It wouldn’t be cybersecurity month if we didn’t remind you of a few things to pay attention to in order to stay secure online.
When you get into your car and drive to the grocery store you're looking out for blinkers, road signs, and other hazards on the road. You don’t think about it because it is a habit that has been formed in your mind. Similarly, with cybersecurity, you need to work on these things regularly to keep yourself safe and develop habits that will help you stay secure.
Everyone likes phone apps. They let us connect to the world and get breaking news in an instant. We aren’t going to tell you to not use apps that you want. However, we want you to think about the application and read the popup messages your phone is giving you. Your phone is probably warning you of potential privacy concerns. It is letting you know what permissions that application will require on your phone. Here are a few examples:
Think about if a flashlight app really needs to see your contacts or your Wi-Fi settings. Perhaps something your child wants to download for their favorite game needs to access your location or camera. Do you want the application to know the exact location of you or your child’s phone? Instead of just blindly accepting the permissions for the phone, examine them and think about them before you install.
Keep on Rolling
Whenever you get an email, hover over links to make sure they are going where they say they are going. Hovering over a link brings up a small text box at the bottom of your screen or right by your cursor that you can use to verify where the author wants you to go. It’s easy to make something that looks like a hyperlink and have it not go to the right place. As an example, click Here to read about new changes to DOTComm! See how that works? The link sent you to Youtube.com, but you thought you were going to read something about DOTComm. This is most important when you get an email that looks legitimate and references your login information but can be anywhere in email or on the Internet.
Get to the Root
Speaking of login information, when you get an email telling you to “Click here to change your username and password”, it is safer to go to the actual website in a separate window and change your login information rather than clicking the button in your email. Remember the email scandal at the end of last year? The hackers were able to get into the system because they used a spear phishing campaign to get the login information of the servers. They sent an email requesting someone to click the link to reset their username and password. The link went to a separate website that looked very similar to what Gmail's login looks like. When the person entered the updated credentials, the server saved the login information, then forwarded it to Google so it would seem like nothing was out of the ordinary. The hackers now have the username and password to your most important online account.
Hope you found these tips useful. If you ever have any questions about security items, please contact DOTComm Technical Support Services.
Continuing with our Cyber Security tips, this week we are going to be talking about encryption. We made this infographic for you to understand the basics of Encryption and how it impacts your Internet usage at work and home.
Without encryption technology our daily lives would be more like living in years past. Hyvee and Amazon wouldn’t be selling their goods online, you would still have to visit the bank often, and you would be using a lot more stamps. Encryption allows us to trust the privacy of online transactions and gives us confidence that information is secure.
A big thank you to everyone that filled out last week's quiz. We had over 90 responses! If you want to test your knowledge of encryption try this week's quiz. Hint: 60% of the answers are in the infographic.
Don’t forget about the speaking events happening this week. Nebraska CERT is meeting tonight from 7-8:30 PM to talk about DARPA’s Cyber Grand Challenge and tomorrow Ken Schmutz from the FBI is speaking at a Heartland International Institute of Business Analytics meeting from 11-1.
It’s time for Cyber Security Awareness Month Tip #1. Today’s tip is about Online Threats. It is always smart to stay updated with what kinds of threats are out in the wild and understand what the correct terminology is.
Check out this infographic published below by the security vendor ZoneAlarm. It outlines the different kinds of online threats that we are facing on the Internet today.
As always, if you believe your computer is affected by any of these threats please alert DOTComm Technical Support Services.
Think your cyber security skills are sharp?
Be sure to fill out the questionnaire each week
Also, reminder that we update our Cyber Security Portal with fresh information. You can take a look at that:
The DOTComm IT Security Team
Powered by the National Cyber Security Alliance, StaySafeOnline.org has a plethora of resources available to anyone who has an interest in cyber security. This site has information on a wide range of topics, such as securing your home network, ID theft, malware prevention, and much more.
Part of https://staysafeonline.org/stay-safe-online/, click below to take a workplace security risk calculator quiz and find out your score!
Looking for something a bit more interactive? Nova Labs is hosted by PBS.org and offers a section in cyber security where users can play an interactive game and watch interactive videos designed to build your knowledge on how to detect potential threats.
STOP. THINK. CONNECT. is a coalition of private companies, non-profits, and government organizations with a mission to keep people safe online. President Barack Obama declared STOP. THINK. CONNECT. the national cybersecurity awareness campaign during his Presidential Proclamation of National Cyber Security Awareness Month in 2010. Here you will find a plethora of resources to help promote cybersecurity awareness in a community driven atmosphere.
This module is a great way to train employees on the proper handling of all forms of privacy data. Some examples might include HIPAA, social security numbers, financial information, and other forms of private information.
This module will guide you through some of the basics when it comes to protecting private information. We recommend launching the training in full-screen mode to get the full effect, enjoy!
The user awareness course takes you through some of the general themes among cyber security. This module will show you how to keep passwords safe, steer clear of malware, watch out for scams, and much more. Anyone who's starting their knowledge of cyber security awareness should start here!
This module will guide you through some of the basics when it comes to cyber security.
The phone hackers are at it again. This time in the form of an official app on the Google Play Store called EnergyRescue. The malicious application was found by Check Point and was made to steal text messages and contact information from your phone, lock it, then demand up to $180 for the unlock codes. This is interesting as it is generally understood that apps from official sources are much more secure than third party applications. The application has since been taken off the Play Store but it just serves as a reminder that we need to be aware of what we download when we are looking for applications.
How do we know when an application might be malicious? Always make sure when you look at what permissions the application wants when you download it. Think about what the app reasonably needs access to. Is there a reason why a battery saving app needs access to your contact list? Or a camera app needs access to your email? If you're reading through the desired access of the application and something strikes you as odd, just don’t download it.
If you would like to read the full article click the link below.
Recently people have been falling victim to a new type of ransomware that encrypts specific files on the victim's computer. The targets are people who are attempting to gain free access to video streaming services such as Netflix. This new ransomware is known as RANSOM_NETIX.A. The way it works is people go to the website hoping to get free login credentials from the website. After they click on the “generate login” button, the ransomware dives into their computer and encrypts files in the C:users/ directory. The ransomware seems to only work on windows 7 and 10 PCs at the moment. If the program finds itself on an environment that isn’t what it wants, it simply destroys itself.
An easy way to make sure that you don’t get hit by this ransomware is to don’t go to sketchy internet sites and try to get free Netflix login credentials.
Here is the slides from Kevin Russell's Cyber Security presentation. In here are tips and trick on how to be safe on the Internet for you and your family.
In this page we'll discuss some of the security features you can utilize within your Google account. Keep track of the devices that are connecting to your account, adjust privacy settings, and much more.
In the My Account section of Google, you can gain quick access to settings and tools that let you safeguard your data and protect your privacy. This process only takes a few minutes and can give you great insight into what is happening in the background in terms of security and privacy.
1. Simply go to the My Account section in the upper right-hand side of your browser.2. Under the Security Checkup title, click GET STARTED.Google will walk you through a few short steps on what devices are connecting to your account and the kinds of permissions that they have, simple as that.
1. Simply go to the My Account section in the upper right-hand side of your browser.2. Under the Privacy Checkup title, click GET STARTED.The Privacy Checkup section takes you through a few more items on your account. You can adjust settings like what information you share with others, what information is gathered on you, and even advertisement settings based on your personal preferences.
Click here to view some additional steps you can take to can secure your Google account!Want more information on how Google keeps your information safe?https://privacy.google.com/google-security.html You'd like even more information, is that right? Click here to see Google's Transparency Report.https://www.google.com/transparencyreport/?hl=en
This section goes through some of the Chrome web-browser extensions that will help build a more user-friendly and also safe, web browsing experience.
Here are some extensions that can be added to the Chrome web browser for added security, ease-of-use, and so on. By no means are you obligated to install these add-ons onto your browser. Feel free to take a look at what we have to say or simply read more on the links provided!
HTTPS Everywhere - This chrome addon allows you to encrypt your web traffic activity by default whenever possible using the more secure HTTPS protocol. This allows for a more secure user environment online.Read More
Adblock Plus - Do you get sick of all the ads online? Adblock Plus is an add-on that will block many of the annoying ads, even the ones that are attached to YouTube videos.Read More
Web of Trust (WOT) is an add-on that uses the power of people coming together for a purpose online. WOT is a website reputation and review service that helps people make informed decisions about whether to trust a website or not. WOT is based on a unique crowd sourcing approach that collects ratings and reviews from a global community of millions of users who rate and comment on websites based on their personal experiences.Read More
Google Dictionary isn't exactly a security add-on, but this extension is useful nonetheless. This add-on allows you to highlight any word within a webpage, click the dictionary icon in the right-hand corner of your browser, and the dictionary gives you a full definition without the hassle of starting a new browser window.Read More
Google Authenticator - Do you have a personal Gmail account?
Adding another factor of authentication to your personal email can be one of the best decisions for keeping your email secure. Often times, we use our primary personal email as a way to log back into our accounts if we forget our passwords. So, protecting these email accounts is one of the most important things we can do to stay secure. Google Authenticator generates security codes on your smart phone which you use as part of the login process for your personal Gmail.
Windows Authenticator - The Authenticator app generates security codes on your smart phone that you can use to help keep your Microsoft account secure. This adds another factor of authentication into your email (something you know - which is your password and something you have - which is the code that is on your smart phone). So, even if a hacker is able to crack your password for your personal email, they will need the security code on your phone to gain access! You can add your Microsoft account to the app by scanning a barcode or by manually entering a secret key.
Staying ahead on trends in security is key to our success. Here is some of the latest news on what's happening today in cyber security.
Announced Sunday, hundreds of legitimate apps on the App Store have been infected by malware. The company has removed the infected versions. If you still have them installed, it's a good idea to stop using them for now.
The infection occurred when developers downloaded a counterfeit version of the Xcode software--used to develop iOS apps--from a Chinese server because it was faster than the primary US server. The result is that many legitimate app developers unknowingly published applications embedded with malware.
To read more and view the list of infected apps click below!
The FBI is warning businesses to be on the lookout for emails sent by scammers to trick them into transferring money to fraudulent accounts.Email scams have been around for decades, but old-school Advance Fee Fraud scams these are not.The FBI calls this family of scams "Business Email Compromise" (BEC) scams, because they use phony emails that appear to come from a colleague or from a trusted supplier.
Target officials say that the Securities and Exchange Commission, one of several U.S. agencies investigating the massive data breach at the company in 2013, has decided not to punish Target as a result of the breach.The Target data breach is one of the larger such incidents ever. The breach affected more than 100 million people and the attackers stole credit and payment card data, email addresses, physical addresses, and other personal information. Target has been hit with a number of suits and claims stemming from the breach, including claims by all of the major credit card companies. In its quarterly financial results filed earlier this week, the company said it has reached a settlement Visa that involves Target paying $67 million to Visa card issuers.
The group responsible for the Ashley Madison hack published the compromised records on Tuesday, delivering on the promise made when the hack was announced in July. The compromised records include account profile information, personal information, financial records, and more.In July, a group calling themselves Impact Team leaked a selection of files that they claimed originated form Avid Life Media (ALM), the company behind adult playgrounds of Ashley Madison, Cougar Life, Established Men, and others.
In May, the Internal Revenue Service (IRS) - the US government agency tasked with collecting taxes - suffered a data breach in which attackers got away with the personal information of an estimated 100,000 taxpayers.Fast-forward a few months and scratch that number.In fact, the number of taxpayers' accounts that might have had personal data siphoned off by attackers is more than triple the original estimate, the IRS said on Monday.
This article shows the extent to which RATs (Remote Access Trojans) can control your computer. This particular situation occurred when a hacker turned on a couples webcam, while they were watching Netflix. Unbeknown to the couple, they were actually sharing their movie night with a third party who was watching them via the webcam on their laptop.
Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a method to compromise some Chrysler vehicles remotely and do things such as disable the transmission, and control the steering and brakes.
See more at - https://threatpost.com/car-hacking-gets-the-attention-of-detroit-and-washington/113878
Here in the Tech Corner, you will find helpful configurations, tools, applications, and all sorts of topics related to security.
Below we showed you LastPass, but some of us may not like the idea of having our passwords stored in the cloud. Maybe you'd like the information stored only on your computer? If that's the case, then KeePass might be the password manager for you.
Want help keeping track of what needs to updated on your PC? Flexera Personal Software Inspector is a convenient app designed to help you keep all of the programs on your computer up to date. You can set it to complete automatic updates, or you can have the program notify you when updates are available and then install them manually. No matter how you choose to use Flexera PSI, you'll enjoy the smooth functioning of a full suite of updated programs all the time.
LastPass is a password management application that allows you to store all of you passwords securely, in the cloud, without the worry of forgetting them later. LastPass encrypts your information both going to and from your PC, not even the company can read your information. The application has many features ranging from two-factor authentication, password generation, automatic password changing for certain websites, and the list goes on.
You probably don't think about thieves when you unlock your car, but Samy Kamkar certainly does. The security researcher known for his droll (and scary) hacks has created a device called "Rolljam" that cracks the wireless entry systems used by car- and garage-door makers. He demonstrated it at Defcon 2015, and here's how it works. When a victim tries to remotely open their car with a fob, they'll notice it didn't work the first time. It'll appear to work the second time, but at that point, the thief will have stolen a code they can use to open your vehicle.
The security community relies on the sharing of information to stay up-to-date on the wide range of emerging threats that exist online. Ultimately, this is a worldwide collaborative effort. Listed below are some great organizations and resources that are helping to push security in the right direction!
DOTComm Hardware Policy -- View
DOTComm Software Policy -- View
Enterprise Network Password Policy -- View
Network Connection Policy -- View Network Vulnerability Handling Procedures -- View Network Vulnerability Scanning Policy -- View System Administrator Policy -- View
Back to Top