Common Sense Tips for Protecting Yourself and Your Information
Cybersecurity is a shared responsibility and it is vitally important to be mindful we are all targets and that no one is “under the radar”. The Texas A&M System and its members encourage you to STOP.THINK.CONNECT.
Texas A&M has put together a simple set of ideas for you to stay safe and to protect yourself on-line. It’s really easy and you only need to remember these six steps:
STEP ONE—Make Sure Your Computer Has Security Software and that it’s Up-To-Date . In most cases, your operating system (usually Microsoft windows or Apple OS X) will have its own security software. MAKE SURE IT IS ENABLED AND UP TO DATE. The bad guys love to take advantage of old security software.
STEP TWO—Don’t Download Unfamiliar Software Off The Internet! Many downloads that sound great–music services, editing programs, even security software are BAD FOR YOUR COMPUTER AND BAD FOR YOUR CREDIT CARD!
STEP THREE—Beware of Clicking on Random Links! Usually, your security software will protect you against harmful links, BUT NOT ALWAYS. ONLY CLICK ON LINKS YOU’RE SURE ABOUT. If it looks like a strange link that doesn’t go with the subject of the e-mail or with the text on the page, don’t click on it.
STEP FOUR—Change Your Password Frequently and NEVER Share Passwords! Your friends won’t treat it as carefully as you would. IF YOU DO GIVE OUT YOUR PASSWORD, MAKE SURE YOU CHANGE IT AFTERWARDS. WE NEVER RECOMMEND SHARING PASSWORDS.
STEP FIVE—Always Log Off Or Restart When You’ve Finished! Leaving your computer on and connected to the Internet is like leaving your door unlocked. Plus, re-starting allows your security system to install crucial updates to guard against the latest viruses, spyware and malware. And remember—NEVER LEAVE A COMPUTER RUNNING WHEN YOU’RE FINISHED! ALWAYS LOG OFF!
STEP SIX—Backup Your Data! Don’t just back up your data and documents occasionally. The best way to back up data is on a separate drive or in the cloud. That way, if your hard drive crashes–and you should assume that one day it probably will—YOU WON’T LOSE EVERYTHING YOU’VE WORKED FOR.
If you have any questions regarding security or see something suspicious, contact your local Information Security Officer. They can be found on the main page of your University or member’s website.
Other good resources for on-line security and awareness:
- Internet Storm Center
- #StopThinkConnect
- Department of Homeland Security
- Infragard
- Internet Crime Complaint Center
- SecurityWatch
- staysafeonline.org
- Texas A&M IT Security Site
- SANS
- NCSAM Resource Kit
Cyber Tactics
As security leaders gain increasing responsibility for cybersecurity, Security columnist Steven Chabinsky – global chair of the Data, Privacy and Cyber Security practice at White & Case LLP, an international law firm, and former Deputy Assistant Director of the FBI’s Cyber Division – guides enterprise security executives through cybersecurity standards, frameworks, risks and management techniques.
After a data breach, regulators strive to evaluate if an enterprise fulfilled "reasonable" cybersecurity standards… without defining what "reasonable" looks like.
When NIST recently updated its Cybersecurity Framework, it added only one new core category: Supply Chain Risk Management (SCRM). Placed within the Framework’s “Identify” function, SCRM encompasses, but typically extends beyond, traditional vendor management approaches. That’s because the supply chain typically extends beyond suppliers to include other external parties, such as integrators and even third-party communications providers.
Successfully resolving a major cyber incident takes more than shutting down the hackers.
The NIST Cybersecurity Frame-work focuses twice on the concept of improvement, doing so within both the Respond and the Recover functions.
Paul McCartney wrote “The Long and Winding Road” while the Beatles were in the throes of dissent and months away from breaking up. Listening now to the song’s yearning lyrics and plaintive melody, is it possible that Sir Paul actually anticipated the NIST Cybersecurity Framework’s Recover function, and was imagining the category titled Recovery Planning?
If at first you don’t succeed, try, try again.” Although catchy, we all know that the real keys to success after failure are reflection and adaptation, not mere persistence.
It’s been nearly two years since we addressed cyber insurance in the Cyber Tactics column, so I decided to get an update from Bob Parisi, Managing Director at Marsh.
Mike Tyson notably said, “Everyone has a plan ‘till they get punched in the mouth.” So, how do you ensure the same doesn’t hold true for your company’s incident response plan when a real breach occurs? Enter the NIST Framework category titled Mitigation.
Albert Einstein once observed, “Not everything that can be counted counts, and not everything that counts can be counted.”
Cybersecurity is out of control. Literally.
A significant part of incident response involves communication.
We find ourselves in the middle of football season as we tackle the NIST Cybersecurity Framework’s “Respond” function.
It takes months for most computer intrusion victims to learn they were breached. Unfortunately, the hackers get busy much sooner, often stealing data within days if not minutes.
To quote Shakespeare, “What’s in a name?”
This article is the twelfth in our ongoing series exploring the NIST Cybersecurity Framework.
Network security practitioners often look to solve technical problems with technical solutions: “The engineers got us into this mess; they can get us out of it.”
When students and staff at the Coast Guard Academy needed their laptops and mobile phones repaired, they called Larry Mathews. For over a decade, Mathews owned the local computer repair shop. Then he pleaded guilty to computer intrusion.
Tell somebody that you’re planning to make a plan, and you’ll get some snide looks. But tell somebody that you have a good plan in place, and it instills a sense of preparation and confidence.
Cybersecurity is a topic so broad that the NIST Framework addresses the concept of “Data Security” as just one of 22 important risk categories.
The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it?
As part of our continuing series on the NIST Framework, we completed our review of the “Identify” category last month.
