now browsing by tag


#nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today

Source: National Cyber Security – Produced By Gregory Evans

National Cybersecurity Awareness Month (NCSAM) is in its 16th year. The theme for 2019 – Own IT. Secure IT. Protect IT. – is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. Considering that individually we are picking up our smartphones on average of 77 times a day and spending nearly 12 hours a day in front of a screen, the digital lines between work and personal lives are all but gone. With nearly every facet of our lives impacted by what we do online, NCSAM calls to action this year include:

  • Own IT. If you are reading this, you are using a digital device. Whether you own the device or not, we are all responsible for how we use them – from the data they store and transmit to the information we post online about ourselves and others, or share with other third parties. We are all responsible for our digital footprints, including the data apps collect and transmit from these devices.
  • Secure IT. If you own it, you must secure it, from strong credentials (unique usernames, passwords/passphrases, and multifactor authentication) to physical access. This includes securing computers, laptops, tablets, smartphones, apps, and website logins.
  • Protect IT. If you own it, you must protect it with security updates and safe browsing practices. Stored information, including personal and customer/consumer data that you gather from others, must also be protected. Every organization has a duty to safeguard the confidentiality, integrity, and availability of data obtained from other persons.

Struggle with Passwords Continues

After all of these years, we are still terrible at creating and managing passwords. Year after year the most commonly used (and breached) passwords still include – you got it – ‘password’ and ‘12345678.’ Variations like ‘p@$$w0rd’ are not any better as they contain common substitutions such as ‘@’ for ‘a,’ etc. Given these shortcomings, password hygiene is a leading topic any time of year, but as National Cybersecurity Awareness Month continues it is a good time for another reminder for organizations to do better at helping employees improve password management.

It is no secret that passwords alone are not the best method to safeguard our digital assets, especially weak passwords. Password security firm LastPass recently published its 3rd Annual Global Password Security Report, which highlights how employees’ continued poor password habits weaken the overall organizational security posture. To affect positive password changes, it is up to organizations to take action to improve password hygiene. Read on for three simple and effective low-cost and no-cost solutions companies and their employees should apply today to start improving overall security and reduce risk posed from stolen passwords.

Longer Passwords Take Longer to Crack

Enforcing the use of longer passwords or passphrases can go a long way. Depending on computing power (and other factors), it could take approximately 23 seconds to crack ‘football1’ (or similar) vs. over 10,000 centuries to crack ‘R73&nebp@98backyard45’ or ‘tHe!weatheriscoLd67outside?’. In addition to making passwords longer, not reusing them across multiple sites and services cannot be overstated. Even if a password is stolen, if it is only used for a single site or service, cyber thieves can only potentially compromise that single account, not the entire kingdom.

Passwords Aren’t Perfect, but MFA Could Save the Day

Adding multifactor authentication (MFA) is another quick win. MFA does not guarantee an account will not be compromised, but it does significantly reduce that likelihood. Authenticator apps like Duo, Authy, and Google Authenticator provide low-cost, no-cost, hassle-free options to add an additional layer of security to the authentication process. This extra step reduces the risk a malicious attacker would be able to successfully log in and compromise valuable accounts, even with a stolen password.

The “Problem” with Password Managers

Password managers store passwords and create strong (and long) passwords so you do not have to – what’s wrong with that? Skeptical about password managers? Password managers don’t have to be perfect, they just have to be better than not having one, says cybersecurity expert Troy Hunt (founder of haveibeenpwned). Other quips by Troy: The only secure password is the one you can’t remember, and when accounts are “hacked” due to poor passwords, victims must share the blame. There are several reputable password managers to choose from, but if you are looking for “go here, do this” for picking a “good” one, check out Troy’s post on why he partnered with 1Password. On a final note, the aforementioned LastPass Global Security Report found that password manager adoption increases when it is convenient. If employees can access and use password managers from their smartphone or other device of their choice, they are more likely to use it. So, what IS the “problem” with password managers? They simply are not used enough.

Cybersecurity Awareness All Year

While October is designated NCSAM, cybersecurity awareness is far from a once-a-year activity. NCSAM materials provide proactive awareness content to use throughout the year. So, while you are sipping that long-awaited (or 100th) pumpkin spice latte, review NCSAM materials for tips, resources, webinars, and workshops. In addition, it is not too late to demonstrate your cybersecurity awareness commitment by becoming an NCSAM Champion. Some of the best NCSAM Champions come from the information-sharing community – WaterISAC, Research & Education Networks ISAC (REN-ISAC), Information Technology ISAC (IT-ISAC), Retail & Hospitality ISAC (RH-ISAC), National Council of ISACs (NCI), Faith-Based ISAO (FB-ISAO), InfraGardNCR, and InfraGard Los Angeles – and they are ensuring organizations and consumers have the resources to stay safer and more secure online. Follow #BeCyberSmart and #CyberAware on social media for great security awareness tips from the NCSAM Champions and others.

Finally, NCSAM is a great time to bolster or jump-start your cybersecurity awareness program. Interested in a ready-made program to plug into your organization? The Cyber Readiness Institute (CRI) may have just the program! Founded by the CEOs of Mastercard, Microsoft, the Center for Global Enterprise, and PSP Partners, CRI’s Cyber Readiness Program is a no-cost, practical, step-by-step guide to help small- and medium-sized enterprises become cyber ready. Completing the program will help make your organization safer, more secure, and stronger in the face of cyber threats.

15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure

(Visited 50 times, 1 visits today)

Source link

The post #nationalcybersecuritymonth | How to Really ‘Own IT’ for National Cybersecurity Awareness Month – Homeland Security Today appeared first on National Cyber Security.

View full post on National Cyber Security

Bills #Advance To Expand #Homeland Security’s Overview Of #Cybersecurity

House and Senate lawmakers have advanced two bills that would expand the Department of Homeland Security‘s cybersecurity mission.

The Senate Homeland Security and Governmental Affairs Committee passed a DHS reauthorization bill that would reorganize the department’s National Protection and Programs Directorate (NPPD), secure personally identifiable information, and support cybersecurity research, Executive.gov reported.

The Senate version of the bill includes an amendment that would rename NPPD as the Cybersecurity and Infrastructure Security Agency and elevate the organization’s cybersecurity role.

The legislation would also direct Customs and Border Protection to remove PII such as social security numbers, passport numbers and residential addresses from manifests prior to public disclosure, Executive.gov reported.

A third amendment seeks to support cybersecurity technology research, development, testing, evaluation and transition in partnership with other federal agencies, industry and academia.

The House Homeland Security Committee approved the Cyber Incident Response Teams Act, which would authorize DHS’ National Cybersecurity and Communications Integration Center to form cyber hunt and incident response teams, Executive.gov reported.

The teams will help asset owners and operators restore services after a cyber incident; identify potential cybersecurity risks and unauthorized cyber activities; offer measures to address vulnerabilities; and recommend ways to optimize network and systems security.

Read More….


The post Bills #Advance To Expand #Homeland Security’s Overview Of #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Homeland #Security’s own #IT security is a #hot mess, watchdog #finds

Source: National Cyber Security News

A government watchdog found that Homeland Security, the federal department in charge of protecting the nation’s cybersecurity, had a litany of security problems of it own.

A newly released report by the department’s Office of Inspector General found many of the agency’s systems, including both unclassified and national security systems containing the highest “top secret” information, were running outdated, unsupported operating systems that in some cases hadn’t been patched with security updates for years.

Some of the vulnerabilities were so serious that they “expose DHS data to unnecessary risks,” said the investigators, and that the agency needed to protect its systems “more fully and effectively.”

According to the report, 64 vulnerable systems on the department’s network lacked the authority to operate — more than a dozen of which were national security systems storing highly sensitive classified information.

That fell short of the department’s target to maintain all of its high-value systems with the correct security updates, patches, and approved configurations to prevent data leaks or breaches.

That included three servers — one at Homeland Security headquarters, and two others run by the Coast Guard and the Secret Service — which were still running Windows Server 2003.

Read More….


View full post on National Cyber Security Ventures

Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security found critical cybersecurity flaws in mobile apps being used by public safety official during emergencies in pilot project.

Thanks to a pilot project run by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), numerous cybersecurity vulnerabilities discovered in mobile apps used by first responders have been patched.

In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time. The department’s S&T Directorate established the pilot projectin order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying.

The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or SMS messages — in 32 of 33 popular apps that were tested. In all, 18 apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.

Pilot project leaders worked with each app developer to remediate identified vulnerabilities, according to a press release. So far, 10 developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” says Vincent Sritapan, S&T’s program manager for mobile security research and development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”

The post Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Homeland Security clarifying state election hacking attempts

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security has notified two states that Russian hackers attempted to scan networks other than their election systems in the run-up to the 2016 presidential election, contrary to details provided last week. On Wednesday, California became the second state — after Wisconsin — to receive the clarification….

The post Homeland Security clarifying state election hacking attempts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Siemens to update medical scanner software amid Homeland Security warning machines could be hacked

Source: National Cyber Security – Produced By Gregory Evans

German industrial group Siemens expects to update software in some of its medical scanners by the end of the month to deal with vulnerabilities that could, in theory, allow some of this equipment to be hacked, a company spokesman said on Monday. Last week, the U.S. Department of Homeland Security…

The post Siemens to update medical scanner software amid Homeland Security warning machines could be hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Department of Homeland Security Authorization of 2017 needs your support

Source: National Cyber Security – Produced By Gregory Evans

For fifteen years, the Department of Homeland Security has been in the business of keeping Americans safe. Since the Homeland Security Act of 2002 first authorized the Department, the men and women of DHS have worked tirelessly to uphold that mission. They have made tremendous progress, and I am very…

The post Department of Homeland Security Authorization of 2017 needs your support appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Department of Homeland Security Cyber security Awareness Newsletter – May 2017

Source: National Cyber Security – Produced By Gregory Evans

Department of Homeland Security Cyber security Awareness Newsletter – May 2017

Help Older Americans Protect Against Online Scams
Americans young and old are using the Internet and mobile devices on a daily basis. Specifically, older Americans are increasingly utilizing mobile phones, tablets, and wearables to stay connected, informed, and involved with family and friends. This increased connectivity has many advantages, but it also presents a unique set of risks for people over 65.
May is Older Americans Month, a month that celebrates the vitality of older adults and their contributions and achievements. This offers a unique opportunity to talk with the people over 65 in your life about the importance of cybersecurity.
Cyber criminals often target older Americans, believing they are more likely to fall for online scams like phishing, online fraud, and identity theft. For example, a cyber criminal may email an older adult claiming to be a real financial or government organization, like their bank or the Internal Revenue Service (IRS), asking for money or for them to share their sensitive personal information.
Learning how to protect your identity and personal information online – and how to spot an online scam – is just as important as understanding how to use the latest technology.
Since cyber criminals are more likely to attack aging Americans, it is critical to equip them with the knowledge to protect themselves online. The Department of Homeland Security encourages older Americans, and all citizens, to follow these three tips to be safe online:
AARP’s Fraud Action Network
Con artists are constantly coming up with new ways to scam you on the Internet. To protect you from cyber criminals, the AARP offers the Fraud Action Network.
By joining this service, you’ll receive email alerts about the latest frauds and scams, access to resources, and tips about avoiding threats.
The AARP Fraud Action Network is free and available to people of all ages, including non-members. Visit the Fraud Action Network to sign up.
Beware of “free” gifts or prizes. If something is too good to be true, then it probably is.
Most businesses or organizations don’t ask for your personal information over email. Beware of any requests to update or confirm your personal information.
It is important to add only people you know on social media sites and programs like Facebook and Skype; adding strangers could expose you and your personal information to scammers.

The Administration for Community Living (ACL), a Stop.Think.Connect. Campaign partner, leads the national celebration of Older Americans Month (OAM) each year. The theme for OAM 2017 is “Age Out Loud,” which gives aging a new voice—one that reflects what today’s older adults have to say. For more information on OCM and how to get involved,
For more tips on how to stay safe online, please visit the Department of Homeland Security’s Stop.Think.Connect. Campaign at www.dhs.gov/stopthinkconnect.
Teacher Appreciation Week
The first week of May marks Teacher Appreciation Week. Teachers lead the way for students to exciting careers in a variety of fields. Some of the fastest growing and in-demand careers fall under the Science, Technology, Education, and Mathematics (STEM) fields. Skilled cybersecurity professionals are especially needed to help meet the workforce needs of an increasing digital world. Careers in cyber offer students a wide variety of opportunities. It’s important to stimulate interest in these careers at a young age. This is where teachers play a critical role.
The Department of Homeland Security (DHS) is committed to supporting teachers in this effort and providing them with the resources they need to accomplish this goal. Through grant funding from DHS, the curriculum developed by the Cyber Innovation Center (CIC) offers professional development opportunities for middle and high school teachers. Workshops and professional development trainings are available to teachers to help them bring new STEM and cybersecurity projects, technology, and curriculum into their classrooms.
Teachers touch almost all of our lives – whether you are a parent with children in school, in school yourself, or have a friend or neighbor that is a teacher. DHS encourages you to share the news of the CIC curriculum with the teachers in your life. For more information, please visit />
Partner Spotlight: The International Public Safety Association
The International Public Safety Associate (IPSA) is a 501(c)3 nonprofit dedicated to building a stronger, more integrated public safety community capable of an effective joint response to all public safety incidents. Their mission includes breaking down the cultural barriers and fostering the relationships among all first and allied emergency responders.
As a Stop.Think.Connect. Campaign partner, the IPSA continues to demonstrate itscommitment to raising cybersecurity awareness.
In the past year, they have shared cybersecurity tips and resources on social media, hosted cybersecurity related webinars for public safety, and they participated in National Cybersecurity Awareness Month.
If you are part of the public safety community, the IPSA encourages you to become a member. Their membership represents law enforcement, fire service, EMS, telecommunicators, emergency management and allied emergency responders. For more information about why and how to join, visit their article in their Public Safety Column “Three Reasons to Become an IPSA Member” or their website at www.joinipsa.org.
If you would like to join IPSA and 360+ non-profit, academic, or government organizations and become a partner of the Stop.Think.Connect. Campaign, visit www.dhs.gov/stopthinkconnect-join-campaign or email at stopthinkconnect@dhs.gov.
Cyber Quiz
Test your cyber IQ with the quiz question below. You can find the correct answer at the bottom of the Newsletter.
Question: True or false— Some cyber criminals specifically target older Americans in many of their online scams and frauds.
Ready to Use Social Media Posts
Here are suggested posts that you can share on social media to bring attention to cybersecurity and online safety resources from the Stop.Think.Connect. Campaign: • Older Americans are prime targets for cyber criminals. Stay #CyberAware with tips from @DHSgov www.dhs/gov/stopthinkconnect
Learn how to protect your older loved ones from online scammers with resources from @DHSgov www.dhs.gov/stopthinkconnect
Follow the DHS @cyber Twitter handle for more cybersecurity news and tips.
June is Internet Safety Month
Internet Safety Month, celebrated annually each June, is less than a month away! The month is a great opportunity to talk about online security with your family, community, or stakeholders. The Stop.Think.Connect. Campaign Toolkit provides a variety of resources, including presentations and tip cards, to help you start the online safety conversation. You can find the toolkit at www.dhs.gov/stopthinkconnect-toolkit.
Cyber Quiz Answer
The answer to this week’s Cyber Quiz above:
Answer: True! Many scams and frauds are directed at older Americans, who are at increased risk of being victimized online. Older Americans are thought to be less cyber savvy and often have more established finances, which make them prime targets for online criminals. Check out our website for tips and resources to stay safe online created specifically for older Americans:


The post Department of Homeland Security Cyber security Awareness Newsletter – May 2017 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Twitter sues U.S. Homeland Security to block probe into Trump critic’s identity

Source: National Cyber Security – Produced By Gregory Evans

The social media company said that allowing the department access to the person behind the @ALT_USCIS account would produce a “grave chilling effect.” Twitter filed a lawsuit Thursday against the U.S. Department of Homeland Security, asking the court to prevent …

The post Twitter sues U.S. Homeland Security to block probe into Trump critic’s identity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Department of Homeland Security is essential to US cyber strategy

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security is essential to US cyber strategy

Last week, President-elect Donald Trump formally nominated former commander of United States Southern Command Gen. John F. Kelly to serve as secretary of the Department of Homeland Security (DHS). In his announcement, he cited Gen. Kelly’s “decades of military service

The post The Department of Homeland Security is essential to US cyber strategy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures