We are more than halfway through this yearís Cybersecurity Awareness Month, and so far I am not impressed with what I have seen of the federal governmentís attempts to increase awareness.
We could spend time discussing who the government has working in their marketing department that came up with this yearís gem: ďStop. Think. Connect." Could they be any more ambiguous about a topic that desperately needs guidance? I really hope that this was done inside the Department of Homeland Security and that they did not use our tax dollars to have an outside agency come up with this.
We could also ask what our White House Cybersecurity Coordinator, Howard Schmidt, has done since posting a blog on October 1st. Other than this posting, I have not been able to find anything of relevance he has contributed to Cybersecurity Awareness Month.
I liken that to not seeing the Salvation Army on every corner in December.
The lack of any real progress by Schmidt or the Obama administration should not come as a surprise to anyone who follows this site, but it leads me to ask each of you: What have you done to be more secure this month? Have you bothered to change even one of your passwords? Have you updated your operating systems with all of the necessary patches? Have you at least spoken to your kids or loved ones about online safety?
In case you have been too busy, you still have time to do something that reduces your online risks. Following are a few suggestions.
Even though I migrated away from Microsoft Corp. (Nasdaq: MSFT) a few years back for security reasons, they still have the lionís share of users. As a result, everyone who uses Microsoft should be using the automated update service that automatically pushes critical updates to your systems. I recommend that you only allow the service to download the updates instead of installing them automatically. You can effect this change by going to the Security Center within Control Panel. You should take the few minutes each month to install only those updates that apply to your system; and it is always good to know what changes are being made, so you can go back and un-install if it causes an adverse effect to one of your legacy applications.
Another must-have for Microsoft users should be Microsoft Security Essentials, which provides real-time protection for your PC that guards against viruses, spyware, and other malicious software. It is free and works seamlessly behind the scenes, unlike some of the other software you have to pay for. Essentials works so well that it is the only virus protection on my wifeís system, and she has not had any issues since installing it over 18 months ago.
Passwords are a complex issue, and everyone has opinions as to their value. Until we devise a better solution than passwords to access our systems and data, we have to make sure we update and manage this first line of defense regularly. I already provided some recommendations about managing and changing your passwords in a post last year, and I believe the recommendations are just as valid today as they were then.
However, many readers responded that they just have too many passwords to manage. I also fall into this category and have successfully used two password managers for a few years. I use 1Password for my Mac, and up until recently, I used RoboForm Pro when I was on a Windows machine. 1Password has just released a Windows version, and I am migrating everything to one provider for myself, but I am very happy with RoboForm as a product.
There are a number of other password management solutions available, and many offer the ability to cross platforms. DropBox, for instance, syncs wirelessly between devices so your passwords are always within reach.
I canít predict the future, but I am confident that cyber-threats are going to increase over the next year, and every step you take to remain secure will reduce your online risk and keep you and your data secure.
— Tom Stamulis, Manager, Governance, Risk & Compliance Group, for a major service provider