We've come to depend on our smartphones so heavily it is hard to remember what we did before we had them.
If you have a smartphone, you now carry a fully functional computer in your pocket or purse.
That's a tremendous amount of information at your fingertips. Therefore, it is paramount that you safeguard your smartphone.
Common Risks for Smartphones
Take a moment to consider each of these areas:
• Loss of device and information theft. Smartphones are small and can easily be lost or stolen.
Unauthorized users may access your accounts, address lists, photos, and more to scam, harm or
Embarrass you or your friends; they may leverage stored passwords to access your bank and credit card
Accounts, steal your money or make credit card charges; gain access to sensitive material, and more.
• Social Engineering. A common mobile threat is social engineering. Whether via text message, image, or
Application to download, an incoming communication may be an attempt to gain access to your information.
A current example consists of a text message that comes from an unknown number, telling you that if you
Click on the link provided, you'll have access to thousands of free ringtones. If this sounds too good to be
True, that's because it is. The link is in fact a malicious link. Clicking on it will compromise the security of
• TMI (Too Much Information). Guidelines for protecting privacy, safety, and reputation when sharing via
Computers also apply when sharing via smartphones. Mobile devices enable instantaneous capturing,
Posting and distribution of images, videos, and information. They may also broadcast location information.
• Public Wi-Fi. Smartphones are susceptible to malware and hacking when leveraging unsecured public
• Bluetooth and Near Field Communications (NFC). Bluetooth is a wireless network technology that uses
Short-wave radio transmissions to transmit voice and data. NFC allows for smartphones to communicate
With each other by simply touching another smartphone, or being in proximity to another smartphone with
NFC capabilities or a NFC device. Risks with using NFC and Bluetooth include eavesdropping, through
Which the cyber-criminal can intercept data transmission, such as credit card numbers. NFC also has the
Risk of transferring viruses or other malware from one NFC-enabled device to another.
Simple Steps to Protect Your Smartphone:
1. Update the operating system. Smartphones are computing devices that need to be updated. Updates
Often provide you with enhanced functionality and enriched features, as well as fixes to critical security
Vulnerabilities. Your smartphone manufacturer should notify you whenever an update is available.
2. Use of security software is a must. As the smartphone market is increasing, so too is the amount of
Malware designed to attack smartphones. The software security solutions that are available for desktops
And laptops are not as widely available for smartphones. A key protection is to use mobile security software
And keep it up-to-date. Many of these programs can also locate a missing or stolen phone, will back up
Your data, and even remotely wipe all data from the phone if it is reported stolen.
3. Password-protect your device. Enable strong password protection on your device and include a timeout
Requiring authentication after a period of inactivity. Secure the smartphone with a unique password - not the
Default one it came with. Do not share your password with others.
4. Think before you click, download, forward, or open. Before responding, registering, downloading or
Providing information, get the facts. No matter how tempting the text, image, or application is, if the
Download isn't from a legitimate app store or the site of a trusted company, don't engage with the message.
Personal information. If the app requires more access to your account and/or device than is needed to run
The service, do not continue. In addition, be aware that terms can change over time. Review your terms of
6. Be cautious with public Wi-Fi. Many smartphone users use free Wi-Fi hotspots to access data (and keep
Their phone plan costs down). There are numerous threats associated with Wi-Fi hotspots. To be safe, avoid
Logging into accounts, especially financial accounts, when using public wireless networks.
7. Disable Bluetooth and Near Field Communication (NFC) capabilities when not in use. Capabilities
Such as Bluetooth and NFC can provide ease and convenience in using your smartphone. They can also
Provide an easy way for a nearby, unauthorized user to gain access to your data. Tum these features off
When they are not required.
8. Enable encryption. Enabling encryption on your smartphone is one of the best ways to safeguard
Information stored on the device, thwarting unauthorized access.
9. Securely dispose of your device. With the constant changes and upgrades in the smartphone market,
Many are upgrading their devices on a regular basis. It is important that you wipe the information from your
Smartphone before disposal. Additionally, make sure any SD cards are removed and erased. If you are not
Redeploying the SIM card to another device, then make sure your personal information stored on the SIM
Card is erased or destroyed.
January 29th & 30th. This two day course
examines the role of public information in managing a terrorism incident and
provides practical training in crisis communication techniques.
In such an
incident, it is imperative that community leaders, incident managers, and
public information officers are prepared to communicate with the public through
the news media. The course focuses on the role of public information in
incident management, the information needs of the public in a crisis, and the
various means of effectively communicating through the news media. Upon
completion of the course, participants will understand the role of public
information in a terrorism incident, and be prepared to plan and execute public
information actions in the event of such an incident.
Agency partners that will have public information officer responsibilities during such an event.
ICS-100, ICS-200, IS-700, and IS-800. It is also recommended that participants take the IS-29 (PIO Awareness Training). Courses can be found here: http://training.fema.gov/EMIWeb/IS/IS120A.asp.
Safety and Security, you must register for this event by January 15th,
2013 or you will not be permitted to enter.
have a confirmation email of successful registration with you in order to
Please contact SAFE Washington with your name, agency name, and title when inquiring about this event.
Save the Date - Sept 5, 2012 Cyber Event Workshop & Sept 6, 2012 Cyber Event Tabletop Exercise
Emerald Down 2 - All are welcome to participate.
The workshop on 9/5 will be aimed at executive level personnel and will feature speakers who will describe and ennumerate the likely consequences of a large cyber event on organizations in our region.
During the tabletop exercise on 9/6 participant organizations will consider several scenarios and discuss interdependencies, response, recovery and collaboration.
Please see the attached flyer for details and registration.
Sent at: 12:08p PST
Please see the attached document: emerald_down_2_invite.pdf
Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.
The critical bulletin – one of six security bulletins issued as part of today’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP).
“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”
“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”
Ben Greenbaum, senior principal software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.
“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”
Microsoft Security Bulletin Summary for March 2012
Published: Tuesday, March 13, 2012
As a result of the release of the National Disaster Recovery Framework (NDRF), there will be various, multi-city Stakeholder Forums held throughout the country starting in December 2011. Please join the stakeholder engagement sessions to learn more about the key concepts of the NDRF, the implementation of the NDRF in the state and local communities and its engagement with the Whole Community, and how these concepts can be used to drive recovery efforts after a disaster.
This meeting is a next step in providing participants with an understanding of how they can apply NDRF principles and concepts. Additionally, participant comments will be used to further develop and refine NDRF guidance documents, tools, and implementation strategies.
Our first stakeholder engagement session will occur on December 1, 2011 in New Orleans, Louisiana.
For more information on these events or if you would like to attend, please click on the Stakeholder Engagement link.
The National Disaster Recovery Framework is a guide that enables effective recovery support to disaster-impacted States, Tribes, Territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner. It also focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and environmental fabric of the community and build a more resilient Nation.
The National Disaster Recovery Framework is consistent with the vision set forth in the Presidential Policy Directive (PPD)-8, National Preparedness, which directs FEMA to work with interagency partners to publish a recovery framework. It is the first framework published under the Presidential Policy Directive reflecting the core recovery capabilities by supporting operational plans as an integral element of a National Preparedness System. It is a first step toward the PPD-8 objective to achieve a shared understanding and a common, integrated perspective across all mission areas—Prevention, Protection, Mitigation, Response, and Recovery—in order to achieve unity of effort and make the most effective use of the Nation’s limited resources.
For the first time, the National Disaster Recovery Framework defines:
- core recovery principles,
- roles and responsibilities of recovery coordinators and other stakeholders,
- a coordinating structure that facilitates communication and collaboration among all stakeholders, guidance for pre- and post-disaster recovery planning and;
- the overall process by which communities can capitalize on opportunities to rebuild stronger, smarter and safer.
The National Disaster Recovery Framework introduces six new Recovery Support Functions that provide a structure to facilitate problem solving, improve access to resources, and foster coordination among State and Federal agencies, nongovernmental partners and stakeholders. Each Recovery Support Function has coordinating and primary Federal agencies and supporting organizations that operate together with local, State and Tribal government officials, nongovernmental organizations (NGOs) and private sector partners.
The National Disaster Recovery Framework presents three positions that provide focal points for incorporating recovery considerations into the decision making process and monitoring the need for adjustments in assistance where necessary and feasible throughout the recovery process. Those positions are Federal Disaster Recovery Coordinator (FDRC), State or Tribal Disaster Recovery Coordinators (SDRC or TDRC) and Local Disaster Recovery Managers (LDRM).
Last Modified: Friday, 16-Dec-2011 10:34:58 EST
Western Washington was home to 16 hate groups in 2011,
three more than in 2010, the Southern Poverty Law Center said in a report
released Thursday documenting the rise of extremist groups across the
country. The 16 groups identified by SPLC represent the full spectrum of
ideologies -- from neo-Nazis and skinheads to black separatists and militant
animal rights groups. Four hate groups are based in Seattle: a skinhead group
called Crew 38, a white nationalist group called the Northwest Front, and a
black separatist group called the National Black Foot Soldier Network. SPLC
also characterizes Seattle's Nation of Islam chapter as a hate group. Across
Lake Washington, SPLC said the anti-Muslim group Faith Freedom is based in
Bellevue. Faith Freedom contends it isn't a hate group. Its members say they
are "anti-Islam," not anti-Muslim. The distinction, they say, is
that the group opposes Islam the ideology but does not hate individual
Muslims. Tacoma, meanwhile, is home to Aryan Nations 88, a neo-Nazi group.
Nationally, the SPLC said the number of hate groups grew to a record 1,018 in
2011, up from 1,002 the year before. The report's author said he started
seeing the rapid growth of extremist groups four years ago.
Most of the groups are only visible through a websites or flyers, but it
takes just one determined individual to make them a threat. Hate groups in
Nation of Islam (Black Separatist)
National Black Foot Soldier Network (Black Separatist)
Crew 38 (Racist Skinhead)
Northwest Front (White Nationalist)
Aryan Nations 88 (Neo-Nazi)
Faith Freedom (Anti-Muslim)
Crusaders for Yahweh (Christian Identity)
National Socialist Movement (Neo-Nazi)
Crusaders for Yahweh (Christian Identity)
Breaking News for Citizens in King, Pierce and Snohomish Counties
Be in touch. Stay in touch.
The Regional Public Information Network is your one-stop resource for news alerts from more than 75 government, transportation, utility, health and emergency response agencies serving citizens in King, Pierce and Snohomish counties.
RPIN keeps the public informed about street and highway closures, weather, major transit disruptions, and provides updates on what agencies are doing to respond to emergencies and incidents. The public also can sign up to receive e-mail alerts and pager headlines from RPIN partners and get helpful tips to prepare for emergencies.
By Dan Yurman
many nonprofits the need to secure the computer systems they use
presents both a conceptual barrier as well as a technical one. Groups think they may need an expensive specialist and often feel that "it can't happen to them."
Both of these assumptions are wrong. Most
steps that organizations need to take in order to protect their online
assets do not require a lot of technical skill. What is needed is
management attention, persistence, and attention to detail. Here's
a list of some of the more common sense moves even a small group can
make that have good payoffs in terms of protecting digital assets.
A lot of these actions can be taken relatively quickly and without special expertise. This isn't a complete list, but there is a resource at the end with more tips.
– Do not put key organizational information, including personnel,
financial, and client or member records, on the same computer system as
the web site.
a contractor host the website separately so that the public face of the
organization on the Internet isn't a doorway to that organization’s
internal operations. Your website is the first
thing that will be attacked, so make sure who ever hosts it has a
verifiable track record of protecting their clients from efforts to
upend your online presence.
with your accountant about the firm's security measures since tax
information will include things like social security numbers, payroll,
checking accounts, investments, and health care benefits.
Passwords – Don't use proper names, place names, or birthday dates for passwords. Use
strong passwords that combine upper and lower case, numbers, and
special characters. Do not allow staff to use the same password for all
systems. Do not store passwords online.
- Use a firewall and virus checker for all computers. Set them to
automatically update and budget to renew subscriptions for security
software. You cannot allow it to get out of date.
Permission - Define who is authorized to access what data. For
instance, how many employees need access beyond email, calendar, and
timecards in addition to personal productivity software like word
processing and spreadsheets? Keep a list of who
has access to sensitive information such as payroll, taxes, personnel,
and other information that needs to remain private.
Many groups rely on volunteers to get work done. Do you know which ones have access, or had access at one time, to your most important data? Do they still need it?
When an employee leaves the organization, delete their passwords as part of the checkout process. Immediately
revoke all passwords for any employee who is fired for cause or for any
employee or volunteer who quits as part of a dispute.
Backup – Hire a service to backup software and data on a daily basis and store it in encrypted form offsite. This
can be done over the Internet with a subscription service for desktops
and laptops, and with a commercial service for larger systems like
finance, personnel, membership, etc.
Travel - Do not allow sensitive electronic information to leave the premises on laptops or USB sticks. Instead, use commercial VPN software to support telecommuting. If employees use laptops on travel, buy a whole disk encryption software license to install it on all of them.
– have two networks at your facility. The first is open, and insecure,
for visitors. The second is secure and only for use by employees,
contractors, consultants, etc. Make sure the security features of the WiFi equipment are fully implemented and get help if you need it. Do not use the public WiFi for the organization's business operations.
WiFi in coffee shops, airports, and hotels are not secure and should
not be used to access important sites like online banking, credit cards,
etc. Hackers haunt these networks with
sophisticated electronic "sniffing" tools to snatch online IDs and
passwords for the purpose of identity theft. This means your online time should be used cautiously in these places.
you are traveling alone, do not walk away from your laptop for even a
few seconds as that's all it takes for a thief to grab it and disappear
into the crowd. When going through airport security, keep an eye on your laptop at all times.
– All cell phones need to have "lock" features and an "app"
(application) that allows them to be tracked down if lost, and wiped
remotely if stolen. Most cell carriers offer a free backup service for contacts and there are plenty of "apps" to backup other data.
– If your group has a Facebook page, do not wander away from managing
it to play with links, even from "friends," that pique your curiosity
but have nothing to do with the business of running the site. Don't click on links in Twitter messages sent to you from people you do not know. Educate your employees how to recognize online scams that seek to get someone to send them login information.
Get physical – Employ a reputable security firm to install intrusion, fire, and water alarms connected to a monitoring center. Physical theft of computers is also a threat. Water or fire damage can destroy your organizations ability to conduct business which is why you need backups.
– Cyber risks are not covered by standard liability, property, or
casualty insurance. You can buy coverage that deals with privacy
violations, business interruption, and other forms of cyber threats. Make sure you are covered.
For more information check the United States government Computer Emergency Readiness Team http://www.us-cert.gov/cas/tips/ for comprehensive guidance.
Dan Yurman is a consultant to energy industry firms for online information services. https://sites.google.com/site/djysrv/
SAFE Washington is pleased to announce our
“Safety & Security Training for the New Year 5772”.
Training Seminar is scheduled for Wednesday,
September 7th 2011, from 9 a.m. – 11 a.m. at:
Temple De Hirsch Sinai, 1511 East Pike
This is an opportunity you won’t want to miss!
Administrators, Security Staff, Lay Leaders,
and others concerned with remaining current on security and safety in our
Jewish Congregations, Organizations and Schools.
Washington State Fusion
supervisory intelligence analyst from the Washington State Fusion Center will
present a top down summary report on national, regional and local crime trends
and suspicious activity reports.
Seattle Police Department presentation:
Detective Monty Moss of the Seattle Police Department will present “the 911 about
Topics include; How does 911 dispatch work,
How to best make the call, What information should callers give to the
dispatcher, and What information can dispatchers give to callers.
Bellevue Police Department, Joint Terrorism
Task Force (JTTF) presentation:
Bellevue Police Department’s JTTF
representative, Travess Forbush, will help attendees to understand how police
departments and the FBI are working together to thwart terrorism efforts.
Setracon Security presentation:
Setracon Security Consultant, Nancy Slotnick will give tips and tricks for “General
Facility Security and Protective Measures.”
Anti-Defamation League (ADL) presentation:
Hilary Bernstein, Director of the Anti-Defamation League in the Pacific NW,
will explore the very real conundrum faced by schools and congregations – how
to remain warm and welcoming, while simultaneously vigilant and
security-focused. She will alert you to important tips and easily
accessible ADL resources that you can share with your staff, parents, and
Temple De Hirsch Sinai presentation:
Larry Broder, Executive Director from Temple
De Hirsch Sinai will present: “The Day-to-Day Challenges of Making a Welcoming Facility
while Remaining Secure, - On the Ground Experiences.”
FEMA Emergency preparedness brochures will be available for participants. The
brochures provide emergency supply lists and planning tools for what you and
your agency can do when disaster strikes.
Seattle Training Location:
Temple De Hirsch Sinai - Seattle Campus
1511 East Pike
Seattle, WA 98122
Please Note: You must RSVP for this event; not only so we know how
many to expect, but so you can be put on the building security’s “expected list”.
RSVP email to: email@example.com
Thank you for your time and attention; we
look forward to seeing you at the training seminar.
SAFE Washington: A Mark Bloome Initiative
Eighth Annual National
Preparedness Month in September: "A Time to Remember. A Time to
Prepare," Encourages Americans to Take Simple Steps to Prepare for
WASHINGTON - The Federal Emergency
Management Agency's (FEMA) Ready
Campaign, in partnership with Citizen Corps and the Ad Council, today announced
the launch of new web tools that will make it easier for individuals and
organizations throughout the nation to join the 2011 National Preparedness
Month (NPM) coalition and pledge their support to help prepare their families,
businesses and communities for emergencies of all kinds.
The eighth annual NPM will kickoff
this September, using the slogan: "A Time to Remember. A Time to
Prepare." The campaign seeks to transform awareness into action by
encouraging all Americans to take the necessary steps to ensure that their
homes, workplaces and communities are prepared for disasters and emergencies of
"As we move forward with
planning for this year's events and activities, we also recognize that this
September marks the ten year anniversary of the 9/11 terrorist attacks,"
said FEMA Administrator Craig Fugate. "By doing what we can to ensure that
our communities, and our nation, are prepared to respond and recover from all
types of disasters and hazards, we honor the memory of those who were lost that
Individuals and groups can now
register to become NPM coalition members by visiting http://community.fema.gov. Once
registered, members have access to a toolkit that includes suggestions for
activities and events, templates, articles, banners and customizable materials.
Coalition members also have access to an events calendar allowing them to post
and promote preparedness events, share success stories, and participate in
national and regional discussion forums to engage with fellow coalition members
and FEMA representatives.
By hosting events, promoting
volunteer programs and sharing emergency preparedness information, coalition
members can help ensure that their communities are prepared for emergencies.
Becoming a coalition member is easy and free, so register now to get
started. Nearly 2,000 coalition members have already joined this year's
While NPM is held each September,
Campaign promotes individual emergency preparedness at home, in the workplace,
and throughout America's communities throughout the year. Ready is a national
campaign, produced in partnership with The Ad Council, designed to educate and
empower Americans to prepare for and respond to all types of emergencies,
including natural disasters and potential terrorist attacks.
The Ready Campaign's websites (ready.gov and listo.gov) and
toll-free numbers (1-800-BE-READY and 1-888-SE-LISTO) provide free emergency
preparedness information and resources available in English and Spanish.
Additionally, through FEMA's partnership with the Ad Council, public service
announcements are available to increase the American public's involvement in