October marks the beginning of National Cyber Security Awareness Month (NCSAM), a program designed to engage the public and private sectors on cybersecurity via activities that encourage security awareness and resiliency in the event of a national cyber incident.
Sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM brings awareness to a variety of aspects that are important factors of today’s state of security, including the secure development of IT products, cybercrime and the security of small- and medium-sized businesses.
The theme of Week 1 is “Promoting Online Safety with the Stop.Think.Connect.™ Campaign”—seeking to emphasize shared responsibility we hold for securing the web. Every day, the Internet connects all of us together but this connectivity increases the risk of fraud, abuse and theft. As a result, it is imperative that we, as users, learn effective security awareness tools and urge others to do the same.
With the Stop.Think.Connect.™ campaign, we are encouraged to stop and consider any security risks before going online. When we see a link, we should think before clicking on it. Lastly, we can connect to the link only after we’ve followed this list of hints and tips.
To illustrate, here are a few examples of Stop.Think.Connect.™ in action:
Download Your Free Virus
You’re casually surfing the web when suddenly, a pop-up window alerts you that a virus has infected your computer. It warns you that your computer’s protection is low and you must immediately take action in order to remove the virus and clean your computer. Do you install the software?
Stop – The virus software looks like a program you’ve had on your computer before. The graphics looks professional and it gives you recommended settings for better protection. Should you let it scan additional files for more viruses or continue unprotected?
Think – Programs installed and downloaded directly from the Internet are always more risky. Before installing, make sure that it’s coming from a legitimate source, especially if it’s asking for your payment information.
Connect – Don’t install anti-virus software or let it ‘scan’ your files. A download link in a pop-up advertisement is most likely malware that is actually installing a virus, not protecting you from it.
You check your mail and see that you have received an urgent message from your bank. It informs you that there is something wrong with your account and,therefore, urges you to click on a link that will direct you to a site to enter your log-in credentials and rectify the matter. Do you click on the link?
Stop – The email looks official and has the bank’s logo but the email provides no information about what’s wrong with your account. Ask yourself if this is typical of your bank. Why would it send you an urgent email about your bank account and not give you any details about why they are contacting you?
Think – The link looks legitimate. It has the bank’s domain name in the URL. You hover over the link to get a closer look, but you discover that the URL is linked to a completely different destination than its text suggests. Contact the bank’s representatives and ask them if they sent this email with a suspicious-looking link.
Connect – You learn from the bank that the email is a common type of phishing attack. You delete the email and on the safe side change your bank password to include upper- and lowercase characters, symbols, and punctuation.
A friend whom you have known for a number of years has sent you an email. The text is all garbled and full of spelling errors. At the end of the message, your friend prompts you to click on a link to see photos of his vacation in Florida. Do you click on the link?
Stop – You know your friend well and know what he usually sounds like. Ask yourself if this email is typical of your friend. Why did he suddenly send you an email inviting you to look at photos of a vacation you knew nothing about?
Think – Don’t reply or click on the link. Call your friend directly and ask about the email. Express your concerns and tell him that the email seemed suspicious.
Connect – Depending on your friend’s response, you may choose to either click on the link or delete the email. However, it’s never a bad idea to take some extra precautions. Make sure that your browser is up-to-date and that you have the most current version of your anti-virus software installed.
Together, we can make the web a safer place. This article is the first step. For more information about National Cyber Security Awareness Month, including details about how you and your business can participate, please click here.
- Christopher Burgess on Senior Online Safety
- Security is a Process, Not a Destination: Have you Given it Your All?
- Infosec: A Growing Need of Businesses and Industries Worldwide
- The Role of Security in Creating a Standard of Due Care
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerabilities.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Image courtesy of ShutterStock