As Cyber Security Awareness Month draws to a close, we thought we would take some time to reflect on the past month.
There were hard times over the past 31 days, with major cyber attacks felt in the legal sector (Seyfarth Shaw), pharma (Dr. Reddy Laboratories), steel (Stelco), software (Software AG), health sector (Dickinson County Health, co-ordinated Ryuk attacks), government (Georgia and Louisiana), and dozens of others. But there were a few success stories against cyber criminals too, with Microsoft and partners putting a significant dent in the TrickBot malware operations ring, and charges laid against more members of an international money laundering ring connected with TrickBot.
ISA Reflections
The team at ISA has had a busy cyber security awareness month. In addition to our weekly cybernews bulletins, and steady flow of informative, timely information and thought leadership in the cybersecurity world, we engaged with new and familiar faces at “IDC Connections 2020: Future Enterprise Strategies”, IBM’s Think Summit Canada and MISA Ontario Infosec virtual conferences.
We’ve been active in the community as well: in partnership with Tenable, we donated and delivered 125 lunches and reusable masks to The Hospital for Sick Children, North York General Hospital, and Greater Niagara General Hospital in southern Ontario. We’re proud to do our small part in thanking the frontline healthcare workers for keeping our community safe and the IT security teams for protecting hospital operations and systems from constant cyber threats.
Has “awareness month” achieved its goal of raising the profile of cybersecurity and preparedness in your home, and at your company? This is a good time to reflect on how the steps your organization has taken to help defend against cybersecurity threats, using the resources available online. As you’ll recall, there were five weekly themes recognized through October in the GetCyberSafe program:
Week 1: Taking Stock
91% of Canadians over the age of 14 use the Internet, with 73 percent spending at least 3 to 4 hours online per day. Our “smart” homes can have dozens of devices connected to the Internet. Many of us have downloaded hundreds of apps, and may have fragments of personal information floating with companies we haven’t dealt with in years. Have you taken the opportunity to inventory all of your equipment? Have you taken steps to patch and protect your devices, securely recycle unwanted equipment, and delete unused apps and accounts?
Week 2: Phone Week
89% of Canadians own a smartphone, often more than one. A Global Web Index report on consumer behaviour in June 2020 suggested Canadians were spending 40% more time on their mobile phones, while Americans were spending 45% more time during the pandemic. Cyber criminals recognize this, and phishing and SMShing (phishing by text) attacks have increased significantly over the course of the last several months. In October 2020, Statistics Canada reported that 42% of Canadians surveyed have experienced some kind of cyber attack during the pandemic. Have you provided awareness training to your staff and your families to help them avoid the dangers of clicking on a fake link or responding to a fraudulent SMS message? Our articles on smartphone cyber hygiene and phone-based social engineering can help if you’re not confident.
Week 3: Computer Week
The theme of the third week of cyber security awareness month revolved around protecting your computer from online threats. Is your Mac on OS Version 10.15.7 or later? Did you apply Microsoft’s monthly patches to your Windows PC or laptop in October 2020? How about the surprise patches that came out just a week after the monthly patch announcement? Computer hygiene isn’t a “one and done” exercise.
Did you reflect on your computer passcodes and multi-factor authentication for your computer? Our article on passwords can help, but if you haven’t considered at least two-factor authentication, look into it. It’s one of the most straightforward, yet powerful ways of defending yourself against attack from internal or external sources.
Week 4: Network Week
With many people working and staying home, dealing with the ever-present threat of poor cybersecurity at the local coffee shop has taken a back seat to ensuring that home networks and Wi-Fi services are secure. If you didn’t confirm that your Internet access at home – for work and personal use – is locked down, review the GetCyberSafe articles on setting up and securing Wi-Fi networks, and using Wi-Fi safely.
Week 5: Smart Device Week
A 2019 Deloitte survey suggested that U.S. households have an average of 11 Internet-connected devices. That average has surely increased as the more and more devices are being equipped with online capabilities, and more people are staying/working at home. Have you reflected on how many devices in your home are talking to the outside world? Our article on smart home devices can help you understand, assess, and protect yourself.
We hope that you’ve been able to raise cyber awareness in your personal and professional life, and that you keep up the momentum year-round. While October is a special time to remind everyone about the importance of cybersecurity, the criminals never rest. Use the lessons and resources you’ve seen this month to stay cyber ready 365 days a year.
If you have questions or comments, contact us anytime.