October is National Cybersecurity Awareness Month (NCSAM) in the United States, and like every year, each week is focused on a single theme. These themes are brought together by a monthly theme that usually changes from year to year. This year the theme is “Do Your Part. #BeCyberSmart.” This would have been an appropriate theme for each of the prior 17 years of NCSAM, and it could be the theme for every NCSAM in the future. Personal accountability and awareness play a significant role in the fight against cybercrime.
It’s no secret that cybercrime exploded over the past couple of years. It was already growing and trending toward new strategies when the pandemic changed the entire landscape. The sudden expansion of remote work provided unprecedented opportunities for cybercriminals, and they quickly learned how to use these opportunities to their advantage.
The FBI’s 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime — an increase of more than 300,000 complaints from 2019 — and reported losses exceeding $4.2 billion.
Steps you can take to prevent cybercrime
This week the NCSAM theme is “Be Cyber Smart,” which introduces the monthly theme and underscores the fact that cybersecurity starts with the human component of computer networks. Each person plays a role in preventing cybercrime. The most basic actions start with those that can be employed in the home:
- Protect endpoints — Maintain updated desktop security such as anti-malware, antivirus, and personal firewalls. Apply updates to smartphones and IoT devices as soon as possible to secure them against new exploits.
- Secure network appliances and smart devices — Change the default password on each of these devices and check for software updates regularly. IoT botnet attacks have risen approximately 500% over the past couple of years. These botnets harness millions of routers, CCTV cameras, and other vulnerable devices for use as attack vehicles against a target. Once these devices are compromised, the threat actor can use them for DDoS attacks, remote command execution, and other attacks. Your smart things and internet service may be participating in cybercrime if you do not keep your devices updated and change your passwords to something other than the default.
- Protect online accounts with strong passwords — The average internet user has about 100 passwords to manage, which is roughly 20% to 25% more per user than prior to the pandemic. A password manager will help you avoid unsafe passwords and prevent password fatigue/carelessness. There are several free and low-cost options available, and many allow you to pay a higher price so that family members can securely share access to the program. If you are new to password managers, articles like this can help you select one that meets your needs.
- Defend your inbox — Install and maintain a solution that protects you from malicious email attacks. Many email systems have some built-in protection, but the best defense is always going to be a security-conscious email user. Learn how to identify and defend against the various email threat types and always report the threats you find in your mailbox.
- Back up your data — Anything you value that resides on your desktop, home network storage, or in a cloud application like OneDrive should be backed up on a regular basis. Your family photos may be as important to you as your health records and financial information, so make sure you know what you need to protect. When done correctly, your backup system will ensure that you do not lose access to your data.
Protecting your business
Business users have a greater responsibility for cybersecurity because they’re protecting their organization, colleagues, and possibly the public. Business users have to manage more passwords, they are subject to sophisticated email attacks, and they stand between threat actors and a high-value target. Companies usually leverage an IT team to manage cybersecurity for employees and the organization. Business security is like home security but significantly augmented for greater protection.
- Login information is often protected with multi-factor authentication, or the company employs one-use passwords, passphrases, or physical security keys.
- IoT security is a greater concern because smart devices control critical infrastructure and supply chains. Industrial Control System firewalls and other defenses are used to protect these devices from botnets, automatic scanning, and manual big-game attacks.
- Online applications are usually protected with a web application firewall. This stops credential stuffing and other password attacks, as well as other threats like DDoS and the OWASP Top 10. We’ve already mentioned that protecting online accounts with strong passwords should be a priority for individuals. This is especially true for users who do business with companies that do not have strong web application protection to stop these password-guessing attacks.
- Businesses normally maintain email protection for all users, but it may be native protection provided with a system such as Microsoft 365 or basic spam, virus, and malware protection. Security-conscious companies will deploy AI-driven protection along with employee security awareness training.
- Data protection is a requirement for every business. It protects customer data, sales records, and anything else of value to the company. Proper data protection for a business requires the following:
- Identifying the type and location of valued data, which may include overlooked items like ICS configurations. This helps companies avoid surprises during a data restore procedure.
- Understanding the risk tolerance level of the business. How long is the company willing to wait for data to be restored, and how much data can be lost or re-entered? This information is used to select and configure the data protection system.
- Encrypting or otherwise protecting the backup from ransomware or other attacks. Ransomware is designed to identify and encrypt backup systems, which is why it is so important to protect the backup like any other resource on the network.
Hopefully you have good cybersecurity practices in place already. If not, Barracuda and the NCSAM program offer resources here to help individuals and business teams.
- Barracuda Ransomware Protection
- Barracuda Email Threat Scan
- Cybersecurity & Infrastructure Security Agency (CISA) – CYBER ESSENTIALS TOOLKITS
- CISA – STOP. THINK. CONNECT. ™
- European Cybersecurity Month (ECSM)
Barracuda offers businesses a complete solution for data protection and multi-layered security. Visit www.barracuda.com for more information.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.