October is National Cybersecurity Awareness Month (NCSAM), and who better to speak about securing end user devices than X-Force Red’s very own Space Rogue, aka Cris Thomas? On this edition of the X-Force Red in Action series, Space Rogue returns to the podcast to offer his take on essential security basics, defending connected devices and managing small business risk.
The Three Ps of Online Safety
For Space Rogue, NCSAM is like changing smoke detector batteries each year: While everyone knows security is a necessity, it’s not always top of mind for non-IT users. He’s also glad that NCSAM lasts a month rather than a week or day, since “some things people should be doing every year take longer than one day.”
So, what should users be doing during October to beef up their security for the rest of the year? Space Rogue offers three Ps for better online safety:
- Change passwords — Space Rogue recommends regularly updating all passwords, especially those for financial services. Long, complex passwords paired with two-factor authentication (2FA) provide the best protection.
- Improve patching — Users also need to be diligent about patching devices, including smartphones, printers, internet routers and video cameras. If applicable, change the default password.
- Avoid phishing — Space Rogue advises users to “stay cynical” about email to avoid phishing attempts. If something seems off, investigate. Call banks about “urgent” emails, and look at the destination of URL links before clicking through.
Connected Devices and Voting Security
Of growing concern is the security of connected devices. As Space Rogue notes, while some manufacturers of connected vehicles and appliances now offer automatic updates, others require users to update manually or even return the device to the point of purchase.
Space Rogue also makes special mention of voting machines, which are effectively Windows computers designed to count ballots. He doesn’t pull any punches: These devices are largely insecure. However, it would require a massive coordinated effort by highly advanced threat actors to compromise a national election. Despite its flaws, Thomas advises Americans to “trust the system.”
Shore Up SMB Security for NCSAM
As his final piece of NCSAM advice, Space Rogue suggests small and midsized businesses (SMBs) take the opportunity to take a full account of what’s on the network — both virtual and physical — and create barriers so attackers can’t move laterally. Companies also need to verify that the right users are accessing the network for the right reasons.
Need some extra help during NCSAM or at any other time of the year? Space Rogue and his X-Force Red colleagues can stand in for existing IT departments or act as first-line point of contact for security questions.
Never miss a new episode of X-Force Red in Action! Subscribe to the SecurityIntelligence Podcast on iTunes or your favorite podcast platform.