It’s unfortunate but true, much of the advice security pros offer to the public on how to protect themselves from hackers, can, shall we say, gets lost in the shuffle until disaster strikes. It’s human nature. The same can be so in industry -- employee error stands at or near the top for leaving doors open to cyber attackers.
Then there’s politics in the mix, with some politicians lining up with security pros and industry leaders, recognizing that staying ahead, or at least current, with the cyber security curve is good policy. New York City is a positive example, launching a well-supported new cyber security platform to protect users from intrusion while using local, public Wi-Fi networks and lock down their mobile devices as well. The program includes deployment on the LinkNYC network, which has 1,400 free Wi-Fi kiosks in the five boroughs and millions of users.
NYC Secure Initiative
The technology is Quad9’s and the security initiative, backed by mayor De Blasio and many others, is part of wider program called NYC Secure. Quad9 is a free, automated security solution launched last November that leverages the domain name system to block known malicious and bad websites by accessing some 18 threat intelligence feeds. One notable advantage is it doesn’t collect, store or transmit any personally identifiable information (PII). It’s the creation of the Global Cyber Alliance non-profit, the City of London police and the Center for Internet Security. Since its kickoff, usage has spiked 27-fold and its reach now extends to 150 countries. It blocks malicious activity ranging from phishing, ransomware, botnets and other bad stuff, according City representatives.
The Wi-Fi protection is the City’s first step with NYC Secure, followed later this summer by a smartphone protection app that detects suspicious activity on a user’s mobile device and warns them. City officials claim that New York is the first city in the world to provide such services to all residents and visitors free of charge. The whole deal is being overseen by the umbrella NYC Cyber Command (NYC3), which directs citywide cyber defense and incident response, mitigates cyber threats, and provides guidance to the mayor and some 100 local agencies.
NYC3 has directed that by the end of the year the Wi-Fi protection be provided by City agencies and related entities. Eighteen agencies and offices are currently using the platform for their internal networks.
“New Yorkers manage so much of their lives online, from paying bills to applying for jobs to engaging with government. NYC Secure will ensure that we’re applying the best and most effective protection efforts to help New Yorkers defend themselves online,” said de Blasio. And, Geoff Brown, the City’s CISO who also heads NYC3, said the program will “add an extra layer of security to personal devices that often house a huge amount of sensitive data.”
New York City, State Strengthen Cyber Stance
NYC Secure is the latest initiative underscoring the City’s determination to establish its position at the forefront of public and private security within its purview. For instance, early last year New York’s Department of Financial Services instituted new and sweeping cybersecurity requirements covering banks and insurance companies that could extend to credit tracking outfits.
And, late last year New York Attorney General Eric Schneiderman introduced a bill to safeguard consumer information called “Stop Hacks and Improve Data Security Act” (SHIELD) that will require companies to meet specific data security requirements including protecting stored PII.
According to AG Schneiderman’s Information Exposed: 2017 Data Breaches in New York State, New York law only requires a person or commercial entity conducting business in the to report a data security breach if it involves personally identifiable information. The law as it stands now does not require most companies to maintain reasonable data security other than if a company collects social security numbers. Last year, companies and other entities reported a record high 1,583 breaches to the AG’s office, exposing the personal data of 9.2 million New Yorkers. The reported data breaches in 2017 represent the greatest exposure rate of New Yorkers’ personal information since the NY AG started receiving data breach notices in 2006, the report said.