This week's Cybersecurity All-Stars is everyone. This month’s phishing test was a great success! Out of 120 users, no one (not one) interacted with the message and many of you took the extra step to report it to the IT Department. Not a single person fell for the fake training message, even though it arrived with a borough header.

Phishing Lessons

The lessons here are that cybercriminals often use their “PhotoShop” skills to steal and use photos in their effort to trick readers. Also, when anything about a message looks odd or unusual (in this case, a blurry header and unusual messaging) it should be ignored and reported to the IT Department for investigation.

Well done everyone. This was the first time that no one (not even one) interacted with the phishing test! This is the best Christmas present that a CISO could want.

Together, we protect our organization, and each other.

Good Job Paul!

As we hit mid-week, a Cybersecurity All-Star was crowned, so I just had to do a fast edit and include him here. Paul Edwards from Building & Housing brought 3 USB drives into my office that had been given to him - and that he wanted to use. Paul asked if they could be scanned, formatted and to make sure they were safe before using them. All the drives were safe, and our organization is more secure for having such cybersecurity conscious employees!

Well done, Paul!

Good Job Don A!

If this keeps up, I am going to need more space for our Cybersecurity All-Stars section! As the week started to wind down Don Anderson from Public Works called asking if we could check the safety of an email he just received. Don reported that he was fairly certain it was OK, but he was a bit nervous. The email was checked, and it was good. This is another example of employees, taking their time, thinking and checking the safety of messages, before interacting with them.

Well done, Don!

Throughout the next 4 issues we are going to talk about holidays and cybercrime. The holidays are a hunting ground for cybercriminals. This is because the cyber crooks understand that we are busy, stressed and often distracted during this time of year.

Cybercriminals take advantage of consumers' attention on a particular subject — like, for example, Black Friday or Cyber Monday sales — to run scams, or they use the distraction of the moment to cause disruption.

These cybercrooks slip into the rush of urgent emails offering limited-time deals, hoping to disguise themselves as legitimate retailers.

With the National Retail Federation predicting a record high in spending over the holidays in 2023, cybersecurity is especially important.

This issue - we look at my favorite Cybersecurity Tips.

While cyber-attacks happen throughout the year, they tend to increase during the holidays. This year so far there has been a reported 200% spike in cyber-attacks on e-commerce sites approaching the holiday season, with Amazon as the top target.

There are a few reasons hackers choose the holidays to attack unsuspecting victims.

First, people are generally more relaxed or in a shopping rush and are less vigilant during the holidays. They’re also more likely to use their personal devices for work tasks, or vice versa, potentially leaving even more sensitive information vulnerable to cyber criminals and their scams.

Ransomware attacks, for example, become more prevalent during this shopping season, increasing by 30% compared to regular months.

Another reason why cyber-attacks increase during the holidays is that there are simply more people online. More people mean more potential targets—and more opportunities for cyber criminals to find a way in.

This week we are going to cover my Top 10 favorite Cybersecurity Tips. Although these are very important during the holidays, they are incredibly important to live by all year long. Much like Fire Department's use October as Fire Safety Month and a reminder to change our smoke detector batteries I like to use the Holidays as a great time to remind everyone to sharpen their cybersecurity skills.

So, my dedicated readers let's take a look at my favorite Top 10 Cybersecurity Tips and let's commit to following them all year long. I have written about many of these - many times. This is because these rules to follow will protect both yourself and your organization - all year long.

1. Avoid public Wi-Fi

Because public Wi-Fi doesn’t require any authentication, anyone can access it, including cyber criminals. They can put themselves between you and the connection point. This way, they get access to the data you’re sending into the hotspot.

When using public Wi-Fi, avoid those without password protection, as they’re the least secure. If you have to use public Wi-Fi, activate a Virtual Private Network (VPN) for that extra layer of protection, as it hides your IP address and activities.

2. Beware of phishing scams

Phishing scams are often used to target holiday shoppers. Be aware of the signs of a phishing scam, such as urgent asks and unusual attachments.

Research shows that bad actors start 80-95% of cyber-attacks with phishing.

The most common phishing scam during the holiday shopping season is the shipping email scam. If you ever receive an email that appears to come from a shopping company, don’t open the attached file or link. It’s likely malware.

3. Don’t click on links in emails or answer calls from banks

In 2022, 56.5% of all emails were spam, accounting for 122.33 billion messages sent globally per day.

Cyber criminals often send out fake emails or text messages with links that lead to malicious websites. Don’t click on links if you receive an email or text message from an unknown sender.

If you receive an email that you find suspicious, whether because of the sender or the content, use your email provider’s report feature to flag the email. Do this before interacting with the contents of the email.

4. Use a credit card

When making purchases online, whether shopping or booking a flight, it’s better to use a credit card rather than a debit card.

If your credit card information is stolen as part of a data breach, you can simply cancel the card and get a new one. You will not be liable for any fraudulent charges, nor will the hacker get direct access to your account.

When signing up for a credit card, we recommend choosing one zero-liability protection, so you don’t become held responsible for any unauthorized access.

Debit cards don’t offer this same level of protection. If your debit card information is stolen, hackers could quickly empty your bank account. If they accomplish this, getting the money back into your account can be challenging.

5. Keep your software up to date

One of the best ways to protect yourself from cyber-attacks is to keep your software current. This includes your operating system, web browser, and other software you use regularly.

Updating your software can seem like a chore, but it’s vital to patch any security vulnerabilities that cyber criminals may have discovered. Attackers are constantly looking for new ways to exploit systems, and software updates will help to keep them at bay.

6. Use strong passwords

In its 2023 Data Breach Investigations Report, Verizon revealed that 81% of breaches used stolen or weak passwords.

Using strong passwords is one of the most important things you can do to protect your online accounts. Avoid using easily guessed words or phrases like “12345” or “abcdef.” Most accounts now recommend a combination of letters, numbers, and symbols to make a stronger password, so take advantage of those.

Try to use a different password for each of your online accounts so that a hack in one doesn’t affect the others.

7. Be careful what you share

Limit the personal information you share on social media and other websites, as cyber criminals can gain access to your personal information by simply looking at what you’ve shared online.

Avoid saving your card details on the Internet. Unless you are signing up for an automated payment service, entering your credit card information manually for every transaction is good practice. While it seems tedious, it helps minimize the chances of unauthorized access.

8. Shop on familiar and safe websites

Bookmark your favorite shopping sites to get there quickly and safely. As much as possible, avoid typing the name of the website in the URL bar. This will prevent you from typos that could take you to a fake site that looks identical to the real site.

9. Trust yourself and be cautious

If you question the site’s trustworthiness, move on. Take any doubt as a sign that you should not make any transactions on the site. Remember, if an offer looks too good to be true, it probably is.

10. Report Suspicious Messages

One of the best things you can do is report suspicious messages to your IT Department right away. IT can investigate (did anyone else receive the message, did anyone else interact with the message), remediate and isolate.