Cybersecurity Awareness Month: Recommendations from Hub Alumni Experts

We are pleased to share a compilation of cyber recommendations, tips, and resources from Hub alumni in honor of October’s Cybersecurity Awareness Month. In an increasingly digital landscape, cybersecurity has never been more important, and this month is a great time to check in on your cyber health!

Read below to see recommendations of tools and resources that positively impact the security of digital assets, personal information, and online privacy from Hub alumni working in the field.

Christine Keung, Partner at J2 Ventures and former Chief Data Officer for the City of San Jose and Fall 2021 Fellow, says, “Help desk is the new attack vector, and almost every business is vulnerable. The recent cyber attacks on MGM, Caesars, and Clorox have shed light on a critical vulnerability—the help desk—in bypassing Multi-Factor Authentication (MFA). In the case of MGM, access was gained in just 10 minutes, involving a simple LinkedIn search and a brief phone call to support where the ALPHV group impersonated an MGM employee and used social engineering to infiltrate a privileged access account on the network. I strongly recommend the implementation of “visual verification” for users attempting account recovery and the leveraging of solutions like Nametag that wrap MFA with automation to enhance the security of enrollment and recovery processes. Here is a resource on how to mitigate this new attack vector.” 

Devon Rollins, Vice President and Divisional Information Security Officer for Enterprise Data and Machine Learning at Capital One and Winter 2023 Tech Executive Leadership Fellow, says, “Updating your software to the latest versions, using multi-factor authentication, and installing an antivirus scanner are commonly recommended. In addition, I’d add to the list a personal practice I’ve long adopted: to check assumptions. Harm online is typically done by exploiting our human inclination to trust. Scrutinizing emails and taking the extra step of confirming their validity through a phone call or quick online search is time well spent. It can offer a moment of clarity and prevent you from falling prey to a scam.” 

Lana Ramjit, Director of Operations at Clinic to End Tech Abuse and Summer 2023 Nonprofit and Public Interest Fellow, says, “We don’t always feel the weight that digital privacy carries in our personal life, but sharing a password or a phone PIN with a partner can be the same as handing over a debit card or a house key. One way that we have the power to shift the conversation and perception is to demand equal respect for our digital boundaries in private relationships as we do for our physical boundaries, and to design technology that embraces boundaries over blame.”  

Matt Sievers, Site Reliability Engineer at Microsoft and Winter 2020 Fellow, says, “For resources, I would recommend checking out the new program Cybersecurity and Infrastructure Security Agency (CISA) just launched called Secure Our World. You can view the Launch Page with 4 security tips here, the Program Page with a helpful video here, and the very relevant Yourself and Families page here. My other recommendation is to make sure your phone has a screen lock enabled. Our phones are at the center of our worlds and need protection. PIN, Pattern, Face, Fingerprint – anything is better than nothing.”

Korene Stuart, Director of Programming at G{Code} and Summer 2023 Nonprofit and Public Interest Fellow, says, “Be cautious when clicking on email links or downloading attachments, especially if the sender is unfamiliar. Phishing attacks often use these tactics to compromise your online security. Always verify the sender’s legitimacy before taking action. A telltale sign of phishing is often grammatical or spelling errors in the email or message content. Legitimate organizations typically have professional communication standards, so if you notice language mistakes, it’s a red flag that the message might be a phishing attempt.”

Mikeal Vaughn, Founder and Executive Director of Urban Coders Guild and Summer 2023 Nonprofit and Public Interest Fellow, says, “I’m sure you’ve heard of using your “rockstar name” (the name of your first pet and the street you grew up on) as an easy way to make a social media handle or silly online content. Everyone loves a fun, social media opinion poll or quirky name generator, right? But did you just inadvertently share the answers to your security challenge questions with potential hackers? Be careful not to share personal or sensitive information for the sake of engaging with friends and family online.”

Steve Weis, Software Engineer at Databricks and Summer 2019 Fellow, says, “Use a password manager and generate unique, random passwords for every site. You can use built-in password managers that Chrome and iOS have, or external vendors like 1Password. Use a hardware Security Key (a physical form of authentication that provides access to accounts) or newer Passkey (a biometric sensor, PIN, or pattern), which you can read more about here, for multi-factor authentication. Yubikey is the leading hardware security key, and Chrome and iOS also support operating-system-based Passkeys by default now. Also, regularly apply updates to your phone, browser, and operating system to ensure you have the latest available security patches.”

If you want to learn more about cybersecurity, check out our past Hub projects on cybersecurity resources for small businesses here, improving medical device cybersecurity here, DEI in cybersecurity here, and a toolkit for enhancing bug bounty programs here.