“As the lines between our work and daily lives become increasingly blurred, it is more important than ever to be certain that smart cybersecurity carries over between the two.” - National Cyber Security Alliance (NCSA)
October is National Cybersecurity Awareness Month and if you haven’t thought about cybersecurity yet, here’s why you should:
What would happen if?
- A story appears in the national news about a human services agency’s data being stolen or disclosed to unauthorized personnel
- The public loses confidence in health and human services because of a security breach involving personal data
- Criminals hack into a human services agency’s networks and steal information, threatening the privacy and financial security for millions of people
The HHS Cybersecurity Program presents these scenarios not to scare you, but, because they are possible. Understanding the security risks that information systems are exposed to and taking steps to mitigate them will result in a secure operating environment.
Watch out for these common cybersecurity threats:
- 92 percent of malware is still delivered by email. Phishing attacks are the primary method of email malware infections and the attacks are increasingly targeted. Phishing is a method of trying to gather personal information by using deceptive e-mails and websites.
IMPACT: These emails can be sent to anyone, not just to the IT department, so everyone should be careful when opening unexpected emails, or questionable links because…
- Ransomware causes employee idleness. Ransomware is a form of malicious software that, takes over your computer, threatens you with harm (usually by denying you access to your data); then the attacker demands a monetary ransom.
IMPACT: If ransomware gets a hold of your computers, the biggest hit to your agency will be workers who can’t work due to wrecked networks and dysfunctional computers.
To protect yourself, you should think about what data you have and how you secure it.
Here at Northwoods, in addition to our formal security controls and Security and Compliance Team, we have a group of interested coworkers who have taken security awareness to another level. They call themselves the “White Hats.”
To engage the whole office this month, they have:
- Hosted internal company webinars on subjects like data breaches and identity theft
- Organized a security “Jeopardy” game to test employee’s knowledge of common security questions
- Hosted a “Capture the Flag” game for hackers on a virtual machine with vulnerabilities
- Hung posters around the office to start the conversation about cybersecurity (see examples below)
- Left USB sticks in the parking lot that if plugged into a computer had a fake malware alert to remind employees that unknown devices can carry viruses
- Scheduled a lock-picking event to remind folks that physical security is important too
What do you do to promote security awareness?
No matter who you are, security is important. Find out what’s right for your employees/agency to make these ideas work for you.
For more ideas on making cybersecurity training fun, read these 6 top tips!
Aaron Caldwell, Director of the Northwoods Support Center, is always looking to help customers solve problems using his experience and knowledge of technology. Aaron’s enthusiasm for helping our customers rubs off on everyone he works with to create a culture at Northwoods that puts customers first in everything we do.