SAFE Washington‎ > ‎


Teach your staff:
A) Stop and Look, Assess the Situation.
B) Then - Do Something. Call or Act on the information on hand.

Teach Your Staff to be prepared for the unexpected and unknown: Teach them First Aid, and Teach Psychological First Aid.

Teach Respect, Tolerance, and Understanding.

In the end, it’s a sense of hope and optimism that people acknowledge, and which brings resilience.

Traveler Toolkit: Cybersecurity Basics

posted Apr 28, 2018, 11:39 AM by Andrew Chadick

As technical and physical cyber defenses become more robust and effective, individuals have become the increasingly weak link in the security chain. This weakness is exploited by malicious actors through threats like phishing. No matter the technology that a company installs, a data breach or ransomware attack is only one click away. The following tips describe and offer advice regarding common cyber security issues that are non-technical in nature, and are particularly relevant to individuals traveling abroad. These actionable steps can help individuals mitigate risks from a number of online threats. While individuals may suffer from cyber fatigue, cyber threats are only going to increase and a single mistake can lead to a security incident. Therefore, repetition of these precautionary measures is essential to maintaining your security. Keep privacy settings on: Use privacy settings to maximize your online privacy, especially on social media platforms. In addition, you should disable unnecessary location services. Malicious actors can exploit any personal information they find online. Use strong passwords: Use long passwords with a mix of characters, as weak passwords undermine other security measures. Do not write down passwords, share them, or repeat them across multiple sites, and be sure to update passwords periodically. A password management system can help you generate strong passwords and store them securely. Avoid using password recovery questions with answers that are easy to guess or could be found in a social media profile. Encrypt your data: Use encryption to protect data stored on your devices and for communication. Consider the use of a virtual private network (VPN), which can protect online activity by shielding information on public networks from malicious activity. Only use secure Wi-Fi: Free Wi-Fi may be convenient, but it is not secure. You have no control over the legitimacy or security of public Wi-Fi; therefore, limit connections to public internet, including at hotels, cafes, and airports, and use a VPN if possible. Disable any internet autoconnect features on your devices and delete old Wi-Fi networks. Never leave devices unattended: The physical security of your devices is as important as the technical security. If you are away from your devices, even for a moment, whether a computer, phone, or external drive, use lock screens and passwords to protect them. Be vigilant in maintaining the physical integrity and security of your devices. Don’t plug in to your computer: Malware is easily spread through USBs, smartphones, and external drives when plugged into a device. Avoid plugging unknown external devices into your computer, and run a virus scan when you do plug something in. As external devices can carry malware, do not accept any electronic devices as gifts.

Careful with what you click: Scams can be carried out by phone, text, social media message, or email. To mitigate phishing risks, limit the amount of personal information you share. The information you share publicly can potentially help malicious actors access more valuable data. Scrutinize incoming messages, including using anti-virus software to scan attachments, and hover over links with the cursor to verify the URLs. Do not click on anything that you don’t recognize or that looks suspicious in any way. Disable Bluetooth and Wi-Fi: Malefactors can see what networks you connect to, spoof them, and trick you into connecting to a compromised network later. Therefore, keep your devices “hidden” so they are not discoverable to nearby Bluetooth users, and do not access or transmit sensitive data from a public network. Enable 2-Factor Authentication (2FA): 2FA adds an additional layer of security to your password, which should not be considered 100% reliable as a lone security measure. Passwords can be compromised in data breaches or guessed using powerful computers. 2FA requires an extra step whenever you log in from a new device, which reduces the ability to hack into a system using a password alone. Use the right software: Ensure that all individuals in your network are using legitimate software with the latest security updates. Install a trusted anti-virus program and keep software, mobile operating systems, and apps up to date to maximize cyber defense effectiveness. Routinely back up data, as you may need to erase and reinstall your system if you are the victim of a security breach. 

-Product of the Research & Information Support Center (RISC)


posted Aug 3, 2017, 7:40 AM by Andrew Chadick   [ updated May 30, 2018, 8:16 AM ]

Creating a safe working environment requires a lot of work through thoughtful planning up-front and diligent maintenance over time.  Those of us who monitor and protect use our systems and tools daily in our work. So, keeping our hardware, installations, and security platforms in good shape must be a high priority.


The thought and planning that went into your installation will show as your systems age.  However, once you have installed your safeguards, they will start to degrade no matter how well your system was designed.  Whether those safeguards are physical measures like gates and fencing, or electronic systems like access controls or security cameras, you must keep them maintained.  You should include maintenance and replacement costs in your security budget, and build maintenance activities into your work schedule.


Maintenance issues will differ depending on the safeguard type.  For outdoor products, such as fencing and gates, and anything else with metal parts, there is wear and tear and rust to contend with, even if parts are galvanized.  There is also abuse and vandalism to deal with on occasion. 


Even for bullet-resistant polymers, you should take great care in keeping them in top shape. You must clean them with specific products, and when necessary coat the sides that are exposed to sunlight with UV protection or have the outer windows coated with a special film.  Polymers tend to show signs of degradation through hair line cracks first appearing on the surface of the material.  Please check with your vendor for specific care instructions.


Electronics, in general, require a different approach to maintenance.  With fences and gates, you can walk around, look for signs of wear, add oil to chain links, and generally do maintenance through completely physical means.  For electronics, you can replace dead parts, check to make sure camera lenses are clean, and remove any signs of abuse or neglect from the outside of the various housings, but there are additional maintenance issues that aren’t apparent from an initial observation.  Indoor products may experience heat damage from being on continuously, which is usually the result of insufficient airflow.  You should make sure that dust hasn’t built up inside the cases and that the cooling fans can spin freely. For outdoor electronics, there is not only moisture to contend with, but camera heaters can fail, and there can be abuse from both vandals and the elements.  


Computerized systems and devices experience additional wear and tear that can’t be seen – the result of network attacks, scans, exploits, and tools barraging your systems in an attempt to take them over and add them to a global botnet.  Your online systems are being scanned and tested for vulnerability constantly.  There are entire websites dedicated to exposing and exploiting your systems.  Even if your systems aren’t online per se, an attacker can walk by your site, latch on to your wireless network, and attack from within, or if they are lucky they can get to a CAT connection, jack in, and have direct access without much effort.


Questions to Consider:

After the installation of your various systems, have you ever gone back and checked over everything? Have you looked to make sure holes have been mended in fences, hinges and chains are oiled, light bulbs are replaced, and latches are tight and hold when pulled upon?


What about your electronics?  Did you know that the cameras, video recorders and computers in our networks must be checked regularly as well? Heat damage is an issue, so make sure your devices and electronics are getting air. Be sure to keep the insides dust free.  Are you keeping the software secure?  Did you know that you need to apply firmware updates to help keep them secure?


Exploits are discovered daily, malware and other tools designed to take over your computer systems and devices are released into the wild all the time, and are out there right now. Criminals armed with these tools are awaiting the right circumstances to infiltrate your systems.  When was the last time you went back through your installation and made sure your passwords were still set and the devices were still working and configured the way you left them?  Are your passwords considered “strong”?  Are your devices and computers fully patched and up to date? Is remote access expressly limited or closed completely?


Checking and maintaining all the components of your security systems – physical, hardware, and software – are crucial to ensuring that they protect you and the people who work and visit your organization. Maintenance must be an integral part of your security workflow, not an afterthought.


 - -- -

Concluding Thoughts

Everything in the security world evolves - the ways surveillance occurs, the ways attacks are carried out, the tools and even the weapons that are used change over time.  For instance, drones were a thing of science fiction not long ago.  Look at how they are shaping the security landscape now as a tool for everything from mapping landscapes to carrying out surveillance   Look how they are also being used to smuggle in products that can be used for an attack. We must change with the times, we should keep up with new developments, evaluate new products, and prepare accordingly so that our security systems can keep our organizations and the people who depend on them protected and secure.

Email Threats / Online Threats

posted Mar 28, 2017, 8:04 AM by Andrew Chadick   [ updated May 30, 2018, 8:24 AM ]

Cyber Attacks almost always start with a single email.  Inside that email are links, disguised to get you to click on it.  They are camouflaged in such a way that they peak your curiosity, you ignore the fact that you aren't sure you should do it or not, you just do it.  Right at that single moment, your click, the malicious hacker has you.  It doesn't matter if you were expecting cute puppies or to update your bank information.  Your personal computer reaches across the Internet and connects to a malicious server. That server does what it's designed to do - it attacks your computer and it takes everything that it can. You will be tricked, asked to click further, enter personal identifiable information (PII), enter in a password, you will execute triggers to install software in the background, you will unknowingly add files to your PC, you will lower your firewall, and during all of this - you won't even realize it is happening, you will be looking at cute puppies.  

In other words; 'Email Phishing' is getting better and better every day, or worse and worse depending on your perspective; the people crafting phishing email have made it to a point in their craft, where it is very difficult to tell whether or not an email inbound to your box is genuinely from  or an attempt to get you to click a link and have it take over your computer. Even up to date anti-virus is no match for the dreaded "zero day" exploit.  
So, as users of email services, we always have to be on top of our game and always watching out for phishing attempts. Some are pretty easy to spot, some not so much.

So; Please, if you receive an email, and it asks you to click a link, and you are not expecting such an email from this source, please simply delete the email.  It does not matter if its from your bank, or your insurance company, or any other vendor you deal with on a daily basis. It is 100% better to delete the email and remove the risk of infection, then it is to take a chance with curiosity to see where something goes or leads to on the Internet.

If you feel that you need to find out more, you have 2 options.  1, old school, pick up the phone and call.  2, open a web browser and in the address bar, type in the URL of that institution or use an existing bookmark.  Don't use the links from that email.  

To report online crime:

Cyber Safety - Be Aware

posted Feb 21, 2017, 10:34 AM by Andrew Chadick   [ updated Feb 21, 2017, 2:27 PM ]


Criminals need 2 things to perpetrate cyber crime: Your Personal Identifying Information, and access to a Point of Compromise.

Examples of Personal Identifying Information (PII):
Date of Birth
Mother's Maiden Name
Phone Number(s)
Email Account(s)
Social Security Number
Account Number(s)

Examples of Points of Compromise:
   Physical Items -
      Dumpster diving, mail theft, check fraud, burglaries, purse/wallet snatching
   Technology -
      Skimming, Shoulder Surfing, Gas Pumps, Point of Sale (POS) devices, Radio Frequency Identification (RFID)
   Computer and Internet
      Social Media, Email, Unsecure Websites, Online Shopping, Classifieds, Unsecure Wifi, Filesharing, Bot Nets, Data Breach
   Mobile Devices
      SMS Phishing, GeoTagging, Spyware, Malware, Bluejacking, Near Field Communication (NFC), Quick Response Codes


Secure Points of Compromise- Balance convenience versus safety/security
   Physical Items
      Use physical locks, purge, shred, secure mail
      Credit versus Debit versus Cash (Pin number versus Zip Code)
   Computer and Internet
      Strong Passwords - A password as a lock (15 digits or more, Caps, lowercase, Number, Symbol!)
      Two Factor - If a dual authentication method is available USE IT
   Mobile devices
      Limit access, use passcodes/application locks/pin access to applications


Practice responsible sharing
      WHY do you need my PII?
      WHAT are you going to do with it?
      HOW will you protect my data?
      HOW can I monitor my data?
      WHAT will you do when you are done with the data?

Plan for Safety -
It costs more NOT to pay attention 
   Use technology to monitor and protect your data
   Educate yourself on emerging technologies
   Be mindful of safety versus convenience when accessing technology

Resources for Remediation:

Federal Trade Commission:  File a complaint: 1-877-FTC-HELP or  1-877-382-4357

Identity Theft Resource Center: 888-400-5530

Privacy Rights Clearinghouse:

These tips provided by NOVA - National Organization for Victim Assistance 1-800-879-6682.

Cyber Security Tools for securing your websites

posted Nov 16, 2016, 8:33 AM by Andrew Chadick

FREE Tools/Offerings to help alleviate potential cyber related problems.

 --- - ---

FREE Anti-Malware Security and Brute-Force Firewall:

 --- - ---


--- - ---


SUCURI Security WordPress Security plugin is  also free to all WordPress users.

It is a security suite meant to complement your existing security posture with seven key security features:

1.       Security Activity Audit Logging

2.       File Integrity Monitoring

3.       Remote Malware Scanning

4.       Blacklist Monitoring

5.       Effective Security Hardening

6.       Post-Hack Security Actions

7.       Security Notifications



 --- - ---


Google Safe Browsing:


 --- - ---

For the more technical folks, here are some tools that you could be leveraged to investigate their website for unwanted/suspect code, etc.

 --- - ---

This one looks pretty in depth as to investigation of code, etc.


Full Article/Link:

 --- - ---


Some other things of value would be the following:


Free Website Malware and Security Scanner:


Endpoint Patching

Heimdal Security


Personal Software Inspector


We hope that this helps to make your computing environment a safer one.

USB Drives

posted Mar 13, 2015, 7:51 AM by Andrew Chadick   [ updated Mar 13, 2015, 7:55 AM ]

If you find a USB drive (thumb drive, memory stick, or pen drive) on the ground outside your office, or when you are out and about, please do NOT put it in your computer.  

There are so many hacks that can be executed from a found drive, that can do everything from auto installing malware, to quite literally causing physical damage to the circuitry in your computer.  Don't take the chance.

Bird Flu 2015

posted Mar 12, 2015, 11:33 AM by Andrew Chadick


03/11 Bird flu mutating in China



The H7N9 bird flu virus is being passed around from flock to flock of chickens and ducks, is mutating, and is now a bigger threat than ever to humanity, researchers reported Wednesday.


The virus, which was first reported in people just two years ago, has settled into southeastern China, Guan Yi of the University of Hong Kong and colleagues reported. Unless drastic measures are taken to eradicate it, the virus will continue to mutate, they warn in a report published in the journal Nature.


"H7N9 viruses have spread from eastern to southern China and become persistent in chickens," they wrote. It's also swapping genes with other types of flu viruses, giving rise to new strains. Any one of them could start a pandemic in time, they said.


"This expansion of the genetic diversity of influenza viruses in China means that unless effective control measures are in place, such as permanent closure of live poultry markets, central slaughtering and preventing inter-regional poultry transportation during disease outbreaks, and backed by systematic surveillance, it is reasonable to expect the H7N9 and other viruses to persist and cause a substantial number of severe human infections," they wrote.


They've found at least 48 different subtypes. H7N9 avian influenza has infected 622 people since 2013 and killed 227 of them.

Teaching Young Children to be SAFE

posted Mar 6, 2015, 8:25 AM by Andrew Chadick

The Red Cross has a new app for phones and tablets that is geared to helping young children learn the drills to be safe during emergencies like Earthquakes, Fire, Flood, and Severe Storms.  

Look for more information here:

Jewish Community Outreach - US Department of Homeland Security - Pacific NorthWest

posted Feb 26, 2015, 1:34 PM by Andrew Chadick

U.S. Department of Homeland Security / Secure Community Network

Jewish Community Outreach

Jewish Federation of Greater Seattle / SAFE Washington


DATE: March 1st 2015


LOCATION: (Will be announced with RSVP Confirmation)

This session will also be Broadcast on the SAFE Washington Network using GotoMeeting for those that cannot attend in person.


BACKGROUND:  In the past year, there have been multiple attacks against the Jewish community to include the January 2015 raid on a kosher food market in Porte de Vincennes, France where 19 Jewish patrons were held hostage and four of the patrons eventually murdered; the December 2014 stabbing attack at the Chabad-Lubavitch Headquarters in Brooklyn, NY; and the fatal shootings at the Kansas Jewish Centers in April 2014. 


In an effort to enhance security within the Jewish Community, the Department of Homeland Security Deputy Secretary conducted an initial call with senior Jewish community leaders on December 11, 2014, to coordinate heightened outreach. This Jewish Community Outreach will continue previous collaborative efforts.  

Who should attend? Leaders of an agency, synagogue, or those responsible for the safety and welfare of their constituents & staff members.

In order to attend in person, or attend via webinar, you must RSVP to: by no later than Friday, February 27th at 5pmAn RSVP response will go out with special instructions for attendance and confirmation.

When you RSVP for this Community Outreach, please include your name, the agency you represent, your title, and contact information including phone number.

Note: Only those on the visitor list will be allowed to enter the building, and webinar attendance will be limited to those that RSVP (there are some limits to the number of attendees that can sign in via the web, so please RSVP for webinar early if you cannot attend in person.

Wireless Emergency Alerts

posted Feb 26, 2015, 1:24 PM by Andrew Chadick

Have you noticed a unique sound and vibration coming from your cell phone?  You may have received a Wireless Emergency Alert (WEA) - a nationwide emergency alert system notifying you of a pending emergency in your area. These messages provide information about extreme weather warnings, local emergencies, AMBER Alerts™, and Presidential Alerts during a national emergency.

WEAs look like a text message and show the type and time of the alert, any action you should take, and the agency issuing the alert. If you receive a WEA, follow any directions advised by the message and seek additional information from local media or authorities.

WEAs are sent by authorized government agencies through your mobile carrier. Government partners include local and state public safety agencies, FEMA, the Federal Communications Commission, the Department of Homeland Security, and the National Weather Service.

WEA messages can save lives! To learn more check, out FEMA’s WEA Public Service Announcements and the Be Smart. Know Your Alerts and Warnings guide from America’s PrepareAthon!

1-10 of 32