#CyberMonth: A time to change behavior

#CyberMonth: A time to change behavior

October is a special time of year. It’s officially fall, which means you pull your favorite winter sweaters out of the closet and grab a pumpkin spice latte from your favorite coffee shop.

But the month is also when we as an industry celebrate Cybersecurity Awareness Month (CAM).

It is wonderful that we have CAM to bring much needed awareness to the masses, especially during the hybrid work environment where users are now more vulnerable than ever to social engineering attacks such as phishing.

Yet, as an advocate, I am continually adapting how I deliver cybersecurity awareness. Really, the focus of cybersecurity awareness has shifted from being an educator or trainer to the behaviors or outcomes you seek based on the information you’re trying to disseminate.

And I’m not the only one who has felt this change…

In light of this, my fellow advocates and I joined together to share our stories and examples of how we’ve helped change the safety behaviors of our loved ones. As safety advocates, it is our duty to educate as much as possible, and what better place to start than with the people in your inner circles.

The following are real-world examples, tips, and advice that you as an infosec professional can use to share with your own friends and family to illustrate safer behavior.

Tip 1 – If it seems too good (or bad) to be true, ignore it 100%

If you receive a call from someone claiming to be from your bank, delivery service or broadband service, saying there’s been a problem with your account and they want more information from you, always be wary. There are many scam callers, who constantly steal information and dupe vulnerable people, and some even threaten to cut off a person’s internet and phone lines. I had relatives affected by this, so I gave safety advice on how to deal with these scammers, giving tips and reassurances that if they hung up, nothing bad would happen. The longer fraudsters have you on the phone, the more likely they will succeed in obtaining the sensitive information they want. The best thing to do is remove yourself from the conversation entirely to protect yourself and your data. Now my family can detect a scam call immediately and will hang up within three seconds before the threat actors can say anything more.

See also  Plaid suspends FTX.US access to user data following "concerning" reports

Tip 2 – You’re never too old to improve your security

Being safe online is not just limited to the younger generation. Technology affects everyone, including those who have retired or were introduced to it later in life. If anything, retirees are among the most vulnerable to cyber fraud. This could be a parent, grandparent, uncle and aunt or even a neighbour. But overall, this age group has missed out on the opportunity to learn about cyber security – something we take for granted. This is where we all need to look after our loved ones and educate them about the dangers online and how to spot scams – especially financial and romantic scams affect this age group the most. Communicate the dangers in the simplest form and do not burden them with technical terms. Keep the conversation going whenever possible, and check that they’re using strong passwords, that they’re not oversharing on social media, and that their devices are kept up-to-date. For example, my mother is proud to call me every time she hangs up on a scam pretending to be from Microsoft because I explained that Microsoft would never call their customers. The same can be said for banks, mobile providers or other central service providers.

Tip 3 – How to spot a scam and stay up to date on the latest scam

Fraudsters use various methods to trick victims, including phishing, social engineering, text messages and even in real life. This can be frightening, especially for those who are less aware. Here are some tips to be aware of:

  1. The scammer will initiate communication and it will come unexpectedly
  2. The sender is someone you have no previous contact with and wants to ask you to do something you haven’t done before, such as clicking a link or downloading a file or opening a document
  3. The message is time-sensitive or has a stress factor that urges you to take action quickly
See also  What are the top 10 educational apps that collect the most Android user data?

Never complete the request if contacted as described above and always try to review and verify the sender, website or link. By developing a healthy skepticism, you are already taking the right steps forward to reduce the likelihood of being scammed. Using messaging channels like WhatsApp is a good way to keep your loved ones updated on the latest scams. Share news articles, warnings and advice when these threats arise and be aware that scams are often current and may reflect what’s in the news cycle (tax season, data breach or holiday).

Tip 4 – Start MFA and avoid password reuse at all costs

Password reuse (reusing the same password for multiple accounts) is a common mistake many people make when using applications and systems. For example, I had a friend contact me saying that their Facebook account had been hacked and that cybercriminals were able to change the password. Despite contacting Facebook’s customer service, they were unable to regain access to her account. My friend explained that she had used the same password for other accounts, which is how we determined that this was how the threat actors gained access to her Facebook account. Multi-factor authentication (MFA) was also not enabled, and I explained that going forward MFA would have to be used as it is an extra layer of security. Furthermore, authentication apps and password managers are recommended to ensure that unique usernames and passwords are used for each account. Doing so reduces the likelihood of multiple accounts being hacked.

Of course, there are different ways we can help improve cyber security awareness and security culture, but having a month dedicated to it is a step in the right direction. The relationship between people and technology becomes inseparable. Unfortunately, the vast majority are still unaware of the cyber dangers they pose. So to make sure they don’t fall by the wayside, we, the cybersecurity industry, need to be responsible for making the change and educating them about cybersecurity.

See also  Popular school messaging app hacked to send explicit picture to parents

#KB4Change

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *