October 2023 Is the 20th
Annual CyberSecurity Awareness (Yawn) Month
Gee, and I Didn't Get You
Anything
It's
not so surprising that there is a CyberSecurity Month. What is
astonishing is that October 2023 is the 20th
ANNUAL CyberSecurity Month. Oh, where does the time go?
This year, the campaign theme
is "Secure Our World."
I still think most people don't care much about CyberSecurity Awareness, and therefore most efforts are so much preaching to the choir. So, at first, I had reacted with a bit of snark about all the promotional items CISA has made available with its announcement that October is CyberSecurity Awareness Month. I imagined techy sounding diatribes reminiscent of PSAs of yore:
This is your computer.
This is your
computer after a Cyber Attack.
At the core of the Secure Our World campaign are easily understood free materials available to anyone who wishes to host their own Secure Our World Campaign Event. CISA wants to bring awareness of CyberSecurity to Main Street. A complete media kit is available for free download. The media kit and associated material have everything any civic organization may need to host its own Secure Our World event. And, yes... There is a YouTube video.
The storyline of the video is not what one might think. Kevin and Eva are not the computer users at risk. The protagonists are concerned about their parents' and grandparents' computer use. The video offers little vignettes of scenarios were one's Online security might be put at risk; and resolves various situations by applying the measures that lie at the heart of the Secure Our World campaign.
The video places the main themes of the Secure Our World initiative front and center. Those main themes are clearly stated in a very large Infographic that comes with the Secure Our World media kit. I will break it down and make it easier to focus on each suggestion the Infographic makes.
| The first subject of the Infographic
implores Consumers to Use Strong Passwords. More often than not Consumers are adding a good combination of letters, numbers, and symbols. And each is hopefully unique. |
 |
| Next on the Infographic is the recommendation to use a Password Manager. The most secure installations, and the most well respected names in IT, have all suffered data breaches over the 12 months, including Microsoft, Amazon Web Services (AWS), and most notably here, the granddaddy of Password Managers, LastPass in December 2022. I believe that Consumers should be wary of any application that aggregates all of one's data into one easily cracked device — say, like a cellphone. In fact. Microsoft and other vendors are working toward a password free future. It cannot yet be said, however, what and when will be that future. |
 |
| A considerable body of evidence now in the public record leads me to say that MultiFactor Authentication is the most effective new security protocol Consumers can use. And by far the easiest new protocol to implement. Yes, there have instances where the 2FA failed to protect users, but in each case other factors were in play. As long as you have possession of your cellphone, then you and only you will have the access to the 2FA codes. Smaller vendors still have difficulty with of the various authenticator applications, but 2FA works very well with most institutions Consumers will interact with. Employ 2FA wherever it is applicable. |
 |
| Phishing remains among the top 3 methods of instigating a CyberAttack. Most Consumers are credulous that Phishing is still a major problem in CyberSecurity. People should not, however, be so secure in themselves. The increasing sophistication of the human engineering that goes in to Phishing attacks cannot be underestimated. And the Infographic is absolutely correct here. Very often in Phishing attacks, if the Consumer would carefully evaluate the email or web address in the Phishing message, the destination of the link will have some typographical error. Simply look at all the letters. Anyone can spot a fake. My question here, though, is to whom is one to report the Phishing attempt? Your email client may have that option, but it will really only block the sender's address. And a spammer's email address is a constantly moving target. |
 |
| Of all the very good suggestions made by CISA within the Infographic, Updating Your Software is the most pertinent. Software Updating is in the control of the Consumer. Studies have shown that over 60% of data breaches, both large and small, exploited vulnerabilities in software that the software vendor had patched months prior to the attack. For Windows users, install Microsoft's PC Manager. Use PC Manager to run the updates for you. The page at the link tells you how to use it. Use it. Stay up to date easily. |
 |
The Infographic is just on element in the entire CyberSecurity Awareness Month 2023 Resources and Partner Toolkit. These freely available package of documents and other items are at the CISA website:
CISA and the National Cybersecurity Alliance (NCA) have partnered to create resources and messaging for organizations to use when they talk with their employees, customers and memberships about staying safe online.
What I surmise is a main goal of the CISA Secure Our World campaign is for various civic groups to hold their own Secure Our World event. An extensive library of materials, videos, and other media are available for free download. Below is a list what is available for download. If one does wish to use these materials to host a Cybersecurity Awareness Event, a good place to start is with "Cybersecurity-Awareness-Month-2023-Toolkit-Guide."
The ToolKit comes with a series of suggestions on how to talk about CyberSecurity issues. There is an emphasis on keeping the appropriate tone when speaking about these issues. When talking to fellow Consumers about CyberSecurity issues, keep in mind...
Gerald Reiff