Welcome the DOTComm Cyber Security Portal!

Safe, secure and stable. We work everyday to make sure our clients receive the protections and education they need to be productive in an ever evolving digital world. By constantly updating our networks, hardware and applications to conform to industry standards and by working closely with our end users on safe computing practices, we aim to make our environment as secure as possible.

Need Support?

Call 402-444-3663

Cyber Security Awareness 2017

Week 3 Cyber Tip: Kevin Ruins Everything

By IT Security Team Oct 26 2017
Week 3 Cyber Tip: Kevin Ruins Everything-image

Kevin Ruins Everything (1).png

 

It wouldn’t be cybersecurity month if we didn’t remind you of a few things to pay attention to in order to stay secure online.

When you get into your car and drive to the grocery store you're looking out for blinkers, road signs, and other hazards on the road.  You don’t think about it because it is a habit that has been formed in your mind.  Similarly, with cybersecurity, you need to work on these things regularly to keep yourself safe and develop habits that will help you stay secure.

What Privacy?

Everyone likes phone apps.  They let us connect to the world and get breaking news in an instant.  We aren’t going to tell you to not use apps that you want.  However, we want you to think about the application and read the popup messages your phone is giving you. Your phone is probably warning you of potential privacy concerns.  It is letting you know what permissions that application will require on your phone.  Here are a few examples:

 

give-permission-to-use-location.png

 

Super-Bright-LED-Flashlight-on-Android.png

 

 

Think about if a flashlight app really needs to see your contacts or your Wi-Fi settings. Perhaps something your child wants to download for their favorite game needs to access your location or camera. Do you want the application to know the exact location of you or your child’s phone? Instead of just blindly accepting the permissions for the phone, examine them and think about them before you install.

Keep on Rolling

Whenever you get an email, hover over links to make sure they are going where they say they are going. Hovering over a link brings up a small text box at the bottom of your screen or right by your cursor that you can use to verify where the author wants you to go. It’s easy to make something that looks like a hyperlink and have it not go to the right place. As an example, click Here to read about new changes to DOTComm! See how that works? The link sent you to Youtube.com, but you thought you were going to read something about DOTComm. This is most important when you get an email that looks legitimate and references your login information but can be anywhere in email or on the Internet.

Get to the Root

Speaking of login information, when you get an email telling you to “Click here to change your username and password”, it is safer to go to the actual website in a separate window and change your login information rather than clicking the button in your email. Remember the email scandal at the end of last year? The hackers were able to get into the system because they used a spear phishing campaign to get the login information of the servers. They sent an email requesting someone to click the link to reset their username and password. The link went to a separate website that looked very similar to what Gmail's login looks like. When the person entered the updated credentials, the server saved the login information, then forwarded it to Google so it would seem like nothing was out of the ordinary.  The hackers now have the username and password to your most important online account.

 

Hope you found these tips useful.  If you ever have any questions about security items, please contact DOTComm Technical Support Services.

Read More

Week 2 Cyber Threat

By IT Security Team Oct 18 2017
Week 2 Cyber Threat-image

 

Continuing with our Cyber Security tips, this week we are going to be talking about encryption. We made this infographic for you to understand the basics of Encryption and how it impacts your Internet usage at work and home.

Without encryption technology our daily lives would be more like living in years past.  Hyvee and Amazon wouldn’t be selling their goods online, you would still have to visit the bank often, and you would be using a lot more stamps.  Encryption allows us to trust the privacy of online transactions and gives us confidence that information is secure.

A big thank you to everyone that filled out last week's quiz.  We had over 90 responses! If you want to test your knowledge of encryption try this week's quiz. Hint: 60% of the answers are in the infographic.

Don’t forget about the speaking events happening this week. Nebraska CERT is meeting tonight from 7-8:30 PM to talk about DARPA’s Cyber Grand Challenge and tomorrow Ken Schmutz from the FBI is speaking at a Heartland International Institute of Business Analytics meeting from 11-1.

Read More

Week 1 Cyber Tip: Online Threats

By IT Security Team Oct 12 2017
Week 1 Cyber Tip: Online Threats-image

It’s time for Cyber Security Awareness Month Tip #1.  Today’s tip is about Online Threats.  It is always smart to stay updated with what kinds of threats are out in the wild and understand what the correct terminology is.

Check out this infographic published below by the security vendor ZoneAlarm. It outlines the different kinds of online threats that we are facing on the Internet today.  

As always, if you believe your computer is affected by any of these threats please alert DOTComm Technical Support Services.

Think your cyber security skills are sharp?

Be sure to fill out the questionnaire each week

  • The top three winners at the end of the month will be given a Halloween themed gift basket!

Also, reminder that we update our Cyber Security Portal with fresh information. You can take a look at that:

https://www.dotcomm.org/cybersecurity

 

online-threats-101.png

 

 

Thanks,

The DOTComm IT Security Team

Read More

Cyber Security Training

 

StaySafeOnline

By IT Security Team Oct 12 2017
StaySafeOnline-image

Powered by the National Cyber Security Alliance, StaySafeOnline.org has a plethora of resources available to anyone who has an interest in cyber security. This site has information on a wide range of topics, such as securing your home network, ID theft, malware prevention, and much more.

Part of https://staysafeonline.org/stay-safe-online/, click below to take a workplace security risk calculator quiz and find out your score!

takequiz

Read More

Novalabs

By IT Security Team Oct 12 2017
Novalabs-image

Looking for something a bit more interactive? Nova Labs is hosted by PBS.org and offers a section in cyber security where users can play an interactive game and watch interactive videos designed to build your knowledge on how to detect potential threats.

https://www.pbs.org/wgbh/nova/labs/lab/cyber/

Read More

Stop.Think.Connect.

By IT Security Team Oct 12 2017
Stop.Think.Connect.-image

STOP. THINK. CONNECT. is a coalition of private companies, non-profits, and government organizations with a mission to keep people safe online. President Barack Obama declared STOP. THINK. CONNECT. the national cybersecurity awareness campaign during his Presidential Proclamation of National Cyber Security Awareness Month in 2010. Here you will find a plethora of resources to help promote cybersecurity awareness in a community driven atmosphere.

https://www.stopthinkconnect.org/

Read More

Privacy Training 

By IT Security Team Oct 07 2017
Privacy Training -image

This module is a great way to train employees on the proper handling of all forms of privacy data. Some examples might include HIPAA, social security numbers, financial information, and other forms of private information.

This module will guide you through some of the basics when it comes to protecting private information. We recommend launching the training in full-screen mode to get the full effect, enjoy!

Read More

User Awareness Training 

By IT Security Team Oct 05 2017
User Awareness Training -image

The user awareness course takes you through some of the general themes among cyber security. This module will show you how to keep passwords safe, steer clear of malware, watch out for scams, and much more. Anyone who's starting their knowledge of cyber security awareness should start here!

This module will guide you through some of the basics when it comes to cyber security. 

 

Read More

Google Phone

By IT Security Team Feb 02 2017
Google Phone-image

The phone hackers are at it again. This time in the form of an official app on the Google Play Store called EnergyRescue. The malicious application was found by Check Point and was made to steal text messages and contact information from your phone, lock it, then demand up to $180 for the unlock codes. This is interesting as it is generally understood that apps from official sources are much more secure than third party applications. The application has since been taken off the Play Store but it just serves as a reminder that we need to be aware of what we download when we are looking for applications.

How do we know when an application might be malicious? Always make sure when you look at what permissions the application wants when you download it. Think about what the app reasonably needs access to. Is there a reason why a battery saving app needs access to your contact list? Or a camera app needs access to your email? If you're reading through the desired access of the application and something strikes you as odd, just don’t download it.

If you would like to read the full article click the link below.

http://www.darkreading.com/mobile/google-removes-ransomware-laden-app-from-play-store/d/d-id/1327977

Read More

Netflix scam

By IT Security Team Feb 01 2017
Netflix scam-image

Recently people have been falling victim to a new type of ransomware that encrypts specific files on the victim's computer. The targets are people who are attempting to gain free access to video streaming services such as Netflix. This new ransomware is known as RANSOM_NETIX.A. The way it works is people go to the website hoping to get free login credentials from the website. After they click on the “generate login” button, the ransomware dives into their computer and encrypts files in the C:users/ directory. The ransomware seems to only work on windows 7 and 10 PCs at the moment. If the program finds itself on an environment that isn’t what it wants, it simply destroys itself.

An easy way to make sure that you don’t get hit by this ransomware is to don’t go to sketchy internet sites and try to get free Netflix login credentials.

If you would like to read the full article click the link below.

http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012?_mc=sm_dr&hootPostID=22e37aed8a29f26571630ac2a00fed49

Read More

DOTComm Tech Fair 2016 Cyber Security Speaker Presentation

By IT Security Team Oct 20 2016
DOTComm Tech Fair 2016 Cyber Security Speaker Presentation-image

Here is the slides from Kevin Russell's Cyber Security presentation. In here are tips and trick on how to be safe on the Internet for you and your family.




 

Read More

Google Account Security

By IT Security Team Sep 25 2015 ( Reviewed On : Oct 12 2017 )
Google Account Security-image

In this page we'll discuss some of the security features you can utilize within your Google account. Keep track of the devices that are connecting to your account, adjust privacy settings, and much more.

In the My Account section of Google, you can gain quick access to settings and tools that let you safeguard your data and protect your privacy. This process only takes a few minutes and can give you great insight into what is happening in the background in terms of security and privacy.

 

Security Checkup!

security checkup

 

1. Simply go to the My Account section in the upper right-hand side of your browser.
2. Under the Security Checkup title, click GET STARTED.
Google will walk you through a few short steps on what devices are connecting to your account and the kinds of permissions that they have, simple as that.

 

Privacy Checkup!

 

privacy checkup

 

1. Simply go to the My Account section in the upper right-hand side of your browser.
2. Under the Privacy Checkup title, click GET STARTED.
The Privacy Checkup section takes you through a few more items on your account. You can adjust settings like what information you share with others, what information is gathered on you, and even advertisement settings based on your personal preferences.

Click here to view some additional steps you can take to can secure your Google account!
Want more information on how Google keeps your information safe?
https://privacy.google.com/google-security.html
 
You'd like even more information, is that right? Click here to see Google's Transparency Report.
https://www.google.com/transparencyreport/?hl=en

 

 

 

Read More

Chrome Add-ons

By IT Security Team Sep 25 2015
Chrome Add-ons-image

This section goes through some of the Chrome web-browser extensions that will help build a more user-friendly and also safe, web browsing experience.

 

Wondering how Google protects our data?

Here are some extensions that can be added to the Chrome web browser for added security, ease-of-use, and so on. By no means are you obligated to install these add-ons onto your browser. Feel free to take a look at what we have to say or simply read more on the links provided!

encrypt web

HTTPS Everywhere - This chrome addon allows you to encrypt your web traffic activity by default whenever possible using the more secure HTTPS protocol. This allows for a more secure user environment online.Read More

ad block

Adblock Plus - Do you get sick of all the ads online? Adblock Plus is an add-on that will block many of the annoying ads, even the ones that are attached to YouTube videos.
Read More

 

 

web of trust

 

Web of Trust (WOT) is an add-on that uses the power of people coming together for a purpose online. WOT is a website reputation and review service that helps people make informed decisions about whether to trust a website or not. WOT is based on a unique crowd sourcing approach that collects ratings and reviews from a global community of millions of users who rate and comment on websites based on their personal experiences.
Read More

unnamed

 

 

Google Dictionary isn't exactly a security add-on, but this extension is useful nonetheless. This add-on allows you to highlight any word within a webpage, click the dictionary icon in the right-hand corner of your browser, and the dictionary gives you a full definition without the hassle of starting a new browser window.Read More

Read More

Two-Factor Email Authentication!

By IT Security Team Sep 25 2015 ( Reviewed On : Oct 12 2017 )
Two-Factor Email Authentication!-image

 

Google Authenticator - Do you have a personal Gmail account?

 

Adding another factor of authentication to your personal email can be one of the best decisions for keeping your email secure. Often times, we use our primary personal email as a way to log back into our accounts if we forget our passwords. So, protecting these email accounts is one of the most important things we can do to stay secure. Google Authenticator generates security codes on your smart phone which you use as part of the login process for your personal Gmail.

read more

 

windows auth

 

Windows Authenticator - The Authenticator app generates security codes on your smart phone that you can use to help keep your Microsoft account secure. This adds another factor of authentication into your email (something you know - which is your password and something you have - which is the code that is on your smart phone). So, even if a hacker is able to crack your password for your personal email, they will need the security code on your phone to gain access! You can add your Microsoft account to the app by scanning a barcode or by manually entering a secret key.

read more

Read More

News in Cyber Security

Staying ahead on trends in security is key to our success. Here is some of the latest news on what's happening today in cyber security.

Hundreds of Legitimate iOS Apps Infected by Malware, Removed From App Store

By Eric Ravenscraft Sep 21 2015
Hundreds of Legitimate iOS Apps Infected by Malware, Removed From App Store-image

Announced Sunday, hundreds of legitimate apps on the App Store have been infected by malware. The company has removed the infected versions. If you still have them installed, it's a good idea to stop using them for now.

The infection occurred when developers downloaded a counterfeit version of the Xcode software--used to develop iOS apps--from a Chinese server because it was faster than the primary US server. The result is that many legitimate app developers unknowingly published applications embedded with malware.

To read more and view the list of infected apps click below!

readmore

Read More

This email scam targeting businesses is a billion-dollar problem, FBI warns

By John Zorabedian Aug 31 2015
This email scam targeting businesses is a billion-dollar problem, FBI warns-image

The FBI is warning businesses to be on the lookout for emails sent by scammers to trick them into transferring money to fraudulent accounts.
Email scams have been around for decades, but old-school Advance Fee Fraud scams these are not.
The FBI calls this family of scams "Business Email Compromise" (BEC) scams, because they use phony emails that appear to come from a colleague or from a trusted supplier.

readmore

Read More

Target Says SEC won't pursue enforcement action as a result of data breach

By Dennis Fisher Aug 27 2015
Target Says SEC won't pursue enforcement action as a result of data breach-image

Target officials say that the Securities and Exchange Commission, one of several U.S. agencies investigating the massive data breach at the company in 2013, has decided not to punish Target as a result of the breach.
The Target data breach is one of the larger such incidents ever. The breach affected more than 100 million people and the attackers stole credit and payment card data, email addresses, physical addresses, and other personal information. Target has been hit with a number of suits and claims stemming from the breach, including claims by all of the major credit card companies. In its quarterly financial results filed earlier this week, the company said it has reached a settlement Visa that involves Target paying $67 million to Visa card issuers.

readmore

Read More

Ashley Madison hackers publish compromised records

By Steve Ragan Aug 18 2015
Ashley Madison hackers publish compromised records-image

The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.
In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.

Read More

Read More

IRS estimate of stolen tax records balloons to over 300,000

By Lisa Vaas Aug 18 2015
IRS estimate of stolen tax records balloons to over 300,000-image

In May, the Internal Revenue Service (IRS) - the US government agency tasked with collecting taxes - suffered a data breach in which attackers got away with the personal information of an estimated 100,000 taxpayers.
Fast-forward a few months and scratch that number.
In fact, the number of taxpayers' accounts that might have had personal data siphoned off by attackers is more than triple the original estimate, the IRS said on Monday.

Read More

Read More

Webcam spy sends couple photos of previous night's Netflix snuggle session

By Lee Munson Aug 14 2015
Webcam spy sends couple photos of previous night's Netflix snuggle session-image

This article shows the extent to which RATs (Remote Access Trojans) can control your computer. This particular situation occurred when a hacker turned on a couples webcam, while they were watching Netflix. Unbeknown to the couple, they were actually sharing their movie night with a third party who was watching them via the webcam on their laptop.

Read More

Read More

Car Hacking Gets the Attention of Detroit and Washington

By Dennis Fisher Jul 21 2015
Car Hacking Gets the Attention of Detroit and Washington-image

Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a method to compromise some Chrysler vehicles remotely and do things such as disable the transmission, and control the steering and brakes.

 

See more at - https://threatpost.com/car-hacking-gets-the-attention-of-detroit-and-washington/113878

Read More

Tech Corner

Here in the Tech Corner, you will find helpful configurations, tools, applications, and all sorts of topics related to security.

KeePass Password Safe

By IT Security Team Oct 12 2017
KeePass Password Safe-image

Below we showed you LastPass, but some of us may not like the idea of having our passwords stored in the cloud. Maybe you'd like the information stored only on your computer? If that's the case, then KeePass might be the password manager for you.

Read More

Read More

Flexera Personal Software Inspector

By IT Security Team Oct 12 2017
Flexera Personal Software Inspector-image

Want help keeping track of what needs to updated on your PC? Flexera Personal Software Inspector is a convenient app designed to help you keep all of the programs on your computer up to date. You can set it to complete automatic updates, or you can have the program notify you when updates are available and then install them manually. No matter how you choose to use Flexera PSI, you'll enjoy the smooth functioning of a full suite of updated programs all the time.

Read More

Read More

LastPass Password Manager Application

By DOTComm Security Team Oct 12 2017
LastPass Password Manager Application-image

LastPass is a password management application that allows you to store all of you passwords securely, in the cloud, without the worry of forgetting them later. LastPass encrypts your information both going to and from your PC, not even the company can read your information. The application has many features ranging from two-factor authentication, password generation, automatic password changing for certain websites, and the list goes on.

Read More

Read More

This $30 device defeats almost any keyless car or garage door

By Ms. Smith Aug 09 2015
This $30 device defeats almost any keyless car or garage door-image

You probably don't think about thieves when you unlock your car, but Samy Kamkar certainly does. The security researcher known for his droll (and scary) hacks has created a device called "Rolljam" that cracks the wireless entry systems used by car- and garage-door makers. He demonstrated it at Defcon 2015, and here's how it works. When a victim tries to remotely open their car with a fob, they'll notice it didn't work the first time. It'll appear to work the second time, but at that point, the thief will have stolen a code they can use to open your vehicle.

Read More

Read More

About DOTComm IT Security

The security community relies on the sharing of information to stay up-to-date on the wide range of emerging threats that exist online. Ultimately, this is a worldwide collaborative effort. Listed below are some great organizations and resources that are helping to push security in the right direction!

Policies & Procedures

By IT Security Team Sep 24 2015 ( Reviewed On : Oct 07 2017 )
Policies & Procedures-image

DOTComm Hardware Policy -- View

DOTComm Software Policy -- View

Enterprise Network Password Policy -- View

Network Connection Policy -- View
 
Network Vulnerability Handling Procedures -- View
 
Network Vulnerability Scanning Policy -- View
 
System Administrator Policy -- View

Read More

Back to Top