2018 National Cyber Security Awareness Month
National Cyber Security Awareness Month
The purpose of National Cyber Security Awareness Month (NSCAM) is to raise awareness to the issues facing us about cyber security not only at the University of Hawaii, but also in our daily lives. For more information on the National initiatives, click on the banner image above.
National Cyber Security Awareness Month (NSCAM) sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance (NCSA) and the Multi State Information Sharing and Analysis Center (MS-ISAC).
Each week of October will feature a different theme of cyber security. A summary of the current week will be posted on the top of this page while previous weeks will be placed towards the bottom. The current week's information will also be available on the Infosec home page.
The weekly topics will be:
- Online Safety
- Careers in Cybersecurity
- Online Safety at Work
- Safeguarding the Nation's Critical Infrastructure
Week 1: Make Your Home a Haven for Online Safety
Every day, parents and caregivers teach kids basic safety practices ‒ like looking both ways before crossing the street and holding an adult’s hand in a crowded place. Easy-to-learn life lessons for online safety and privacy begin with parents leading the way. Learning good cybersecurity practices can also help set a strong foundation for a career in the industry. With family members using the Internet to engage in social media, adjust the home thermostat or shop for the latest connected toy, it is vital to make certain that the entire household ‒ including children – learn to use the Internet safely and responsibly and that networks and mobile devices are secure.
In 2017, more than 1 million children were victims of identity theft or fraud, two-thirds of which were seven or younger. Cyber criminals don't just go after adults, they go after everyone's information. Coupled with the fact that more than 50% of households will have smart-home devices by 2021, the amount of security breaches will continue to increase as more devices come online. Here are some tips to protect yourself and your family at home:
- Lock down your login: Your usernames and passwords are not enough to protect important accounts such as emails, banking, and social media. Use strong authentication tools like biometrics or multi-factor authentication. UH offers multi-factor authentication for your UH email. To set this up, visit https://www.hawaii.edu/its/uhlogin/.
- Back it up: Protect your valuable work, music, photos, and other information by making an electronic copy, utilizing external storage devices (USB) or online backup solutions like Google Drive or Dropbox. If you have a copy of your data and your device falls victim to ransomware or other threats, you'll be able to restore the data from the backup.
- Keep a clean machine: Keep all software on Internet-connected devices, including personal computers, smartphones, and tablets, updated to reduce the risk of infection from ransomware and other malware.
- Pay attention to the Wi-Fi router in your home: Use a strong password to protect the device (both wireless password and setup interface password), keep it up to date and name it in a way that won't let people know it's in your house. Additionally, make sure to configure the firewall to block unwanted traffic to your network from the Internet.
- Personal information is like money. Value it. Protect it: Information about you, such as purchase history or location, has value - just like money. Be thoughtful about who gets that information and how it is collected by apps, websites, and all connected devices.
- Share with care: Think before posting about yourself and others online. Consider who might see it and how it might affect you or others.
Week 2: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
A key risk to our economy and security continues to be the shortage of cybersecurity professionals to safeguard our ever-expanding cyber ecosystem. Raising the next generation of interested and capable cybersecurity professionals is a starting point to building stronger defenses. There are limitless opportunities to educate students of all ages - from high school into higher education and beyond - on the field of cybersecurity as they consider their options. In addition, veterans and individuals who are looking for a new career or re-entering the workforce should explore the multitude of well-paying and rewarding jobs available.
Statistics for the Cybersecurity Workforce
- The cybersecurity job forecasts have been unable to keep pace with the dramatic rise in cybercrime, which is predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
- The Bureau of Labor Statistics predicts a 28% growth rate for cybersecurity positions through 2026, 300% higher than the prediction for all other occupations.
- The median salary for information security analyst was $95,510 in 2017. That's above the $84,580 average for other computer-related positions and well more than twice the national median salary for all U.S. jobs ($37,690).
- From 2013 to 2017, the number of U.S. teachers who talked to their students about cybersecurity careers tripled.
- There will be 3.5 million cybersecurity job openings by 2021.
Week 3: It's Everyone's Job to Ensure Online Safety at Work and School
When you are on the job – whether it’s at a corporate office, local restaurant, healthcare provider, academic institution or government agency – your organization’s online safety and security are a responsibility we all share. And as the lines between our work and daily lives become increasingly blurred, it more important than ever to be certain that smart cybersecurity carries over between the two.
Statistics: Small Businesses are Increasingly Targeted by Hackers
- Small and medium-sized businesses (SMBs) are gaining the attention of hackers. A 2018 Verizon Data Breach Report showed that 58% of cybercrime victims identified as small businesses.
- In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000 and the percentage of small businesses that have experienced a cyber attack in the past 12 months is up from 55% in 2016 to 61% in 2017.
- The Better Business Bureau found that more than half of small businesses would be unprofitable within a month if they were to lose permanent access to their essential data.
- Approximately nine out of ten small businesses report that they have some cybersecurity measures in place, with the most common ones being 1) antivirus protection, 2) firewall protection and 3) employee education.
Tips for Employers and Employees
- Identify your digital "crown jewels:" Crown jewels are the data without which your business would have difficulty operating and/or the information that could be a high-value target for cybercriminals.
- Protect your assets: Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
- Be able to detect incidents: We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the more quickly you know about an incident, the more quickly you can mitigate the impact and get back to normal operations.
- Have a plan for responding: Having a recovery plan created before an attack occurs is critical. Make and practice an incident response plan to contain an attack or incident and maintain business operations in the short term.
- Quickly recover normal operations: The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out your cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for potential future events.
Week 4: Safeguarding the Nation's Critical Infrastructure
Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the Internet, can have significant and even catastrophic consequences for our nation.
Statistics: Critical Infrastructure is at Risk
- The number of attacks reported to the U.S. Department of Homeland Security’s ICS-CERT cybersecurity response team has gone up almost 400% since 2013 – jumping from 73 to 290 incidents in 2016.
- Of the 290 incidents reported to the ICS-CERT cybersecurity response team in 2016:
- 63 were in the Critical Manufacturing Sector
- 62 in the Communications Sector
- 59 in the Energy Sector
- The number one risk to critical infrastructure? Spear phishing, which represented 26% of incidents reported to the DHS ICS-CERT.
Tips for Critical Infrastructure Professionals
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to access your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.
- Safer for me, more secure for all: If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer, more resistant from attacks and more resilient if an attack occurs.
- Lock down your login: Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools – like biometrics, security keys or a unique, one-time code through an app on your mobile device – whenever offered.
- Keep a clean machine: Keep all software on Internet-connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware.
Below are a few tips from the National Cyber Security Alliance to keep you safe online!
Keep A Clean Machine
- Keep Security Software Current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
- Automate Software Updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.
- Protect All Devices That Connect To The Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
- Plug And Scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect Your Personal Information
- Secure Your Accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you to verify who you are before you conduct business on that site.
- Make Passwords Long And Strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
- Unique Account. Unique Password: Separate passwords for every account helps to thwart cybercriminals.
- Write It Down And Keep It Safe: Everyone can forget a password. Keep a list that's stored in a safe, secure place away from your computer.
- Own Your Online Presence: Set the privacy and security settings on websites to your comfort level for information sharing. It's ok to limit how and with whom you share information.
Connect With Care
- When In Doubt, Throw It Out: Links in emails, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or if appropriate, mark as junk mail.
- Get Savvy About Wi-Fi Hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
- Protect Your $$: When banking and shopping, check to be sure the site is security enabled. Look for the web addresses with "https://," which means the site takes extra measures to help secure your information. "Http://" is not secure.
Mobile Device Security
Mobile Devices are becoming apart of peoples everyday lives. Many of us use our mobile devices to view bank account information, pay bills, browse the internet, and social media. Our mobile devices can also be used to store sensitive information like photos, videos, emails, and text messages. It's important that we protect this information to prevent unauthorized users from accessing the information. The first line of defense for your mobile device is your lock screen. Your lockscreen doesn't only keep your significant other, kids, or parents from snooping on your phone, but it also makes it harder for other malicious users from gaining access to your device in the event your device in the event it's lost or stolen.
SEAR the Phish!
Cybercriminals craft legitimate-looking email to trick you into divulging your personal information. To keep yourself from becoming a victim, SEAR the phish!