DO YOUR PART, BE CYBERSMART: HOW CYBER HYGIENE CAN PROTECT YOU

October is National Cybersecurity Awareness Month (NCSAM), so now is a great time to focus on ways to protect and secure your cyberspace. Throughout the month, the Hagerty Cyber Team will provide educational resources with the goal of increasing individual and business cybersecurity awareness in a world where cyber hygiene and security online is essential.

If You Connect It, Protect It

Today, you likely have access to an Internet-connected device. This year, due to the COVID-19 pandemic, most workplaces have gone partially or fully virtual; so, you likely have more than one device storing personal and/or sensitive information online. While your Internet-connected devices may vary (e.g., laptops, desktops, cellphones), if you apply basic principles of vigilance and protection, they can all be better prepared to safeguard against malicious activity.

CISA NCSAM Graphic

Some may think that cyber incidents largely target companies or governmental agencies. However, many individuals are victims of cyber-attacks that can result in stolen data, money, or even open the door into their workplace to gain corporate information.

Wi-Fi is a wireless networking technology that allows devices to interface with the Internet. It lets these devices exchange information with one another, creating a network of Internet connections and users.

Now more than ever, it is important for individuals, businesses, and communities to have readily available access to Wi-Fi; however, you must be careful of connecting to the Internet in a non-secure, public setting. Often, public Wi-Fi networks are not password protected, providing greater access to malicious actors seeking to attack your online accounts, devices, personal information, and data. Therefore, it is always safest to set up a secure, personal network with password protection. Many individuals may not be aware of their vulnerabilities online, but there are so many resources available to help bring awareness and safety.

If you are not already considering ways to protect yourself against potential cyber-related attacks, now would be the time to start thinking about it! Maintaining your cyber hygiene is essential to mitigating an attack. Think of a plan and put it to practice! The Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) encourage individuals to be prepared for a cyberattack by practicing cyber hygiene.

Pulling from these materials, here are some habits that you can personally adopt that can help prepare for and even mitigate against a cyber incident:

• Install credible anti-virus and anti-malware software onto your devices that regularly scan and alert you of anything suspicious.
• Be mindful of your Wi-Fi connection. Your personal Wi-Fi that has a password is safer than non-secure, public Wi-Fi. For more information, read the Federal Trade Commission article Securing Your Wireless Network.
• ALWAYS be aware of your cyber surroundings. If an email seems out of place or an offer seems too good to be true, it usually is.
• Create strong passwords to help mitigate against cyberattacks.
• Report attacks to the FBI’s Internet Crime Complaint Center.

What to Look Out For

Cyber incidents are often tailored to accomplish varying outcomes based on the characteristics of the targeted group. For example, attempting to acquire insider trade information from a large bank requires different tactics than stealing an individual’s personal financial information.

The following list includes some of the most common cyber-attacks to be aware of:

• Phishing and Spear Phishing: This common tactic is employed through email. Here, the malicious actor can lure an individual into clicking on a link which looks legitimate but can grant them access to your device. You can avoid being a victim by double-checking links, and only contacting a person or business through the official and legitimate phone number or website.
• Drive By: Hackers use this by placing a USB drive in a strategic area, usually one with substantial foot traffic, in the hopes that it will be picked up, and out of curiosity, be placed it in a computer. This usually unleashes malware that uploads a damaging virus. Never use hardware with unknown origins.
• Denial-of-service (DoS) and distributed denial-of-service (DDoS): Unlike other forms of attack, DoS or DDoS provides minimum benefits to the malicious actor but provides mass disruption. When this attack occurs, a system is overwhelmed, and services are denied.
• Man-in-the-middle (MitM): Malicious actors can inject themselves between the user and server to communicate directly while hiding behind the system.
• Password: A user’s password is often a gateway to other personal identifiable information (PII). Passwords are often procured through unencrypted network access, open databases, social engineering ploy, or outright guessing. Creating strong passwords means using a combination of numbers, letters, symbols and not duplicating the same one for multiple accounts.
• SQL injection: This attack requires the malicious actor to inject a SQL query into a data-base driven website to read or modify sensitive data.
• Cross-site scripting (XSS): In this instance, the attacker might deploy cookies or malicious script into the user’s browser to extract information or conduct a hijacking session.
• Eavesdropping: In these instances, attackers intercept network traffic to obtain PII.
• Birthday: An attacker can manipulate the message digest (MD), replacing the user’s message with the attackers.
• Malware: This happens when the attacker places malicious software into the user’s system without consent. To protect yourself, remember to take basic precautions.

Attacks also very frequently target the workplace and larger businesses. These certainly look different than if an attacker is targeting just an individual. One of the more typical types of cyber-attacks on a larger group or organization is called a Denial of Service (or DoS) attack. Common DoS attacks are when websites of places like governmental bodies or banks are flooded with heavy traffic, preventing legitimate users from accessing information or communication. Usually from your end, these attacks appear as slow network connections. However, they are much more malicious than that. To learn more about DoS attacks, you can read CISA’s article on Understanding Denial-Of-Service Attacks.

⚠️ @CISAgov has seen a significant increase in #Emotet phishing emails since July. Read our joint Alert with MS-ISAC for more information. https://t.co/xR0O6sPpun#Phishing #Cybersecurity #Malware #Infosec pic.twitter.com/Si8xPdrLGq

— US-CERT (@USCERT_gov) October 6, 2020

@US-CERT alert via Twitter

Equipping yourself with more cyber knowledge gives you a huge advantage online. In today’s increasingly digital world, NCSAM is a time to reflect on our individual cybersecurity – remember to always stop and think before you connect.

Hagerty Can Help

Hagerty Consulting, Inc. (Hagerty) has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and Continuity of Operations (COOP). We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies amid the evolving COVID-19 pandemic response. To learn more about Hagerty’s cybersecurity service line, contact us or visit our cybersecurity microsite to utilize our free Cybersecurity Assessment Tool that will evaluate your current cyber capabilities.

Joely Bertram is an Associate in the Preparedness Division working out of Hagerty’s office in Washington, D.C. Joely has experience assisting with standard operating procedures, planning exercises, and cybersecurity policy. At Hagerty, she has also worked on research and analysis pertaining to proposals and comprehensive emergency management plans.

Ruth Anne Holiday is a Managing Associate at Hagerty, supporting both the Preparedness and Recovery Divisions. Ruth Anne was instrumental to Hagerty’s Long-Term Recovery Planning support for the City of Panama City, developing the City’s Unmet Needs Assessment which quantified Hurricane Michael’s impact on the community. Ruth Anne serves on the Situational and Status Blog Team, providing timely updates on major events and disasters impacting communities around the nation. Prior to Hagerty, Ruth Anne supported community-building preparedness initiatives and COOP activities, exercise and workshop development, and strategic recovery planning.