of October or throughout the year. The resources are especially useful for startups or SMBs who have yet to procure a training platform.

First, the NCA makes available a “toolkit” that contains collateral for sharing information with employees. The information, in PDF documents or poster image, can be sent via email or internal messaging platforms. You will need to register at NCA’s site in order to download the toolkit.

Better yet are the videos produced by the NCA between November 2019 – October 2020 and released on Youtube. They are still relevant today. Check them out for yourself!

Episode 1: Passwords

The first video of the video series is on passwords. According to the NCA:

  1. Use a password manager.
  2. Don’t write or print passwords on paper or in unsecured digital files (NO password.txt on your desktop!).
  3. Use long, random, but memorable passwords – also known as passphrases. For example, “Cherry Wire Sparking!”
  4. Don’t use the same password everywhere.
  5. Where possible, use multi-factor authentication (MFA).
  6. Properly destroy your sensitive data.

Episode 2: Data Handling

Data can make our lives more convenient, but it means our information proliferates online and exposes us to risk. Apply the best practice of “need-to-know” to keep personal data secure – only share information on a need-to-know basis.

Information beyond name and email should not be provided freely. Only provide sensitive information to trusted companies with which you have an established relationship. Only share information like your birthdate and mailing address when needed.

Episode 3: Computer Theft

Having an electronic device (e.g. laptop, phone, flashdrive) stolen means not only is the property gone, but so is your data. Data falling into the wrong hands can be a more damaging in the long term than the loss of the physical device itself.

The most important best practice is “positive control.” Don’t leave devices unattended in public places – including a locked car. Don’t take a chance; take your devices with you.

Episode 4: Phishing and Ransomware

Phishing is a type of social engineering attack that gets a victim to click a link in an email. It is the most common method for deploying Ransomware.

Ransomware is software that encrypts data so that you cannot access without paying the ransom for the decryption key – unless you having recent and recoverable backups. To protect yourself from ransomware:

  1. Be wary of suspicious emails; look for the signs.
  2. Make sure your antivirus software is up to date and running.
  3. If you have working backups, you may be able to avoid paying the ransom.

Episode 5: Removable Media

Removable media, such as USB flash drives, portable hard drives, and SD cards, must only be plugged or inserted into your computer if you know and trust the source.

Episode 6: Vishing

Vishing is to phone calls what Phishing is to emails. Be wary of callers purporting to be from reputable companies in order to trick you into revealing personal information, such as bank details and credit card numbers.

Episode 7: Internet Downloads

Have you IT & Security Team vet all software, including performing hash checks. When absolutely necessary, only download software from reputable sources.

Episode 8: Public Wi-Fi

Public Wi-Fi is not secure, especially at airports and hotels. Be especially weary when traveling to conventions.

Take advantage of free resources.

We hope these resources inspires you to create a security awareness training program at your organization!

 

Physical, human, and cyber security. Security awareness training.

SECURITY

SETS YOU FREE.