Making cybersecurity a priority in October

Though Caribbean countries might not yet observe October as Cyber Security Awareness Month, this article briefly highlights key threat trends, along with some tips that individuals and businesses can adopt to become safer online.

Increasingly, the month of October is being observed as Cyber Security Awareness Month worldwide. Launched in the United States in 2004, objectives of this observation is to heighten awareness among private and public sector partners, along with the international community about cyber threats, and share tips and best practices.

Over the past several months there have been few public reports of major breaches occurring in the Caribbean. However this does not mean that they have not been occurring, but rather they are not making it into the public domain. High profile breaches are still occurring internationally, the most recent of which were JP Morgan Chase, where 76 million homes and 7 million businesses affected; and Home Depot, where as many as 56 million accounts were reportedly at risk.

Threats and trends

According to the Security Threat Report 2014, published by Sophos, some of the sacred cows of the computing world, such as Apple’s Operating System (OS), and servers that run Linux OS, which generally are perceived to be safer than other OSs, are increasingly being subject to a broad range of threats. Furthermore, malware, botnet and the other popular threats, have all showed signs that they are evolving, becoming more sophisticated, more resilient, and more camouflaged (Source: Sophos). Essentially, consumers will be challenged to detect and address threats, but to have any measurable success requires consistent awareness and vigilance, which underscores the benefit of a Cyber Security Awareness Month.

The Caribbean’s response

Across the region, many countries are seeking to establish Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Team (CSIRT), which when operational, could be useful in heightening and improving local capacity and capabilities in cybersecurity. In the private sector space, firms like the Caribbean Cyber Security Center (CCSC), have been partnering with governments across the region, especially with regard to increasing child safety online. According to CCSC co-founder, Deon Olton:

The Internet of today and ICT create access to a trove of possibilities and benefits from which individuals and companies grow, develop and derive commercial gains. However, this connectivity brings with it the possibility of increased risk of theft, fraud, and abuse of personal, company and government data and resources. That is why it’s important that all stakeholders from the guy on the street, the CEOs and Prime Ministers make cyber security a priority and by extension it will be a national priority.

The responsibility to be cyber safe requires input from local governments, private sector industry partners, business, education, and civic society. The Caribbean Cyber Security Center, (CCSC), through our efforts and with the assistance of our partners continue to improve our cyber security awareness campaigns, workshops, writings and publishing articles and community outreach.

This October 2014, the Global Cyber Security Awareness Month, we have cause for much celebration as this year marks the first anniversary of the launch of our own Child Online protection Campaign – “ThinkClickSurf” which is now present in at least five Caribbean islands…

Cybersecurity tips to adopt during October

Though cybersecurity should be a year round activity, in this Cyber Security Awareness Month here are some tips – many of which we have shared before – to keep your devices, and your personal information stored online, safer:

  • Passwords.  Use strong passcodes to lock your devices and for your web accounts. Those passwords should be long – at least 8 characters – and a combination of upper and lower case letters, numbers and symbols. Also, where available consider opting in for the two-stage process, which offers and extra layer of protection.
  • Software.  Keep software applications (apps) you have downloaded onto your devices up to date. This will include, the OS, all of the apps, especially whatever security product you have installed. In addition to patching glitches in an app that might affect its stability or performance, these updates sometimes include security fixes as well; hence it is prudent to all software current.
  • Risk assessment.  Finally, although recommended for both individuals and businesses, this point is especially pertinent to the latter. In a survey of small businesses conducted in the United States, 66% of respondents indicated that their business is dependent on the Internet for its day-to-day operations (Source: StaySafeOnline.org). Similar results are likely in the Caribbean. Recognising the importance of the Internet to the work place, it is recommended that businesses use the month of October as the opportunity to assess their risk the cyber threats, and begin to implement measures. While it might be necessary to secure expert assistance, there are initiatives that can be implemented at minimal cost to the organisation:
    • conducting an audit of all devices (computers, tablets, phones, etc.) and software to determine, among other things, whether they are fully operational and whether all applications are up to date
    • investing in, for all office devices, and running regularly, antivirus and network security software, and again ensuring that they are up to date
    • preparing formal written policies on Internet security, privacy, bring you own devices, and the use of social media in the workplace
    • providing Internet safety training to staff members.

 

Image credit:  Free Press Pics (flickr)

_________