National Cybersecurity Awareness Month
Security breaches in 20191
Reports of Identity Theft in 20192
Total records exposed in 20191
Was the #1 form of data breach1
Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.
Now in its 17th year, NCSAM continues to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online.
This theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
#BeCyberSmart – #Cybersecurity – #NCSAM2020
Week 1 – If You Connect It, Protect It
National Cybersecurity Awareness Month (NCSAM) has officially begun! Join us in spreading cybersecurity awareness and encourage everyone to own their role in protecting Internet-connected devices.
The focus of National Cybersecurity Awareness Month’s first week is “If you Connect It, Protect It.” This emphasizes the potential vulnerability of all Internet-connected devices.
Cybersecurity starts with YOU and is everyone’s responsibility. There are currently an estimated 4.8 billion Internet users—over 62% of the world’s population! This number will only grow, making the need to “Protect It” more important than ever.
Join us and get involved by visiting cisa.gov/ncsam
#BeCyberSmart #Cybersecurity #NCSAM2020
Week 2 – Securing Devices at Home and Work
National Cybersecurity Awareness Month’s second week focuses on steps individuals and organizations can take to secure Internet-connected devices for personal and professional use.
This year has seen major disruptions in the way we work, learn, and socialize, driving many of these activities online. With our homes, schools, and business more connected than ever, it’s vital to “Protect It” and #BeCyberSmart.
Learn how to Protect It by visiting cisa.gov/ncsam
Week 3 – Secure Teleworking
The DoD relies increasingly on Internet-connected devices and solutions to improve organizational efficiency, speed of crisis response, and much more. However, it has also exposed the DoD to vulnerabilities that cyber criminals can exploit.
Visit cisa.gov/ncsam to learn how to better protect your internet-connected health devices.
The third week of National Cybersecurity Awareness Month delves into secure teleworking and exploring the vulnerabilities of Internet-connected devices.
Week 1 – October is National Cybersecurity Awareness Month!
When it comes to #cybersecurity make sure you OWN IT. SECURE IT. PROTECT IT.!
#BeCyberSmart #BeCyberSecure #BeCyberAware
Week 2- Double Your Login Protection!
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you.
Use MFA for email, banking, social media, and any other service that requires logging in.
Enable MFA by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token.
Week 3 – Play hard to get with strangers!
Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks “phishy,”
Do not respond and
Do not click on any links or attachments found in that email.
Do use the “junk” or “block” option to no longer receive messages from a particular sender.
Week 4 – Stay protected while connected!
Before you connect to any public wireless hotspot be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
When using unsecured public access point, avoid sensitive activities (e.g., banking) that require passwords or credit cards.
Your personal hotspot is often a safer alternative to free Wi-Fi.
Only use sites that begin with https:// when online shopping or banking.
Week 5 – Never Click and Tell!
Limit what information you post on social media.
Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and vacation plans.
Disable location services.
Read the Social Media Cybersecurity Tip Sheet for more information.
Week 1 – FIVE EVERY DAY STEPS TO ONLINE SAFETY
- Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts.
- Make your passwords long & strong. Use complex passwords with a combination of numbers, symbols, and letters.
- Keep a clean machine. Update the security software, operating system, and web browser on all of your Internet-connected devices.
- When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious, delete it.
- Share with care. Limit the amount of personal information you share online and use privacy settings to avoid sharing information widely.
Week 2 – FIVE WAYS TO BE CYBER SECURE AT WORK
- Stop and think before you open attachments or click links in emails. If it looks suspicious, it’s best to delete it.
- Make electronic and physical back-ups or copies of all your important work.
- In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.
- Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. When available, turn on stronger authentication for an added layer of security, beyond the password.
- Report anything suspicious. If you experience any unusual problems with your computer or device, report it to your IT Department.
WEEK 3 – BEST PRACTICES FOR USING PUBLIC WI-FI
- Think before you connect. Before you connect to any public wireless hotspot be sure to confirm the name of the network and login procedures with appropriate staff to ensure that the network is legitimate.
- Use your mobile network connection. Your own mobile network connection is generally more secure than using a public wireless network. Use this feature if you have it included in your mobile plan.
- Avoid conducting sensitive activities through public networks.
- Keep software up to date.
- Use strong passwords. Use different passwords for different accounts and devices.
WEEK 4 – HOW TO AVOID PHISHING ATTACKS
Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.
- Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious it\’s best to delete or, if appropriate, mark it as \”junk email.\” Contact the company directly (via phone) to be sure the email is not legitimate.
- Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts.
- Install and update anti-virus software. Make sure all of your computers are equipped with regularly updated antivirus software, firewalls, email filters, and antispyware.
- Be wary of hyperlinks: Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it.
WEEK 5 – TIPS FOR MOBILE SECURITY
- Use strong passwords. Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords.
- Install updates for apps and your device’s operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities.
- Disable remote connectivity. Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use.
- Be careful what you post and when. Wait to post pictures from trips and events so that people do not know where to find you.
- In order to prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it is not in use.
- Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.
Week 1 – Simple Steps to Online Safety
Which of these precautions can you take to make your family safer from online threats?
- Always keep anti-virus software current.
- Regularly apply any available updates and patches for your home computer.
- Have regular conversations about phishing and other online threats.
Answer: All choices are correct.
All members of the public can take some basic actions to protect themselves online and to recover in the event that a cyber incident occurs. Being alert for phishing emails, applying any updates for your computer system, and keeping your anti-virus software current are all valuable precautions to take to not become a victim of cybercrime.
Week 2 – Cybersecurity in the Workplace is Everyone’s Business
Select the possible, detrimental actions that can occur as a result of a single phishing attack:
- The adversary can steal files with sensitive data.
- Computer virus could be released onto the network.
- The adversary can establish a remote connection.
- All of the choices are correct.
Answer: All choices are correct.
A single phishing attack can lead to many negative effects. These include stolen files and sensitive data, the collection of PII, the execution of remote commands, and the advisory establishing remote connections to an official network. It is important to recognize phishing attempts to minimize the likelihood of being attacked and the loss of data. Always look for digital signatures on DoD enterprise email. Never open links or attachments within questionable emails and immediately report potential phishing emails to your organization’s Security Officer.
Week 3 – Today’s Prediction for Tomorrow’s Internet.
Internet of Things (IoT) devices are becoming a feature of everyone’s daily life. What cybersecurity precautions should you keep in mind in using IoT devices?
- Make sure you understand the cybersecurity vulnerabilities for each IoT device.
- Learn how to set the IoT devices for the maximum cybersecurity protection.
- Make sure you know the cybersecurity features available for each device (i.e., security settings/patches/upgrades).
Answer: All choices are correct.
People today are in the midst of an enormous technological change that will change our lives drastically forever! Technological devices affecting almost every part of our lives are here, from household appliances to aircraft. Automated sensors and controls that we interact with daily have become known as part of the Internet of Things (IoT), used to secure our homes, adjust home temperatures from afar, monitor our health/fitness, and control smart buildings. Using this technology comes with great risk. Malicious use of these devices can cause harm. We could be in a position where a determined adversary could shut down our power and water infrastructure, turn off security systems, disrupt our ability to provide medical care, listen to our conversations, and monitor our movements.
Week 4 – The Internet Wants YOU! Consider a Career in Cybersecurity
No question week 4.
Week 5 – Protecting Critical Infrastructure from Cyber Threats
When is it acceptable to plug a personally owned device into a USB port on government provided equipment?
- Anytime, as long as it’s a keyboard or mouse.
- Anytime, as long as it’s only for charging purposes.
- Anytime, but only for Flash memory backup devices.
- Never (unless specifically authorized by the Authorizing Official (AO) through the responsible Information Systems Security Manager (ISSM))
Answer: Never (unless specifically authorized by the Authorizing Official (AO) through the responsible Information Systems Security Manager (ISSM))
Removable media devices are portable and can be used to easily move data between computers. The DoD requires DoD data stored on removable media devices to be encrypted and stored according to its classification level. Only removable media devices that have been specifically authorized by the AO through the responsible ISSM can be plugged into a USB port of a government owned system.
1 Identity Theft Resource Center, 2019 End-of-Year Data Breach Report, 2020.
2 Federal Trade Commission, Consumer Sentinel Network Data Book 2019, 2020.