Five Steps to Cyber Security in Virginia
By Scott Phillpott
All Virginians feel the consequences of cyber-terror, cyber-crime and cyber-bullying. A vast informational chasm exists between those with a strong technical background and the rest of us, who simply want our information and intellectual property secure. Here are some tips that we can all use to make Virginia more cyber-secure.
- Demand Secure Socket Layer (SSL) on all websites in the Commonwealth. There is no sound reason that any webpage should not have SSL installed. For those hosting websites, visit Let’s Encrypt, a free, automated and open-certificate authority brought to you by the nonprofit Internet Security Research Group. When visiting websites (government sites, in particular), we need to demand that they all be equipped with SSL. Look for the “s” in https at the beginning of the URL.
- Use Virtual Private Networks (VPN) for all devices. An inexpensive way to get VPN protections is to use the subscription server Private Internet Access (PIA). The sign-up and install process is made simple by PIA, and you can use a gift card to pay for the service so that there is no need to give anyone your credit card information. Once installed, you can run it on multiple devices such as smartphones, laptops and other computers.
- Passwords are a pain. To combat this, use pass-phrases. Select a phrase you can remember, and modify it for different websites. If you have three bank accounts and a Facebook account, you need a strong, unique and easy to remember password for each. Use a phrase, an extension and a number. Start with a phrase, such as: “Always remember: you’re unique, just like everyone else.” Use the first letters and special punctuation to make a very strong password. With this method, the password for Bank 1 could be “Ar:yu,jleeB1,” while bank 2 could be the similar (but not exactly the same) “Ar:yu,jleeB2.” If you change them annually (which is the minimum frequency recommended), you can add the year “Ar:yu,jleeFB16.”
- Be aware of potential scams that can come from any source. If an incident happens at work, know how to report them immediately. At home, do not respond to anyone who calls to try and fix your computer remotely. Known as the Microsoft technical services scam, scammers call people to warn them of suspicious activity on their computer, only to trick them into providing access to the computer. Simply hang up and walk away. These are organized gangs of criminals who sell hacked systems to the highest bidder on the black market. The elderly are particularly vulnerable to these attacks, and since many have substantial savings, giving criminals access to the computer can be very expensive.
- If you are a victim, know how to report it. The FBI has established the Internet Crime Complaint Center (IC3) as the web portal to report cybercrime. The IC3 accepts online Internet crime complaints from the victim or a third party. Report as much detail as you can, but just be sure to report it.
Scott Phillpott is 26-year veteran and former Navy captain. He is also a senior cyber/maritime analyst at Valkyrie Enterprises and volunteers as executive director for the nonprofit Cyber Protection Resources, aiming to secure everything and protect everyone.