Teach your staff to:
A) Stop and Look, Assess the Situation.
B) Then, Do Something.
Teach Your Staff: First Aid, and Teach Psychological First Aid.
Teach Respect, Tolerance, and Understanding.
In the end, it’s a sense of hope and optimism that people acknowledge, and which brings resilience.
Cyber Attacks almost always start with a single email. Inside that email are links, disguised to get you to click on it. They are camouflaged in such a way that they peak your curiosity, you ignore the fact that you aren't sure you should do it or not, you just do it. Right at that single moment, your click, the malicious hacker has you. It doesn't matter if you were expecting cute puppies or to update your bank information. Your personal computer reaches across the Internet and connects to a malicious server. That server does what it's designed to do - it attacks your computer and it takes everything that it can. You will be tricked, asked to click further, enter personal identifiable information (PII), enter in a password, you will execute triggers to install software in the background, you will unknowingly add files to your PC, you will lower your firewall, and during all of this - you won't even realize it is happening, you will be looking at cute puppies.
In other words; 'Email Phishing' is getting better and better every day, or worse and worse depending on your perspective; the people crafting phishing email have made it to a point in their craft, where it is very difficult to tell whether or not an email inbound to your box is genuinely from or an attempt to get you to click a link and have it take over your computer. Even up to date anti-virus is no match for the dreaded "zero day" exploit.
So, as users of email services, we always have to be on top of our game and always watching out for phishing attempts. Some are pretty easy to spot, some not so much.
So; Please, if you receive an email, and it asks you to click a link, and you are not expecting such an email from this source, please simply delete the email. It does not matter if its from your bank, or your insurance company, or any other vendor you deal with on a daily basis. It is 100% better to delete the email and remove the risk of infection, then it is to take a chance with curiosity to see where something goes or leads to on the Internet.
If you feel that you need to find out more, you have 2 options. 1, old school, pick up the phone and call. 2, open a web browser and in the address bar, type in the URL of that institution or use an existing bookmark. Don't use the links from that email.
1) YOU ARE YOUR DATA
Criminals need 2 things to perpetrate cyber crime: Your Personal Identifying Information, and access to a Point of Compromise.
Examples of Personal Identifying Information (PII):
Date of Birth
Mother's Maiden Name
Social Security Number
Examples of Points of Compromise:
Physical Items -
Dumpster diving, mail theft, check fraud, burglaries, purse/wallet snatching
Skimming, Shoulder Surfing, Gas Pumps, Point of Sale (POS) devices, Radio Frequency Identification (RFID)
Computer and Internet
Social Media, Email, Unsecure Websites, Online Shopping, Classifieds, Unsecure Wifi, Filesharing, Bot Nets, Data Breach
SMS Phishing, GeoTagging, Spyware, Malware, Bluejacking, Near Field Communication (NFC), Quick Response Codes
2) IF IT HAS A LOCK, USE IT
Secure Points of Compromise- Balance convenience versus safety/security
Use physical locks, purge, shred, secure mail
Credit versus Debit versus Cash (Pin number versus Zip Code)
Computer and Internet
Strong Passwords - A password as a lock (15 digits or more, Caps, lowercase, Number, Symbol!) StrongPassCodes@HomeBEasy693.us
Two Factor - If a dual authentication method is available USE IT
Limit access, use passcodes/application locks/pin access to applications
3) WHEN ASKED FOR, ASK WHAT FOR?
Practice responsible sharing
WHY do you need my PII?
WHAT are you going to do with it?
HOW will you protect my data?
HOW can I monitor my data?
WHAT will you do when you are done with the data?
Plan for Safety -
It costs more NOT to pay attention
Use technology to monitor and protect your data
Educate yourself on emerging technologies
Be mindful of safety versus convenience when accessing technology
Resources for Remediation:
Federal Trade Commission: File a complaint: 1-877-FTC-HELP or 1-877-382-4357 http://www.ftc.gov
Identity Theft Resource Center: 888-400-5530 http://www.idtheftcenter.org
Privacy Rights Clearinghouse: http://www.privacyrights.org
These tips provided by NOVA - National Organization for Victim Assistance 1-800-879-6682.
FREE Tools/Offerings to help alleviate potential cyber related problems.
--- - ---
FREE Anti-Malware Security and Brute-Force Firewall: https://wordpress.org/plugins/gotmls/
--- - ---
--- - ---
SUCURI Security WordPress Security plugin is also free to all WordPress users.
It is a security suite meant to complement your existing security posture with seven key security features:
1. Security Activity Audit Logging
2. File Integrity Monitoring
3. Remote Malware Scanning
4. Blacklist Monitoring
5. Effective Security Hardening
6. Post-Hack Security Actions
7. Security Notifications
--- - ---
--- - ---
For the more technical folks, here are some tools that you could be leveraged to investigate their website for unwanted/suspect code, etc.
--- - ---
This one looks pretty in depth as to investigation of code, etc. https://aw-snap.info/
Full Article/Link: https://blog.sucuri.net/2016/10/ask-sucuri-is-my-website-hacked.html
--- - ---
Some other things of value would be the following:
Free Website Malware and Security Scanner: https://sitecheck.sucuri.net/
Heimdal Security: https://heimdalsecurity.com/en/
Personal Software Inspector: http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/
We hope that this helps to make your computing environment a safer one.
If you find a USB drive (thumb drive, memory stick, or pen drive) on the ground outside your office, or when you are out and about, please do NOT put it in your computer.
There are so many hacks that can be executed from a found drive, that can do everything from auto installing malware, to quite literally causing physical damage to the circuitry in your computer. Don't take the chance.
The Red Cross has a new app for phones and tablets that is geared to helping young children learn the drills to be safe during emergencies like Earthquakes, Fire, Flood, and Severe Storms.
Look for more information here: http://www.redcross.org/monsterguard
U.S. Department of Homeland Security / Secure Community Network
Jewish Community Outreach
Jewish Federation of Greater Seattle / SAFE Washington
DATE: March 1st 2015
LOCATION: (Will be announced with RSVP Confirmation)
This session will also be Broadcast on the SAFE Washington Network using GotoMeeting for those that cannot attend in person.
BACKGROUND: In the past year, there have been multiple attacks against the Jewish community to include the January 2015 raid on a kosher food market in Porte de Vincennes, France where 19 Jewish patrons were held hostage and four of the patrons eventually murdered; the December 2014 stabbing attack at the Chabad-Lubavitch Headquarters in Brooklyn, NY; and the fatal shootings at the Kansas Jewish Centers in April 2014.
In an effort to enhance security within the Jewish Community, the Department of Homeland Security Deputy Secretary conducted an initial call with senior Jewish community leaders on December 11, 2014, to coordinate heightened outreach. This Jewish Community Outreach will continue previous collaborative efforts.
Who should attend? Leaders of an agency, synagogue, or those responsible for the safety and welfare of their constituents & staff members.
In order to attend in person, or attend via webinar, you must RSVP to: AndrewC@SAFEWashington.com by no later than. An RSVP response will go out with special instructions for attendance and confirmation.
When you RSVP for this Community Outreach, please include your name, the agency you represent, your title, and contact information including phone number.
Note: Only those on the visitor list will be allowed to enter the building, and webinar attendance will be limited to those that RSVP (there are some limits to the number of attendees that can sign in via the web, so please RSVP for webinar early if you cannot attend in person.
Have you noticed a unique sound and vibration coming from your cell phone? You may have received a Wireless Emergency Alert (WEA) - a nationwide emergency alert system notifying you of a pending emergency in your area. These messages provide information about extreme weather warnings, local emergencies, AMBER Alerts™, and Presidential Alerts during a national emergency.
WEAs look like a text message and show the type and time of the alert, any action you should take, and the agency issuing the alert. If you receive a WEA, follow any directions advised by the message and seek additional information from local media or authorities.
WEAs are sent by authorized government agencies through your mobile carrier. Government partners include local and state public safety agencies, FEMA, the Federal Communications Commission, the Department of Homeland Security, and the National Weather Service.
Loss of power can jeopardize the safety of the food stored in your home refrigerator or freezer. In the event of a blackout, do you know how to determine if your food is safe to eat? The U.S. Department of Agriculture(USDA) offers tips to minimize the potential loss of food and lower the risk of foodborne illness.
Before a blackout:
Bacteria in food grow rapidly at temperatures between 40 and 140 degrees Fahrenheit. The USDA instructs setting your refrigerator at or below 40 degrees Fahrenheit. If the power is out for less than four hours and the refrigerator door is kept closed, your food should be safe.
Following a blackout:
Power outages can occur anywhere at any time of the year. Make sure you and your family are prepared and know what to do to avoid getting sick.