Cybersecurity
Cybersecurity Awareness
Americans are spending more time online than ever before. As more people use the Internet for online shopping, banking, financial management, and socializing, they also expose themselves to increased cyber risks. Online threats and cyber-attacks threaten the future of our national and economic security. Because cyber security is important to our Nation, Gulf Coast Bank is joining with the Department of Homeland Security (DHS) to raise cybersecurity awareness.
Cybersecurity is Our Shared Responsibility and We All Must Work Together to Improve our Nation’s Cybersecurity.
Cybersecurity is not just the responsibility of governments, companies, groups, or individuals. Everyone shares the responsibility for cybersecurity –from the average smartphone user to a corporate CEO.
Follow these simple online safety tips from the DHS STOP. THINK. CONNECT.™ Campaign:
- Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account. For more information about authentication, visit the Lock Down Your Login Campaign at www.lockdownyourlogin.org.
- Make your passwords long & strong. Use complex passwords with a combination of numbers, symbols, and letters. Use unique passwords for different accounts. Change your passwords regularly, especially if you believe they have been compromised.
- Keep a clean machine. Update the security software, operating system, and web browser on all of your Internet-connected devices. Keeping your security software up to date will prevent attackers from taking advantage of known vulnerabilities.
- When in doubt, throw it out. Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious (even if you know the source), delete it.
- Share with care. Limit the amount of personal information you share online and use privacy settings to avoid sharing information widely.
- Secure your Wi-Fi network. Your home’s wireless router is the primary entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network, and your digital devices, by changing the factory-set default password and username.
Learn more about National Cybersecurity and how to protect yourself from threats online at www.dhs.gov/ncsam.
Frequently Asked Questions
Below are some of the most common questions that are asked about cybersecurity with answers from the Department of Homeland Security.
Cybercrime
- Q: What is cybercrime?
- A: We don’t often consider whether or not the people we interact with online might be breaking the law. But legal wrongdoing is just as prevalent on the internet as it is in the physical world. Cybercrime is any crime, including theft, fraud, and even sometimes murder, which is committed electronically.
- Q: Why should you care?
- A: We all want a safer world to live in, and it’s clear, now more than ever, that computers and other network-enabled devices are part of that world. Being safe on the computer is often very similar to being safe in your daily routine. You wouldn’t leave your car unlocked in the middle of a crowded city – so why not apply those same safety principles to your online life?
Ransomware
- Q: What is ransomware?
- A: It’s easy to forget sometimes how valuable the information we store on our computers and devices really is to us. Family photos, financial information, address books, homework assignments – so much of our lives is stored digitally! Ransomware is a type of malware in which the attacker encrypts the victim’s data to make it as inaccessible as possible. Then, the hacker demands a ransom to release or unencrypt that information.
- Q: Why should you care?
- A: The fees extorted by cybercriminals through ransomware can be extreme or prohibitive – not to mention that there’s no guarantee that your data will actually be returned to you after you pay! Luckily, there’s a simple way to make yourself and your data resistant to ransomware attacks. In addition to keeping your software and antivirus programs up to date, regularly back up your system on the cloud or on an external hard drive. That way, you always have a spare copy of the information that’s most important to you.
Physical Cyber Attacks
- Q: What are physical cyber-attacks?
- A: Cyber-attacks don’t always have to come from the internet, and some malware can hide easily on some of the data storage devices we trust and use on a daily basis. Physical cyber-attacks use hardware, external storage devices, or other physical attack vectors to infect, damage, or otherwise compromise digital systems. The attack can hitch a ride on USB storage devices or flash drives, CDs, hard copies of video games, and Internet of Things devices such as smartphones, smart watches, and even signal devices such as key fobs.
- Q: Why should you care?
- A: These kinds of attacks are frighteningly versatile, very difficult to identify and detect, and painfully difficult – sometimes close to impossible – to remove. Always try to keep track of where your storage devices have been, and don’t plug “lost-and-found” USB drives into your computer. Keep your personal and workplace data storage and other devices separate to avoid transferring malware from one system to another – just like washing your hands to prevent the flu from spreading!
Social Engineering
- Q: What is social engineering?
- A: Sometimes bad actors don’t need computers to gain access to your information. Social Engineering is when bad actors gather commonly available information about you and things you care about in order to trick you into revealing information or giving unauthorized access to information systems. Social Engineering attacks can be quite sophisticated, and are not always easy to recognize. This includes attacks such as Phishing, Swatting, and more.
- Q: Why should you care?
- A: Social engineering attacks don’t require super powered programming skills to be successful. The information you post on social media and other sharing platforms may make you vulnerable to this attack vector, and it may be difficult to tell when you are being targeted.
Phishing
- Q: What is phishing?
- A: Phishing is a kind of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent digital messages, such as emails, with the intent of manipulating individuals into revealing personal or protected information, or with the intent of gaining unauthorized access to a system through a download or link.
- Q: Why should you care?
- A: Phishing attacks are some of the most common – and most commonly successful – types of attacks. Learning how to recognize fraudulent messages by paying close attention to detail and never clicking on embedded hyperlinks, as well as remembering to report phishing attempts when you are targeted, are the best ways to defeat this kind of cyber-attack.
Swatting
- Q: What is swatting?
- A: Think Social Engineering is just for Phishing? Think again. Swatting is an attack centered around location sharing. Bad actors use your location to call the police, claiming that the victim has committed a serious crime. Sometimes, the intent behind these attacks are merely pranks – but the consequences are almost always severe.
- Q: Why should you care?
- A: Unlike many cyber-based attacks, Swatting has clear, physical, and immediate consequences. Imagine police raiding your home on a Swatting bomb threat tip! These attacks can easily result in injury and arrest, and sometimes even death to the victim. Your location is your business. Text or call friends the old fashioned way if you want to meet up, share vacation photos only after you’ve gotten safely home, and remember to turn off location services on your devices when you don’t need them.
Critical infrastructure
- Q: Where can we learn more about critical infrastructure?
- A: Sign up for the DHS monthly cybersecurity bulletin to learn about the latest cybersecurity events, program updates, tools and resources from DHS and its partners with lots of information about critical infrastructure:
https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
- Q: Where can I go to learn more about the NIST Cybersecurity Framework?
- A: The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the U.S. can assess and improve their ability to prevent, detect, and respond to cyber-attacks. Visit NIST’s website for information on the Cybersecurity Framework: https://www.us-cert.gov/ccubedvp/cybersecurity-framework. The website includes the Cybersecurity Framework V1.1 document, as well as additional resources such as an introduction to the Framework, FAQs, and even Online Learning modules to aid in understanding the Framework.