October is National Cyber Security Awareness Month (NCSAM). Over the next four weeks, we will do our part to promote awareness of safe online practices by sharing with you a series of easy-to-use cybersecurity tips. Our goal is to increase your cybersecurity IQ and decrease the likelihood of you being a victim of a cybercrime.
Under Secretary (Acting) for
Science and Technology William Bryan
The first-line defense and resilience for your organization’s networks and systems and your own online presence starts with you and your colleagues. Knowing what cyber-threats – such as phishing attacks – look like is essential to keeping your computer or mobile device from being infected with the latest destructive malware or your organization’s network being held hostage by ransomware.
Phishing attacks are a huge and growing cybersecurity concern. For instance, according to the Wombat Security 2016 State of the Phish report and 2016 Verizon Data Breach Investigation Report, 85 percent of U.S. organizations have experienced a phishing attack and 30 percent of people have opened a phishing email, unleashing cyberattacks that cost American businesses millions to fight off.
Do you know how to spot a phishing email? Look carefully at each email and ask yourself the following questions.
- Do you know or recognize the “from” address or contact’s name?
- Does the message contain incorrect grammar or misspelled words?
- Does the message ask you to take action on something you didn’t request such as “click on this link to pick the new phone you requested”?
So what should you do to avoid falling into a cybercriminal’s trap?
- Don’t click on links. Instead, hover your cursor over links to determine if the address is unknown, suspicious or misleading, e.g., “www.microsoft.com.maliciousdomain.it”
- If you suspect an email is a phishing attack, immediately report it to your IT department so they can alert your coworkers of the attempted attack
Applying these easy-to-remember guidelines will help you quickly spot some of the most common phishing attacks, and remember phishing isn’t going anywhere. As long as people use emails to communicate, phishing will continue to be used among cyber criminals. The best advice we can provide is to be cyber aware and trust your instincts; if an email appears to be suspicious it most likely is an attack.
Throughout NCSAM, we will release helpful hints and tips to remain cyber savvy.
Each Tuesday and Thursday on Twitter, Facebook and LinkedIn during October, several program managers from S&T’s Cyber Security Division (CSD), part of the Homeland Security Advanced Research Projects Agency, will impart valuable cybersecurity tips you can implement immediately to increase your safety.
In addition, S&T CSD will participate in several events during October in which you, too, can attend.
- October 5—Transition to Practice Financial Sector Demo Day, New York City
- October 6—Cyber Security Volunteer Initiative Recognition Event, Washington, D.C.
- October 9-11—Association of the U.S. Army annual meeting, Washington, D.C.
- October 12—CyberMaryland 2017, Baltimore, Maryland
- October 17—CyberWeek Roundtable from 9:30 – 11:00 a.m.
- October 19—GCN dig IT Awards Tech Arcade, Washington, D.C
- October 19—DHS Industry Day, Washington, D.C.
- October 23—Blockchain 360, New York City
- October 24—Facebook Live Tech Talk on Cyber Physical Systems Security
- October 26—Homeland Security Week, Washington, D.C.
Follow along with S&T’s tips and activities throughout the month using #CyberSavvy. For more information about events during NCSAM, visit the S&T CSD events page.