October is CyberSafety Awareness Month, and we’re pleased to invite our friends from the Center for Cyber Safety and Education to share these tips to protect our nonprofit organizations and professionals from online threats.
We can all be thankful for our hardworking and vigilant cybersecurity professionals worldwide working tirelessly and often thanklessly for keeping our critical infrastructure like our water sector consisting of drinking water and wastewater systems, electric grid and other key resources safe. This isn’t an easy job and unfortunately, the other guys are working just as hard to cause harm.
One of the biggest fears in cybersecurity came to fruition recently when a water system in Oldsmar, Fla., was breached by hackers seemingly looking to poison the public’s water supply with dangerous levels of lye via the plant’s remote access software meant for management and IT to utilize. For anyone in the cybersecurity field, industrial control system breaches are a very real fear that is not seen very often but could have dire consequences if not caught and remediated quickly. Thankfully, in this situation, it was caught by alert operators, and the water levels were corrected before any harm to the public was done.
While these very real possibilities are frightening, we have to remember to slow down, use caution, and do the best we can when facing technology and the internet. While we do not know all the particulars on this specific breach, it’s an opportunity to review a few of the basics when it comes to protecting yourself, your family, and even your employer from malicious criminal activity.
Think Before You Click. While this sounds like a no-brainer, studies have shown that as high as 90 percent of breaches are the result of human error. I know we all get in a rush, flustered and excited sometimes so we just need to remember to take a few seconds when you see links especially in emails and really consider if what you are looking at is legitimate before you move forward. Malware campaigns are running rampant with CDC, WHO, and other organization impersonations due to COVID-19. Be vigilant and remember cyber criminals are playing on your fears. If in question, go directly to the organization’s website instead of clicking on links.
Connect to a secure network. Make sure you are using a company-issued Virtual Private Network (VPN) to access work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Do not connect and conduct business on public Wi-Fi unless you are using a VPN. This goes for personal accounts as well. Don’t conduct personal business, including banking and shopping, on open public Wi-Fi.
Be sure to use only company-issued communication and storage solutions for all work correspondence and file management. This means, without exception, emails should be sent via your work email account, business chats and video calls made on your company-issued communication accounts /approved software and files stored in the proper place according to your employer’s policies. This is vital to ensure your IT team can protect the infrastructure as best as possible.
Lock Down Your Login. Create long and unique passphrases for all accounts (and change them ever 60-90 days) and use multi-factor authentication (MFA) wherever possible. Many of your accounts you access online offer this option and all you have to do is turn it on. MFA essentially fortifies these accounts by enabling strong authentication tools that are difficult to hack such as biometrics or unique, one-time passcodes sent to your cell phone. It’s easy to set up and why not have that extra protection if you can?