October is Cyber Security Awareness Month

In the spookiest of months, the cyber security community takes the time to talk about all the nasty and scary things lurking on the internet. Things like phishing, business email compromise (BEC), and malware that makes your computer go bump in the night. During a year in which data breaches continue to impact an incredible amount of people and personal data, it’s time to take a moment to think about all the things you can do to help protect your organizations.

Take the time to train your staff
There are several services to help train your staff to identify phishing, impersonation, or other types of threats to your network. If you’re a fan of movies like “Hackers,” or the show “Mr. Robot,” you’ll know some of the techniques used are not just Hollywood fiction but actual realities. Fake texts and calls from spoofed numbers, dropped USB sticks in the parking lot, and CDs with malware can install unwanted backdoors by those curious enough to insert them into their desktops are a real threat.

Google offers a nice training test for staff that helps educate them on potential phishing threats. Consider sending the phishing test to your organization as one of the tools you use to  strengthen your employees’ threat-catching skills.

Protect your organizations from phishing

Phishing is evolving and getting harder for people to recognize:

Pieter Gunst – @DigitalLawyer
Oooof. Was just subjected to the most credible phishing attempt I’ve experienced to date. Here were the steps:

1) “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?”

Me: no.
7:20 PM · Oct 7, 2019

Review your organization’s email authentication configuration. This should be reviewed at least once per year, if not more frequently, but it’s Cyber Security Awareness Month, so why not make it part of your annual review?

  • Are you still authenticating mail from services you no longer use?
  • Are you publishing SPF, DKIM and DMARC for your brands?
  • Are you stuck at p=none?

In the spirit of the month, take a look at what you can do to move towards a p=quarantine policy.

Take time to look at your systems and secure your accounts

There has been a disturbing trend in several of the large data breaches over the last two years: large, internet-connected databases without proper password authentication requirements. Cyware built a list of several data breaches resulting in the loss of more than 2 billion records in 2019 that occurred due to the data being publicly available without a password. This is becoming so common you might start to think it’s negligent when it occurs at other organizations.

Data breaches are also important to pay attention to if you reuse passwords across multiple accounts, as these can be used to access other services not breached. This may result in interruption of services for end users or companies, or lengthening the time it takes to recover access.

Take a few moments this month to review your personal and business cyber security practices: consider installing a password manager, change your passwords, and uninstall applications you’re no longer using from your phones and computers. You might just thank me for the reminders.

Matthew Vernhout
Director, Privacy and Industry Relations
EEC Vice-Chair