Cyber Awareness Month: If you could give one piece of advice….
The Challenge
A month ago I asked the infosec twitter community what ONE piece of advice they would pick to give to non-infosec people during cyber security awareness month. The challenge was it could only be one piece of advice and they only had 8 words to use!
Over 500 responses later here are some of the best ones!
[Read the entire thread on Twitter @LisaForteUK]
By far the most popular suggestions included using a password manager, setting up 2FA on accounts, being more cautious with what you decide to post online and learning to stop and think before you click on links or hand out any company or personal details.
The advice was great and a lot of laughs were had over some of the posts. Here are some of the highlights from the discussion:
1. 2FA
Signing up for 2FA is simple. At the most basic level you can set this up on pretty much all the mainstream accounts now (Amazon, Facebook etc). Simply go into the security or privacy settings when you are logged in and find the two factor authentication setting. It will usually ask for a mobile phone number or an email. The website will then text you a code when you try to login. You input the code and you are now more secure than when you just used a password.
There are more advanced versions of this known as authenticator applications. Some of the better known ones are done by Google and Authy but there are loads out there. These have a code that is unique to you and your account. It only lasts for 30 or 60 seconds and then a new one is generated.
2. Security is ongoing
Achieving the standard of “secure” seems unobtainable and to be frank I think it is impossible if you ever want to actually use the device! The fact that the NSA and other fortress-like organisations have been attacked highlights this. That said every step you take to be more secure makes you look more challenging to attack.
Similarly, when you have obtained cyber essentials or an ISO accreditation for instance your work is not done. The best and worst thing about cyber security is that our work is NEVER done. It is an ongoing process of tweaking our defences, finding new vulnerabilities and securing them.
3. Stop and think!
If you get an unexpected email or phone call stop and think before you click on anything or hand over any information. Attackers are relying on the fact you will react without thinking!
To ensure that you react without thinking attackers will usually make the request urgent. This will leave you feeling anxious and like you can't delay in acting. Take a deep breath, go and get a cup of tea and think it through. In most cases you will start to question "why are the Police traffic unit emailing me at work or "how did Microsoft even get my mobile number?"
4. Social Media caution
Social media is great. We all enjoy using it but so do attackers. Keep your posts sufficiently benign that you aren’t giving away any personal information.
Researchers have been able to get home addresses, number plates, full names, social security numbers, passport numbers and more just from photos on Instagram. Look at the image you are about to post and ask "can I see any personal information on display in this image?" this may be in the reflection in a mirror too so look closely!
5. Ask questions
There really is no such thing as a silly question when it comes to information security. Cyber experts will have been asked every type of question under the sun so don’t be afraid to ask! The cyber community is always willing to help and advise anyone so even if you feel embarrassed I can assure you we have been asked far worse!
Thank you (and the funny ones!!)
A huge thank you to the amazing information security community that contributed to this threat. Some really clever and insightful ideas were shared and some that just made me laugh:
Please share with your communities. This month is all about raising awareness of cyber issues to everyone. Please go and follow some of these amazing minds on Twitter!
Feel free to add your top tips in the comments below- remember only one and only 8 words!!!
Happy Cyber Security Awareness Month!
Lisa Forte
International security and counter espionage subject matter expert.
5 年Not all security is cyber!...?
CEO Founder and Head of AI at RHEM Labs | LoganAI built with Australian Intelligence? - There's nothing artificial about what we do | Microsoft for Startups Founders Hub | Google Cloud for Startups |
5 年I must have missed this tweet! My apologies! Read and learn to understand your insurance policy.
The Right Questions for Your Answers my opinions are my own
5 年Cybersecurity starts with YOU - Think B4 You click !
Cybersecurity Board Member for Your Public Company / Trusted Advisor / Cybersecurity Guru | We Help Grow Companies
5 年Don't oversimplify cybersecurity - use all the words required.
Cyber Security & Information Risk / Assurance
5 年Become more "engaged"; this thing is here to stay.