Technology & IT Procurement Pulse Blog It’s Monday morning and you have just arrived at work…congratulations! You stroll in with sleep still in your eye as you overhear your coworkers reminisce about their excellent weekends. You grab your Monday-sized cup of coffee and proceed to your desk, where everything seems just as you left it the Friday before. Sitting down, you take a big gulp of coffee and flip on your computer. “NOT AGAIN!” you cry, shaking your fist in the air. As you shake out the frustration, you turn your attention back to your laptop, which is prompting you to “Please enter a new password.” Begrudgingly, you attempt to reset your password, as something you will remember but “haven’t used in the past 60 days.” Sound familiar? With so many digital platforms in today’s world, how are you supposed to keep up with all the information!? There’s a password for email, one for the Amazon, bank accounts, Facebook…the list goes on and on.
Frustrating? Perhaps. Necessary? Absolutely. But why? Cybersecurity!
Safeguards (such as passwords) are put into place to protect your data, and those whose data resides within your system. We all remember hearing about the infamous Equifax data security breach toward the end of 2017. Equifax experienced a massive cybersecurity breach in which cyber thieves stole approximately 147.9 million Americans’ private information. That’s nearly half the U.S. population…. that’s (probably) you! Your Personally Identifiable Information, or PII, is the information that can be used to identify, contact, or locate you. Data such as your name, social security number, date of birth, driver’s license, and address may have been swiftly taken, unbeknownst to you. What can these ‘cyber thieves’ do with that information, you may be wondering? Well, they could sell your information to the highest bidder, possibly open bank accounts or credit cards, purchase a home or take out a car loan in your name, file taxes, even claim your kids as dependents. You may think – that’s scary, but cybersecurity is such a big issue, and there’s nothing I can do about it. Wrong! This post aims to bolster your confidence and awareness of cybersecurity for 2018. We will give you some handy suggestions that can help save you time and hassle both professionally and personally. And, if you read this entire post to the end, I promise to give you my secret recipe for creating and remembering a great password!
Now, where were we? Ah yes, the “cybersecurity is such a big issue, and there’s nothing I can do about it” retort. I’m here to tell you—that’s just not true. An analogy I find to be helpful is to look at data security like a boxing match. “And in this corner,” the announcer shouts, “we have top-of-the-line tech, firmware, encryption, and antivirus software!” “And in this corner, we have Mr. Human Error Eddy!” The picture we’re painting here is, it doesn’t matter what antivirus software you have in place, or how many employees are on the IT staff; all it takes is one click, one punch from Eddy, and your system is knocked out, leaving your data at risk of a major security breach. According to the New York Times, the former Equifax CEO said the breach occurred because there was ONE employee who forgot to report a piece of software that needed patching. So, theoretically, one person could have avoided the loss of 145 million Americans private information! Perhaps. The point is, educating staff and fellow employees is just as valuable as downloading the latest update to your computer, or constantly changing your password.
Alright, so we know there are steps you can take toward having a safer cyber 2018, but what are they? In 2016, NASPO’s Emerging Issues Committee formed a work group to tackle the topic of cyber liability insurance. The work group collected samples of state insurance policies and other documents, and ultimately produced the “Cyber Liability Insurance 101” research brief. In it, you will learn about the various types of cyber liability insurance, what they cover, and why you may need them. Along with the general information on cyber liability, the brief proffers five suggestions to help prevent a cyber breach.
Invest in proper cybersecurity
Invest money, time, and resources in the right cybersecurity software, encryption devices, and firewalls
Make regular updates to your security software, educating staff on the importance of these updates
Educate staff about phishing
Know the signs when faced with a phishing email
Look to employees who hold different security certifications to help advocate good habits
Take the time to talk with your CIO or CISO about issues or concerns you may have surrounding cyber security.
Take initiative to look at the abundance of resources online, like this one, that can steer you in the right direction.
Create a “security awareness culture”
Don’t stigmatize mistakes -people won’t tell you they messed up if they fear harsh repercussion
Encourage staff to be on the lookout for cyber attacks
Report anything suspicious
Know the response plan
Have a response plan in place in case a data breach occurs
Review the plan annually, making sure everyone has a basic understanding of what to do, and who to contact.
Emphasize Password and authentication security
Encourage employees to use complicated passwords, and to change passwords every 30 days
Limit access to personal and/or sensitive data to necessary personnel only
Following these suggestions can prevent and/or greatly mitigate cyber breach risk. Now, if you’ve made it this far, you’re probably looking for my secret recipe on coming up with and remembering a great password. As promised, here it is: think of a phrase or quotation, something you can remember, like: “A chain is only as strong as its weakest link” for example. Got it? Now add some numbers, like your mother’s birthday, that is also easily remembered. Now take the first letter from each word in that phrase, add the numbers, and you’ve got a strong and memorable password. You can even spice it up by interchanging upper and lowercase letters.
So, what do we know? We know that a password, however daunting, is extremely important. It is the first line of defense between your information, and those nasty cyber crooks. We also know that there are several things you can do to mitigate cybersecurity risk in both your home, and work life. Through following our tips, and garnering more knowledge on this subject, you and your peers can help to prevent future data breaches from occurring. Possessing the know-how to spot a phishing email can be the difference between another Monday morning at the office, and a nationwide scandal.