We’re Hitting The Road – The Road to Cybersecurity🚨❗
Can’t view the pdf? Download it here.
E-TECH Announces Commitment to Global Efforts Advocating for Cybersecurity
September 30, 2021 — E-Tech today announced its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a 2021 Champion and joining a growing global effort to promote the awareness of online safety and privacy. The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’
More than ever before, technology plays a part in almost everything we do. Connected devices have been woven into society as an integral part of how people communicate and access services essential to their well being. Despite these great advances in technology and the conveniences this provides, recent events have shown us how quickly our lives and businesses can be disrupted when cyber criminals and adversaries use technology to do harm. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering actionable guidance surrounding behaviors anyone can take to protect themselves and their organizations. Everyone has a responsibility to do their part in securing our interconnected world.
This year, the Cybersecurity Awareness Month’s main weekly focus areas will revolve around The Road to Cyber Security:
- Understanding and implementing basic cyber hygiene, including the importance of strong passphrases, using multi-factor authentication, performing software updates and backing up data.
- Teaching the importance of taking your time when reading emails and browsing online, reminding employees it’s smart to be suspicious and that it’s okay to double-check unusual requests — especially those from a manager or senior executive. Helping your workforce follow it by outlining your specific cybersecurity policies and procedures for reporting suspicious activity.
- Recognizing and reporting phishing attempts whether it’s through email, text messages, or chat boxes.
- Empowering individuals to not only practice safe online behavior, but consider joining the mission of securing our online world by considering a career in cybersecurity!
- Making cybersecurity a priority in business by making products and processes “secure by design” and considering cybersecurity when purchasing new internet-connected devices.
If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.
Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. E-Tech is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.
For more information about Cybersecurity Awareness Month 2021 and how to participate in a wide variety of activities, visit staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the official hashtag #BeCyberSmart on social media throughout the month.
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
About National Cyber Security Alliance
The National Cyber Security Alliance is a nonprofit alliance on a mission to create a more secure connected world. We enable powerful, public-private partnerships in our mission to educate and inspire individuals to protect themselves, their families and their organizations for the collective good. Our primary partners are the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and our Board of Directors, which includes representatives from ADP; AIG; Bank of America; Cofense; Discover; Eli Lilly and Company; ESET North America; Facebook; KnowBe4; La-Z-Boy; Lenovo; Marriott International; Mastercard; Microsoft; Mimecast; NortonLifeLock; Paubox; Proofpoint; Raytheon Intelligence & Space; Terranova Security; US Bank; VISA; Wells Fargo. The National Cyber Security Alliance’s core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); Identity Management Day; and CyberSecure My Business™. For more information on the National Cyber Security Alliance, please visit https://staysafeonline.org.
Cyber Security Awareness Week 1 – Go Slow!
Cyberattacks are speeding up
Organizations have been a driving force behind cybersecurity awareness and training. It’s more important than ever to be up to date with cybersecurity knowledge so that attacks don’t happen on your watch. In these special edition newsletters, you’ll read about damaging attacks that happened in 2021 — and how employee actions changed the outcome.
Go slow and be suspicious!
This week, read about how the employees of Electronic Arts (EA) made a small but devastating mistake that caused harm to the company and allowed hackers to access their system.
Electronic Arts (EA) hack — Social engineering
The EA hack started when a hacker purchased a stolen cookie (a small text file used to identify your computer as you use a network). This allowed them access to EA’s Slack, a communication platform for organizations.
Once inside the organization’s communication channel, the hackers pretended to be an employee who had lost their phone. The IT department did not work slowly or take this communication as suspicious behavior. Instead, they gave information to the hackers and this information allowed the hackers to get into EA’s system. Over 700 GB of data was taken.
- EA stated that no player information was taken and there was no risk to player privacy.
- The hackers advertised game data for sale on underground forums. They stated that they would continue to leak information until they received a ransom.
- What is social engineering? Social engineering is when a hacker impersonates someone to gain access into an organization’s system or even their physical space.
Cyber Security Awareness Week 2 – Be Suspicious!
Race against ransomware
Ransomware is a specific category of malware that causes harm to the computer and the computer system. The U.S. Cybersecurity and Infrastructure Security Agency defines ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” Threat actors are the hackers behind these attacks. They often form a group to execute the attacks.
According to the Institute for Security and Technology, “Ransomware is not just financial extortion; it is a crime that transcends business, government, academic and geographic boundaries. It has disproportionately impacted the healthcare industry during the COVID pandemic, and has shut down schools, h
ospitals, police stations, city governments and U.S. military facilities.”
Ransomware has become a global challenge. Organizations all over the world are at risk of these attacks. An attack in one country can easily spread across borders, intentionally or not.
Another reason for the growing global issue is cryptocurrency. Cryptocurrency such as Bitcoin is untraceable, making it nearly impossible to catch the hackers. This form of currency is also borderless: it is a global currency that can be used by anyone.
Despite the size of the problem, one person can really make a difference. Remember the most important behaviors to help stop an attack on your organization: go slow, be suspicious, verify, report any concerns and follow policies and procedures.
Cyber Security Awareness Week 3 – Verify Messages!
Verify and report
This week, read about how the employees of FireEye and SolarWinds responded to a hack and where a timely verification would have changed the outcome.
SolarWinds hack — Supply chain hack
The SolarWinds hack was first spotted by someone at FireEye, a cybersecurity company. A staff member noticed that an employee signed in using their username and password but a new phone number.
This suspicious behavior set off alarms.
The staff member needed to verify if the employee had a new phone number. In this case, they did not. Once this was confirmed and they realized that an attack was underway, people jumped into action.
- SolarWinds is a software company. In this hack, network management software was compromised.
- Many large organizations such as Microsoft, Intel and even the U.S. Department of Homeland Security were using SolarWinds. This meant their organizations were compromised too.
- Sudhakar Ramakrishna, CEO of SolarWinds, immediately announced this issue to the world. He said, “The right thing to do is report.”
- What is a supply chain hack? A supply chain hack is an attack on one part of a supply chain. This hack is efficient because it can get hackers into multiple organizations quickly.
