With National Cyber Security Awareness Month (NCSAM) now behind us, it’s a good time to reflect on some of the topics published by (ISC)2 to help educate users from all walks of life – from the road warrior attending a global summit overseas to parents at home concerned about their kids playing games on the internet.
The following is just a sampling of tips developed by cyber-security professionals and (ISC)2 members from around the world during the month of October. For a more complete list of tips categorized by the various roles that the public plays in managing safe practices online, click on the ‘More’ links below. Hopefully, we all have learned from this year’s NCSAM. If you know of exceptional educational resources to share, please feel free to comment and share a link.
The Road Warrior
- When not in use, disable your device’s wireless, Bluetooth, and NFC communication capabilities. This includes all of your mobile devices, including tablets, phones, and laptops.
- Prior to leaving for a business trip, remove any common ‘known’ networks from your mobile devices. Hackers will attempt to use common saved network names to attempt to get your phone to connect to their rogue access point (e.g. Starbucks, Linksys, Netgear, etc.).
- Try to avoid connecting to ‘public’ Wi-Fi hotspots. There are no guarantees as to the security of the hotspots. Many of these hotspots could be hosted for the sole purpose of capturing data. Furthermore, if you are connecting to a wireless hotspot that doesn’t provide encryption, make sure not to log in to any online accounts because everything you do online could be visible to other people. If you must connect to a public Wi-Fi hotspot, use a VPN and secure Web browser.
- More…
The Gamer's Parent
- Let your children know they can come to you if they feel uncomfortable when playing a game.
- Participate in the game with your children.
- Make sure your children know how to block and/or report a cyber-bully. Tell them to keep a record of the conversation if they are being harassed and encourage them not to engage the bully.
- More…
The Homeowner with Multiple Internet-Enabled Devices
- If you do online banking or shopping and have two computers in your home, use one strictly for your finances and avoid surfing, email, etc. on it. This will be your ‘money’ computer.
- Don’t carry out your day-to-day use as the ‘administrator’. Set up an account (separate password, of course) for yourself as ‘limited’. This will help to minimize programs from your random visits, surfing, and rouge emails from executing. Only install programs you really want installed. The computer will ask for your administrator password when something is ready to install.
- Make an inventory of IP-enabled devices in your home and update it periodically to help keep track. Make sure you or the vendor updates these devices with the latest patches.
The Chief Executive Officer
- If you are a service provider and do not have two-factor as mandatory or as an option, you should explore how quickly you could provide it. It is becoming a business differentiator.
- Make sure you have an incident response plan in place for when you get breached. Document, disseminate, and practice that plan with stakeholders from each and every segment of your business.
- Know the current level and business impact of risk to your company. Have a plan to periodically report on/communicate identified risk with the executive leadership and how it will be addressed.
- More…
Software Professionals
- Always question what data you should trust. Where does your application really start and end?
- Study your configurations to ensure you’re not leaving your software open to being hacked.
- Understand the protections that are naturally within your platform, and USE them.
- More…
Dan Waddell, CISSP, CAP, PMP, EWB Member and (ISC)2 Director of Government Affairs, was lead author of this peer-reviewed post.