Common Sense Tips for Protecting Yourself and Your Information
Cybersecurity is a shared responsibility and it is vitally important to be mindful we are all targets and that no one is “under the radar”. The Texas A&M System and its members encourage you to STOP.THINK.CONNECT.
Texas A&M has put together a simple set of ideas for you to stay safe and to protect yourself on-line. It’s really easy and you only need to remember these six steps:
STEP ONE—Make Sure Your Computer Has Security Software and that it’s Up-To-Date . In most cases, your operating system (usually Microsoft windows or Apple OS X) will have its own security software. MAKE SURE IT IS ENABLED AND UP TO DATE. The bad guys love to take advantage of old security software.
STEP TWO—Don’t Download Unfamiliar Software Off The Internet! Many downloads that sound great–music services, editing programs, even security software are BAD FOR YOUR COMPUTER AND BAD FOR YOUR CREDIT CARD!
STEP THREE—Beware of Clicking on Random Links! Usually, your security software will protect you against harmful links, BUT NOT ALWAYS. ONLY CLICK ON LINKS YOU’RE SURE ABOUT. If it looks like a strange link that doesn’t go with the subject of the e-mail or with the text on the page, don’t click on it.
STEP FOUR—Change Your Password Frequently and NEVER Share Passwords! Your friends won’t treat it as carefully as you would. IF YOU DO GIVE OUT YOUR PASSWORD, MAKE SURE YOU CHANGE IT AFTERWARDS. WE NEVER RECOMMEND SHARING PASSWORDS.
STEP FIVE—Always Log Off Or Restart When You’ve Finished! Leaving your computer on and connected to the Internet is like leaving your door unlocked. Plus, re-starting allows your security system to install crucial updates to guard against the latest viruses, spyware and malware. And remember—NEVER LEAVE A UNIVERSITY COMPUTER RUNNING WHEN YOU’RE FINISHED! ALWAYS LOG OFF!
STEP SIX—Backup Your Data! Don’t just back up your data and documents occasionally. The best way to back up data is on a separate drive or in the cloud. That way, if your hard drive crashes–and you should assume that one day it probably will—YOU WON’T LOSE EVERYTHING YOU’VE WORKED FOR.
If you have any questions regarding security or see something suspicious, contact your local Information Security Officer. They can be found on the main page of your University or member’s website.
- Internet Storm Center
- Department of Homeland Security
- Internet Crime Complaint Center
- Texas A&M IT Security Site
- NCSAM Resource Kit
As security leaders gain increasing responsibility for cybersecurity, Security columnist Steven Chabinsky – global chair of the Data, Privacy and Cyber Security practice at White & Case LLP, an international law firm, and former Deputy Assistant Director of the FBI’s Cyber Division – guides enterprise security executives through cybersecurity standards, frameworks, risks and management techniques.
It’s been nearly two years since we addressed cyber insurance in the Cyber Tactics column, so I decided to get an update from Bob Parisi, Managing Director at Marsh.
Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs? Enter the NIST Framework category titled Mitigation.
Albert Einstein once observed, “Not everything that can be counted counts, and not everything that counts can be counted.”
Cybersecurity is out of control. Literally.
A significant part of incident response involves communication.
We find ourselves in the middle of football season as we tackle the NIST Cybersecurity Framework’s “Respond” function.
It takes months for most computer intrusion victims to learn they were breached. Unfortunately, the hackers get busy much sooner, often stealing data within days if not minutes.
To quote Shakespeare, “What’s in a name?”
This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework.
Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”
When students and staff at the Coast Guard Academy needed their laptops and mobile phones repaired, they called Larry Mathews. For over a decade, Mathews owned the local computer repair shop. Then he pleaded guilty to computer intrusion.
Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.
Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.
The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it?
As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.
Starting last August, we began the current series of articles to provide our readers with a deep dive into the NIST Framework and its approach to Identify, Protect, Detect, Respond to and Recover from cybersecurity incidents.
Privacy considerations are rising in business significance, and not simply as a matter of data breach liability.
Placed within the Identify function of the NIST Cybersecurity Framework is a category called Risk Assessment.
Good governance should translate into your organization having high confidence that these four principles hold true.
This is the second in a recurring series that explores the cybersecurity principles and best practices found within the National Institute of Standards & Technology Cybersecurity Framework. You may recall from last month’s column that NIST organizes cybersecurity risk management into five high-level functions: Identify, Protect, Detect, Respond and Recover.
This is the first in a recurring series that explores the functions, categories and subcategories of the National Institute of Standards & Technology (NIST) cybersecurity framework.
Mention cybersecurity and immediate thoughts turn to technical controls such as firewalls, endpoint detection and patching systems. While these and other technical controls certainly are necessary, they must work in tandem with administrative and physical controls in order to form a mature risk mitigation program. This month, we will explore some of the physical aspects of cyber risk management, which inherently relies upon on-site security personnel and employee training for proper execution.
This month’s column takes over where we left off in April, bringing to a close our Top 10 list of widely held cybersecurity myths. This month’s list should prove no less provocative.
We have been following the same cybersecurity approach, more or less, for over a decade. Yet, most everyone agrees that the problem continues to grow worse. Perhaps we are not on the right course. Maybe we are operating on false assumptions. The following list (to be continued in next month’s column) is meant to promote a dialogue about what, in my view, are widely held cybersecurity myths.
Consider the irony of withholding threat and vulnerability information in the name of national security that, if properly disseminated, would do more to help our national security.
I recently interviewed Marc Goodman, founder of the Future Crimes Institute and author of the recently published book “Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It.” In his book, Goodman sets forth with great precision the frightening extent to which current and emerging technologies are harming national and corporate security, putting people’s lives at risk, eroding privacy, and even altering our perceptions of reality.
Congress has proposed dozens of bills related to cybersecurity topics over the last decade, all of which went nowhere. That is, until recently.
Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availability of your company’s most essential data, systems and services.
Traditional network security risk management techniques are often inadequate to meet the specialized needs of enterprises' control systems. The good news is that a host of free resources exists to cover this important field of security, risk management, compliance and operational continuity.