What Does Cyber Awareness Mean in the Year of the Pandemic?
By Edward J. Hawkins, II
This year has been, arguably, a most interesting one so far. It has seen a pandemic, a global economic crash, and wave after wave of misinformation trying to influence people in a wide range of topics, including a presidential election. All these topics introduce various risks to governments, societies, and our fundamental way of life. As this is Cyber Awareness Month, it is always a good idea to take a step back and review our own security-hygiene in 2020.
Get started on your cybersecurity degree at American Military University.
A good starting place is answering the questions 1) are my computers up to date and patched? 2) does my security software have the latest definitions? and 3) are my security settings (internal and external) acceptable?
A little history in the understanding of where we are: Since 2005, the Privacy Rights Clearinghouse (PRC) has provided publicly released breach data to the world; so far the PRC has found 11,706,782,100 records breached. Keep in mind that this large number represents data files compromised, not the number of actual breaches.
This number has typically been under 1000 breaches per year, with a high of 950 in 2018. Although the PRC’s database only touches on 2019 (due to the administrators working on upgrades), the overall trend of attacks is still on the rise, especially when it comes to the medical industry, which accounted for 48% of all data breaches between 2005 and 2019.
The biggest offenders in this industry: losing or having physical documents stolen (33%), unintentional disclosures (25%), and external hackers (22%). The next largest industry is the business sector, which constituted 27% of recorded breaches, divided into three specific areas: financial (9%), retail (7%), and other (12%). Unintentional disclosure, by itself, accounted for 21% of all data breaches.
So, what does this mean for you? It means that we, as individuals, need to do a better job of understanding what information should be protected, who should have access to our information, and how it is being used protected. Privacy, in this context, should be defined as the level of “control people have to regulate the flow of information about themselves.” Web browsers, sites, and various add-ins can help increase our level of privacy by restricting who can gain access to our information.
For example, on many social media platforms, you can adjust what information can be seen at various levels depending on your preferences. Keep in mind that, even though you are adjusting these settings, if you don’t want to share the information, you can always try removing it.
The largest source of data breaches still tends to be the result of malicious attackers trying to steal data, accounting for 28% of all breaches. The attackers try to violate identity management systems (IDMS) and access your data by impersonating you. As Kenneth J. Giuliani and V. Kumar Murty noted, “…many internet sites require a user to log in using a user id and password.” And “quite often, users will choose passwords [which are] to short, easily guessed, or use the same password for multiple sites”.
Another problem is that websites typically do not require users to change their passwords or they will not lockout a user after a certain number of incorrect password attempts. Most major websites have got better about providing options to change a password when users have forgotten their password. However, but an email has been compromised, there may be a good chance that the attacker could use that access to his advantage.
So, consider changing your passwords on a regular basis, implement two-factor authentication, and do not use the same password for multiple websites.
When it comes to wading through the sea of potential misinformation, a good thing to remember is to check your facts, information sources, and who is providing the information. We want to trust our friends and the information they are sharing. But considering the news during the past few weeks that there are organizations that are hiring people to write fake stories and spread misinformation, it is more critical than ever to take time to verify the validity of the information we consume, while limiting the amount of misinformation we share.