Author Archives: npruden

What Is PII,  Why Should It Be Protected and Four Tips/Tricks to Protect Yours

Category : Cybersecurity , Latest

PII stands for Personally Identifiable Information and covers any information that could be used maliciously to identify or locate you. This can include things like your name, address, birthday, Social Security number, phone number or any other information that could be used to identify you.

PII should be kept safe because this information can be used for malicious intentions such as identity theft or fraud. Thieves will seek out as much information about their target as possible. For this reason you should be leary about providing any personal information, especially if it is unclear why it is needed. Here are some tips and tricks about how to protect your PII

Lock down your social media accounts
Do you share pictures and other information on social media? Do you have accounts on any social media platform? If so then you should make sure all of your information is private and you only are friends with people you know and trust. Think about what is potentially available on social media profiles: birthday, relationship status, employment information, location, schooling, and much more. To protect your accounts make sure you have two-factor enabled to make it more difficult for anyone to gain access to your account; make sure you use a unique and complex password; check your privacy settings to make sure your information is not public; resist the urge to share sensitive information online.

Resources:

Use caution on public Wi-Fi
When traveling or out an about be careful how you use public Wi-Fi. Criminals can setup “free” Wi-Fi with the intentions of gathering PII. To protect yourself, do not check any bank accounts or log into any other accounts that could be at risk while on a public connection. Research a VPN (virtual private network) solution that protects your privacy and will encrypt your traffic on public connections. Don’t set your device up to remember connections and/or make sure to forget any connections when you are done.

Protect Security Questions
You’ve seen those surveys that traverse the web; what is the name of your first pet, where did you graduate, who was your favorite teacher, share a memory about me. Do any of these things sound familiar? Possibly a security question? No matter how fun they seem do not participate in these surveys. That information can then be used to answer some of your security questions. A tip is to create bogus answers these questions and store them in a password manager.  For example: The security question for your banking account can be something like What is the name of your first pet? I don’t want to use my actual answer because people know that. Instead I’m going to let my password manager generate a response and I will store that in the manager and use that going forward.

Be aware of how your information is being used
Read Terms and Conditions when signing up for new services. When being asked for personal information make sure to only provide information you are comfortable with the requestor having. Do not be afraid to ask why they need to know that. Some places ask for Social Security Numbers when they may not need them. Don’t write information such as credit card and banking account numbers on paper forms.


What is Phishing? Why should I care?

Category : Cybersecurity , Latest

Phishing can be broadly labeled as an act where someone is targeted by someone else who is posing to be legitimate to gain confidential or sensitive information. There are other terms that are thrown out there when talking about phishing such as vishing, whaling, pharming, smishing and probably others!

What do these different terms mean?

  • Vishing – V for voice; think of it as voice phishing. These attacks come in the for of a phone call.
    Example: A call from someone stating they are your bank. They’ve detected fraudulent behavior on your account and they need to verify your identity by having you provide your debit card pin number.
    How to handle: Tell the caller that you will call in and call a back with a reputable customer service number (the back of your debit or credit card should have a valid number). NEVER give sensitive information over the phone if a call was not initiated by you.
  • Whaling – whaling attacks typically target high-profile employees like a Superintendent, Finance or Accounting employees. The goal of this type of attack it to get to someone who has the ability to authorize or process high value transactions.
    Example: An email comes through stating it’s from your Superintendent asking you to wire a large sum to a specific account or to provide employee payroll information
    How to handle: check the from address. Typically attackers will spell something wrong or use a different but similar domain name. Pick up the phone and call the person the emails is from to verify.
  • Pharming – This attack is where a scammer installs malicious code to force your device to go to a fraudulent website instead of the legitimate one.
    Example: you go to your banking website but the logo looks a little different and the login area has changed
    How to handle: make sure you are using an antivirus product and that you keep it up-to-date. Make sure you install any operating system updates. Lastly, if a site looks off do not proceed. Verify the changes. Ask a friend to check the site or check the site on a different device. If there are noticeable differences use your antivirus software to do a scan and proceed from there.
  • Smishing – S for SMS; this is SMS or Text Message Phishing. In this attack the attacker sends you suspicious text message that may ask you to install an application or click on a link and provide information.
    Example: You get a text message that states “You have been randomly selected to receive a $1000 pre-paid Visa gift card! Click this link to redeem your prize! www.youareawinner.com/winner1000”
    How to Handle: Notice that this is “too good to be true” and ignore the message. Delete it. Never click a link where you do not know the sender and expect the message.

Tips and Tricks to Spot a Phish

  • Hover over all links and make sure they are legitimate checking for misspellings, transpositions and extra characters
  • Do not trust emails, phone calls or text messages from unknown or unvalidated senders
  • If something seems off about a website trust your instincts and verify that the site is legitimate
  • Protect your personal information including but not limited to: username, password, baking information, employment information
  • Make sure anyone requesting information is who they say they are by verifying their identity in a different form from the request. Example a call from an unknown number saying they are with your security company; call the security company at the number you have and ask if they called
  • Don’t open attachments from sources you do not trust and use caution opening attachments from trusted senders

Are you ready to test your knowledge? Go to https://phishingquiz.withgoogle.com/ to see if you can spot the phish!


Facebook Hoaxes and Security Risks

Category : Cybersecurity , Latest

As our world becomes more intertwined in social media we need to be cautious with our profiles. Friends and acquaintances may post things about how to show friends you haven’t seen for years or notify you that they got a friend request from another profile appearing to be you. What do you do? How do you verify this stuff? Should you verify it?

Yes; verify, verify, verify!

One circulating Facebook is the posts about how to bypass the system to show posts from friends you haven’t seen in years. Following this does not change anything. Here is an example of some of the wording seen.

Facebook Security Hoax Example

Viral messages about your account being cloned have also been making the rounds for some time. Friends will message you or post on your wall that they’ve received a duplicate friend request from you. What should you do? Do not forward the message. Delete and ignore. If you are concerned that your account was cloned, search for the other versions of your account and then report any you’ve found to the site.

Facebook Message about a security item

Popular surveys or quizzes making the rounds can make your online accounts susceptible to risks. Think about this… You create an online account at your bank. They prompt you to create and/or answer 3 questions in case you forget your password. You pick 1) What’s your mother’s maiden name? 2) What’s your favorite color? 3) Make and Model of your first car.

Then you fill out one of the quizzes. You just identified answers to your security questions! Someone with malicious intentions could take this information and potentially obtain access to your account.

Facebook Personal Questions

Facebook Personal Questions

At the end of the day your security and the security of your friends and family should take priority. Think before you post. Is this information true? Does providing this information to the public put me at risk? And remember no matter how locked down your profile is, it is still on the internet which means it can be made public.

Verify information if you are not sure. Sometimes verifying from multiple news sources is needed.

Here are some good resources for verifying sources of information:
https://www.snopes.com/
https://www.factcheck.org/
https://www.politifact.com/

 


National Cyber Security Awareness Month

Category : Cybersecurity

What is National Cybersecurity Awareness Month (NCSAM)? A collaborative effort between federal and industry leaders to make sure all Americans have the resources needed to stay safe and more secure online. The National Cybersecurity Division within the Department of Homeland security has been observing NCSAM since 2004 with the goal to provide everyone with tips and best practices on how to stay safe online. For October 2018, here are the weekly themes with some tips and tricks that apply:

Week 1: October 1-5: Make Your Home a Haven for Online Safety

  • Basic cybersecurity essentials the whole family can deploy!
  • Back it Up → Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.
  • Keep a Clean Machine → Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats. Make sure you keep all connected things updated including phones and other smart devices.
  • Lock Down Your Login → Usernames and passwords are not enough to protect key accounts like email, bank and social media. Improve account security by enabling strong authentication tools such as biometrics or unique one-time codes (2-factor authentication).
  • Personal Information is Like Money. Value it. Protect it. → Info about you, such as your purchase history or location, has value. Be thoughtful about who gets that info and how it’s collected through devices, apps and websites that you use.
  • Secure Your WiFi Router → Set a strong passphrase (at least 12 characters long) for your Wi-Fi network. Keep it positive and easy to remember like “ILoveCyberSecurity!!”
  • Share with Care → Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you and others now and in the future.

Week 2: October 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity

  • CyberPatriot helps to inspire young minds towards careers in cybersecurity. Read more: https://www.uscyberpatriot.org/
  • NCSA’s Parent Primer for Guiding Kids to careers in cybersecurity is a free resource that you can use at home, school and in your community! https://staysafeonline.org/resource/ncsas-parent-primer-guiding-kids-careers-cybersecurity-2017/
  • DHSgov’s Scholarship for Service program can help students on a path towards a cybersecurity career career. Learn more → https://www.sfs.opm.gov/

Week 3: October 15-19: It’s Everyone’s Job to Ensure Online Safety at Work

  • STEP 1 to better securing your business → Learn how to identify your digital “crown jewels.” https://staysafeonline.org/cybersecure-business/identify/
  • STEP 2 to better securing your business → Build your cyber defenses around your businesses’ critical assets and systems. https://staysafeonline.org/cybersecure-business/protect/
  • STEP 3 to better securing your business → Know when something has gone wrong. The more quickly you know about an incident, the more quickly you can mitigate the impact https://staysafeonline.org/cybersecure-business/detect-incidents/
  • STEP 4 to better securing your business → Make and practice an incident response plan to contain an attack or incident and maintain business operations in the short term. https://staysafeonline.org/cybersecure-business/respond/
  • STEP 5 to better securing your business → Recover from the immediate aftermath of a cyber incident and build out your cybersecurity posture to help prevent future incidents. https://staysafeonline.org/cybersecure-business/recover/

Week 4: October 22-26: Safeguarding the Nation’s Critical Infrastructure

  • Turn on multi-factor authentication on at least one online account. Learn how → https://lockdownyourlogin.org/strong-authentication
  • When in doubt, throw it out: Links in emails, posts and ads are often how criminals try to steal info and gain access into critical systems. Learn More → https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/
  • November is Critical Infrastructure Security & Resilience Month! Learn about how you can keep these systems more secure. → https://www.dhs.gov/critical-infrastructure-security-resilience-month
  • Turn on automatic updates for your key devices. Having the latest security software can help better protect you from online threats and keep our Nation’s critical systems more secure. Get more tips → https://stopthinkconnect.org/resources/preview/tip-sheet-basic-tips-and-advice