For the past 14 years I have been promoting the annual National Cyber Security Awareness Month, and encouraged individuals, schools, colleges, governmental agencies, corporations, clubs, and other groups to get involved. Every year since its founding in 2001, this annual event has been recognized by bipartisan presidential proclamations declaring October as National Cyber Security Awareness Month. While many organizations around the country hold a myriad of events during the month of October promoting cyber security, locally the premier event is hosted by the City of Port Arthur and its most capable Information Technology Manager, Ms. Fay Young.
I have been asked, “Why do we need a National Cyber Security Awareness Month?” My somewhat coy response has been that all we need to do is to monitor the print and electronic media on a daily basis to realize how endemic the problem really is. In recent weeks, hundreds of thousands of taxpayer records have been digitally stolen from the IRS; a multitude of financial institutions have had their customers’ account data purloined by hackers for nefarious purposes; millions of individuals have been victimized in recent months by a variety of online attacks from hackers stealing their personal information (identity theft), holding their data for ransom (ransomware), tricking individuals into disclosing usernames and passwords (phishing schemes), and a variety of other illicit activities. Sensitive military data has been stolen by hackers and other data thieves (Snowden), and unfriendly foreign government hackers have stolen hundreds of billions of dollars worth of American intellectual property and used it to unfairly undercut American industry or to dissect and copy our most advanced military weaponry (the U.S. F-22 Lightning II and the new, nearly identical, Chinese J-20 Stealth Fighter).
I am amazed that despite years of deploring individuals to use different and complex passwords for each of their online accounts, possibly a majority of people still use the same easy to guess passwords to access all of their accounts. Hack or crack any one of those, and all of the victim’s accounts now belong to the hacker; bank accounts are drained, multiple illicit purchases are made from online sellers and delivered to parties unknown (all of which are then billed to the victim); inappropriate emails are sent to people of authority and power, traceable back directly to the victim; and scams can be perpetuated on the friends, relatives, and acquaintances of the victim by sending spam that is apparently coming from a trusted sender.
Now that so-called “smart devices”, mostly Android, Windows, and iOS powered phones and tablets are taking over most of the roles previously performed on desktop and laptop computers, they have become the targets of choice of dishonest people out for the fast buck, at the expense of the otherwise innocent users. A popular online pundit, Kim Komando, recently posted “7 Worst Apps That Violate Your Privacy” (www.komando.com/tips/323483/7-worst-apps-that-violate-your-privacy/all) detailing the seven worst “apps” in terms of personal privacy that are being widely used by millions of blissfully unaware smart phone owners, including our children. Some of these questionable apps are popular games played by kids all over the world, but these questionable apps are more than just games, as they compile and send extensive personal information, contact lists, microphone and camera captures, and other content from the phone to third parties for questionable purposes. Immensely popular social media apps are being inappropriately utilized by pedophiles engaging in “victim acquisition”. While for many of us our smart phones are approaching an addiction, we must also be aware of the risks that these wonderful devices impose upon us. Additional information is available for parents at staysafeonline.org/stay-safe-online/for-parents/raising-digital-citizens and staysafeonline.org/download/datasets/4364/internet_safety_and_security_tips_for_parents.pdf.
It is not too late for people to promote the concepts of cyber security awareness right now, and is also certainly a worthwhile project for next October. An abundance of material including brochures, videos, lesson plans for all age and academic levels, and other content is readily available for free from the sister organization, Stay Safe Online (staysafeonline.org). For teachers and college professors (and administrators) from K-12 to graduate school, Stay Safe Online offers prepared information (staysafeonline.org/teach-online-safety) that is ready to present to appropriate audiences. According to the website, this list of age appropriate concepts, for which the organization provides complete and free instructional content and media: “Grades K-2, Key concepts for students to understand and apply to their online experience; Grades 3-5, Key concepts for students to understand and apply to their online experience; Middle & High School, Key concepts for students to understand and apply to their online experience; C-SAVE, our volunteer program to teach young people cybersecurity, cybersafety, and cyberethics. It’s easy to participate and use!
Higher Education, When you start college, you’re taking on new responsibilities, making your own decisions, and becoming part of the campus community. There is an important role that you can play in your college’s cybersecurity efforts that combines these elements of responsibility, decision-making, and community; For Administrators, every person in the school community has a role in keeping the Internet safe and secure. Creating a cybersecurity awareness campaign will make everyone conscious of the part they play, and will ultimately produce a safer campus and a happier college experience; In The Community, Interested in starting your own community-based cybersecurity awareness program? These resources will help get you started.
Businesses have become prime targets for cyber crooks who have stolen enormous amounts of money directly from the businesses as well as their customers. Hundreds, if not thousands, of small and midsized businesses have fallen prey to scams which illicitly transferred funds from their bank accounts to distant thieves, mostly in Russia, eastern Europe, China, Nigeria, Iran, Pakistan, and other locations where the likelihood of recovery or even of prosecution is nil. In recent history, we are all aware of the massive credit card thefts from Target, Home Depot, and many other well known retailers. Millions of those credit card numbers, complete with enough additional information to conduct unlawful online transactions, as well as to produce excellent quality counterfeit credit cards, were widely available for sale online, mostly on Russian websites. Within days of the massive Target breach, thousands of counterfeit credit cards bearing data stolen from Target, were confiscated by Customs and other law enforcement agencies along the Mexican border, many of those cards already used to purchase thousands of dollars of goods from American merchants, and then carted back across the border. Richard Clarke, a renowned cybersecurity expert who advised several presidents, has written that all of the Fortune 500 corporations have been the victims of hackers, and billions of dollars worth of intellectual property have been stolen, mostly by the Chinese. Obviously, businesses and their employees need to be made aware of the cyber risks that they face on a daily basis, and be adequately trained in safe cyber practices.
Businesses can utilize the free materials and teaching guides available to them under the “RE: Cyber” program from the alliance. Executives and managers up to the top executive level as well as the board of directors may find the educational information available at staysafeonline.org/re-cyber/ appropriate for their degree of fiduciary responsibilities, as the information covers Cyber Threat Trends; Getting Started (with a corporate cyber security program); Board Oversight; Cyber Risk Assessment and Management; Cybersecurity Maturity Model; Cyber Regulation; Legislation and Policy; and Creating A Culture of Awareness. For employees, the material available online at staysafeonline.org/business-safe-online will cover many of the most important topics that the rank and file (as well as managers and executives) may need to be safer while online.
The general public will also find valuable information available at staysafeonline.org/stay-safe-online. Topics covered include, Malware & Botnets, Spam & Phishing, Hacked Accounts, and Securing Your Home Network. I cannot emphasize enough the utter necessity for everyone to become familiar with these most basic home cyber security and safety concepts not just to protect our computers and our personal finances, but to also protect our most valuable assets – our children.
I am offering an open invitation for everyone to attend a free, public celebration of “National Cyber Security Awareness Month”, which will be held on Thursday, October 1, at the Port Arthur (Texas) City Hall, 444 4th Street, 5th Floor, starting at 9:00 am. Below is the current schedule of topics and speakers:
PORT ARTHUR CITY HALL
444 4TH STREET, 5TH FLOOR
9:00 – 10:00 Chad Adams, DHS
10:15 -11:15 Are we under cyber attack? (Ira Wilsker)
11:15 – 12:30 Lunch Break
12:30 – 1:30 Passwords (Ira Wilsker)
1:30 – 1:45 break
1:45 – 2:45 Cyber Terrorism (Ira Wilsker)
2:45 – 3:00 break
3:00 – 4:00 Passwords (Ira Wilsker)
Register online at http://registration.cityofportarthurtx.net/wp/events/ncsam-kick-off/
DETAILED INFORMATION ON EACH PRESENTATION IS AVAILABLE ON THE ABOVE LINK
Kudos go to Ms. Fay Young, the Port Arthur Information Technology Manager, who has so ably promoted these annual National Cyber Security Awareness Month events for the past several years. We need many more like her doing much of the same in our schools, colleges, businesses, computer clubs, and other organizations. Individuals also need to be better aware of proper cyber security in order to protect their personal computers and other smart devices.
While I personally applaud and commend those who are involved with promoting and implementing these most useful and valuable events, I personally believe that cyber security is too important to “only” be a monthly event. Protecting our cyber world needs to be a continuous practice.