JACK DODD TRAINS COUNTY EMPLOYEES

American shoppers shelled out $9.4 billion on Cyber Monday, setting a new spending record, almost 20 percent more than last year. Cybersecurity is a growing concern as the Christmas shopping season gets under way in record fashion.

Cybercriminals used a third-party vendor’s stolen username and password to break into a retailer’s systems and steal millions of credit card numbers.

Cabarrus County Cybersecurity Administrator Jack Dodd trains County employees on best practices and policies to protect information.

Cabarrus County was hit with a social engineering scam that resulted in the loss of $1.73 million, which was part of a $2.5 million contractor payment. Conspirators posed as representatives of the contractors in a series of emails that began last year.

First step: Know your data

“Who has access to it, how it floats around…know what’s out there,” he said, explaining that cellphone location tracking is one example.

Knowing who has your data is also important. Examples are Google, Facebook and other platform companies. “They have great leverage over the data you give them,” Dodd said. “And they take it, they hold onto it and they use it.”

Also, know how your data is shared. Normally, sharing is governed by a privacy policy and various user settings.

All these components comprise a user’s “digital footprint,” Dodd said. “That’s kind of your mark you leave out in cyberspace.”

Once you know the contents and location of your digital footprint, the next step is to …

Passwords: Hard is good

Dodd said use strong passwords. Longer passwords are better for security. Dodd also advised against using the same password for multiple accounts.

In a business setting, be sure to enforce policies to change passwords frequently. Don’t allow password sharing.

Office policy: Be vigilant

Block downloads from suspicious sources. Prohibit users from sharing company-owned laptops and mobile devices. Whether working or not, don’t access sensitive company data—or bank accounts—through public Wi-Fi.

Phishing: Don’t take the bait

Phishing involves the use of seemingly legitimate emails and other communications with links to “change” or “verify” passwords or other login credentials. Clicking these links can take you to locations designed to steal your login information.

Identify and avoid suspicious emails. This will help users avoid phishing attempts with URLs or attachments programmed to download malware into your network, Dodd said.

To get around direct emailed links, visit the site on your own, log in to your account and see if the message is replicated.

Bottom line: Be suspicious

Maintain a healthy dose of suspicion when you’re on the internet. Keep up with software updates, too