Teach your staff to:
A) Stop and Look, Assess the Situation.
B) Then, Do Something.
Teach Your Staff: First Aid, and Teach Psychological First Aid.
Teach Respect, Tolerance, and Understanding.
In the end, it’s a sense of hope and optimism that people acknowledge, and which brings resilience.
We've come to depend on our smartphones so heavily it is hard to remember what we did before we had them.
If you have a smartphone, you now carry a fully functional computer in your pocket or purse.
That's a tremendous amount of information at your fingertips. Therefore, it is paramount that you safeguard your smartphone.
Common Risks for Smartphones
Take a moment to consider each of these areas:
• Loss of device and information theft. Smartphones are small and can easily be lost or stolen.
Unauthorized users may access your accounts, address lists, photos, and more to scam, harm or
Embarrass you or your friends; they may leverage stored passwords to access your bank and credit card
Accounts, steal your money or make credit card charges; gain access to sensitive material, and more.
• Social Engineering. A common mobile threat is social engineering. Whether via text message, image, or
Application to download, an incoming communication may be an attempt to gain access to your information.
A current example consists of a text message that comes from an unknown number, telling you that if you
Click on the link provided, you'll have access to thousands of free ringtones. If this sounds too good to be
True, that's because it is. The link is in fact a malicious link. Clicking on it will compromise the security of
• TMI (Too Much Information). Guidelines for protecting privacy, safety, and reputation when sharing via
Computers also apply when sharing via smartphones. Mobile devices enable instantaneous capturing,
Posting and distribution of images, videos, and information. They may also broadcast location information.
• Public Wi-Fi. Smartphones are susceptible to malware and hacking when leveraging unsecured public
• Bluetooth and Near Field Communications (NFC). Bluetooth is a wireless network technology that uses
Short-wave radio transmissions to transmit voice and data. NFC allows for smartphones to communicate
With each other by simply touching another smartphone, or being in proximity to another smartphone with
NFC capabilities or a NFC device. Risks with using NFC and Bluetooth include eavesdropping, through
Which the cyber-criminal can intercept data transmission, such as credit card numbers. NFC also has the
Risk of transferring viruses or other malware from one NFC-enabled device to another.
Simple Steps to Protect Your Smartphone:
1. Update the operating system. Smartphones are computing devices that need to be updated. Updates
Often provide you with enhanced functionality and enriched features, as well as fixes to critical security
Vulnerabilities. Your smartphone manufacturer should notify you whenever an update is available.
2. Use of security software is a must. As the smartphone market is increasing, so too is the amount of
Malware designed to attack smartphones. The software security solutions that are available for desktops
And laptops are not as widely available for smartphones. A key protection is to use mobile security software
And keep it up-to-date. Many of these programs can also locate a missing or stolen phone, will back up
Your data, and even remotely wipe all data from the phone if it is reported stolen.
3. Password-protect your device. Enable strong password protection on your device and include a timeout
Requiring authentication after a period of inactivity. Secure the smartphone with a unique password - not the
Default one it came with. Do not share your password with others.
4. Think before you click, download, forward, or open. Before responding, registering, downloading or
Providing information, get the facts. No matter how tempting the text, image, or application is, if the
Download isn't from a legitimate app store or the site of a trusted company, don't engage with the message.
Personal information. If the app requires more access to your account and/or device than is needed to run
The service, do not continue. In addition, be aware that terms can change over time. Review your terms of
6. Be cautious with public Wi-Fi. Many smartphone users use free Wi-Fi hotspots to access data (and keep
Their phone plan costs down). There are numerous threats associated with Wi-Fi hotspots. To be safe, avoid
Logging into accounts, especially financial accounts, when using public wireless networks.
7. Disable Bluetooth and Near Field Communication (NFC) capabilities when not in use. Capabilities
Such as Bluetooth and NFC can provide ease and convenience in using your smartphone. They can also
Provide an easy way for a nearby, unauthorized user to gain access to your data. Tum these features off
When they are not required.
8. Enable encryption. Enabling encryption on your smartphone is one of the best ways to safeguard
Information stored on the device, thwarting unauthorized access.
9. Securely dispose of your device. With the constant changes and upgrades in the smartphone market,
Many are upgrading their devices on a regular basis. It is important that you wipe the information from your
Smartphone before disposal. Additionally, make sure any SD cards are removed and erased. If you are not
Redeploying the SIM card to another device, then make sure your personal information stored on the SIM
Card is erased or destroyed.
January 29th & 30th. This two day course examines the role of public information in managing a terrorism incident and provides practical training in crisis communication techniques.
In such an incident, it is imperative that community leaders, incident managers, and public information officers are prepared to communicate with the public through the news media. The course focuses on the role of public information in incident management, the information needs of the public in a crisis, and the various means of effectively communicating through the news media. Upon completion of the course, participants will understand the role of public information in a terrorism incident, and be prepared to plan and execute public information actions in the event of such an incident.
Agency partners that will have public information officer responsibilities during such an event.
ICS-100, ICS-200, IS-700, and IS-800. It is also recommended that participants take the IS-29 (PIO Awareness Training). Courses can be found here: http://training.fema.gov/EMIWeb/IS/IS120A.asp.
Due to Safety and Security, you must register for this event by January 15th, 2013 or you will not be permitted to enter.
You must have a confirmation email of successful registration with you in order to attend.
Please contact SAFE Washington with your name, agency name, and title when inquiring about this event.
Save the Date - Sept 5, 2012 Cyber Event Workshop & Sept 6, 2012 Cyber Event Tabletop Exercise
Emerald Down 2 - All are welcome to participate.
The workshop on 9/5 will be aimed at executive level personnel and will feature speakers who will describe and ennumerate the likely consequences of a large cyber event on organizations in our region.
During the tabletop exercise on 9/6 participant organizations will consider several scenarios and discuss interdependencies, response, recovery and collaboration.
Please see the attached flyer for details and registration.
Sent at: 12:08p PST
Please see the attached document: emerald_down_2_invite.pdf
Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible.
The critical bulletin – one of six security bulletins issued as part of today’s release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP).
“A little about MS12-020…this bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP),” Angela Gunn, security response communications manager for Microsoft’s Trustworthy Computing Group, explained in a blog post. “Both issues were cooperatively disclosed to Microsoft and we know of no active exploitation in the wild. The Critical-class issue applies to a fairly specific subset of systems – those running RDP – and is less problematic for those systems with Network Level Authentication (NLA) enabled.”
“That said, we strongly recommend that customers examine and prepare to apply this bulletin as soon as possible,” she added. “The Critical-class issue could allow a would-be attacker to achieve remote code execution on a machine running RDP (a non-default configuration); if the machine does not have NLA enabled, the attacker would not require authentication for RCE access.”
Ben Greenbaum, senior principal software engineer for Symantec’s Security Intelligence Group, agreed users should pay close attention to the RDP vulnerability.
“RDP’s purpose is to enable remote access from the Internet, but preferably to an authenticated user,” he said. “In this case, a malicious attacker can potentially take complete control of the computer. Failed exploit attempts of this issue will likely result in the user being confronted with the blue screen of death. If an attacker can bypass standard memory protection measures, however, they will have access at the kernel level.”
As a result of the release of the National Disaster Recovery Framework (NDRF), there will be various, multi-city Stakeholder Forums held throughout the country starting in December 2011. Please join the stakeholder engagement sessions to learn more about the key concepts of the NDRF, the implementation of the NDRF in the state and local communities and its engagement with the Whole Community, and how these concepts can be used to drive recovery efforts after a disaster.
This meeting is a next step in providing participants with an understanding of how they can apply NDRF principles and concepts. Additionally, participant comments will be used to further develop and refine NDRF guidance documents, tools, and implementation strategies.
Our first stakeholder engagement session will occur on December 1, 2011 in New Orleans, Louisiana.
For more information on these events or if you would like to attend, please click on the Stakeholder Engagement link.
The National Disaster Recovery Framework is a guide that enables effective recovery support to disaster-impacted States, Tribes, Territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner. It also focuses on how best to restore, redevelop and revitalize the health, social, economic, natural and environmental fabric of the community and build a more resilient Nation.
The National Disaster Recovery Framework is consistent with the vision set forth in the Presidential Policy Directive (PPD)-8, National Preparedness, which directs FEMA to work with interagency partners to publish a recovery framework. It is the first framework published under the Presidential Policy Directive reflecting the core recovery capabilities by supporting operational plans as an integral element of a National Preparedness System. It is a first step toward the PPD-8 objective to achieve a shared understanding and a common, integrated perspective across all mission areas—Prevention, Protection, Mitigation, Response, and Recovery—in order to achieve unity of effort and make the most effective use of the Nation’s limited resources.
For the first time, the National Disaster Recovery Framework defines:
The National Disaster Recovery Framework introduces six new Recovery Support Functions that provide a structure to facilitate problem solving, improve access to resources, and foster coordination among State and Federal agencies, nongovernmental partners and stakeholders. Each Recovery Support Function has coordinating and primary Federal agencies and supporting organizations that operate together with local, State and Tribal government officials, nongovernmental organizations (NGOs) and private sector partners.
The National Disaster Recovery Framework presents three positions that provide focal points for incorporating recovery considerations into the decision making process and monitoring the need for adjustments in assistance where necessary and feasible throughout the recovery process. Those positions are Federal Disaster Recovery Coordinator (FDRC), State or Tribal Disaster Recovery Coordinators (SDRC or TDRC) and Local Disaster Recovery Managers (LDRM).
Last Modified: Friday, 16-Dec-2011 10:34:58 EST
Breaking News for Citizens in King, Pierce and Snohomish Counties
Be in touch. Stay in touch.
The Regional Public Information Network is your one-stop resource for news alerts from more than 75 government, transportation, utility, health and emergency response agencies serving citizens in King, Pierce and Snohomish counties.
RPIN keeps the public informed about street and highway closures, weather, major transit disruptions, and provides updates on what agencies are doing to respond to emergencies and incidents. The public also can sign up to receive e-mail alerts and pager headlines from RPIN partners and get helpful tips to prepare for emergencies.
By Dan Yurman
For many nonprofits the need to secure the computer systems they use presents both a conceptual barrier as well as a technical one. Groups think they may need an expensive specialist and often feel that "it can't happen to them."
Both of these assumptions are wrong. Most steps that organizations need to take in order to protect their online assets do not require a lot of technical skill. What is needed is management attention, persistence, and attention to detail. Here's a list of some of the more common sense moves even a small group can make that have good payoffs in terms of protecting digital assets.
A lot of these actions can be taken relatively quickly and without special expertise. This isn't a complete list, but there is a resource at the end with more tips.
Location – Do not put key organizational information, including personnel, financial, and client or member records, on the same computer system as the web site.
Have a contractor host the website separately so that the public face of the organization on the Internet isn't a doorway to that organization’s internal operations. Your website is the first thing that will be attacked, so make sure who ever hosts it has a verifiable track record of protecting their clients from efforts to upend your online presence.
Check with your accountant about the firm's security measures since tax information will include things like social security numbers, payroll, checking accounts, investments, and health care benefits.
Passwords – Don't use proper names, place names, or birthday dates for passwords. Use strong passwords that combine upper and lower case, numbers, and special characters. Do not allow staff to use the same password for all systems. Do not store passwords online.
Protection - Use a firewall and virus checker for all computers. Set them to automatically update and budget to renew subscriptions for security software. You cannot allow it to get out of date.
Permission - Define who is authorized to access what data. For instance, how many employees need access beyond email, calendar, and timecards in addition to personal productivity software like word processing and spreadsheets? Keep a list of who has access to sensitive information such as payroll, taxes, personnel, and other information that needs to remain private.
Many groups rely on volunteers to get work done. Do you know which ones have access, or had access at one time, to your most important data? Do they still need it?
When an employee leaves the organization, delete their passwords as part of the checkout process. Immediately revoke all passwords for any employee who is fired for cause or for any employee or volunteer who quits as part of a dispute.
Backup – Hire a service to backup software and data on a daily basis and store it in encrypted form offsite. This can be done over the Internet with a subscription service for desktops and laptops, and with a commercial service for larger systems like finance, personnel, membership, etc.
Travel - Do not allow sensitive electronic information to leave the premises on laptops or USB sticks. Instead, use commercial VPN software to support telecommuting. If employees use laptops on travel, buy a whole disk encryption software license to install it on all of them.
WiFi – have two networks at your facility. The first is open, and insecure, for visitors. The second is secure and only for use by employees, contractors, consultants, etc. Make sure the security features of the WiFi equipment are fully implemented and get help if you need it. Do not use the public WiFi for the organization's business operations.
Public WiFi in coffee shops, airports, and hotels are not secure and should not be used to access important sites like online banking, credit cards, etc. Hackers haunt these networks with sophisticated electronic "sniffing" tools to snatch online IDs and passwords for the purpose of identity theft. This means your online time should be used cautiously in these places.
If you are traveling alone, do not walk away from your laptop for even a few seconds as that's all it takes for a thief to grab it and disappear into the crowd. When going through airport security, keep an eye on your laptop at all times.
Phones – All cell phones need to have "lock" features and an "app" (application) that allows them to be tracked down if lost, and wiped remotely if stolen. Most cell carriers offer a free backup service for contacts and there are plenty of "apps" to backup other data.
Social media – If your group has a Facebook page, do not wander away from managing it to play with links, even from "friends," that pique your curiosity but have nothing to do with the business of running the site. Don't click on links in Twitter messages sent to you from people you do not know. Educate your employees how to recognize online scams that seek to get someone to send them login information.
Get physical – Employ a reputable security firm to install intrusion, fire, and water alarms connected to a monitoring center. Physical theft of computers is also a threat. Water or fire damage can destroy your organizations ability to conduct business which is why you need backups.
Insurance – Cyber risks are not covered by standard liability, property, or casualty insurance. You can buy coverage that deals with privacy violations, business interruption, and other forms of cyber threats. Make sure you are covered.
For more information check the United States government Computer Emergency Readiness Team http://www.us-cert.gov/cas/tips/ for comprehensive guidance.
Dan Yurman is a consultant to energy industry firms for online information services. https://sites.google.com/site/djysrv/
SAFE Washington is pleased to announce our
“Safety & Security Training for the New Year 5772”.
Training Seminar is scheduled for Wednesday, September 7th 2011, from 9 a.m. – 11 a.m. at:
Temple De Hirsch Sinai, 1511 East Pike Street, Seattle.
This is an opportunity you won’t want to miss!
Administrators, Security Staff, Lay Leaders, and others concerned with remaining current on security and safety in our Jewish Congregations, Organizations and Schools.
Washington State Fusion Center presentation:
A senior supervisory intelligence analyst from the Washington State Fusion Center will present a top down summary report on national, regional and local crime trends and suspicious activity reports.
Seattle Police Department presentation:
Topics include; How does 911 dispatch work, How to best make the call, What information should callers give to the dispatcher, and What information can dispatchers give to callers.
Bellevue Police Department, Joint Terrorism Task Force (JTTF) presentation:
Bellevue Police Department’s JTTF
representative, Travess Forbush, will help attendees to understand how police
departments and the FBI are working together to thwart terrorism efforts.
Setracon Security presentation:
Anti-Defamation League (ADL) presentation:
Temple De Hirsch Sinai presentation:
Larry Broder, Executive Director from Temple De Hirsch Sinai will present: “The Day-to-Day Challenges of Making a Welcoming Facility while Remaining Secure, - On the Ground Experiences.”
Seattle Training Location:
Please Note: You must RSVP for this event; not only so we know how many to expect, but so you can be put on the building security’s “expected list”.
RSVP email to: email@example.com
Thank you for your time and attention; we look forward to seeing you at the training seminar.
SAFE Washington: A Mark Bloome Initiative