October 2013 being the 10th anniversary of National Cyber Security Awareness Month, the folks from our great donor partner, Symantec, asked us to check out the nonprofit National Cyber Security Alliance website to see what resources are there for charities and libraries. To be sure, there are a lot.
The National Cyber Security Alliance (NCSA) runs the Stay Safe Online website that has good resource sections for individuals and also offices. Symantec helped found NCSA 12 years ago, and since that time has joined forces with its customers, employees, government agencies, communities, and families to protect individuals and their information through outreach, education, research, and online tools. NCSA over the years has supported many allied nonprofit organizations like Common Sense Media, the World Association of Girl Guides and Girl Scouts, and Cyber Safe Kids.
Of course there are lots of things that a system administrator or accidental techie must do to protect an office network. I like the Stay Safe Online "Tip Sheet" Resources for offices that includes things like a Mobile Tip Sheet, a Botnet Fact Sheet. Keeping an IT system safe from intrusion and malware is a big and complex job. TechSoup offers network-level donated products to protect computer systems like Symantec Mail Security and Bitdefender Small Office Security.
One of my recent "ahas" around cyber security is that the biggest data security threats are up close and personal. They are inside jobs, so individuals taking precautions is pretty crucial.
Everyone at TechSoup recently took some training in basic online security awareness from Fishnet Security eLearning. Here were the high points for me:
It's good to be super skeptical about giving out any of your passwords, credit card info, or any account credentials to people on the phone. One presumes that identity theft is mostly about fancy hacking, but a good deal of it is through personal contact like someone calling you and posing as a bank account manager or IT support person. If you don't know them personally, don't give out any password info or other credentials.
Use password management software that maintains a secure and encrypted username and password list. Some reputable freeware versions of those include PasswordSafe, LastPass, and KeePass.
Use password strength websites like Password Strength Checker or How Secure Is My Password? The name of your dog or even a recognizable word (foreign or domestic) doesn't cut it in today's online world fraught with identity theft.
Don't use the same password on all (or several) accounts.
Email is a very useful medium for identify thieves, especially people attempting "phishing." Phishing emails sometimes try to alarm you into clicking a link or opening an attachment. They also might pose as your bank or eBay asking you to update your account information. Just looking at phishing emails doesn't pose a risk. It's when you click on a link or especially open attachments that the nightmare Pandora's box opens. I like CNET's 2009 piece on How to Recognize Phishing Emails.
Keep your software, especially your operating system, current and update it when prompted. Viruses or other malware are often made to exploit out-of-date software.
Look out for "scareware" on websites that alert users with fake virus alert messages
Signs of dangerous (malware laden) websites include:
The mission of the nonprofit Stay Safe Online is to make sure everyone knows the basics of online safety. Here is how charities and libraries can participate in National Cyber Security Awareness Month:
Image: Courtesy of National Cyber Security Alliance
This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.
Close this window