The following was published today on Seacoastonline.com.
It’s October, which means it’s National Cyber Security Awareness Month.
Every October, the Department of Homeland Security declares National Cyber Security Awareness Month. The importance of this initiative is to educate and drive awareness of cyber security issues for both individual consumers and businesses from the smallest startup to the largest multi-national corporation.
If you are a regular reader of this column, or just a regular consumer of news, you know how serious this issue has become. The federal government has been hacked and chances are one or more businesses that you work with have been as well. The question is, do they know it? Probably not and that may be the scariest cyber security issue we face as a nation.
This initiative is now in its 13th year. Bet you didn’t know that. It is a collaboration of public and private entities to raise awareness about this important issue. For this year, the initiatives are broken out by the five weeks in the month of October as follows:
Oct. 3-7: Every day steps towards online safety with Stop. Think. Connect.
Oct. 10-14: Cyber from the break room to the board room.
Oct. 17-21: Recognizing and combating cybercrime.
Oct. 24-28: Our continuously connected lives: What’s your ‘app’-titude?
Oct. 31: Building resilience in critical infrastructure.
Because I write this column every two weeks, this week I am going to focus on the first two initiatives that take us through Oct. 14. Stop. Think. Connect is a global awareness campaign that maintains a wonderful web site, full of resources, at stopthinkconnect.org. This is a collaborative effort of the federal government, led by the Department of Homeland Security with active participation from the White House. This year, the White House has launched a new initiative called Lock Down Your Login. The web site www.lockdownyourlogin.com is another excellent resource to visit and learn about the ways you can improve your basic password security. As I have written about several times, one of the primary recommendations being made is to use multi-factor authentication wherever possible. This is accomplished by using a biometric, like a fingerprint or facial recognition, a security key that you plug in to your computer to authenticate your login or a one-time code that is either generated by an app or texted to your mobile phone. Any one of these devices will dramatically improve your cyber security by making it impossible for a hacker to login and impersonate you with just your username and password.
This initiative has the support of household names like CompTIA, Google, Microsoft and Visa. The list of supporting partners and sponsors is long and is a great example of the public and private sectors working together for a common good.
The second week squarely targets the business community, everyone from entry-level to the chairman of the board and/or CEO. The goal is to create a companywide culture of cybersecurity so anyone at any level of the company promotes cybersecurity when the opportunity presents itself. The vast majority of successful cyber-attacks happen as the result of a human action. Educating absolutely every employee in the company is essential to maintaining a safe computing environment. Establishing a culture that encourages immediate notification, without the threat of penalty, is essential to making sure you are aware of potential issues as quickly as possible.
Far too many cyber-events go undetected for too long a period. When we read about hacks and exposed accounts in the media, in many cases, the actual hack took place month or years before the news makes it to the public at large. We need to change this and create a culture where near real-time notification becomes the norm, not the exception. If you are not having these discussions in your company, take the initiative to get them started. Ask for cyber-education training program for all employees, if you do not have one already. Until we see these types of discussions and ongoing training become a standard part of corporate culture, we will continue to have preventable cyber security events.
I hope you will take some time to review the websites I recommend in this column. Even if you think you know all there is to know on this topic, you will reinforce your knowledge and maybe even learn one or two new things that will help you be a safer cyber-citizen. Welcome to foliage season in New England and welcome to National Cyber Security Awareness Month. Stay safe online.