Category Archives: Cybersecurity

National Cyber Security Awareness Month

The full month of October is dedicated to Cyber Security Awareness in the US.

National Cyber Security Awareness Month began in October 2004 to help bring awareness to help Americans be safer online. It was a joint venture by the National Cyber Security Alliance and the Department of Homeland Security

You don’t have to look far to find in the news some spectacular and financially devastating hacks.

Some of the most recent famous ones were:

Anthem
AshleyMadison
(Premera) Blue Cross
Ebay
HomeDepot
JPMorgan
Lifelock
OPM
Sony
Target

Some of the reasons for hacking or breaching security are financial gain, bragging rights, recreation and social activism.

No matter what the reason, this can be devastating to individuals and companies when sensitive data, such as credit card numbers, social security numbers, names and address are released.

The Department of Homeland Security, DHS, has suggested different themes for different weeks. These are summarized below and punctuated with keystone events. For more detail and the event information, please go to http://www.dhs.gov/national-cyber-security-awareness-month

Week 1: General Cybersecurity Awareness: 5 Years of Stop.Think.Connect.™

October 1-2

This week instructs and reminds that everyone shares in the role of keeping things cybersafe. No matter what it is: avoiding opening an attachment, not replying to too-good-to-be-true emails, or not having virus protection programs installed on your computer, everyone not just specialists plays an important role in keeping everyone safe.  It is these click first without thinking behaviors that it is important to guard against.

To this end, this short week also spotlights the five years of work that “Stop.Think.Connect.” has done in trying to get people to do just that. For more info see https://www.stopthinkconnect.org

Week 2: Creating a Culture of Cybersecurity at Work

October 5-9

This week focuses on common threats for businesses and employees. Every business should have more than the traditional business plan components; it needs to have a cyber plan as well.

Week 3: Connected Communities: Staying Protected While Always Connected

October 12-16

This week focuses on mobile devices, social media and public places.  It is important to have protection installed on your mobile devices, not reveal important information on social media and be careful when using public computers or public wifi

Week 4: Your Evolving Digital Life

October 19-23

Highlights the “smart world” we live in and the importance of educating all citizens on cybersecurity as more and more of the devices we use – from phones and tablets to homes and medical devices – become connected to the Internet. Week four provides a current snapshot of technology and where we envision technology taking us in the future.

Keystone Event: NASDAQ Closing Bell Ceremony & Luncheon, New York, NY

Week 5: Building the Next Generation of Cyber Professionals

October 26-30

The last week looks forward into the future to emphasize the need for a cybersecurity savvy workforce, meeting the demand for specialists and ensuring that children are cyber-safe and cyber-savvy as well.

Resources:

http://www.bloomberg.com/graphics/2014-data-breaches

http://www.dhs.gov/national-cyber-security-awareness-month

http://www.reuters.com/article/us-cybersecurity-ibm-idUSKBN0OC0ZE20150527

http://www.dhs.gov/stopthinkconnect-toolkit

https://www.staysafeonline.org/ncsam/about/history-of-ncsam

https://www.staysafeonline.org/ncsam/about/history-of-ncsam#sthash.Iu6CEX3d.dpuf

https://www.stopthinkconnect.org

 

Heartbleed Bug

In the news, is the “Heartbleed Bug.” While it has made the public news, it sadly is not new and based on at least a two-year-old flaw.

The Heartbleed Bug exploits a vulnerability (Heartbleed) in the way in which the OpenSSL encryption checks to verify that there is a computer at the end. That process sends a packet of data to check to see if there is a computer on the other end of a process. This is the “heartbeat.”

The bug sends out a disguised heartbeat to get a reply from your computer and tricks it into giving it additional information. This can include memory stored data that can include the encryption key. That key will unlock the encryption code and make the data read easily by anyone. Basically instead of a packet of data being sent that says “Hello, are you there?” it becomes “Hello, are you there and give me the (encryption) keys to the palace.”

What to do? As always, change your password frequently. Ask your hosting service if they have installed the patch. They should have done this weeks ago, when they were alerted before it hit the general public news.

You can read more here at <a href=”http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/” target=”_blank” rel=”nofollow nofollow”>http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/</a>