Indiana Cyber Hub
Indiana's Blog for Cybersecurity
Perspectives From The Field Series
The strength of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the Indiana Executive Council on Cybersecurity (IECC). Hence the name "Perspectives From the Field Series" in which we invite experts to discuss the real and challenging issues we are facing in the field and the proposed solutions from the experts to better the lives and businesses of all Hoosiers.
In the final blog installment celebrating #BlackHistoryMonth, we wanted to ask a valued member of the IECC and partner, Linda Calvin, who is the Vice President of the School of Information Technology at Ivy Tech, to talk frankly about where we are now with developing a workforce in cybersecurity to include African Americans, especially as the need for cyber professionals continues to grow.
The Lack of Diversity in Cybersecurity
February 25, 2021
By Linda Calvin
With the proliferation of the Internet of Things (IoT), now we have bad actors who want to hack into your smart homes, your smart devices and even your cars. The Bureau of Labor Statistics states that information security analyst jobs are expected to grow 18 percent through 2024. Huge demand for cyber! However, the numbers of African Americans in cyber aren't improving. Why?
Linda Calvin's List of Whys
#1. What the heck is cybersecurity? Unless you live and breathe tech, cybersecurity seems like something out of a Tom Clancy novel or a Jason Bourne movie. Put simply: cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. With COVID, I saw more messages about how I needed to renew my Netflix subscription than I could count. I didn't have one in my name! A cyber professional identifies these phishing attempts and designs solutions to protect data. We need to make cybersecurity relatable and map it to passion and interest, then we can attract more talent of all genders and races.
#2. It's too technical. Attempts have been made to demistify cybersecurity by classifying it as non-technical. That's not the right approach. It's technical -- you have to understand the foundation of coding, but you don't have to be a Jedi codesmasher to enter the field of cybersecurity. You need to understand how to unpack a problem, have a robust intellectual curiosity with a desire to learn, logical thinking and troubleshooting skills.
At Ivy Tech, in our nationally recognized and accredited cyber program, we spend time helping students understand the basics before we dive into the advanced topics. And, sure, students are exposed to coding. But it's more about understanding those minefields hackers are creating for you than it is about you writing hundreds or thousands of lines of code.
#3. When you can see us, You can be us. We need to see more black cybersecurity role models. We do exist. There are organizations such as Blacks in Cybersecurity, the International Consortium of Minority Cybersecurity Professionals, influential black cybersecurity leaders, the Black Cybersecurity Association, and Women in Cybersecurity. We need more black leaders to be visible and we need cyber leaders to mentor and tell stories of why cybersecurity is important.
#4. The Song Remains the Same - Bias and Racism. The disparity in the lack of black or African American men and women in cyber can be attributed to the disparity in tech overall -- bias in hiring and racism. The tech industry, as a whole, has a poor report card on ethnic diversity. We address this by applying intentional analysis into hiring practices and deconstructing the false narratives that black people are not technical enough or have the requisite subject matter expertise to lead or work in cyber. It's a big challenge, but not insumountable if we get tech leaders to root out bias in their organizations.
Why is it important to have more African American representation?
Diversity fuels innovation and studies prove this out. However, what we also know is that to build an application or design a process that serves a diverse audience, you must have diversity at the table. If we have homogenous voices designing security solutions, will those solutions ultimately encompass people of color, people of different socioeconomic statuses? It's critical that we get black adults and youth excited about cybersecurity and cyber hygiene! It's essential that we expose youth to cybersecurity in elementary school and middle school as they adopt more technology. To protect the workforce, we must reflect the workforce.
Career Experiences, Mentoring: Creating Opportunities in Cyber, Celebrating Black History Month
February 24, 2021
When it comes to parties or parades, there's always a theme. It gives us a reason to celebrate.
And while it's true that the cybersecurity world isn't likely to get together anytime soon to host a parade or have a party on any sort of scale that draws a crowd, there is a theme to the activity we're seeing right now, in virtually every corner of the cyber world.
In a word, it's opportunity.
Everything from the advancements we see in technology to the progress that's made involving safer Internet protocols, especially as it involves protecting children and young adults, we see opportunity. The same is true with careers in cybersecurity and how many jobs that are predicted to be created in the years to come. With it, comes the opportunity for mentoring and guiding young people to a more promising future.
Of course, as new opportunities emerge, it's because people have achieved success and, in some cases, are the first to do something that's never been done. In doing so, they made the most of their opportunities, even if it meant they did so while, at the same time, overcoming adversity.
In celebration of Black History Month, we noted in our most recent blog -- featuring Indiana State CIO Tracy Barnes' interview with Linda Cureton, known for her accomplishments as the first African American CIO at NASA -- the number of cybersecurity jobs is expected to rise as much as 31 percent through 2029.
Amid that promising forecast, Cureton shared her belief that the key to attracting people in any field is the desire that folks have for community and seeing people like themselves. In offering her perspective, she pointed out the fact that "when you are the first, you don't have the benefit -- but you can give that benefit to others".
Following on Cureton's story, we are pleased to share with you -- and honor -- the careers and achievements of three African Americans, whose knowledge, reputations, and leadership in cybersecurity and IT are admired and highly respected, along with the tireless work and contributions they've made (and continue to make) in supporting humanitarian issues worldwide.
Among those whose stories we are pleased to share with you, include:
- Veda T. Woods - Humanitarian & Global Cybersecurity Executive -- Veda Woods' strategic leadership spans over 22+ years of combined public and private sector experience in cybersecurity, data governance, cyber risk management and threat/intelligence oversight. Her focus on policies and decision-making processes are centered on protecting and respecting human rights by design. As Founder/CEO of the Protect Us Kids Foundation, Woods leads an organization, whose mission is to provide youth with critical, life-saving tools on navigating cyberspace safely without falling victim to Internet predators.
- Devon Bryan - Managing Director and CISO of MUFG Union Bank & Co-Founder - International Consortium of Minority Cybersecurity Professionals -- With a cybersecurity career that began as an officer in the U.S. Air Force (USAF) coordinating counter-information operations and designing security strategies, Bryan's vast senior executive management experience includes his work at the IRS, Federal Reserve System, ADP and KPMG, before becoming Managing Director and CISO at MUFG Union Bank, one of the world's leading financial groups. Dedicated to giving back, Devon is the Co-Founder of the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit organization dedicated to increasing the number of minority students (including women and major under-represented groups) purusing graduate and post-graduate educational degrees in cybersecurity by funding scholarship opportunities.
Renee Forney - Senior Director - Azure Hardware Systems & infrastructure Security at Microsoft -- Following on her work as an executive in the private sector, Renee worked for the U.S. Department of Homeland Security and served as the Deputy CIO of Cybersecurity and Enterprise Operations at the U.S. Department of Energy. More recently, she worked as the Senior Director of Cyber Assurance at Capital One. Recognized for her noteworthy accomplishments in the betterment of online security and data privacy, she has forged meaningful partnerships with public and private institutions to educate youth about online safety, security, and privacy.
One of the foundations of Black History Month is celebrating the achievements of African Americans. And while it's true that these are but three inspiring stories, their noteworthy accomplishments are vividly illustrated in the hard work of all cyber professionals of color.
TOMORROW: Be sure to visit our blog for the 3rd part in our series celebrating Black History Month, as Linda Calvin representing Ivy Tech Community College shares her experience as an African American woman, who is a leader in cybersecurity workforce development, what we are doing as an education industry, and her involvement in making a path to a career in cybersecurity more available to African Americans, women, and other minority groups.
State of Indiana CIO Tracy Barnes - Q&A with Linda Y. Cureton - First African American CIO of NASA and Founder-CEO of Muse Technologies
In celebration of Black History Month - we are pleased to present the first of a 3-part Indiana Cyber Blog series highlighting the achievements of African Americans in Cybersecurity and Information Technology.
Tracy Barnes, Chief Information Officer for the State of Indiana, recently spoke with Linda Cureton, whose distinguished, 34-year career in civil service includes the distinction of serving as the first African American to serve as the Chief Information Officer at NASA.
Tracy Barnes: It's interesting to see not only the impact of what you were able to accomplish as a CIO in leading an organization, I found it remarkable the fact that you were able to apply your experience, skills, and knowledge across such a broad range of agencies -- everything from the Department of Justice and Energy to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) to Space Exploration.
What do you attribute your ability to lead these agencies at such a high level, given the fact each of which operated within different cultures and disciplines and likely relied on different processes and applications?
Linda Cureton: The organizations are quite unique. One saying that I have, is that the one thing unique organizations have in common is their uniqueness. In other words, a CIO will have to consider people, process, and technology at each organization she serves -- that's the commonality. However, each consideration of of people, process, and technology will vary. For example, processes at the Department of Energy were born out of the healthy, but non-collaborative competition of the Manhattan Project; processes at the ATF (Bureau of Alcohol, Tobacco, Firearms and Explosives) were born out of the necessity of facing life threatening situations -- fire, ready, aim; and processes at NASA were based on science and scholarly argumentation. Thus, the technology and people aspects were similarly formed to conform to these cultural features. My ability to lead these agencies successfully resulted from my ability to clearly see these attributes.
Tracy Barnes: In reading an article highlighting some of the work (at the time) you were involved with at NASA, you described the task of transitioning to a new desktop service provider and the necessity of downshifting from 10 contracts down to one, saying that's "always a dicey situation for a CIO".
In terms of advancing technology and, perhaps, changing the culture of NASA, what lessons did it provide for you? And, to what extent did handling those "dicey situations" help you as a CIO? What impact do you believe it had in helping to improve NASA?
Linda Cureton: What helped in the transition at NASA was understanding that the sum of the 10 "parts" was greater than the whole. In other words, if one obtains 10 requirements and puts them on one enterprise contract, you will miss the requirement. There's a wholistic aspect of "the enterprise" that is missing. For NASA, there were essentially three different security and networking requirements, not 10. The human space flight community needed highly secure, fast, low bandwidth requirements supporting astronauts, spacecraft, and satellites. The scientists needed low security and high bandwidth supporting exploration, experimentation, and information sharing. The administrative community was more security compliance oriented with moderate bandwidth requirements. Aggregating these requirements would have been expensive and pleased few customers. The "dicey" situation for the CIO requires looking beyond the aggregation and developing enterprise solutions which meet mission and business needs.
Tracy Barnes: One of the foundations of Black History Month is celebrating the achievements of African Americans. Speaking as a CIO, who is African American, there is a recognition for the responsibilities I possess and the path I've followed to make the decisions that best serve our employees, as well as serves the interests of all Hoosiers.
As the first African American to serve as a CIO -- first at the Goddard Space Center and, soon after that, NASA as an entire agency, how would you describe the challenges you dealt with along the way, and how would you say it's influenced your work? Your career?
Linda Cureton: The biggest challenge I faced was dealing with the notion that I was selected not because of my ability, but because of some need to address diversity and inclusion issues. In other words, I was selected to help with organizational diversity statistics and not with technology challenges. The situation did not improve as I was promoted to be the CIO of the entire agency because it was assumed, I was chosen because the country had just elected an African American President and not because of my ability. While I recognized my own capabilities of being a strategic advisor for NASA's mission of exploration, I cannot say I wasn't called to prove my abilities constantly. This was frustrating and disheartening.
Tracy Barnes: One of your (many) notable achievements involved establishing NASA's Office of Chief Technology Officer for IT "to focus on innovation and drive change through enterprise". Did it help you achieve the goal of creating a single agency vision for what IT should look like? How did it happen?
Linda Cureton: As technologically innovative as NASA's mission would suggest, the agency does not consider information technology as "technology". Information technology is thought of as more tactical than strategic -- like electricity, running water, or as one senior executive said to me, the toilets. I met a lot of resistence establishing the office of the CTO of IT. However, whether it was through stubborn persistence or blind courage, I persevered and agreed to add the "of IT" to the title. The CTO for IT was able to advance an innovative agentcy vision for IT. One of the things I am most proud of, is the work we did to create what was to become OpenStack. We created a private/hybrid cloud solution internally named Nebula. My team opened the solution to the open-source community enabling what would become OpenStack. We worked collaboratively with industry, the agency's legal officials, and the open-source community to accomplish this goal.
Tracy Barnes: Cybersecurity is an integral part of information technology for advancing, as well as maintaining the security of an organization. It is my understanding you have a belief about how cybersecurity fits into this process. Can you share with us your approach and how that experience influenced your work?
Linda Cureton: When asked to contribute to this blog, my first response was -- I hate security. But why? I hate security because there is no such thing as secure. I feel that this is an unpopular position because CIOs or CISOs are always advocating that complying with specific practices will provide security. This is fallacious. Back in the day, I favored continuous monitoring over the false confidence of compliance. I believed in the no trust of the network and the need to implement proective measures as close to the data as practical. Today, I resist the fallacious notion of secure supply chains. We should presume insecure networks and supply chains developing strategies accordingly. My thoughts on cybersecurity strategy are inspired by the old movie "Star Trek II: The Wrath of Khan". Young Starfleet cadets were given a test mission of the Kobayashi Maru -- the no-win scenario. This test was passed only once, by the future hero James T. Kirk. The only way to pass was to change the game. I believe that the cybersecurity game needs to change -- otherwise, we keep losing and losing.
Tracy Barnes: What advice would you offer to people interested in pursuing a career in IT or cybersecurity?
Linda Cureton: I think the cybersecurity field needs to benefit from people who understand compliance requirements but have the emotional intelligence of understanding the changing nature of the adversaries and the behavioral aspects of the end users. The field is overrepresented with compliance orientation with no knowledge of people and change management issues. A high emotional intelligence for folks pursuing a career in cyber will cause them to excel to the top of their profession.
Tracy Barnes: At a time when the number of cybersecurity jobs is expected to rise by as much as 31 percent through 2029, based on your experiences of overseeing entire agencies and organizations, what is the key to attracting more young people of color to cyber and IT?
Linda Cureton: I believe that the key to attracting people in any field is the desire that folks have for community and seeing people like themselves. However, when you are the first, you don't have that benefit -- but you can give that benefit to others. The other thing that is needed is true mentorship and/or sponsorship. When I say true mentorship, for example, I don't mean the sterile "check-the-box" mentoring programs that are often established. We need mentioring which builds relationships over time, and challenges both the mentor and the protege.
Tracy Barnes: In describing the contributions of the 58 women whose accomplishments in aerospace are well documented, you said they demonstrated what you called "leadership courage" -- "...the kind that helps someone overcome the fear that looks like voices in your head. It looks like the people saying you can't do it. It looks like a mountain too high to climb. But, that it's also the fear that motivates and that courage takes that fear and turns it into preparations for success".
Is that something you have lived by, in the work you accomplished over your career? Does it continue to influence you in leading Muse Techologies? How so?
Linda Cureton: This question has a long answer. I wrote a whole book called "The Leadership Muse: Inspiration for the 21st Century Hero-Leader". You can't be a hero without courage, and you can't have courage without fear. A new kind of leadership develops from a person with the passion of their convictions, the direction and intention of their purpose, and the power of their courage to lead change and accomplish the impossible. The Muse were the mythological goddesses of inspiration who offered divine encouragement. I founded Muse to attract a cadre of employees to create a company I wish I had as a CIO -- encouraging and helping through people, process, and technology to achieve the executive's IT vision.
Data Privacy Day is January 28th - Reason for Celebrating Respect for Others, Safeguarding Our Identity
January 27, 2021
If it's possible for our privacy to be a cause for celebration, it could be said that Data Privacy Day -- on January 28th -- is a holiday that reminds us just how important it is to respect each other's privacy, safeguard one's data, and enable trust.
Beginning in 2007, Data Privacy Day was created by the Council in Europe. In 2009, the U.S. House of Representatives proclaimed it National Data Privacy Day. Since that time, a variety of consumer, business, and cybersecurity groups and organizations have joined in an internationa effort to help empower individuals and businesses to engender that respect. At the same time, it reminds us of the importance of our personal information and the easy-to-follow steps we can follow to stay safe online.
A recent article on network security recently highlighted a list of 10 online privacy facts, including some that may surprise you. For example, did you know that 41 percent of children between the ages of 8-17 have public profiles that are open, putting them at risk to predators? Or, that a person's job or career can be compromised by th spread of false or misleading information that is accessed online?
Fortunately, there are resources available to help you. The FTC also offers a series of helpful tips for keeping your personal data protected, such as:
- Locking your financial documents and records in a safe place at home
- Limiting what you carry. When going out, take only your ID, along with the credit or debit cards you need. Leave your Social Security card at home.
- Making sure before you share any personal information at work, a business, your child's school and/or a doctor's office, always be sure to ask why they need it, how they will safeguard it and discuss with them any consequences of not sharing it with them
- Shredding any important documents (i.e. receipts, credit offers or credit applications, medical/insurance forms, as well as any bank/financial statements or expired credit cards) that you no longer need or use
- Destroying the labels on prescription bottles before you throw them out
- Consider opting out of prescreened credit and insurance offers by mail. You can opt out for 5 years or permanently by visiting: optoutscreen.com. It is a secure online service operated by the 3 nationwide credit reporting companies.
For more information about how to keep your personal information secure, Hoosiers are invited to visit the Indiana Cybersecurity Hub. Also, you can check out our new blog, follow us on Twitter, or visit our Facebook page for the latest tips and other helpful links and resources.
Tax Identity Theft Awareness Week Offers Tips to Provide Protection, File Your Taxes Securely
January 25, 2021
By Anna Shei
During tax season, you're tossing out names, addresses, and numbers on several different forms and in different places. It can get confusing making sure you have all the correct information in the right location!
But, protecting yours and your families' identities and personal data is an absolute must. Fraudsters are out there, ready to take advantage of any small mishap.
To help consumers stay safe, the Federal Trade Commission launched Tax Identity Theft Awareness Week. Beginning today through Friday, January 29th, the purpose of the campaign is to provide people with the tools and resources to protect themselves, including helpful tips for everything from filing your taxes to making sure that you are due a refund that you receive it.
Thieves will try to steal taxpayer identities, file fraudulent tax returns, and then take those refunds for themselves. Here are a few tips to follow to make sure you don't become a victim.
- Store your personal information in a secure location
- Make sure you're entering your personal information on a protected website
- Choose a trustworthy tax preparer
- Do not carry your Social Security card with you
- Shred any documents with personal information on them if they are not needed
- Make sure you have firewalls, anti-spam/virus software and updated security patches on your computer
- Change your passwords regularly for Internet accounts and,
- Do not give out personal information over the phone, through the mail, or on the Internet unless you know for sure who you are dealing with.
While you take those steps, the Indiana Department of Revenue (DOR) is also working to keep your information safe. DOR's Identity Protection Program protects Hoosier taxpayer's identities and refunds. The program includes an Identity Confirmation Quiz that you may be randomly selected to take. This is not a punishment. DOR just wants to make sure everyone gets their money. The quiz doesn't take long. It asks specific questions only you would know. But know that DOR will send a letter to anyone selected to take the quiz and will never and ask you for your personal information.
To learn more, check out DOR's Stop ID Theft website or visit the IRS website for additional tips, including a YouTube video on some new security measures to follow to protect yourself during the upcoming tax season.
Plans for the Weekend? Celebrate "National Use Your Gift Card Day" on January 16th
Easy-to-Follow Tips Will Help You Avoid Scams, Prevent Cyber Criminals from "Re-Gifting" What's Yours
January 15, 2021
The popularity of gift cards is undeniable. It's estimated that more than half of Americans purchased gift cards during the 2020 holiday season.
According to a recent report, it's expected that the gift card market in the U.S. will reach $221.1 billion by 2024 (from $163 billion in 2019), with Millennials and Gen Z consumers driving much of the sales.
Of course, as with a lot of things we try to protect, cyber criminals are already out there trying to steal your gift cards for themselves, even BEFORE the cards are purchased.
So, as you get ready to redeem your gift card, either online or in-store, you'll want to follow some simple steps from Bolster Research to stay safe and enjoy your shopping experience, including:
- Look closely at the card to make sure none of the protective stickers have been removed or that the codes on the back of the card haven't been scratched off to show the PIN number.
- If you haven't already, register the card, change the security code and the PIN and use the card as soon as you can, so as to lessen the opportunity for the card to be lost or stolen.
- ALWAYS be sure to go directly to the retailer's website -- by typing the store's URL into your browser -- to confirm or check the gift card balance. Bogus websites, links, e-mails and text messages exist in a variety of different forms to make it look as though they are trying to "help" you. Instead, what happens is that your gift is stolen, along with your personal and financial information.
It's also a good idea to overspend the amount of the gift card to avoid leaving any sort of balance. It also enables you to hand the card over to the retailer to recycle it. Purchasing a small useful item, such as lip balm or treating yoursef to a small chocolate candy, is a good way to complete the purchase.
In doing so, you'll be able to treat yourself to something nice. And that's a bigger deal than you might think. Recent statistics from Mercator Advisory Group Inc. indicated that $3.5 billion in gift cards went unredeemed last year.
Here's to having a safe shopping experience!
National Clean Off Your Desk Day - Perfect Time to Get "Cyber-Organized"
January 13, 2021
In case you missed it, Monday, January 11th was National Clean Off Your Desk Day.
Not to worry, though, as there's plenty of time this week -- as the New Year begins -- for you to clear away the clutter that's ON your desk.
And it's a great time to get "cyber-organized" -- involving everything from tidying up your computer files to creating new passwords. First, a quick bit of trivia.
You might be interested to know that the person credited as the founder of National Clean Off Your Desk Day is A.C. Viero of Clio, Michigan. No word on what he (or she) might've done to earn the honor.
But, it's safe to say that we'll be a little happier and more productive following 8 best practices for refreshing your cyber life, as recommended by Information Security Services at UCLA, including:
- Reviewing your online accounts
- Updating your Internet-connected devices
- Tuning up your web browsers
- Purging old digital files
- Locking down your login
- Refreshing your online presence
- Backing up your files
- Disposing electronic devices securely
Preparing your workspace -- whether you're continuing to go into the office, working remotely, or your office is at home -- will help you stay positive and focused.
And don't forget when you are cleaning your desk to be sure to never write your passwords down where everyone can see (even if you are at home); always lock away confidential information or information with personal identifiable information when you are not using it, and lock your computer screen when you step away. Because when you, your co-workers, your spouse, or even your kids are on video calls or have guests in your home, you never want to be that person who shared too much because you didn't take the steps needed to protect your and other's information.
Whether you've already finished getting things cleaned up or it's a task that's still on your "to do" list, visit the Indiana Cybersecurity Hub for the latest news, tips and information to help you stay safe online. A statewide resource, the Business section of the website features content that's timely and relevant and will help you build on your cybersecurity knowledge and improve the readiness of your business or organization to guard against potential cyberthreats.
What's more, it'll give you a head start on National Clean Your Virtual Desktop Day on October 18th!
Reason to Celebrate - Cybersecurity: Technologies That Protect Us
January 6, 2021
Today, we celebrate #NationalTechnologyDay!
Established in 2016, #NationalTechnologyDay recognizes the way technology changes our world, and it honors the achievements, made through time, that have an impact on our daily lives.
After all, we use products that are designed and manufactured using the latest technologies. In turn, these advancements enable us to do everything from keeping us organized while using our smart phones to monitoring the control systems in our vehicles that we rely on to safely drive down the road to work or take our kids to school.
And just as technology connects us and keeps us safe and healthy through the products we use, cyberseurity refers to the "...body of technologies, processes and practices designed to protect networks, devices, and programs, as well as our personal and financial data from an attack, damage or unauthorized access.
As we begin a New Year, there are lots of opportunities to celebrate our cyber technology successes and it starts, simply, by our continuing to follow (as we've done all through the Pandemic) recommended best practices, as suggested by CISA (U.S. Cybersecurity Infrastructure & Security Agency).
- Keep your software up to date
- Run up-to-date antivirus software
- Use strong passwords
- Change default usernames and passwords
- Implement multi-factor authentication (MFA)
- Install a firewall
At a time when, seemingly, everything we do online relies on computers and our internet access, including our ability to communicate, entertainment, transportation, shopping, even our medications, it's a reason to use technology to protect ourselves and experience the peace of mind that comes from knowing that we are safe and secure.
For other helpful tips and resources about ways you can use technology at home, at work, or at school, visit our Cybersecurity Hub Page. Check out our podcast or follow us on social media on Twitter or visit our Facebook page.
The New Normal -- What Is It? And, Yes, It's Here to Stay
December 30, 2020
The New Normal. We've all heard it. But what is the New Normal anyway? How is it changing our lives? Perhaps, forever.
On top of the many things that has happened in 2020, another life-changing trend toward online shopping and no-contact pickup and away from shopping in-store has changed. Consider, in the span of less than three weeks - between April 1st and April 20th of 2020 - online shopping, including in-store and curbside pickup increased 208 percent. And it has only continued to grow.
Since that first initial jump, those figures have accelerated dramatically. According to the U.S. Census Bureau, e-commerce sales amounted to $212 billion in the three months ending in June, accounting for 16.1 percent of the country's total retail sales ($1,311 billion). That's an increase of 4.3 percent compared to the first quarter of 2020 and it's up from 10.8 percent in Q2 2019.
With the shift, consumers are learning how to utilize the best practices for staying cybersafe while shopping online for those Christmas returns or those semi-annual sales we love so much, including:
- Being careful and intentional with the stores you shop at, especially when visiting their websites (look for https:// in front of their website URL) to protect your financial and personal information.
- Watching your email closely for possible email scams. If you're not sure of the source, don't click on the email and delete it!
If you believe you've been a victim of identity theft, be sure and visit the Indiana Cybersecurity Hub page to learn the steps on how to Report a Cyber Crime.
Another trend following Hoosiers into the New Normal is working remotely. For a lot of us, the home office is rapidly becoming a permanent part of our home and it's important to understand how to keep you and your work safe.
We wrote about Working From Home Long Term in a previous blog, but in case you missed it, here's a reminder of some of the cybersecurity tips to help you, including:
- Updating your passwords consistently and keeping strong passwords is important to protecting your work and personal accounts safe.
- Being sure you keep your passwords a secret and you don't reuse old passwords, and to make a password changing "schedule" to keep things current and safe.
- Adding antivirus software to your devices. Most devices come with some sort of basic antivirus software, but upgrading to a more sophisticated antivirus software will help ensure that you are better protected against the possibility of a cyberattack.
- Making sure, too, you change any default passwords (i.e. routers) as an added measure of protection when purchasing and/or installing any new equipment.
As we've already discovered, the New Normal isn't always easy, but it's becoming something we're getting better at doing, especially as we try and get through it all.
As Indiana's Cybersecurity Hub, we want to make sure that Hoosiers are equipped with all the tools they need to keep themselves and their families safe. To get the latest, be sure to subscribe to our blog, on Twitter or visit our Facebook page.
Here's to a Cybersafe New Year!
Protecting Your Personal Information Key to Safe, Secure Holiday Shopping
December 18, 2020
With the holiday shopping season in full swing, it's a good idea to make sure your personal data is protected -- whether you're heading out to the stores, logging into a laptop or using your phone to visit your favorite retailers. Why's that important?
According to new data from Qubit, half of consumers now do more than 75 percent of their shopping online, a trend that is expected to continue. Just last month, Americans spent a record $10.8 billion online on Cyber Monday, up 15 percent from last year, making it the largest online shopping day in U.S. history, according to Adobe Analytics.
That kind of sales activity adds up to a whole lot of opportunities for cyber criminals to steal your personal information -- and your money. With that in mind, time's running out and there's only a few days left to finish your shopping, so remember before you go, be sure to:
- Do business with reputable vendors/retailers and if you've never heard of them, do your homework before you buy from them.
- Check the URL for "https" to ensure you are on is encrypted, especially when you are sharing your personal and financial information.
- Check your bank and credit card statements for any unauthorized payments or payments that are much more than you approved to be taken out.
- If you have to go to a store, limit what you carry; bring with you only the identification and credit/debit card you need or plan to use and, of course, your mask!
For more easy steps you can take to protect yourself while doing your holiday shopping, click here, There's also good advice from the U.S. Trade Commission (FTC) on ways to keep your personal data protected. And for more information about how to keep your personal information secure, Hoosiers can visit the Indiana Cybersecurity Hub for the latest tips, resources and more.
Working From Home Long Term - What You Need to Know
November 25, 2020
So, you're working from home until 2021. What now? How do you manage working from home and managing distance learning with the kids? As working from home long term becomes more of a reality for Hoosiers, it's important to make sure you have all the tools you need to be successful, as well as safe and secure, during these unprecedented times.
First, it's important to maintain a solid schedule throughout the workday to keep yourself on track. Making a schedule and keeping to it will help to make it easier to work in an environment you'd prefer to relax in (come on, we'd all prefer to relax at home than work). Keeping to a schedule will help you be more productive and create an environment that is more conducive to work. And, if you can, finding a specific place in your residence, whether it's the kitchen table, guest room, or a designated home office to work from every day will make every morning seems "normal". It will also help you seem like you are "going to work" rather than just working at home.
Another way to make working from home long term a little easier to put in place cyber protections. Protecting your work information from cyberattacks will make it easier to protect you and your company's files and resources. Creating strong passwords and updating them frequently will provide greater protection against attempts to access your work, as well as your personal email and social media accounts.
Making sure your personal and work laptops are equipped with anti-virus and anti-malware programs is an easy and effective way to protect your information and your hard work from cyberattacks. Most new laptops come with some sort of anti-virus software already installed, but it's important to be sure to check that it is updated and actively working. Many employers require their employees to use a VPN (Virtual Private Network) when working in databases, but if your employer doesn't, it's a good idea to purchase a VPN in order to maintain a greater level of privacy when working on important documents. Keeping yourself and your work safe from cyberattacks will make working from home a little less stressful, and you won't have to worry about losing any of your hard work.
Many people working from home these days are working alongside their children while they work on their remote learning. As families have taken on the new responsibility of managing, along with teachers, the education of their children, it can distract from working from home. It's important to set boundaries within your family of when it's time to work and when it's time to play and it's a good idea to create a functional schedule for the day; it will help increase both your productivity and your happiness.
The main piece of advice for working from home is to have a plan and go with the flow. Current health situations are changing every day, and it's important to be flexible and work with your employer and your children's school to stay current on the latest protocols and concerns. Working from home might not be ideal, but it's part of our "new normal".
Creating a Secure Password - 5 Tips to Keep You and Your Personal Information Safe
November 18, 2020
We have passwords for everything. Social media, email, bank accounts, cell phones, computers...the list goes on and on. It's so difficult to remember all of your passwords, so it's tempting to make them easy, short or the same as all your other ones.
Having the same passwords for all your accounts puts you more at risk for cyberattacks and identity theft, and so does having simple passwords. Here'are some for creating strong passwords that will help protect your accounts from potential cyberattacks.
Don't use the same password for every account. This seems like a no-brainer, but it really makes the difference. Varying your passwords for each of your important accounts can protect you from experiencing a massive cyberattack of all your personal information. Each password might be hard to remember, but having different passwords for every account will save you a lot of stress in the long run.
Make your passwords long and nonsensical. Longer passwords are harder to guess, so potential hackers will have a harder time guessing each character of your password correctly. Passwords without specific words in them are also harder to guess, so using a combination of nonsense letters, numbers and symbols will make for a stronger, more secure password. For example, you could use the letter "o" in place of the number zero ("0") or use the number "3" in place of the letter "e". This will make words harder to guess, and, thus, provide you with more secure passwords.
In doing so, use a combination of uppercase and lowercase letters, symbols, and numbers when creating passwords. Most sites have reqirements for what a password must contain, but for sites that don't, make it a habit to use a variety of characters within your password.
Steer clear of using personal information in passwords. It's tempting to use your Mom's maiden name as the base of your password, but any hacker can find that on social media and use it to guess your password. Rather than using names or birthdays of family members, you can use the names of random objects, like the word "desk" or "candle".
Change your passwords often. Varying your passwords every few months will make it harder for a hacker to know which password you're currently using for a specific site and can ultimately help prevent hacks of your accounts.
Creating and using strong passwords is a simple way to ensure your information is safe and secure from cyberattacks. Make strong and cybersafe passwords a priority!