October is National Cyber Security Awareness Month (NCSAM), and one of the prongs in the three-part theme is for all computer users to “Own IT.” This means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber practices.
It is all too easy simply to click the wrong link, share the wrong thing on social media, or download the wrong app. One of the biggest risks today is ransomware, a type of malware that can lock a user or even an organization out of a computer or network. Cities such as Atlanta and Baltimore have suffered from ransomware attacks that resulted in millions of dollars in recovery costs.
The insidious ransomware threat is getting worse. The global damage from ransomware could cost US$11.5 billion this year, according to data from cybersecurity researchers at KnowBe4. The average ransom payment increased by 184 percent, while the average downtime for organizations was 9.6 days!
“The threat of ransomware continues to grow,” warned Kelvin Coleman, executive director of the National Cyber Security Alliance.
“For the average consumer, phishing — when someone poses as a legitimate entity to try to access your data — also remains a big problem,” he told TechNewsWorld. “As the Internet of Things expands, this will also expose more of our data through the sheer number of interconnected devices we own.”
Too Much Information
Many consumers already do a good job of securing their desktop and laptop PCs with antivirus software and are wary of unsolicited emails, but they may fail to realize that the same precautions need to be in place on mobile devices. The problem is likely to get worse as the world becomes ever more connected.
“The chief issue is that technology’s deployment vastly outpaces our ability to anticipate awkward consequences of its use,” explained Jim Purtilo, associate professor in the University of Maryland’s computer science department.
“Without an overarching legal and social framework to define what protections people ought to enjoy, then eager consumers — the early adopters who get new services and products off the ground — end up being the early casualties,” he told TechNewsWorld.
“We learn the unintended consequences of some new technology only once people become victims, often bringing others with them,” added Purtilo.
Another problem is that people tend to share too much on social media, which can include posting vacation photos in real time — telling would-be thieves that your house is empty and ripe for the picking! Combine this with the personal information that is shared, and it can make it easier for high-tech thieves to guess passwords as well.
Users need to limit what they’re sharing and do a better job of protecting sensitive data and information. This is where “Own IT” comes into play.
“The takeaway point is that cybersecurity is more than just building high castle walls around select financial data,” said Purtilo.
Consumers should be vigilant about privacy and know how their data is collected and used.
“There are some easy steps that consumers and businesses can take to help safeguard their data, such as using long and strong passwords or passphrases, updating software regularly, and implementing multifactor authentication,” said NCSA’s Coleman.
Failure to do so can have lasting effects that go beyond lost data.
“Most folks do not know what to do when they experience an account takeover attack or identity theft,” noted Justin Fox, director of DevOps engineering at NuData Security, a Mastercard company.
“Often they just reset their password to the service that was fraudulently taken over — this is not enough,” he told TechNewsWorld.
“When you are a victim of identity theft or fraud, it is important to construct a plan to recover your identity and protect yourself from additional fraud,” Fox added.
“A step that I would encourage folks to consider is placing a fraud alert through a credit bureau,” he suggested. “A fraud alert is free and will make it harder for someone to open certain accounts in your name, such as credit applications, as they have to take additional verification steps.”
Check Privacy Settings
One of the key points of owning IT is to keep privacy settings up-to-date. Too often social media companies, software vendors, and other online entities have the default settings that favor them and not the consumer. Therefore it is a good idea to check the settings before starting to use a new application.
Caution is also advisable when a new application is loaded onto a PC, tablet or mobile phone to ensure that malware isn’t hitching a ride.
“As far as keeping tabs on their apps, people should ensure that they are using software and services that scan their devices for malicious apps,” said Ralph Russo, director of the School of Professional Advancement Information Technology Program at Tulane University.
“For example, people using Google Android devices should make sure the Play Store app scanner is on and functioning, and people using Microsoft Windows should, at the least, use built-in Windows Security,” he told TechNewsWorld.
It is also important that users install apps and other software only from reputable sources, and from the mobile device operating system official app store.
“Sideloading apps, or installing from other than the official store, can get you free software and a little more — hidden malicious software, as the free app acts as a Trojan horse,” warned Russo.
“Privacy settings in social media should be set to only allow the minimum number of people to see personal data, photos and messages that users are comfortable with — e.g. ‘friends only,’ ‘friends of friends,'” added Russo. “Never set a privacy setting to ‘public’ without a specific considered reason for doing so.”
Own IT on Social Media
It is easy to share way too much on social media. One factor is that the concept of “friends” suggests those that have connections with you are in fact your friends, even when you’ve never met them or had any prior contact.
A worrisome aspect of social media it can be just as easy for individuals to be socially engineered as friended!
Also of concern is that while online, people tend to share information with the masses that they probably would only whisper to a close friend or colleague in a face-to-face situation.
“While social media has become a primary method of communication in our society, users should proceed from the perspective that anything they say or post can eventually, if not immediately, be public,” Russo pointed out.
“Unfortunately, many people approach posting as if it is for their friend’s eyes only — but social media sharing and re-posting can quickly widen the audience to a level the poster did not count on, he said.
Therefore, when using social media one should refrain as much as possible from divulging or displaying personal information that could be used in any nefarious wary.
That could include birth dates, specific and detailed information about upcoming events or plans, or personal information such as the layout of a business or house, said Russo. “Think from the perspective of what a malicious actor would do with the information you’ve posted.”