Too often today’s news highlights another cyber-attack against a major entity across the globe. The U.S. is no different and a recent summary by the Identity Theft Resource Center mentioned that through June 30, 2017, U.S. data breaches “hit a half-year record high of 791.” That’s an increase of 29 percent over the same period in 2016. No segment is immune from these threats.
Over the past few years, cybercriminals and other malicious actors have targeted private companies, government agencies, social media networks, health care providers, universities and schools, non-profit organizations—the list goes on. Major entities such as: Target, the IRS, Verizon, LinkedIn, Anthem BlueCross BlueShield, New York University, the Democratic National Committee have all been the victim of cyber hacks.
The reality is that if you live any part of your life in the online world, as virtually all of us do today, you are at risk of being the victim of hackers. That means we all need to get serious about cybersecurity.
October was National Cybersecurity Awareness Month, designated to raise public awareness of the emerging threats we face in today’s world of mobile computing and always-on connectivity, though everyday is a great time to commit yourself to getting smarter about the security of your digital life.
Project Invested has been working the cybersecurity beat regularly for the last several years, since it’s an issue of critical importance to the capital markets, the financial industry and the general public. If you’re looking to get smarter about cybersecurity—and again, we all should—here are some valuable resources to get you started.
Advice for consumers: How to protect yourself
Feeling beaten down by the torrent of hacking alerts and media accounts detailing data breaches and other cyber incidents? You may be suffering from “security fatigue,” leading you to fail to take steps to protect yourself. Don’t fall into the trap of giving up.
It’s true you can’t protect yourself 100% from having your data compromised by hackers, unless you’re prepared to shut down all your online accounts and move into a cave. But there are a few relatively easy steps you can take to start protecting yourself and your data.
- Project Invested detailed some of those precautionary steps, including having a smart password strategy, taking care when logging on to public networks, and being aware of the signs of hacking or fraud, in this 2017 post: Worried About Hacking? Resolve to Boost Your Cybersecurity
- For a more detailed look at how you can protect your financial life from cyber attackers, this brief 12-page guide from the Federal Deposit Insurance Corporation (FDIC) is an essential read (opens as PDF): A Bank Customer’s Guide to Cybersecurity (2016)
Advice for parents and teachers: How to protect your kids
It’s been suggested that today’s young people are “digital natives,” with a deeply intuitive grasp of computers, mobile devices, gaming and Internet technologies based on interacting with these technologies from a very early age.
That may be true, but younger generations still face online threats they may not be prepared to recognize and combat. That’s where parental and adult supervision and guidance can play a critical role in helping them to make good decisions in their online lives.
- The National Cybersecurity Alliance (NCSA) offers excellent resources for parents to help kids navigate the challenges of security, privacy, cyberbullying and more: Raising Digital Citizens
- Educators can also play an important role in teaching kids to be more aware of the potential risks of life online. Check out the NCSA’s collection of lesson plans and classroom materials for students at various educational levels.
Advice for entrepreneurs: How to protect your business
Small businesses have special cybersecurity concerns that go beyond the basic guidance for consumers—not the least of which is that you may face legal liability if data you maintain on customers or clients should be compromised. A carefully designed and executed cybersecurity strategy should be a key part of your company’s risk management plan.
- To get started, a great resource is the National Small Business Administration and National Cybersecurity Alliance page on cybersecurity for small business.
- Another good resource, geared toward financial industry firms but potentially helpful for any business that deals with sensitive client data, is SIFMA’s briefer for small firms based on the National Institute of Standards and Technology’s security guidelines: Cybersecurity Guidance for Small Firms
Advice for job seekers: Consider a career in cybersecurity
If you’re a college student preparing to select a major, or if you’re already in the workforce but considering a change of pace, consider making cybersecurity a part of your professional portfolio.
Demand for trained professionals with the technical skills to prevent, detect and recover from cyberattacks is expected to continue growing. If you can stack those technical skills with an industry-specific specialty, such as a background in finance, you’ll likely find a wealth of opportunities for good-paying jobs.
- Check out this Project Invested post on cybersecurity careers: Careers in cybersecurity are growing fast
About the financial industry’s efforts to protect your data
“Cyber security is a C-Suite and Board level issue and has been a top industry priority for several years. The financial services industry is top target facing tens of thousands of attacks each day. We are constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, industry exercises, and close coordination between the financial sector and the government including our regulators,” stated Ken Bentsen, president and CEO, Securities Industry and Financial Markets Association.
Cybersecurity is a key priority for the financial industry, given the urgency of protecting the financial community’s clients, data and networks from theft and disruption.
To that end, the financial industry has advanced a number of wide-ranging cybersecurity initiatives to protect both critical information infrastructure and to safeguard client information. The industry focuses on cyber defense, preparedness and resiliency in the event of an incident.
- For more information on industry initiatives to reduce the risk of hacking and other cyber threats, check out this Project Invested post: Cybersecurity: Six Ways the Financial Industry is Leading the Way
- To learn more about what’s next on the industry’s agenda for cybersecurity policy, read SIMFA’s April 2017 comments to Treasury Secretary Steven Mnuchin advising on cybersecurity priorities: Cybersecurity in the Financial Sector: Industry Concerns and Activities
- For a look at how financial sector institutions collaborated with government regulatory and law enforcement agencies to enact a large scale cyberattacks simulation targeting the capital markets, read this summary of the lessons learned: Quantum Dawn 3: Industry Simulates Financial Cyberattack
Earlier this month, more than 900 participants from over 50 financial institutions, government agencies and regulators participated in the next iteration of the Quantum Dawn exercise, Quantum Dawn IV. which simulated a large-scale cyberattack on the financial markets. “It allowed us to update our playbooks and firms to update their playbooks on how they operate internally when they’re dealing with this, how they operate when they are communicating with other market participants and then how they are communicating with the government in looking for technical assistance. So, we learn things every time we do these tests and this is sort of an iterative process that we go through,” reflected Ken Bentsen in a CNBC interview following this year’s exercises. “The industry is getting hit by thousands of attacks every day. Cyber is a bigger criminal enterprise now than the illicit drug trade, so it’s something that you have to plan for every day.” A factsheet on the Quantum Dawn IV exercises provides additional details.
Learn more about National Cybersecurity Awareness at StaySafeOnline.org