It's that time once again; it's NCSAM! No not National Campus Safety Awareness Month, that was last month, October is National Cybersecurity Awareness Month. Once again, a primary focus of this public safety campaign is helping as many people as possible understand basic practices that will help keep them, and by extension the people around them, safe online. Those basic security best practices are:
- Using strong and unique passwords
- Turning on multi-factor authentication
- Learning to recognize and report phishing attacks
- Keeping your software updated with the latest security patches
We've discussed all these things many times before, including during past NCSAMs, but that's because they are all essential practices for staying safe online. However, once you master those basics, you ought to start learning more ways to protect yourself. Thankfully, there is ample content available for free dedicated to teaching people how to stay safe online. (there is an entire month dedicated to the topic, after all) In fact, you can find a whole collection of cybersecurity advice here on the Lighthouse Hub and also on the National Cybersecurity Allicance's website. So, let's review a couple of those additional tips now.
How do you protect your privacy online?
While it can be fun to share what's going on in your life on social media, it also potentially gives cybercriminals an edge on you. It is important to carefully consider how information could be used against you before you publicly share it online, and even if you are sharing it in non-public channels, it is also important to consider how it could be leaked and what the potential consequences of a leak could be. It is a good idea to limit posts with personal details to be visible only to your friends and to block suspicious profiles from being able to see or interact with you. But, sometimes, data is collected on you regardless of whether you post it or not, as most service providers collect information on their users and what they do. Thankfully, they are also required to offer you privacy settings that you can edit to restrict how much they can collect your data. Double checking and adjusting privacy settings is especially important for apps on your phone, as those might request access to phone features such as the camera, microphone, location, and more.
How do you tell if your device has been infected with a virus?
While some malware is very upfront, such as ransomware, which explicitly makes itself known, others attempt to hide their presence on your devices in order to silently monitor and manipulate your activity. The number one thing to look out for is strange activity occurring on your device without your prompting or another reasonable cause, especially activities such as new applications being downloaded or emails being sent from your account without your knowledge. Other common indicators of malware infection are drops in performance, missing files, frequent errors, frequent pop-up windows, and crashes. If you suspect your device has been infected, you should run a full system scan immediately since the sooner you catch an infection, the sooner you can eradicate it.
Why and how do you report cybercrime?
The reason you report cybercrime is the same as why you report any crime, so professionals can work to assist the victims and hold the criminals accountable. While cybercrimes can often be more difficult to investigate than traditional ones, not even trying to catch cybercriminals will mean they have no reason to stop. Authorities put a lot of effort into stopping as much cybercrime as possible, but they need help, and individuals can provide that help by reporting crimes. If a cybercrime occurs in a work environment, then the first thing you should do is report it to the IT department so they can get to work mitigating damage and resolving the issue. Regardless of whether the crime occurs on a personal or professional level, it should be reported to law enforcement. Even local law enforcement agencies can help, some having their own dedicated cybercrime divisions or otherwise by referring cases to appropriate agencies. Spam, phishing, and other malicious emails should be reported to your email provider. Additional organizations you can report cybercrimes to include the Internet Crime Complaint Center, the Federal Trade Commission (which doesn't directly help resolve individual cybercrimes but maintains a database used by law enforcement for investigations), and local crime victim services in your area.