Cyber Security Tips for NCSAM

  Cyber Security Tip of the Day For National Cyber Security Awareness Month (NCSAM):  Protect online accounts with a different password for each.  Passwords need at least eight characters, letters, numbers and symbols.  Avoid using any part of your name, phone number or birth date. Be careful with email auto-complete. This is an email feature that automatically completes a name for you when you begin typing it in the TO field. However, your email client can easily complete the wrong name for you. If you are emailing anything sensitive, always be sure to check the TO field a second time before hitting the send button. Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it’s so important you use common sense and be wary of any messages that seem odd or suspicious. Rogue software or “scareware” is fake antivirus or security software. Bad guys usually try to get you to install it by generating a pop-up window as you surf the web. The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer. It takes only a few seconds to secure your computer and to help protect it from unauthorized access. Lock down your computer every time you leave your desk. If you’re using a windows computer, press Ctrl–Alt—Delete before you walk away! On a Mac? Try Control–Shift– Power Banking Trojans can use a malicious webpage to ask you for your cell phone number and then attempt to install a malicious app that can bypasses security systems. Your bank will not distribute apps in this way. It is always recommended that folks download apps from the official app store and never through unknown text messages or websites. Before submitting your credit card number when shopping online, always look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmissions and make sure “https” appears in the website’s address bar. The “s” stands for “secure” indicating that communications are encrypted. USB drives, Flash Memory Cards, CD-ROMs, and other external devices can be infected with viruses and malware. Always make sure to scan them using virus scan software before opening files on them, especially if those files were not put on the device by yourself. Email is the gateway to almost every other account a user may have. When someone loses or forgets an account password, the reset is sent to his or her email.  Cyber security experts suggests email users set up multi-factor authentication, which means more than just a password is required for access; a code may be sent via text message that a user must also input for access,​ for example. It’s something … Continue Reading →

Supervisor Johnson Speaks at National Cyber Conference

Lake Havasu City, AZ – Supervisor Buster Johnson was invited to speak at the National Initiative for Cybersecurity Education (NICE) conference this past week in Columbia, Maryland, to represent the National Association of Counties (NACo). The two day conference brought together more than 140 leaders from the academic world, the technology industry, and federal and local government to discuss the future cybersecurity educational needs of the nation. Supervisor Johnson, 1st Vice President of NACo’s Cybersecurity Task Force, spoke on a four person panel that focused on developing a sustainable cyber workforce for small businesses and state and local government. The NICE initiative focuses on cybersecurity awareness, education and the workforce. According to the Department of Homeland Security (DHS), the initiative is taking new actions to increase the number of individuals who are prepared for in-demand cybersecurity jobs as well as provide a common classification by which to organize and categorize workers. DHS crafted the NICE initiative from the Comprehensive National Cybersecurity Initiative. During the panel discussion, Johnson spoke about how local governments across the nation are competing with the private industry for cybersecurity personnel. Johnson suggested that local governments should focus their attention on training and incentives to attract and retain the personnel needed to combat cybersecurity in today’s digital age. Johnson also suggested that small businesses and local governments should set up internship programs for college students. “Most college students are focusing on landing a job at a large company or organization after they graduate, such as the NSA. If we can get colleges to recognize the benefit of working for a small business or local government, we will have a better chance at retaining them,” Johnson said. According to Johnson, smaller companies and local governments offer more freedom for IT professionals. “In a company with just 10 IT employees, versus one with over 500, you are recognized and have a greater chance for advancement and learning,” Johnson explained. Part of the discussion also focused on the new Next Generation 9-1-1 system that will pose a challenge for local governments and IT professionals in the upcoming years. In addition to calling 9-1-1 from a phone, the new system intends to enable the public to transmit text, images, video and data to the 9-1-1 dispatch center. “Technology is changing on a daily basis, and local governments need to ensure their employees are staying on top of these changes,” Johnson ended.

Cyber Security Tip #31

Cyber Security Tip #31 October is not only National Cyber Security Awareness Month; it’s also the time to celebrate Halloween, bringing to mind scary things that are merely figments of our imagination. In the digital world, however, there are many scary things that are not figments of our imagination that we should in fact be worried about. Here are some examples: • In the cyber world we have Gh0st, an infamous piece of malware that is commonly used by threat actors to remotely access a target and assume complete control. • Unlike the make-believe zombies you see in the movies, cyber zombies are real. In the online world, a zombie is a machine compromised with malware and controlled by a hacker. Zombies can send spam, launch denial-of-service attacks and infect other machines. • The Frankenstein malware takes small pieces of software from trusted programs and stitches them together, making the resulting malware undetectable. ‪#‎NCSAM‬

Cyber Security Tip #30

Cyber Security Tip #30: How to Avoid Work From Home Scams The ad says you can make lots of money working from the comfort of your home. But if this were true, wouldn’t we all be working at home? According to a report done by CBS, for every one legitimate work-at-home job posted online, there are about 70 scams. If you’ve spent any time trawling online jobs boards and classifieds looking for remote work from home opportunities then this statistic might not come as a surprise. To help you avoid being one of the many people that falls prey to their tricks, here are my top 8 tips for avoiding work from home scams: • Don’t pay money upfront – Any work from home opportunity that asks for money upfront could well be a scam, whether the money is for registration, training, supplies or processing fees. No ethical employer would expect you to pay them before they pay you. • Speak with someone – A legit employer of remote workers will happily discuss the work from home opportunity with you over the phone. Scammers won’t. • Conduct background checks – Google the company’s name with the word ‘scam’ next to it to see whether anybody that’s been tricked into a non-legit work from home job has an axe to grind. • Check references – If your search on Google doesn’t reveal anything but you’re still suspicious, ask to speak to another internet employee of the company. • Find out exactly what you’ll be paid – Beware of high hourly rates with minimal skills or experience required. There’s no shortage of work from home opportunities promising you’ll earn $100s for a few hours of work. Rather than trust these vague figures, ask them to explain exactly how much you will be paid and how your pay is calculated. • Jobs to avoid – Work from home jobs to avoid or be suspicious of are assembly jobs, data entry (when you have to pay for a starter kit), processing claims or emails and, of course, stuffing envelopes (businesses have postage machines these days!). ‪#‎NCSAM‬

Cyber Security Tip #29

Cyber Security Tip #29: What to do if you’re a victim of cyber crime • File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime which may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus, and debt collectors. • Even though you may not be asked to provide evidence when you first report the cybercrime, it is very important to keep any evidence you may have related to your complaint. Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence • Make sure you change your passwords for all online accounts. When changing your password, make it long, strong and unique, with a mix of upper and lowercase letters, numbers and symbols. You also may need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources. • In cases where the offender is known, send the stalker a clear written warning saying the contact is unwanted and asking that the perpetrator cease sending communications of any kind. Do this only once and do not communicate with the stalker again (Ongoing contact usually only encourages the stalker to continue the behavior). • If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy. ‪#‎NCSAM‬

Cyber Security Tip #28

Cyber Security Tip #28: Protect Your Identity From Cyber Thieves 1. Don’t carry your Social Security card in your wallet. If your health plan (other than Medicare) or another card uses your Social Security number, ask the company for a different number. 2. Identity thieves love passwords because they open doors to our personal information. Get tough and organized now. Use different passwords for all your accounts. Make those passwords strong with at least eight characters, including a mix of letters, numbers, and symbols ($+r0^gh@h@). 3. Stop most pre-approved credit card offers. They make a tempting target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 1-888-5OPTOUT (888-567-8688). Or opt out online at www.optoutprescreen.com. 4. Open your credit card bills and bank statements right away. Check carefully for any unauthorized charges or withdrawals and report them immediately. 5. When shopping online, check out a Web site before entering your credit card number or other personal information. Read the privacy policy and look for opportunities to opt out of information sharing. Only enter personal information on secure Web pages with “https” in the address bar and a padlock symbol at the bottom of the browser window. ‪#‎NCSAM‬

Cyber Security Tip #25

Cyber Security Tip #25: Managing Your Digital Footprint Once information is online, sometimes it can be impossible to remove. Therefore you should be conscientious of your visible online presence known as your digital footprint, as criminals and fraudsters may utilize this information against you in various ways. Here are some recommendation for “mapping your digital footprint.” Look at all the social networking sites and forums that you belong to and search what information about you is available. Clean up your digital footprint. Remove any photos, content and links that may be inappropriate or reveal too much information. Be selective about who you authorize to access your information. Use the privacy features of your browser and of the various websites you frequent to reduce the visibility of your information. Since many comments on public websites can be publicly seen, monitor and moderate comments associated with you to maintain a positive digital footprint. Consider using the “block comments” features or setting your social networking profile to “private” so only designated individuals can view it. Always think before you post. ‪#‎NCSAM‬

Cyber Security Tip #23

Hackers are taking advantage of people’s fears regarding the latest Ebola outbreak. If you get an email from a seemingly trustworthy organization about the Ebola virus in the coming days, beware. It could very well be a scam to obtain your personal info. The emails look like they’re from organizations like the World Health Organization. But when you click on its attachments, they install a DarkComet Remote Access Trojan (RAT) onto your computer, giving hackers access to your computer and the files on it. Be sure to avoid emails with subject lines similar to the following: • RE: Ebola Survival Guide • What you need to know about the deadly Ebola outbreak • So Really, How Do You Get Ebola? • Ebola virus outbreak: Curing Breakthrough Revealed? • SHOCKING Health Alert: Secret Cure for Ebola? • HEALTH NEWS: Secret Cure for Ebola? • Is there ANY way to cure Ebola? ‪#‎NCSAM‬

Cyber Security Tip #22

Cyber Security Tip #22: Treat your personal information like cash Your Social Security number, credit card numbers, and bank account numbers can be used to steal your money or open new accounts in your name. So every time you are asked for your personal information — whether in a web form, an email, a text, or a phone message — think about whether you can really trust the request. Always ensure that the website requesting the information is encrypted. Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, the entire account could be vulnerable. Look for https on every page of the site you’re on, not just where you sign in. ‪#‎NCSAM‬

Cyber Security Tip #20

Stranger Danger Parents are constantly reminded about teaching their kids to protect themselves against online strangers, but these individuals can pose just as great a threat to adults. When interacting with people online in any environment, you should exercise extreme caution. Especially if someone begins asking for personal information or attempts a sales pitch. Online harassment and abuse can also be a serious problem for both kids and adults. If someone you talk to online is becomes abusive or harasses you, immediately drop contact before things escalate. Be careful whom you befriend online — not everyone is friendly or forthcoming on the Internet. ‪#‎NCSAM‬