ResidentialBusinessWholesaleAbout Us

Range of cybersecurity tips will help keep devices safe

Oct 13

Written by: Thursday, October 13, 2016 9:45:14 PM 

Range of cybersecurity tips will help keep devices safe

October is National Cybersecurity Awareness Month. The purpose of this annual campaign is to raise awareness about cybersecurity. Below are my top five tips:

>> Only use devices and network connections that you trust and that are safe, maintained and secure.

>> Mobile devices are the hottest targets for hackers so make sure you update your devices regularly, only load apps from a safe source and install anti-malware protection where available.

>> Continue to be vigilant and watch out for phishing scams. Think “stranger danger” and be cautious of emails, websites and web advertisements. When in doubt, talk to the sender directly before responding or clicking on links.

>> Cloud and web-based applications are quickly replacing the software applications loaded on your computer. To prevent hackers from accessing these services, create long, complex and unique passwords for your logins. Whenever possible, use enhanced security features such as multifactor authentication, which requires more than one form of identification for sensitive accounts like your bank account.

>> Do not allow remote access to your computer to people you do not know. Current scams purport to alert people about computer problems and to call a number for assistance. If you did not hire anyone to monitor your computer, this is most likely a scam. Scammers pretend to be from Microsoft or another technology entity to trick consumers into enabling remote access to their computers, then steal personal information and load software that gives the scammers long-term access to the computers and all files.

It’s important to stay up to date on cybersecurity matters all year long and there’s a lot of great content on websites and blogs. I recommend a few documents — one for home users and two for businesses.

Anyone with a home computer should read the National Security Agency’s Best Practices for Keeping Your Home Network Secure. It provides a balanced mix of practical advice and technical recommendations that can help improve home network security. Business owners should read Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology, which addresses all the essentials that small businesses should focus on to ensure their systems are secure.

It’s especially important for businesses to consider cybersecurity risks as part of its risk management process and fortunately, the methodology of cybersecurity risk management is no longer a “black art.” I also recommend that business professionals read NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which details how to manage cybersecurity risk from an organizational level and identifies the issues that decision-makers need to address. It’s not a technical document, nor will it ever appear on the New York Times business book best-sellers list, but it’s an easily consumable risk management treatise. I believe it should be on every business decision-maker’s reading list this year.

Professional network, server and security engineers also need training to ensure that security is integrated into how they build, manage and monitor computing infrastructure today. For 2017, consider these training entities that are industry leaders in information and cybersecurity: the SANS Institute and Offensive Security.

The SANS Institute offers courses that address forensics, penetration testing, auditing, intrusion analysis and legal issues. Offensive Security focuses on penetration testing and vulnerability exploitation. I recommend that engineers focus on forensics or penetration testing courses in order to understand how hackers attack and to see how security configurations fend off these attacks. The security awareness gained from this training will inspire the inclusion of additional security in the infrastructure they manage.

Cybersecurity Awareness Month is one month. Take this time to develop a plan to enhance your cybersecurity capabilities for the next 12 months.

Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at

© Honolulu Star-Advertiser

Visit this article in the Star-Advertiser