National Cybersecurity Awareness Month 2020
Garden State Cyber Threat Highlight
Informational Report
Original Release Date: 9/30/2020
This year has proven to be one for the history books. We have borne witness to a pandemic that has altered our daily lives for the foreseeable future. Technology has become a crucial crux - a necessity in our daily lives - which has allowed us to continue working, learning, and staying in touch with loved ones. Yet, through these tribulations, our bonds between families, friends, colleagues, and communities have grown stronger. We are in this together. As such, we each play a crucial role in strengthening our cyber resiliency to continue using these technologies in a secure way and prevent cyber incidents.
October brings the 17th iteration of National Cybersecurity Awareness Month (NCSAM), co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) with an overarching theme of “Do Your Part. #BeCyberSmart.” This theme is meant to empower individuals and organizations to own their role in protecting cyberspace, with an emphasis on the key message “If You Connect It, Protect It.” Collaborative cybersecurity efforts of both individuals and organizations exponentially amplify overall effectiveness. Below are some practical best practices we all can follow to enhance our cybersecurity and #BeCyberSmart.
Update and secure your devices. Vulnerabilities, whether old or new, are often exploited by cyber-criminals as an attack vector. Any device that connects to the internet should be considered vulnerable. Users are reminded to keep both hardware and software up to date, use anti-virus/anti-malware on all devices, keep all devices behind firewalls, and ensure home Wi-Fi routers are secured and configured properly.
Resources:
- NJCCIC’s Configuring & Securing a Home Wi-Fi Router
- NJCCIC’s Cybersecurity Instructional Guides
- CISA’s Wireless Related Guidance
- CISA’s 5 Steps to Protecting Your Digital Home
Protect yourself from phishing scams. The NJCCIC consistently highlights phishing campaigns that are targeting users on the Garden State Network (GSN). Threat actors often use social engineering by impersonating trusted businesses, well-known individuals, or current events in an attempt to deceive users into divulging sensitive information such as account credentials. Credentials are commonly referred to as the “keys to the kingdom,” and are coveted by threat actors for the access and opportunity they can provide. Below are some tips to avoid becoming a victim of phishing scams and protecting account credentials.
* Use caution when clicking on links, opening attachments, or enabling macros.
* Refrain from providing personal information, such as account credentials.
* Enable multi-factor authentication (MFA), also known as two-factor authentication (2FA), as an additional layer of protection on all accounts, where available.
* Contact the sender via a separate means of communication if you are unsure of an email’s legitimacy.
* Enable unique, complex passwords and change them periodically.
* Update passwords immediately following a data breach or potential compromise.
Resources:
- NJCCIC’s Enabling MFA
- NJCCIC’s Passwords, Passwords, Passwords
- NJCCIC’s Don’t Take the Bait! Phishing and Other Social Engineering Attacks
- NJCCIC’s Cybersecurity 101: Best Practices
Understand your digital footprint. Users are encouraged to evaluate the security and privacy settings of social media and similar accounts and make necessary adjustments. Additionally, users are advised to refrain from oversharing on social media platforms. Review the application’s security and privacy settings, and audit the requested app permissions, being careful not to provide access exceeding what is necessary for the app’s advertised function.
Resources:
- NJCCIC’s How Big is Your Footprint?
- NJCCIC’s Compromised PII: Facilitating Malicious Targeting and Fraudulent Activity
- NJCCIC’s Accessing Instagram’s Security & Privacy Settings
- NJCCIC’s Accessing Twitter’s Security & Privacy Settings
- NJCCIC’s Accessing Facebook’s Security & Privacy Settings
- CISA’s Social Media Cybersecurity
Educate yourself and others. Maintaining awareness of the current cyber threat landscape can help prevent victimization. Cyber threats are constantly changing and evolving to become more effective in their attempts to trick users and target systems. Review educational resources and partake in training to enhance cyber resilience.
Resources:
- NJCCIC’s Tips for Teleworkers, Remote Access Security
- NJCCIC’s Navigating New Challenges This Academic School Year
- CISA’s Telework Guidance and Resources
If everyone does their part by implementing stronger security practices, raising community awareness, and educating and training vulnerable audiences, our interconnected world will be safer and more resilient for everyone.
#BeCyberSmart and stay connected to the NJCCIC for more information and resources on best practices, digital privacy, and current cyber threats throughout the month of October and year round.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.