2014 CyberSecurity Awareness Month wrap-up

Although November is here, let's not forget the many lessons we learned this year from CyberSecurity Awareness Month (CSAM).  The majority of issues I spoke about related to technologies that are dead, or should be dying in the 2014 Tech Obituaries section of my talk.  Here are the highlights of what technology died (or should have) over the last year.

  • Windows XP and Microsoft Office 2003
    • Takeaways: it's time to upgrade, or offgrade.
    • If your computer is old, consider an upgrade.
    • If your budget is tight, consider installing a free alternative like Linux (CentOS, Ubuntu).
    • A great free replacement for Microsoft Office is LibreOffice.
  • Java in the browser
  • Adobe Flash Player
    • If you don't need it, uninstall it (Windows, Mac, Linux).
    • If you don't know if you need it, uninstall it.
    • If you do need it, limit it to the sites you need (Firefox, Chrome).
    • Notify your site that they need to move to HTML5.
  • Microsoft's Internet Explorer (IE)
    • Move to a new browser, consider Firefox or Google Chrome.
    • If you need IE for a certain site, only use it for that site.
    • Notify your vendor to support other browsers.
  • Privacy (major breaches in the last 12 months to remember)
    • Oct 2013 - PF Chang's
    • Nov 2013 – CorporateCarOnline (850k PII)
    • Dec 2013 - Target (40m CC, 70m PII)
    • Jan 2014 - Michaels (2.6m) & Nieman Marcus (1.1m)
    • Feb 2014 - Sears
    • Mar 2014 - Experian (200m) & Sally Beauty (280k) & CA DMV
    • Apr 2014 - Community Health Systems (millions)
    • May 2014 - eBay (145m passwords)
    • Jun 2014 - Acme (and other supermarkets)
    • Jul 2014 - UPS
    • Aug 2014 - JP Morgan Chase (76 million)
    • Sep 2014 - Home Depot & Dairy Queen
    • Oct 2014 - Kmart
  • Passwords
    • Use two factor authentication wherever you can.
    • Ask your bank/healthcase provider/social media site/etc to support two factor auth.
    • Use a password safe.  Plenty are listed here.
    • Use long passphrases.  Remember, 12 is the new 8 (character passwords).
  • Magstripe Credit cards
    • Request a "chip and pin" or "EMV" card from your credit card company.
    • Learn how it works (it's not hard).
    • Talk to your store and ask them to support it.

If you missed the IAS 2014 CSAM talks, here are some links for you to check out.

Thanks and Safe Computing!
-- ep