Each year I look forward to October because Halloween is my favorite holiday. I love to see the decorations, people in costumes and, of course, the scary Hayrides. October, however, has taken on a new significance since President Obama designated October as National Cyber Security Awareness Month.
It’s great to focus attention on cybercrime because the list of recent cyberattacks against big business goes on and on:
Anthem – Hackers were able to breach a database that contained as many as 80 million records of current and former customers, as well as employees.
Target – hackers stole credit and debit card records from more than 40 million Target customers, as well as personal information like email and mailing addresses from some 70 million people.
Staples – Hackers compromised the information of about 1.16 million credit cards.
Home Depot – About 56 million payment cards were probably compromised.
JPMorgan Chase – Account information of 83 million households and small businesses were compromised.
Community Health Systems – Information including names, birth dates, Social Security numbers and addresses — for 4.5 million patients had been compromised.
Doing the math, on just these few hacking instances, I count over 334 million records that have been stolen. Google says the population of the United States is 318.9 million. Do you shop at Target? If so, there is a 34% chance the hackers got you if you used plastic to pay for your purchase. If you used a Chase card to pay, that percentage increases still more.
It’s both disturbing and frustrating at the same time. How can I possibly protect myself against these unseen criminals who seem intent on stealing my personal information? It’s a good question and, thankfully, I found a lot of information online concerning becoming more security conscious.
The Department of Homeland Security maintains a website that leads the way in helping us become better educated about this issue, and it offers tips and resources targeted at specific groups. I chose to link the ones below that are most relevant to our University community. They address computer and mobile device security that we should all review from time to time:
I will include other helpful links at the end of this article that will also give you some ideas on how to better protect yourself. While companies need to become better able to manage their server security, there are a few things that we can do to keep from compromising our own security.
Here’s my top 10 list of things to do to keep from compromising yourself:
- Use strong passwords. Carefully choose a password in excess of 8 characters. It helps to pick a phrase and then change a vowel or two to numbers. For instance, I once used JustL3tM3In. It was easy to remember because I could easily remember “Just Let Me In”. It was secure because I included upper case, lower case, and numbers with 11 characters. Be creative and maybe even switch an ‘@’ for ‘a’ if your pass phrase has an ‘a’ in it. Two more things about passwords, never allow your computer or mobile device to remember a password and never share your password.
- Keep your software up to date. This includes patches, antivirus, and security software for your mobile device as well as your computers.
- Time your posts. If you are into social networking, wait until you are back home to post pictures or information about your trip so that no one knows your home is unattended.
- Keep a close eye on your devices. Never leave your mobile device or laptop unattended in a public place.
- Turn off remote connectivity. If you are not using Bluetooth, or wireless networking, turn them off on your mobile device.
- Always be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Sometimes the very act of opening an email or visiting a website will allow your device to become compromised. If you get an email from someone you don’t know offering you a million dollars to help them do something or an email that looks like it is replying to an email that you sent, although you cannot remember sending an email to that person, it’s a good idea to delete it without opening it to read.
- Ignore pop-ups because they often contain malicious software. These pop-ups trick users into doing something the hacker needs them to do in order to attack them. For instance, if you click on something the pop-up offers, like an interesting survey or some “AMAZING” product information link, you could unintentionally help the hacker. If you see something that you are really interested in, open another browser window and do a Google search to see what people say about it before you simply click the link.
- Only use secure websites for online shopping and banking. Always make sure there is an https in the address bar. Most of the time there will only be an http (no S). HTTPS means it is a secure website. Never enter anything that you are concerned about (social security number, birthdates, credit card numbers, etc.) without seeing the https.
- Don’t store your card details on websites. Err on the side of caution when asked if you want to store your credit card details for future use.
- Different site, different passwords. Most online users own accounts in over a dozen sites. For instance, if a hacker guesses your Facebook password and you used that same password at a site like Amazon, then the hacker has your Amazon password and perhaps even your email password.
So Happy National Cyber Security Awareness Month! Follow these tips, and the others listed at links below, and you may very well ‘trick’ the hacker instead of ‘treating’ them… ( I couldn’t help myself, I love Halloween! )
Homeland Security: http://www.dhs.gov/national-cyber-security-awareness-month
University of California Santa Cruz: http://its.ucsc.edu/security/top10.html
U.S News & World Report: http://money.usnews.com/money/personal-finance/articles/2015/01/13/10-ways-to-keep-your-phone-safe