Security / October 9, 2020

NCSAM Week 1: Dear Users

Can you feel it? The early fall chill, a spooky mist fills the air, the rising terror in your guts and that feeling someone is watching you? That’s right, it’s National Cyber Security Awareness Month! By the way, for those of us who are security practitioners, the rising terror thing is pretty much year-round, but such is the life we choose to lead. We’ve seen things. Terrible, horrible things. Usually in your email headers and stuff you click on. That’s why I wanted to dive into another lesson in user awareness — more specifically, stuff I like to tell my users that will never, ever go out of style.

I don’t believe in pigeonholing user education. If all we’re doing is trying to fool you with phishing lures, we’re sending the message of “only care about security when it affects the company’s bottom line.” The education must extend to your actual lives, because practice makes perfect. So, I thought, if I had to “elevator pitch” this, what are some actionable things that you, the user, can concentrate on both inside and outside of work?

Financial: Don’t trust. Verify. Scammers are getting cleverer all the time. It’s not just email you have to worry about. If you don’t already know that scammers can spoof (mask an email’s true origin), well, you do now. But you should also know it’s just as easy to spoof a phone number. I was personally hit with this, with scammers not only spoofing my bank’s phone number calling me in an attempt to get me to divulge personal information, they also spoofed the format of my bank’s text message alerts.

Mitigation: Be aware of your bank’s security policies. Inquire about how they’ll contact you in the event of suspicious activity. Never assume inbound communications are legitimate. Call the bank back at their number.

Personal: It’s not paranoia if they’re really out to get you. Most cybercrime and fraud are crimes of opportunity. Most likely, you’re not being targeted specifically. Much like the neighbor who leaves their car door unlocked and then says their car was “broken into,” you just happened to be more vulnerable than the car next to you, in the wrong database at the wrong time.

Mitigation: Attackers will go for the path of least resistance, so put some roadblocks up. First, lock your car door so I won’t roast you openly on the Nextdoor app. Then, enable two-factor authentication (2FA) on every account that allows it. Weird email from your mother-in-law asking for your Social Security number? While she may normally be trying to ruin your life, maybe this time it’s actually a different miscreant. Give a call or text message before signing over the deed to your house.

Those are just a few areas to concentrate on, not only for NCSAM but all year long. For an extended discussion on more stuff we want to scream…err…counsel at our users, including guidance on your own election security, check out the latest edition of “Second Order Security.” Happy haunting.

Subscribe to “Second Order Security” on GigamonTV.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.


People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today

Back to top