Response from Russ Munisteri, CASP+, CEH, assistant director of education, MyComputerCareer.
Personally identifiable information (PII) can be defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. In other words, protect your data and protection involves knowledge and skill.
As an educational leader we need to provide the necessary training and skillset to raise awareness and educate students in information technology. Through IT certifications, students learn how to secure PII, harden networks and servers, learn the concepts of social engineering, and the importance of security. This can be provided to students through instruction, curriculum, and hands-on labs.
Social engineering needs to take the spotlight. The days of brute-forcing passwords and physically bypassing security are not as popular with threat agents and cyber-attackers these days. There is a faster way! According to NIST SP 800-61 r2, social engineering is an attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.
This concept is very low-tech, quick, and inexpensive to execute. If an attacker can earn your trust, the attacker will bypass most layers of security. Throughout my IT experience and education, social engineering is a topic that I stress on. Phishing, Vishing, Smishing, Whaling and Impersonation attacks is one side of SE, but what about the other side? Identity thieves, scam artists, governments, salespeople, disgruntled employees, and the list goes on. What about parents and children? The list below provides ways to reduce the likelihood of a social engineering attack:
- Keep your secrets a secret! Do not disclose personal information via email and text messaging.
- Assure you are utilizing a secure website BEFORE you click submit on any website (HTTPS).
- That awesome looking email that just came in. Where is the email from? Look at the email header prior to going any further.
- Is your computer clean? Patch management is essential for a healthy and happy computer!
- Install a reliable antivirus and anti-malware application.
- Clean desk policy.
- Following the latest IT trends to stay-in-the-know.
- Complex passwords. A minimum of eight characters (upper/lower case, number, and special symbol). N9AP[f:,
- Invest in a password vault application, such as 1Password.
- Social media accounts:
- Review the settings. Do not allow the public to have access to your information.
- Watch what you post.
- Strong login credentials.
- Always utilize a secure Wi-Fi network.
- Multifactor authentication.
- Mobile devices:
- Utilize biometrics, if available.
- Install the least number of apps.
- Patch management.
- Do not click on anything that is in question from an email or text message (SMS)
- Install a reliable antivirus and anti-malware application