Cybersecurity Resource Center
Own It. Secure It. Protect It.
October is National Cybersecurity Awareness Month and we are supporting the cause by being a 2019 Champion Organization. As a Champion Organization, we are dedicated to promoting a safer, more secure and more trusted Internet.
This year’s overarching message of – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and ecommerce security.
To assist business leaders and their organizations, we’ve gathered the following tips and tricks that will keep cybersecurity top of mind, while providing methods that increase security and protect against cyber attacks and data breaches.
In order to own your cybersecurity, you must understand your company’s digital profile. Constant connection provides opportunities for innovation and modernization, but also presents opportunities for potential cybersecurity threats that can compromise your organization’s most important personal information. Understand the devices and applications your employees are using every day to help keep your organization and information safe and secure.
- Never Click and Tell: staying safe on social media
- Update Your Privacy Settings: on key accounts such as social media
- Keep Tabs on Your Apps: best practices for device applications
Cybersecurity While Traveling
In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When your employees travel— whether domestic or international—it is important to encourage safe online behavior and take proactive steps to secure their Internet-enabled devices.
Tips for Your On-the-Go Employees
- If you connect, you must protect. Whether it’s your computer, smartphone, or other network devices, the best defense against viruses and malware is to follow your organization’s IT policies and procedures. When available, sign up for automatic updates and protect your devices with anti-virus software.
- Back up your information. Back up contacts, photos, videos, and other mobile device data to another device or cloud service in case your device is compromised and you have to reset it to factory settings.
- Lock your device when you are not using it. Set your devices to lock after a short time and use strong passwords.
- Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in.
Online Privacy & Social Media
Your employees are able to shop, bank, connect with family and friends, and handle medical records all online. And these activities require people to provide personally identifiable information (PII) such as name, date of birth, account numbers, passwords, and location information. Make sure your employees know what is acceptable when sharing personal information online to reduce the risk of becoming a cybercrime victim.
Online Privacy Tips
- Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time.
- Keep tabs on your apps. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Only download apps from trusted vendors and sources.
Internet of Things
Internet of Things (IoT) or smart devices refers to any object or device that is connected to the Internet. This rapidly expanding set of “things,” which can send and receive data, includes cars, appliances, smart watches, lighting, home assistants, home security, and more. #BeCyberSmart to connect with confidence and protect your interconnected world.
Why should we care?
- Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples include devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and tools that track eating, sleeping, and exercise habits.
- New Internet-connected devices provide a level of convenience in our lives, but they require that we share more information than ever.
- The security of this information, and the security of these devices, is not always guaranteed. Once your device connects to the Internet, you and your device could potentially be vulnerable to all sorts of risks.
- With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.
Cybercriminals are very good at getting personal information from unsuspecting victims, and the methods are getting more sophisticated as technology evolves. Protect yourself against cyber threats by implementing and enforcing stricter security features available on the devices and software you use.
A strong and complex password makes it that much harder for criminals to infiltrate your digital accounts. Use these password strategies to stay secure.
- Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”).
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of passwords.
- Change your passwords every 45-90 days.
Always Play Hard To Get With Strangers
Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment. Do you know how to spot and block phishing attempts?
Malicious emails, spam and phishing attacks are all ways hackers try to get information from you.
A malicious email can look like it came from anyone: a client, financial institution, a government agency or any other service or business. It will often say things urging you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.
If you are unsure whether an email request is legitimate, try to verify it with these steps:
- Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.
- Search for the company online – but not with information provided in the email.
Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:
- Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
- Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
- Look Before You Click – Clicking on links in random emails and PDFs is dangerous. Hover over links that you are unsure of before clicking on them to see the destination.
- Double check before you open any attachments. Make sure the sender is someone you trust. Malicious malware can be hidden in attachments such as PDFs and other documents.
Avoiding Being a Victim
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Before sending or entering sensitive information online, check the security of the website.
- Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
- Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.
What to Do if You Are a Victim
- Report it to the appropriate people within your organization if a work account has been compromised, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
- Watch for any unauthorized charges to your account.
- Consider reporting the attack to your local police department and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.
Now that we’ve discussed owning your digital profile and securing your assets, the next step is to make sure you take proactive measures to enhance cybersecurity at home and at work.
- Turn on automatic updates on your devices, if you can, and protect your devices with antivirus software.
- Before you connect to any public wireless hotspot – like at an airport, hotel or café – confirm the name of the network and exact login procedures with appropriate staff. Avoid sensitive activities (e.g., banking) that require passwords or credit cards.
- It is vital that businesses of all sizes take measures to keep customer/consumer data and information safe.
Identity Theft, Internet Scams & Robocalls
DID YOU KNOW?
- The total number of data breaches reported in 2018 decreased 23% from the total number of breaches reported in 2017, but the reported number of consumer records containing sensitive personally identifiable information (PII) exposed increased 126%.1
- Credit card fraud tops the list of identity theft reports in 2018. The Federal Trade Commission (FTC) received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account.2
- Consumers reported $905 million in total fraud losses in 2017, a 21.6% increase over 2016.3
1 Identity Theft Resource Center, “2018 End-of-Year Data Breach Report”, 2018.
2 Federal Trade Commission, “Consumer Sentinel Network Data Book 2018”, 2019.
3 Experian, “Identify Theft Statistics”, 2019.
Common Internet Scams
Internet fraud is the use of the Internet to defraud victims or to otherwise take advantage of them. (FBI)
Cybercriminals are using more sophisticated techniques to exploit technology to steal your identity, personal information, and money. To protect yourself from online threats, you must know what to look for.
Here are the top 3 threats reported to the FTC:
Identity theft is the illegal acquisition and use of someone else’s personal information to obtain money or credit. Signs of identity theft include bills for products or services you did not purchase, suspicious charges on your credit cards, or new accounts opened in your name that you did not authorize.
Imposter scams occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information. For example, an imposter may contact you from the Social Security Administration informing you that your Social Security number (SSN) has been suspended, in hopes you will reveal your SSN or pay to have it reactivated.
Debt Collection scams occur when criminals attempt to collect on a fraudulent debt. Signs the “debt collector” may be a scammer are requests to be paid by wire transfers or credit cards. In 2018 there was a spike in requests for gift cards and reloadable cards as well.
Tips to Stop Unwanted Robocalls (FCC)
- Don’t answer calls from unknown numbers. If you answer such a call, hang up immediately.
- You may not be able to tell right away if an incoming call is spoofed. Be aware: Caller ID showing a “local” number does not necessarily mean it is a local caller.
- If you answer the phone and the caller – or a recording – asks you to hit a button to stop getting the calls, you should just hang up. Scammers often use this trick to identify potential targets.
- Do not respond to any questions, especially those that can be answered with “Yes.”
- Never give out personal information such as account numbers, Social Security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
- If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company’s or government agency’s website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment.
- If you have a voice mail account with your phone service, be sure to set a password for it. Some voicemail services are preset to allow access if you call in from your own phone number. A hacker could spoof your home phone number and gain access to your voice mail if you do not set a password.
- Talk to your phone company about call blocking tools they may have and check into apps that you can download to your mobile device to block unwanted calls.
- To block telemarketing calls, register your number on the Do Not Call List. Legitimate telemarketers consult the list to avoid calling both landline and wireless phone numbers on the list.
Original list can be found here: https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts
Educational content above originally published by the Department of Homeland Security and StaySafeOnline, October 2019
Information & Cybersecurity Solutions
No organization is safe from cyber criminals. Whether you’re looking to implement new policies and procedures, audit and assess what is currently in place or test your systems, our team of highly-trained experts can assist.
Are you confident about your organization’s cybersecurity preparedness?
Take our 2-minute quiz and receive a personalized report to help you take action on areas of weakness.
Additional Cybersecurity Guidance
Ready to start a conversation?