Tag Archives: NCSAM

Blog

Our Shared Role in Protecting National Infrastructure from Cyber Threats

After covering cybersecurity from both a personal and business perspective, this final post for National Cyber Security Awareness Month (NCSAM) expands to security in our nation’s critical infrastructure theme – “Protecting Critical Infrastructure from Cyber Threats”.

The link between infrastructure and cybersecurity

Critical infrastructure includes the many essential systems that sustain our economy and way of life, such as electricity, railways, roadway traffic control, communication, sewage and water systems, and financial institutions. All of these essential systems have become more reliant on networked technology over the last several years, making them a target to cyber threats.

Building cyber resilience will help keep our critical infrastructure safe

Our critical infrastructure underpins our way of life, and securing these systems and technologies is essential for the nation.  Here are some suggestions to help keep the systems we depend on more secure.

  1. Start by protecting your company. The private sector owns the vast majority of the nation’s critical infrastructure and resources.* As such, one of the first steps in protecting critical infrastructure is to protect your organization’s infrastructure. Start by developing a comprehensive and coordinated business continuity plan at your company. Consider aspects such as your electricity supply, communications links, water supply and waste disposal, as well as your physical supply, storage and distribution for fuel, raw materials and products.nce you have business continuity plan in place, you should continually monitor, and improve analysis and warning capabilities for both cyber and physical threats.
  2. Secure your supply chain. Make sure hardware and key infrastructure components are secured and protected. While software vulnerabilities can cause substantial loss, they can also be fixed relatively easily when identified by updating the latest patches, firmware, or product upgrades. Hardware updates for improved security can be a more cumbersome process and often the only answer is to replace each piece of offending hardware. It’s also recommended that you implement supply chain protection measures around your products and services to help protect against both cyber and physical attacks that could comprise the integrity of the hardware and software components that may become part of the critical infrastructure. Partnering with the right product manufacturers and integrators, those with a communicated focus on cyber security, will enable critical control systems to continue to operate.
  3. Build public-private partnerships. By working together, private enterprises and public organizations can effectively confront security problems that jeopardize infrastructure. Information exchanges and cooperation can allow both sides to address awareness, vulnerability remediation, and recovery operations.

As National Cyber Security Awareness Month concludes, we encourage you to look back at the tips and strategies we’ve covered over the past month. Share them with colleagues and friends, and start implementing them.

We also encourage you to stay up-to-date by registering on the Cyber Protection Program website for product advisories and resources on topics related to your cybersecurity.

*The Department of Homeland Security (DHS), Critical Infrastructure Sector Partnerships https://www.dhs.gov/critical-infrastructure-sector-partnerships July 11, 2017.

Blog

Cyber Security in the Workplace

As National Cyber Security Awareness Month (NCSAM) moves into week two, Johnson Controls, through the Cyber Protection Program for security products, turns from last week’s post on staying safe online to this week’s theme, focusing on cybersecurity in the workplace.

Wherever you are in the hierarchy, and no matter the size of your organization, you have an important role to play in keeping your business cyber-safe.

How can you protect yourself and your workplace, and strengthen your cyber resilience? It’s a matter of simple vigilance, and good cyber hygiene. Start with these four principles:

  • Keep your software and operating systems up-to-date. System and software version updates are there for a reason. Beyond giving you access to additional functionality, keeping your operating system and software applications up-to-date is an effective way to fix known vulnerabilities so hackers can’t take advantage of them. If you can’t always keep the software up-to-date because of dependencies, consider putting in other controls to mitigate the vulnerabilities that were discovered and fixed in the updated versions.
  • Backup everything, and do a test restore. Yes, you’ve heard this a hundred times. But it is that important! There are so many ways data can be lost, including malware, viruses, theft, computer malfunctions and accidental deletion. That’s why you should always make electronic and physical copies of all your important work and system data, and make sure there is a copy stored in a safe place. For critical business data, backups should be stored at a separate location. If you store your backup data online, make sure it is not normally accessible from your current network, so that ransomware or other malware can’t get to it.
  • Disable any protocols for remote connectivity, unless constantly required for day-to-day operations. This includes protocols such as Telnet, SSH, FTP, SFTP, RDP/XRDP, ONVIF, UPnP, and VNC. Even if the protocols are used for occasional remote support or troubleshooting, it’s better to keep them disabled and only activate them when needed.
  • Periodically review accounts and privileges, and update them accordingly. Each system user’s privileges or roles should be defined as what they need to get their job done, no more. It’s not uncommon for there to be “privilege creep” for accounts, where additional privileges are granted for a specific one-time task and then never removed. Similarly, accounts for users who no longer need access should be dealt with according to your company’s policy.

In a nutshell: Cybersecurity at work is a shared responsibility to help reduce susceptibility to threats and attacks.

In next week’s post we will move on to smart use of smart devices. Until then, make sure to visit the Cyber Protection Program for security products website for product advisories and resources on matters related to your cybersecurity.

Blog

Seven Simple Steps to Staying Safe Online

Throughout the month of October, Johnson Controls, through the Cyber Protection Program for security products, is supporting the National Cyber Security Awareness Month (NCSAM) mission to raise awareness about the importance of cybersecurity, and individual cyber posture. NCSAM is an initiative of the U.S. Department of Homeland Security, together with the National Cyber Security Alliance and other public and private partners.

Each week the NCSAM will highlight a different theme – beginning with Simple Steps to Online Safety. In line with this, the following are some practical tips for simple things everyone can do protect themselves online.

While some of this is likely familiar to you, it’s always worth refreshing.

Practice good password hygiene

All of your online accounts – including your work email, online shopping, and social media accounts – contain more personal data than you may think. It’s worth a small amount of effort to help keep them secure.

  • Make sure your passwords are long and strong. Length is more important than complexity, long passphrases are better than short and complicated passwords. Even better, use a password manager to generate a strong password and store them securely.
  • Use a unique password for each account; and change a password if you even think it’s been compromised.
  • Use long and complex answers to forgot password questions and memorize them or store them in a password manager.
  • Never share your username or password. Anyone who needs access to the system should have their own account details.

Lock your devices

  • Always keep your mobile device and workstation locked. Even better, have an automatic lock go into effect after a couple of minutes of inactivity. You never know who is around the corner, waiting to steal, destroy or upload malware.

Surf and click cautiously

Both at home and in the office, you need to be wary of emails, websites and associated links that may contain malicious content that can compromise your system.

  • Only open emails or attachments from people you know. Hackers will also use know contacts for phishing, so when in doubt call the person to confirm the email is from them.
  • When in doubt, throw it out, even if you know the source. If it’s something you think may be legitimate, then go to the website directly rather than clicking on the link. Also keep in mind that if you receive an email from a familiar source asking for personal details, especially details they should already have, it may be a phishing ploy.

Bottom line, stay aware to stay cyber-safe

As security professionals, we all share a joint responsibility to protect devices, systems and networks, and help others do the same.

We recommend sharing these tips with your employees and colleagues, your customers – and your friends and family too.

Next week we’ll continue our National Cyber Security Awareness Month initiative, with a post focusing on cybersecurity in the workplace.

In the meantime, make sure to visit the Cyber Protection Program for security products website for product advisories and resources on matters related to your cybersecurity.