In case you have not heard, October is Cybersecurity Awareness Month. Cybersecurity is an important topic in technology and a part of our everyday lives even if we do not realize it. In general, cybersecurity includes the protection of devices and data from unauthorized access. Attacks may target devices, accounts or personal data, and are typically introduced through email attachments or links, software executables, or corrupted images and links on websites.
One of the biggest mistakes people make is assuming they do not have anything of value to lose. Unfortunately, our personal data and information is valuable in the wrong hands. Credit card numbers, social security numbers, medical records, and user names and passwords, can all be used against us or sold to third parties for profit.
As a result, it is important to be aware of what cybersecurity is, best practices for protecting your private data, and also be aware of current security threats.
Cybersecurity Awareness Month & Security Round Up
Cybersecurity Awareness Month
This year, the National Initiative for Cybersecurity Careers and Studies, or NICCS, published a comprehensive set of cybersecurity checklists covering 3 different categories:
- Own IT which includes these topics: traveling tips, online privacy, social media and the Internet of things.
- Security IT which includes these topics: strong passwords, MFA or multi-factor authentication, work secure, phishing, and e-commerce.
- Protect IT which includes these topics: social media bots, be secure, theft and scams, and your digital home.
Each topic links to an easy to print, save or distribute .pdf file of information related to that specific topic. These topics are full of valuable information about each topic and provide brief explanations of what it is, how it works, and why it makes sense to use it. These documents are also easy to share with employees, or between friends and family to increase awareness and privacy protection.
Security Round Up
Below are some recent security breaches and attacks that may have affected you.
According to DoorDash, if you signed up for an account prior to April 5, 2018, your data may be at risk due to a security breach that occurred in May 2019. In that breach, the data of nearly 4.9 million customers, delivery workers and restaurants was accessed. A third-party is being blamed for the breach, but the exposure of profile information remains the same - names, email addresses, order history, phone numbers and licenses of drivers were shared with unauthorized users.
Moving Forward: If you have been affected, you will be contacted directly. If you prefer not to wait to find out, you can call 855-646-4683 to inquire about the status of your information. Additionally, this is a good time to change your password making sure to create a user account and password combination unique only to this account.
Also, be cautious of emails about this breach claiming to be from DoorDash as they might be a hoax. When data breaches occur, hackers often capitalize on them by sending phishing emails with infected links, etc., pretending to be customer service in hopes of gaining access to your private information. This is another reason why it is always important to use caution opening emails, clicking links and giving away info. When in doubt, contact the company directly.
Zynga (Words with Friends)
Words with Friends, a game published by Zynga, suffered a recent data breach that exposed more than 200 million player accounts. The information leaked includes names, email addresses, login IDs and more. Accounts included users on both Andoid and iOS platforms.
Moving Forward: This is another example of an account where now is a good time to change your password. Keep in mind, it is increasingly important to use unique user credentials with each account. Having unique credentials has become more challenging. Nearly every app, internet website, software and device wants a user id and password. If you find yourself struggling to keep strong and unique credentials for each account, consider using a software password manager.
Unfortunately, the prevalence of ransomware has only continued to grow. Below are just a few of the larger organizations that have been hit in the last few weeks.
- Alabama - Three hospitals in Alabama paid a ransomware demand after an attack that occurred on October 1. Some data is being recovered from backups while other system components are being restored by using the decryption key obtained from paying the ransom. Keep in mind, even those who pay do not always receive the decryption key and even when they do get the key, they do not always work.
- Canada - Two hospitals in Ontario suffered a ransomware attack and were forced to offer only limited services as a result. While emergency rooms stayed open, many other services were unavailable and this is expected to last a number of days.
- Australia - Seven Victorian hospitals in Australia were hit with ransomware. In an attempt to prevent the infection from spreading, they disconnected from the internet. While this prevents the issue from spreading, this precautionary measure has caused other issues as many patient records and financial systems have been unavailable while patient scheduling has also been interrupted.
Moving Forward: One of the main reasons ransomware continues to thrive is simple: businesses continue to pay. If a victim does not have a solid backup plan, they feel powerless and often pay the ransom. Hospitals are frequently targets because they have a large amount of private information on a great number of patients. Also, hospital operations are often critical and even the slightest interruption can cause missed surgeries, an inability to access patient records or treat patients. All of this makes them a target that is more likely to pay and get back to normal operations more quickly.
It is important to note, a solid backup plan, with retention and a recovery process that has been tested, can prevent a business from needing to pay the ransom. If your data is intact, you have a plan in place to deal with an attack and you have tested your plan, you can recover from a Ransomware infection. There are businesses who have refused to pay and were able to recover in a reasonable amount of time.
In honor of national cybersecurity awareness month, please take a few minutes to visit the cybersecurity checklist landing page, open a few of the links, read up on a topic you don't know much about and share the information with anyone you think may benefit from the information. One of our best defenses is to be aware, stay diligent and protect those we know.
Threats often come from those we are connected to, in contact with, friends with, or work with, because our information can be tied up with theirs just as their information can be with us. The more people you know, the more they can be a potential risk. This means sharing security information with others can ultimately protect your information as well. Lastly, our best defense against ransomware is to refuse to pay! Have a backup plan in place, check it regularly, and make a plan for the what-ifs that sometimes happen.
As always, awareness goes a long way towards data protection and privacy!