Wednesday October 16, 2019

Your digital footprint: Own it. Secure it. Protect it.

October is National Cybersecurity Awareness Month, and Cabarrus County Information Technology representatives recently presented ways the County and its citizens can protect their online information.

“Technology is part of the Safer Community (initiative) …” Todd Shanley, Cabarrus County IT director, told the Cabarrus County Board of Commissioners during the October 7 agenda planning meeting. “With the idea that we’re going to help people understand how to be safer when they’re online.”

In the main presentation, Cabarrus County Cybersecurity Administrator Jack Dodd detailed the U.S. Department of Homeland Security’s awareness campaign, “Own it. Secure it. Protect it.”

Here are some highlights of Dodd’s presentation:

Own it

Dodd said the “Own it” component essentially means knowing what personal data exists online.

“Everything I deal with in my job for cybersecurity ultimately comes down to dealing with data,” Dodd said. “Who has access to it, how it floats around, etc. An example of this would be cellphone location tracking, Dodd said.

“So the first step is to know your data,” Dodd continued. “Know what’s out there.”

Knowing who has your data is also important. Examples are Google, Facebook and other platform companies. “They have great leverage over the data you give them,” Dodd said. “And they take it, they hold onto it and they use it.”

Also, know how your data is shared. Normally, sharing is governed by a privacy policy and various user settings.

All these components comprise a user’s “digital footprint,” Dodd said. “That’s kind of your mark you leave out in cyberspace.”

Once you know the contents and location of your digital footprint, the next step is to …

Secure it

“When we talk about securing data, we want to make sure only the people that need to have access to that information have access,” Dodd said.

Dodd covered the importance of strong passwords. He provided examples of two seemingly difficult passwords, one of which was much longer. Long passwords are always better for security, he said.

Dodd also advised against using the same password for multiple accounts.

Defense against phishing attempts is also part of data security. Phishing involves the use of seemingly legitimate emails and other communications with links to “change” or “verify” passwords or other login credentials. Clicking these links can take you to locations designed to steal your login information.

“You sign in there, and nothing happens, so it seems,” Dodd said. “But in reality, your credentials were just packaged up and delivered to a hacker with a bow on top.”

Dodd designs and sends fake phishing emails to Cabarrus County Government employees for training purposes.

Bottom line: always beware of links in emails, Dodd advised. “Don’t trust them.”

To get around direct emailed links, visit the site on your own, login to your account and see if the message is replicated, Dodd said.

Multifactor authentication is another component of strong data security. Mutlifactor is “by far the best form of security commonly available on the web for authentication,” Dodd said. This type of authentication normally ties your identity to something you know (such as a password) and generally something you have. Dodd provided the example of a bank ATM, where you need both your ATM card (something you have) and your password (something you know.)

Protect it

This component focuses more on the human aspects of cybersecurity. The most important thing to remember, Dodd said: Maintain a healthy dose of suspicion when you’re on the internet.

Users must first “verify that the right people are sending you the right documents,” Dodd said. “Verify that the information you’re being presented is what you think it is.”

The second part of protection is guarding your digital footprint. “The main point here is that you need to take precaution with your most important information,” Dodd said. And make sure you’re keeping up with software updates. “One of the largest ways you’ll see devices compromised is purely because they were missing an update.”

The last component is monitoring online interactions, particularly when children are on social media.

Shanley told commissioners that Dodd is presenting the “Own it. Secure it. Protect it.” information to various County groups. The tools are also part of the County’s onboarding process for new staff members.

To get more in-depth tips on cybersecurity, visit https://niccs.us-cert.gov.

Watch the full presentation here: 

Related News

Copyright ©2017 Cabarrus County