I just found out that October is “National Cyber Security Awareness Month.” Being in the security industry and seeing all the bad cybersecurity practices out there on a daily basis, I think every day we should evangelize the do’s and don’ts in regards to security; but, if we only get one month a year by Presidential proclamation, it beats nothing! As I dug into this awareness campaign, I noticed an initiative called STOP. THINK. CONNECT.™ that is sponsored by the National Cyber Security Alliance, and the “Lock Down Your Login” campaign, which was launched in September and does a nice job highlighting the need for multi-factor authentication. So in my blog today, I want to walk you through the Stop.Think.Connect.™ (STC) initiative and talk in more detail about the “Lock Down Your Login” (LDYL) Campaign.
The goal of the STC initiative is to “encourage all Internet users to be more vigilant about practicing safe, online habits” and to “ensure that Internet safety is perceived as a shared responsibility at home, in the workplace, and throughout our communities.”
To that end, it makes a number of recommendations for users, including “keep a clean machine,” “protect your personal information” and “connect with care.” Moreover, the “connect with care” includes more recommendations like, don’t click on suspicious links, limit what you do on public Wi-Fi hotspots and protect your online financial information by only engaging with security enabled sites that start with “https://” or “shttp://,” (i.e. “http://” is not secure).
Now if the reader is a sophisticated IT person, he or she knows all of this already, but I found this page to be a good executive summary of the “don’ts” of cybersecurity — a perfect one pager for a child or a grandparent now starting to use the internet. If your child or family member gets infected with malware, it can easily leak into your personal and business computing since you are interacting with them via email, social networks and possibly even physically sharing computers and mobile devices with them. So, it may be in your best interest to share that page with family members, and of course the same can be true for the non-IT/security people at your work.
Being in the identity management part of the cybersecurity industry, I liked in particular the recommendations for “protect your personal information.” The specific recommendations are in the following screenshot:
These are all great best practices and also highly relevant in the workplace (of course, if you have a single sign-on (SSO) solution like Centrify Identity Service, you only have to worry about one password, and can further protect it through multi-factor authentication).
On the first bullet, the “Lock Down Your Login” (LDYL), the National Cyber Security Alliance decided to further drill down and announced a new campaign this week just around this topic and even has a dedicated web page for it.
This campaign really highlights the need for strong authentication through MFA:
“Strong authentication – sometimes called multi-factor or two-factor authentication or login approval – goes beyond just a username and password and is a way to lock down your login. Many online services, including apps and websites, offer free options to help you protect your information and ensure it’s actually you trying to access your account – not just someone with your password.”
Then it shows some ways that you can layer MFA per this screenshot:
After that, it has a link to how to turn on MFA for popular consumer sites like Dropbox, as well as banking websites.
On the enterprise side of things, the cool thing is that Centrify supports all three ways to enable strong authentication, e.g. security key with our Yubikey integration, biometrics leveraging the native hardware found in mobile devices and the ability to send one-time codes.
So Centrify has you covered on the enterprise front, and when you send your friends and family this link, it will hopefully help spread the word that MFA is needed to lock down your personal logins (and you can also evangelize by sharing this blog post too with #LockDownURlogin). As security professionals, we should all do our part to spread the word on safe and secure computing.
Learn about strengthening security with adaptive multi-factor authentication across enterprise identities and resources here.