What have you done for National Cybersecurity Awareness Month?

My latest article was published in yesterday's Foster's and Seacoast Online.

As October draws to a close, we are wrapping up National Cybersecurity Awareness Month. What have you done this month to improve your cybersecurity posture?

This year’s theme is “Own IT, Secure IT, Protect IT.”

Own IT is all about owning your online presence. From your social media accounts to your bank accounts, have you taken all the steps you can to protect your privacy online? I hope so. Owning your online presence is all about taking responsibility for your online activity.

If you are posting that you are going on a month-long trip overseas and you are closing up your house for the month, don’t be surprised if someone tries to break in. I know people this has happened to. It’s the modern equivalent of the horrible practice of thieves watching obituaries to find out when family members will be at a funeral so the house will be empty.

This happened to an aunt and uncle of mine when I was young. Their house was burglarized while they were at my grandmother’s funeral. That’s why it’s recommended to have someone at or watching your home during these times. The same applies when you tell the world your whereabouts online. You need to own the outcome of your activity.

Have you made sure your privacy settings are as tight as possible? You don’t want to allow your personal information to be freely shared from one online site to another. We should all be familiar with the backlash against social media giants like Facebook for sharing too much information about members of their site. It’s up to you to understand the privacy rules of any site you create an account on. While I’m an advocate for an opt-in approach, unfortunately, the world today is all about opt-out. In other words, by default, most companies will share your private information unless you explicitly instruct them not to. It should be the other way around, but for now, this is the default state. So review your privacy settings and tell the companies not to share your details if that’s what you prefer.

Secure IT is about your credentials. You need to strong, complex passwords and a different password for every site you log in to. It’s a daunting task, but password managers make it easy to manage. Get a password manager and preferably one that supports two-factor and biometric authentication. This will make maintaining a strong master password easy. There really is no reason not to use a password manager so you can have a unique username and password combination for every site you log in to. You also want to use two-factor authentication everywhere you can. Hackers stealing credentials is one of the most common threats that lead to breaches. Don’t be an unsuspecting victim. Secure your credentials so you don’t become an unknowing victim.

Protect IT is about protecting yourself when you connect online and making sure data in your care is protected. One key part of protecting yourself and your data is making sure you stay current with software updates that close security holes discovered all the time. Don’t ignore prompts to update your software, be it your operating system, security software or your line of business applications. Far too many hacks are attributed to security vulnerabilities that have been known about for months if not years.

Hackers exploit systems that have not been updated. A great example is the upcoming end of support for Windows 7 and Windows Server 2008. As of Jan. 14, 2020, Microsoft will no longer support or provide updates for these operating systems. You can expect hackers are lining up to take advantage of any security flaws identified after this date. Have a plan to replace these operating systems before the end of this year.

Another important part of protecting yourself is being safe when using public WiFi. Whether connecting at your local library, the airport or a hotel, don’t use these public WiFi networks without a personal VPN. Many hackers will snoop on such networks and try to catch someone logging in to their bank account or other sensitive site and will look to steal your username and password to impersonate you or worse. Using a VPN encrypts this traffic so even as it travels from your computer to the public WiFi access point and out to the public internet, your traffic will be securely encrypted so the bad actors are not able to read your information.

Take advantage of National Cybersecurity Awareness Month to do a checkup on your personal cybersecurity and that of your company. It’s not too late. There are still five days left in October. Get going.