Cybersecurity Awareness

What is Cybersecurity?

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against network systems and applications, whether those threats originate from inside or outside of an organization. 

Cyberattacks are malicious attempts by hackers to access or damage a computer or network system. Cyberattacks can lead to the loss of money or the theft of personal, financial and medical information. These attacks can damage your reputation and safety. Cybersecurity involves preventing, detecting and responding to cyberattacks that can have wide-ranging effects on individuals, organizations, the community and the nation. 
 
Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else's system? 

What are the risks to having poor cybersecurity?

There are many risks, some more serious than others. Among these dangers are malware erasing your entire system, an attacker breaking into your system and altering files, an attacker using your computer to attack others, or an attacker stealing your credit card information and making unauthorized purchases. There is no guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

Cyberattacks can occur in many ways, including

  • Accessing your personal computers, mobile phones, gaming systems and other internet- and Bluetooth-connected devices.
  • Damaging your financial security, including identity theft.
  • Blocking your access or deleting your personal information and accounts.
  • Complicating your employment or business services.
  • Impacting transportation and the power grid.

What can you do to improve your cybersecurity?

The first step in protecting yourself is to recognize the risks. Familiarize yourself with the following terms to better understand the risks:

  • Hacker, attacker, or intruder – These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes benign and motivated by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
  • Malicious code – Malicious code (also called malware) is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. (See Protecting Against Malicious Code for more information.) Malicious code may have the following characteristics:
    • It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular webpage.
    • Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malware will attempt to find and infect other computers. This malware can also propagate via email, websites, or network-based software.
    • Some malware claims to be one thing, while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder. 
     
  • Vulnerabilities – Vulnerabilities are flaws in software, firmware, or hardware that can be exploited by an attacker to perform unauthorized actions in a system. They can be caused by software programming errors. Attackers take advantage of these errors to infect computers with malware or perform other malicious activity.

To minimize the risks of cyberattacks, follow basic cybersecurity best practices:

  • Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. (see Understanding Patches and Software Updates for more information.)
  • Run up-to-date antivirus software. A reputable antivirus software application is an important protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware. Be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats. Note: Because detection relies on signatures—known patterns that can identify code as malware—even the best antivirus will not provide adequate protections against new and advanced threats, such as zero-day exploits and polymorphic viruses.
  • Use strong passwords. Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords that consist of at least 16 characters. (See Choosing and Protecting Passwords.)
  • Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords, as soon as possible, to a sufficiently strong and unique password.
  • Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity, minimizing the risk of a cyberattacker gaining access to an account if they know the username and password. (See Supplementing Passwords.)
  • Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual. (See Understanding Firewalls for Home and Small Office Use.)
  • Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.)

  • Limit the personal information you share online. Change privacy settings and do not use location features.
  • Keep software applications and operating systems up-to-date.
  • Create strong passwords by using upper and lower case letters, numbers and special characters. Use a password manager and two methods of verification.
  • Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true, or needs your personal information. Think before you click. When in doubt, do NOT click.
  • Protect your home and/or business using a secure Internet connection and Wi-Fi network, and change passwords regularly.
  • Don’t share PINs or passwords. Use devices that use biometric scans when possible (e.g. fingerprint scanner or facial recognition).
  • Check your account statements and credit reports regularly.
  • Be cautious about sharing personal financial information, such as your bank account number, Social Security number or credit card number. Only share personal information on secure sites that begin with https://. Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a more secure connection.
  • Use antivirus and anti-malware solutions, and firewalls to block threats.
  • Back up your files regularly in an encrypted file or encrypted file storage device.
  • Do not click on links in texts or emails from people you don’t know. Scammers can create fake links to websites.
  • Remember that the government will not call, text or contact you via social media about owing money.
  • Keep in mind that scammers may try to take advantage of financial fears by calling with work-from-home-opportunities, debt consolidation offers and student loan repayment plans.

What can do do during a cyberattack?

  • Check your credit card and bank statements for unrecognizable charges.
  • Check your credit reports for any new accounts or loans you didn’t open.
  • Be alert for emails and social media users that ask for private information.
  • If you notice strange activity, limit the damage by changing all of your internet account passwords immediately.
  • Consider turning off the device that has been affected. Take it to a professional to scan for potential viruses and remove any that they find. Remember: A company will not call you and ask for control of your computer to fix it. This is a common scam.
  • Let work, school or other system owners know what happened.
  • Run a security scan on your device to make sure your system is not infected or acting more slowly or inefficiently.
  • If you find a problem, disconnect your device from the Internet and perform a full system restore.

If you have experience a Cyberattack

Let the proper federal, state and local authorities know if you believe you have been a victim of a cyberattack. 

  • Contact banks, credit card companies and other financial services companies where you hold accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity.
  • File a report with the Office of the Inspector General (OIG) if you think someone is using your Social Security number illegally.
  • File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency.
  • File a report with the local police so there is an official record of the incident.
  • Report identity theft to the Federal Trade Commission.
  • Contact the Federal Trade Commission (FTC) at ftc.gov/complaint if you receive messages from anyone claiming to be a government agent.
  • Contact additional agencies depending on what information was stolen. Examples include contacting:
    • The Social Security Administration (800-269- 0271) if your Social Security number was compromised, or
    • The Department of Motor Vehicles if your driver's license or car registration has been stolen.
  • Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.

Cybersecurity & Infrastructure Security Agency

As the nation’s cyber defense agency, Cybersecurity & Infratructure Security Agency (CISA) stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber-attacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.

SHIELDS Up Guidance for All Organizations

Cybersecurity Awareness Month

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.  

Additional Resources