October is Cybersecurity Awareness Month and Mercy College is proud to participate in the Champions Program, organized by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. As a “Champion” Mercy is joining a growing global effort to promote the awareness of online safety and privacy. The theme of this year’s program is ‘Do Your Part. #BeCyberSmart’ and is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to Cybersecurity Awareness.
Each week in October the IT Department will be sharing resources on a cybersecurity topic, per the schedule below, that we hope prompts further discussions with your team regarding your current and desired security practices.
If you have any questions on these topics or would like to organize a discussion with your team, please contact the IT staff at firstname.lastname@example.org. We welcome the opportunity to join your team for further discussion and strategizing about any of these topics.
For more information about ways to keep yourself safe online, please visit https://staysafeonline.org/cybersecurity-awareness-month/ or https://www.cisa.gov/national-cyber-security-awareness-month
Chief Information Officer
Secure passwords are your best line of defense against online hackers. Maintaining unique and strong passwords that are changed frequently greatly reduces your likelihood of a security breach.
Mercy College has policies regarding password creation and maintenance. These policies are available https://www.mercy.edu/information-technology/about-it-support/policies/data-policy and should be reviewed regularly by new and existing students, faculty, and staff.
Tips on Creating Secure Passwords
EDUCAUSE provided some tips regarding password security through their National Cyber Security Awareness Month campaign. They recommend the following ways to protect your personal information:
- Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.
- Remember to also protect your mobile devices: The first layer to mobile security is to lock your device with a password or touch ID. These features make it much more difficult for your information to be accessed if your device is lost or stolen.
Week of October 5 (Week 1): If you Connect It, Protect It
If you connect it, protect it.
The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. The first week of Cybersecurity Awareness Month will highlight the ways in which internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks.
The overarching message of this year’s theme, ‘If you Connect it, Protect it,’ dives into the importance of keeping connected devices safe and secure from outside influence. More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well being. Data collected from these devices can detail highly specific information about a person or the college which can be exploited by bad actors for their personal gain.
Every individual should own their role in protecting their information and securing their systems and devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below, NCSA highlights eight tips you can put into action now:
- LOCK DOWN YOUR LOGIN Make a long, unique passphrase. Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to rememberUse 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.
- WHEN IN DOUBT, THROW IT OUT Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
- KEEP A CLEAN MACHINE Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- BACK IT UP Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2- 1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
- OWN YOUR ONLINE PRESENCE Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- SHARE WITH CARE Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share
- GET SAVVY ABOUT WIFI HOTSPOTS Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.
Week of October 12 (Week 2): Securing Devices at Home and Work
SECURING DEVICES AT HOME AND WORK
2020 saw a major disruption in the way many work, learn, and socialize online. Our homes are more connected than ever. Our businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet connected devices for both personal and professional use.
FACTS AND FIGURES
- The global smart home market is forecast to reach a value of more than $141 billion by 2023. (Statista Research)
- 92% of employees said they believe it’s the organization’s job to secure remote working, yet over two-fifths (42%) claimed current security policies make it difficult to do their job. (Capita)
- 90% of IT professionals believe remote workers are not secure and 70% think remote staff poses a greater risk than onsite employees. (OpenVPN)
- CIS Good Security Habits - https://us-cert.cisa.gov/ncas/tips/ST04-003
- CISA Home Network Security - https://us-cert.cisa.gov/ncas/tips/ST15-002
- CISA Securing the Internet of Things - https://us-cert.cisa.gov/ncas/tips/ST17-001
- CISA Understanding Firewalls for Home and Small Office Use - https://us-cert.cisa.gov/ncas/tips/ST04-004
- CISA Keeping Children Safe Online - https://us-cert.cisa.gov/ncas/tips/ST05-002
Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
SECURING INTERNET-CONNECTED DEVICES IN HEALTHCARE
The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit. The third week of Cybersecurity Awareness Month will delve into the industry (hospitals, care facilities) and consumer (telemedicine patients), implications of internet-connected device use, and what steps both can take do their part and #BeCyberSmart.
FACTS AND FIGURES
The global IoT healthcare market is expected to reach $14 billion by 2024. (Zion Market Research)
Hospitals are at the top of the list of industries most vulnerable to cyber attacks. (Moody’s Investors Service)
The total telemedicine market in the United States is predicted to reach $22 billion in 2022. (Statista Research)
Week of October 26 (Week 4): The Future of Connected Devices
The final week of Cybersecurity Awareness Month will look at the future of connected devices. This week will look at how technological innovations, such as 5G, might impact consumers’ and business’ online experiences (e.g. faster speeds and data transmission, larger attack surface for hackers), as well as how people/infrastructure can adapt to the continuous evolution of the connected devices moving forward. No matter what the future holds, however, every user needs to be empowered to do their part.