October is National Cyber Security Awareness Month. Led by the Department of Homeland Security and the National Cyber Security Alliance, the global education campaign will spotlight online issues that could ruin your business, credit and reputation. It will also share ways consumers and businesses can address these problems.
Here are some tips from the National Cyber Security Alliance and cybersecurity experts with OWASP and Synopysis, Inc., organizations that joined ISSA (Information Systems Security Association), the Internet Society, ISACA (Information Systems Audit Control Association), ACFE (Association of Certified Fraud Examiners), (ISC)² (International Information System Security Certification Consortium) and CISQ (the Consortium for IT Software Quality) to present the third annual New York Metro Joint Cyber Security Conference (NYMJCSC).
Keep Your Computer Current
Failure to conduct ongoing maintenance on your operating system and software applications is an invitation to hackers.
“Delays in patching security flaws of operating systems and software, as well as lapses in licensing for antivirus, intrusion detection systems, intrusion prevention systems, and other vulnerability identification and prevention tools, weak secure coding guidelines and QA review processes and lapses in IT Management’s adherence to security controls and protocols are factors that will compromise data,” says Tom Brennan, the New York Metro Joint Cyber Security Conference (NYMJCSC) chairman and Global Board Member of the OWASP Foundation.
The cybersecurity veteran says businesses and consumers should conduct ongoing vulnerability assessments to identify software bugs and insecurities. Using tools such as network scanning software like NMap will find IP addresses, identify open ports and operating systems (and their specific versions) running on a network that should be investigated.
OWASP Zed Attack Proxy and Nikto—also open source software—will identify cross-site scripting (XSS) injection (one of the top application security risks, according to OWASP), SSL authentication issues, weak software scripts and configuration mistakes in web applications.
Using these types of tools and manual verification of the results will help users determine what issues need to be addressed.
Also, having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats, says the National Cyber Security Alliance.
Ensure Your Personal Information is Protected
People may you know you better through your digital footprint than your physical identity.
“With social media platforms like Facebook, LinkedIn, Twitter and Snapchat, hackers have the keys to your personal kingdom,” says Joe Jarzombek, a NYMJCSC speaker and global manager of software supply chain management for Synopsys’ Software Integrity Group.
Jarzombek suggests individuals use the privacy settings associated with their social media accounts. While this may add a layer of security, it may not guarantee the safety of your photos, comments, posts and other data. “Thanks to software bugs and the availability of easy-to-use hacking tools, privacy settings can be easily hacked. Before posting anything, people might want to ask themselves, “Would I want my boss or loved one see this?”
Whether people use social media platforms, e-commerce sites to purchase items or banking websites to conduct transactions, they should create long and different passwords.
The National Cyber Security Alliance recommends that individuals should “make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”).”
Charles Beganskas, OWASP Long Island Chapter leader and a NYMJCSC participant, says two-step verification is another popular method consumers should use to protect their personal information. “While it may add a couple of seconds to your log-in process, it could you save you the headache of reporting identity theft to law enforcement agencies, credit reporting agencies and vendors.”