How can you stay safe in cyber land? Simple – don't use the Internet for anything, ever again!
OK, maybe not so simple. But take a look at these numbers: It's estimated that by 2018 there will be 3.6 billion internet users. That means 48 percent of the world's population could be online and primed to be cybercrime victims.
Cybercrime is nothing if not a growth industry. According to the Institute of Electrical and Electronics Engineers (IEEE), losses in the United States in 2013 alone totaled $113 billion. Internet-based crime has risen, on average, 78 percent a year since 2010. The attacks are becoming more sophisticated – with ransomware and spear-phishing the favored approaches for cybercriminals.
It is very important for everybody at the New York Power Authority, where I am the CIO, to stay vigilant when online. We ensure that all employees and contractors receive regular online and instructor-led training. We have posters, pens, mouse pads and other cybersecurity reminders at our facilities and corporate office. We also have tags at the bottom of external emails, reminding people not to click on a link if they don't know the sender.
One of the awareness-training courses I run is called “Staying Safe in Cyber Land.” It's a general internet safety course that I tailor for when it's given. For example, in March we had a short video showing the results of the “phishy email” that promised a large tax refund from the IRS. We also run in-house targeted phishing and vishing (phone-based) campaign and then provide remedial one-on-one training to anyone who gives up their password to the “social engineer.” Those are the kinds of mistakes that can't be made twice. The next time, it might not be my Cybersecurity Team on the other end of the phone.
I get people to pay attention to passwords by suggesting they use a meaningful phrase...
Speaking of passwords, I get people to pay attention to them by suggesting they use a meaningful phrase, rather than some boring combination of letters and numbers. For example, a daily affirmation such as “I want to be fit and healthy in 2015” can be translated into “IWant2BFit&HealthyIn2015!” Let's face it: You're typing that passphrase many times in one day. A positive affirmation can be a self- fulfilling prophecy!
We also encourage membership in the FBI Infragard. I am the Energy Sector Chief for New York and really enjoy working with the FBI and Infragard members. There is a real feeling of camaraderie and the information sharing is always beneficial.
I believe that helping our employees keep their home networks safe is also essential. Many people access our business network from their home PC, and our anti-virus software license agreement allows us to add home PCs as part of the overall coverage. Our users are encouraged to download the application when they login from home, using our two-factor authentication portal.
I constantly remind people that cybersecurity is everyone's business – not just the responsibility of the information technology group. They need to remember we are all in this together.