RISK MITIGATION EPISODE 8: HOW TO DO A CYBERSECURITY AUDIT

Listen here.


Hosts: Stacy Mandock, LSDS Collegiate Travel Program Lead / Research and Development Lead

Cliff Wilson, Customer Success Account Manager-CyberSecurity, Microsoft


Stacy Mandock provides support to the LSDS Risk Mitigation team as a program lead for collegiate and assists in doing the initial research for travel destinations and identifying potential concerns and/or risks before and during travel. Her specialty is working with collegiate travelers and ensuring that they’re thoroughly prepared before travel as well as tracking potential risks or threats throughout their trips.


Cliff Wilson is Customer Success Account Manager and cybersecurity enthusiast at Microsoft and cybersecurity Subject Matter Expert with Army Special Operations. Over the past 10 years, Cliff's experience as an IT and cybersecurity expert has allowed him to hold positions with Microsoft and 5th Special Forces Group as a security expert. Cliff was one of the first people in the Special Operations community to utilize Cyber authorities for cyber related missions within the Army. Cliff spends the majority of his time supporting federal groups at Microsoft, but his passion for security motivates and drives him to helping customers and others be successful.

On this topic: As we all have become dependent on technology, the need to know how to protect oneself from falling prey to cyber threats is more crucial than ever. In this podcast we will discuss types of cyber threats, best practices to combat data breaches and resources to learn more on how to protect data from being compromised.



Key Takeaways:

Devices, Social Media and Applications

☐ Always use a VPN (be sure to engage ‘kill switch’)(PIA VPN, ProtonVPN)

☐ Use end-to-end encryption applications for messaging and email (ProtonMail, Tutanota, Signal Messenger, Whicr Messenger, etc.)

☐Use multi-factor authentication (MFA) for programs and applications (Microsoft Authenticator, Authy, Google Authenticator, etc.)

☐Always review all settings and options to ensure you have the most private settings (private profiles, tracking off, don’t link accounts, disable automatic sharing, hide all activity, etc.)

☐Enable automatic updates and downloads (install updates ASAP)

☐Use a password Manager (KeePassXC, LastPass, BitWarden, etc)

☐Use anti-virus and anti-malware (Windows Defender, Malwarebytes, etc.)


Home Internet/Private Wifi and Public Wifi

☐Disable Wifi Protected Setup (WPS) on personal routers

☐Enable Firewalls and MAC filtering

☐Change default credentials for physical router and Wifi networks

☐Use Guest Networks (IoT devices, house guests, anything that isn’t your personal device)


Browsers and Browser Settings

☐Use a privacy and security friendly browser that is Open Source and trusted (Brave, Firefox, etc.)

☐Use browser add-ons that allow for additional privacy and security (Ghostery, Privacy Badger, Better Privacy, Add blocker, HTTPS Always, etc.)



Knowledge and Awareness

☐Educate yourself on phishing, scams, and other cyber related issues

☐Always be suspicious and analyze everything (don’t click links, don’t give additional information, etc.)

☐Don’t post important information (birthdays, locations, timelines, addresses, phone numbers, relationships, geo locations, vacations, work related information, etc.)

☐Don’t click short links (bitly, TinyURL, etc.)


Useful Links:

o https://haveibeenpwned.com/

o https://howsecureismypassword.net/

o http://www.checkshorturl.com/