Tag Archive for: month

A Proclamation on Critical Infrastructure Security and Resilience Month, 2022

/in


    This month, we recommit to improving the resilience of our Nation’s critical infrastructure so it can withstand all hazards — natural and manmade.  By building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors, we will lay the foundation for long-term security and prosperity.

     When our critical infrastructure shows signs of wear, everyday Americans pay the price.  When powerful storms and forest fires — made more frequent and ferocious by climate change — shut down energy grids, families can lose power for weeks.  When unsecure networks are hacked, critical services can go offline, and businesses can suffer huge losses.  When bridges collapse and first responders must travel further to reach disaster sites, Americans can die.  Crumbling infrastructure around the world affects us at home as well:  Extreme weather, cyberattacks, and other disasters have ripple effects, threatening global stability and disrupting supply chains everywhere.

     That is why my Administration is reinforcing America’s critical infrastructure and supporting our international partners as they do the same.  Last year, I signed the Bipartisan Infrastructure Law to make a once-in-a-generation investment in resilience and build a better America — modernizing our roads, bridges, and ports; delivering clean water and high-speed internet to our communities; and helping to eliminate the use of lead pipes in this country, all while creating a new generation of good-paying jobs.  This year, I signed the CHIPS and Science Act into law, securing historic funding for research and development and to build a resilient supply chain for semiconductors here in America.  At the same time, we are shielding our entire country against — and actively countering — malicious cyber activity, and establishing clear international rules of the road as they relate to cyberspace.  Our Federal agencies are working more closely with the private sector — which owns and…

Source…

October Is Cybersecurity Awareness Month. Part 3: Use Strong Passwords

/in


In this multi-part series, we’ll look at what organizations can do to better improve corporate cybersecurity as part of October’s Cybersecurity Awareness Month. In this blog, our focus is using strong passwords.

Passwords and passcodes are now required on almost all devices, accounts, and systems. Making sure you use strong passwords will help keep you safe. We’ll look at what strong passwords are and how to go about using them.

Password security starts with creating a strong password. A strong password is:

  • At least 12 characters long but 14 or more is better.
  • A combination of uppercase letters, lowercase letters, numbers, and symbols.
  • Avoids words that can be found in a dictionary or the name of a person, character, product, or organization.
  • Significantly different from your previous passwords.
  • Easy for you to remember but difficult for others to guess. For example, consider a memorable phrase like “6CatzRLo0king^”.

You can also use passwords suggested by browsers or password managers, which we’ll discuss later.

Once you’ve created strong passwords, you’ll have to make sure you’re using them properly. For example, you’ll never want to share the passwords with anyone. Also, you’ll want to have a unique password for each device, application, and website. Next, you’ll want to be sure to change all default passwords on systems and devices. Some devices have been hacked because they come with default credentials like admin/admin from the factory and never prompt a user to update the password during first log in.

You can also use browsers to learn about your password hygiene. For example, for macOS users, Safari can be enabled to let you know if your passwords need to be changed because they are being reused or have been compromised.

To check on this, go to Safari > Preferences > Passwords. Here you can enable “Detect compromised passwords”.

Password Screen

If the password is compromised, you will be told why and be given the option to change and update the offending password:

Password Screen

Another bit of password hygiene to keep in mind is when you learn about a breach, either through news or from a notification email from a website, change your password immediately. You never want…

Source…

October is Cybersecurity Awareness Month. Part 2: Enable Multi-Factor Authentication

/in


In this multi-part series, we’ll look at what organizations can do to better improve corporate security as part of October’s Cybersecurity Awareness Month. In this blog, our focus is on multi-factor authentication (MFA).

Believe it or not, computers in the old days didn’t even require passwords to get in. The threat wasn’t obvious since computers weren’t everywhere so when you powered a computer on and it was done booting, you’d just use it as needed. Once computers became common in the workplace and different folks had physical access to a computer, the user and password pairing was born. Still, some people, just like they do today, would just write the password on a Post-it Note and call it a day. Many people used ‘password’ or ‘12345’ as their password. The password has evolved and today most systems require a minimum of 8 characters including a number, a capitalized letter, and a special character, which make them harder to guess if you haven’t written it down.

Are passwords perfect now?

Nope. According to various studies, 81% of breaches are caused by poorly-chosen passwords. According to a CNET report in 2020, hackers have published as many as 555 million stolen passwords on the dark web since 2017. When you consider that many people use the same password or a variation of a single password, you can see how poor passwords and password-related practices continue to lead to breaches.

So, what can be done?

Enabling MFA is a start. Multi-factor authentication, sometimes referred as Two-Factor Authentication (2FA), comes in different flavors and not all are built equally. MFA can mean two passwords to two different Microsoft Active Directory (AD) servers, but this is rarely used. The most common is credentials (username/password) with a token. RSA and Google Authenticator are a couple of the more popular token options. These tokens are multi-digit, one-time, and are short-lived, making them hard to guess and even if shared, as there is a short window where they are valid. The other method is a push notification to a different device. The MFA software is usually installed on a mobile phone and when trying to log in from a laptop, the user is prompted to…

Source…

Pumpkin spice latte and a side of National Cyber Security Awareness Month

/in


At risk of not being considered one of the cool kids rolling their eyes at the idea of National Cyber Security Awareness Month, Pondurance is a NCSAM “champion” and we’re going to use this month to push out what we hope are helpful reminders of best cybersecurity practices for both companies and individuals. You know why? Because we all still need reminders about what to be skeptical about – is that a real email?  Was that urgent text really from my CEO? Is that gorgeous stranger on Facebook really interested in me? And we still need reminders to protect important personal and financial information (among other things) with multi-factor authentication (MFA) and to update software on our devices. You get the gist.

Not a day goes by that I don’t get scam robocalls to my mobile phone. I’ve lost count of the car warranty reminders, the social security compromise calls and the many other ridiculous calls, offers and threats. Email is the same—phishing is rampant and I’m grateful to be in a business that has trained me how to scrutinize a message to determine whether it’s real or a fake. Sometimes the branding on a phishing email mimicking FedEx, the USPS, my bank, Pay Pal or some other real service is so authentic that I’m reminded why so many people fall for them.

Source…