201-896-4100 info@sh-law.com

Cybersecurity Awareness Month Tip of the Day

Author: Scarinci Hollenbeck|October 1, 2017

Cybersecurity Awareness Month Tip of the Day

Cybersecurity Awareness Month Tip of the Day

Cybersecurity Awareness Month Tip of the Day

October is National Cybersecurity Awareness month, the yearly campaign to reinforce and spread awareness on proper cybersecurity practices and to stress the importance of protecting your online accounts and securing your personal information in cyberspace. The Department of Homeland Security states that “National Cybersecurity Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident. Several Federal agencies, including the FTC, are engaging in informational events all October to raise awareness of cyber risks as well as proper practices that can be implemented to protect yourself from malicious actors that may seek to compromise your online accounts, identity, and other personal information.

Cybersecurity Awareness Month Tip of the Day

Photo courtesy of Stocksnap.io

All month, we will supply helpful daily cybersecurity tips recommended by regulators and other IT professionals that can help businesses and their employees better protect themselves from cyber threats and ensure that their trade secrets and other intellectual property and customer and employee personal information is not exposed and compromised.

Tips:

  • Monday, October 2nd: Popular anti-virus software company, McAfee suggests consumers use strong and distinct passwords for all internet accounts and set hard to discern security questions for password recovery. 
    • Avoid using consecutive letters or numbers, common words, or first and last names
    • Avoid reusing the same password across multiple websites or accounts
    • Don’t use security questions that can be determined simply by viewing your social media pages, home addresses, or easily discoverable family names. This is how Vice Presidential candidate Sarah Palin had her Yahoo account hacked.
    • It’s worth taking the 10 minutes to frequently reset your password to minimize the risk of your account being compromised.
    • In an interview with TV host John Oliver, Ex-NSA whistleblower Edward Snowden goes into detail on password security. He discusses common passwords included in hacker’s “password dictionaries”, suggesting users “shift their focus from passwords to “pass-phrases”.
  • Tuesday, October 3rd: The online product review website, Top Ten Reviews stresses that consumers utilize and keep updated reputable anti-virus software to minimize the risk of malicious software attacks.
    • Many forms of malware and computer viruses are becoming more and more sophisticated and proper anti-virus software can block many types of attacks.
    • A computer infected with spyware can compromise your identity and other private information that can be used to inflict serious financial and personal harm.
  • Wednesday, October 4th: Microsoft’s Safety and Security Center urges consumers to refrain from opening emails, or their content received from unknown or suspicious sources
    • It is growing more and more common for malicious entities to engage in “phishing” in order to scam unsuspecting victims or illicit useful person information for the purposes of fraud and identity theft
    • Common phishing tactics include:
      • Impersonating popular websites or companies.
      • Using threats, or claims that your security has been compromised and action must be taken via the source.
    • Pay attention to spelling and grammar in emails, including misspelled email addresses or odd looking domains, as it is common for phishing emails impersonating legitimate sources to contain poor spelling and grammar that a legitimate company would have corrected.
  • Thursday, October 5th: The non-profit internet security awareness organization org urges users to use caution when downloading files from unknown or unfamiliar sources
    • Refrain from downloading illegal movies, TV shows, or music as hackers often embed viruses in the files, or alternatively, the files may be 100% illegitimate and compromised and not what is advertised on the site.
    • Even legal files from the wrong sources may contain malicious software that can compromise your identity and the sanctity of your computer.
    • These malicious files may be hard to detect, or their effects may be obvious and immediate such as locking your computer or demanding payment to allow access to your files.
    • Additionally, copyright trolls are constantly on the hunt for theft of their intellectual property and aggressively police illegal downloads, including by filing lawsuits against those who download illegally.
  • Friday, October 6th: The wireless internet technology corporation Cisco suggests consumers never leave devices unattended
    • Unattended devices in the wrong hands may be compromised quite rapidly
    • Keep devices such as laptops, tablets, flash drives, and external hard drives within your control and possession at all times, especially while in public or an unfamiliar location.
    • Much of cybersecurity involves physical security. Be mindful of that, including closely monitoring workspaces when temporary workers (construction, moving companies, etc.) are around, especially during off hours.
  • Monday, October 9th: Keep your computer software up to date.
    • Security Specialist Peter Kruse of CSIS Security Group and Heimdal Security suggest users always update their software as soon as a patch is available.
    • Patching software frequently can fix bugs or vulnerabilities that can leave your devices vulnerable to attacks.
    • According to LSA Systems, updating your software frequently improves security by ensuring that “your system has the latest defensive solutions to help limit the threat posed by malware and hackers.”
  • Tuesday, October 10th: Avoid using public WiFi.
    • Popular anti-virus software company Norton states that there are “a tremendous amount of risks that go along with these networks.”
    • According to Norton, a common risk is known as “Man in the Middle Attacks”, citing it as a form of “eavesdropping”. Norton elaborates that “[w]hen a computer makes a connection to the internet, data is sent from point A (computer) to point B (server/website), and vulnerabilities can allow an attacker to get in between these transmissions and ‘read’ them.”
    • There is also the risk of “malicious hot spots” which are WiFi hotspots intentionally created to compromise users privacy and security.
  • Wednesday, October 11th: Don’t accept social media invites and requests from individuals you don’t know.
    • According to news network CNBC, hackers are turning to social media to phish for users credentials.
    • These fake accounts make comments, messages, and posts in attempts to phish for user’s personal information, and especially banking and financial information.
    • CNBC reported that it’s common for the fake accounts to directly message users of websites like Twitter and Facebook, focusing on users who complain to companies via tweet, sending fake links to defraud concerned users of their financial information.
    • These fake accounts make slight, but noteworthy alterations to their links and pages in order to make them mirror legitimate institutions, such as by adding the word “The” or spaces and underscores.
  • Thursday, October 12th: Avoid saving your credit and debit card info on websites.
    • According to news agency Money Talks, “two out of every three online shoppers – which equates to 94 million Americans – have stored their credit card info on at least one website or app.” Additionally, 14 million Americans consistently save their card info online.
    • This can drastically increase consumers’ chances of falling victim to data breaches and fraud and put your financial well-being in jeopardy.
    • Money Talks suggests limiting the number of websites that you store credit card information on and additionally to avoid storing debit card information – only credit cards.
  • Friday, October 13th: Always lock your phone, computer, and other devices.
    • The University of California Santa Cruz suggests always setting devices to automatically lock, as well as consciously locking them whenever they are not in use in order to “prevent others from viewing or using your device when you’re not around.”
    • Additionally, UCSC suggests that users implement strong passwords to unlock their devices as well as disabling “auto-login”.
    • The university also recommends utilizing the “erase remotely” or “auto-erase” function on smartphones that are activated if the phone is lost, stolen, or an incorrect password is entered too many times.
  • Monday, October 16th: Use 2-factor authentication for all online accounts.
    • SecurEnvoy, a company that specializes in 2 factor authentication services, urges users to implement dual-factor authentication in addition to the typical password in order to further secure online accounts from breaches.
    • 2 Factor Authentication is essentially a second layer of security in addition to a PIN or password in order to further verify that the person who logs into your account is you, and not a malicious entity who obtained a password or key.
    • SecurEnvoy suggests using a combination of:
      • “PIN, Password, Secret”
      • “Mobile Phone” or other “Device” and/or;
      • “Biometric, retina, or fingerprint” keys
    • They elaborate that, “Two Factor is made up of something that a user knows and something the user owns. The device that they own then provides a solution where a Passcode is generated locally or is received by SMS, Voice, or a Secure Email”.
  • Tuesday, October 17th: Delete old or unused apps that may leave you vulnerable to security breaches.
    • PCWorld.com discusses that, as old or unused apps are less likely to be patched for security updates, they may leave your PC or devices vulnerable.
    • Deleting these apps can not only free up storage on your device but help you limit access to your sensitive files and reduce the possibility of unexpected exploits.
  • Wednesday, October 18th: Download and utilize an ad blocker program.
    • Hackers are increasingly developing technology to implant malicious software into ads on common websites that could be used to compromise users security.
    • Popular adblocking software company, Adblock Plus discusses many of the benefits of utilizing ad blocker software, including limiting ads users are subjected to on websites that could contain malicious software as well as hindering website’s ability to track their location and cookies.
    • While the site asserts that adblocking software is not a substitute for quality anti-virus software, it is an extra layer of protection that could be beneficial for users.
  • Thursday, October 19th: Don’t run your PC or devices as “Administrator” except for essential downloads.
    • According to Microsoft, running your PC or devices as administrator can leave your system vulnerable to “Trojan Horses” and other malicious software exploits.
    • Microsoft elaborates that if “you are logged on as an administrator of a local computer, a Trojan horse could reformat your hard drive, delete your files, and create a new user account with administrator access.”
    • They recommend that users “add your domain user account only to the Users group (and not to the Administrators group) to perform routine tasks, including running programs and visiting internet sites.”
  • Thursday, October 20th: Be careful what information you make public online, such as “geotags” on social media or “location check-ins”.
    • According to Forbes, consumers should only use locational settings for specific uses and should set it to off as the default setting.
    • Forbes discusses that companies may sell geolocation data to “data brokers” containing sensitive information such as medical conditions, daily habits, religious affiliations, as well as other private information.
    • Forbes further explains that many apps don’t disclose upfront whether or not they are collecting geolocation data siting the FTC’s Director of the Bureau of Consumer Protection Jessica Rich who testified that “companies often claim that they have an opt-in approach to geolocation data but do not follow it in practice.”

Cybersecurity Awareness Month Tip of the Day

Author: Scarinci Hollenbeck

October is National Cybersecurity Awareness month, the yearly campaign to reinforce and spread awareness on proper cybersecurity practices and to stress the importance of protecting your online accounts and securing your personal information in cyberspace. The Department of Homeland Security states that “National Cybersecurity Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident. Several Federal agencies, including the FTC, are engaging in informational events all October to raise awareness of cyber risks as well as proper practices that can be implemented to protect yourself from malicious actors that may seek to compromise your online accounts, identity, and other personal information.

Cybersecurity Awareness Month Tip of the Day

Photo courtesy of Stocksnap.io

All month, we will supply helpful daily cybersecurity tips recommended by regulators and other IT professionals that can help businesses and their employees better protect themselves from cyber threats and ensure that their trade secrets and other intellectual property and customer and employee personal information is not exposed and compromised.

Tips:

  • Monday, October 2nd: Popular anti-virus software company, McAfee suggests consumers use strong and distinct passwords for all internet accounts and set hard to discern security questions for password recovery. 
    • Avoid using consecutive letters or numbers, common words, or first and last names
    • Avoid reusing the same password across multiple websites or accounts
    • Don’t use security questions that can be determined simply by viewing your social media pages, home addresses, or easily discoverable family names. This is how Vice Presidential candidate Sarah Palin had her Yahoo account hacked.
    • It’s worth taking the 10 minutes to frequently reset your password to minimize the risk of your account being compromised.
    • In an interview with TV host John Oliver, Ex-NSA whistleblower Edward Snowden goes into detail on password security. He discusses common passwords included in hacker’s “password dictionaries”, suggesting users “shift their focus from passwords to “pass-phrases”.
  • Tuesday, October 3rd: The online product review website, Top Ten Reviews stresses that consumers utilize and keep updated reputable anti-virus software to minimize the risk of malicious software attacks.
    • Many forms of malware and computer viruses are becoming more and more sophisticated and proper anti-virus software can block many types of attacks.
    • A computer infected with spyware can compromise your identity and other private information that can be used to inflict serious financial and personal harm.
  • Wednesday, October 4th: Microsoft’s Safety and Security Center urges consumers to refrain from opening emails, or their content received from unknown or suspicious sources
    • It is growing more and more common for malicious entities to engage in “phishing” in order to scam unsuspecting victims or illicit useful person information for the purposes of fraud and identity theft
    • Common phishing tactics include:
      • Impersonating popular websites or companies.
      • Using threats, or claims that your security has been compromised and action must be taken via the source.
    • Pay attention to spelling and grammar in emails, including misspelled email addresses or odd looking domains, as it is common for phishing emails impersonating legitimate sources to contain poor spelling and grammar that a legitimate company would have corrected.
  • Thursday, October 5th: The non-profit internet security awareness organization org urges users to use caution when downloading files from unknown or unfamiliar sources
    • Refrain from downloading illegal movies, TV shows, or music as hackers often embed viruses in the files, or alternatively, the files may be 100% illegitimate and compromised and not what is advertised on the site.
    • Even legal files from the wrong sources may contain malicious software that can compromise your identity and the sanctity of your computer.
    • These malicious files may be hard to detect, or their effects may be obvious and immediate such as locking your computer or demanding payment to allow access to your files.
    • Additionally, copyright trolls are constantly on the hunt for theft of their intellectual property and aggressively police illegal downloads, including by filing lawsuits against those who download illegally.
  • Friday, October 6th: The wireless internet technology corporation Cisco suggests consumers never leave devices unattended
    • Unattended devices in the wrong hands may be compromised quite rapidly
    • Keep devices such as laptops, tablets, flash drives, and external hard drives within your control and possession at all times, especially while in public or an unfamiliar location.
    • Much of cybersecurity involves physical security. Be mindful of that, including closely monitoring workspaces when temporary workers (construction, moving companies, etc.) are around, especially during off hours.
  • Monday, October 9th: Keep your computer software up to date.
    • Security Specialist Peter Kruse of CSIS Security Group and Heimdal Security suggest users always update their software as soon as a patch is available.
    • Patching software frequently can fix bugs or vulnerabilities that can leave your devices vulnerable to attacks.
    • According to LSA Systems, updating your software frequently improves security by ensuring that “your system has the latest defensive solutions to help limit the threat posed by malware and hackers.”
  • Tuesday, October 10th: Avoid using public WiFi.
    • Popular anti-virus software company Norton states that there are “a tremendous amount of risks that go along with these networks.”
    • According to Norton, a common risk is known as “Man in the Middle Attacks”, citing it as a form of “eavesdropping”. Norton elaborates that “[w]hen a computer makes a connection to the internet, data is sent from point A (computer) to point B (server/website), and vulnerabilities can allow an attacker to get in between these transmissions and ‘read’ them.”
    • There is also the risk of “malicious hot spots” which are WiFi hotspots intentionally created to compromise users privacy and security.
  • Wednesday, October 11th: Don’t accept social media invites and requests from individuals you don’t know.
    • According to news network CNBC, hackers are turning to social media to phish for users credentials.
    • These fake accounts make comments, messages, and posts in attempts to phish for user’s personal information, and especially banking and financial information.
    • CNBC reported that it’s common for the fake accounts to directly message users of websites like Twitter and Facebook, focusing on users who complain to companies via tweet, sending fake links to defraud concerned users of their financial information.
    • These fake accounts make slight, but noteworthy alterations to their links and pages in order to make them mirror legitimate institutions, such as by adding the word “The” or spaces and underscores.
  • Thursday, October 12th: Avoid saving your credit and debit card info on websites.
    • According to news agency Money Talks, “two out of every three online shoppers – which equates to 94 million Americans – have stored their credit card info on at least one website or app.” Additionally, 14 million Americans consistently save their card info online.
    • This can drastically increase consumers’ chances of falling victim to data breaches and fraud and put your financial well-being in jeopardy.
    • Money Talks suggests limiting the number of websites that you store credit card information on and additionally to avoid storing debit card information – only credit cards.
  • Friday, October 13th: Always lock your phone, computer, and other devices.
    • The University of California Santa Cruz suggests always setting devices to automatically lock, as well as consciously locking them whenever they are not in use in order to “prevent others from viewing or using your device when you’re not around.”
    • Additionally, UCSC suggests that users implement strong passwords to unlock their devices as well as disabling “auto-login”.
    • The university also recommends utilizing the “erase remotely” or “auto-erase” function on smartphones that are activated if the phone is lost, stolen, or an incorrect password is entered too many times.
  • Monday, October 16th: Use 2-factor authentication for all online accounts.
    • SecurEnvoy, a company that specializes in 2 factor authentication services, urges users to implement dual-factor authentication in addition to the typical password in order to further secure online accounts from breaches.
    • 2 Factor Authentication is essentially a second layer of security in addition to a PIN or password in order to further verify that the person who logs into your account is you, and not a malicious entity who obtained a password or key.
    • SecurEnvoy suggests using a combination of:
      • “PIN, Password, Secret”
      • “Mobile Phone” or other “Device” and/or;
      • “Biometric, retina, or fingerprint” keys
    • They elaborate that, “Two Factor is made up of something that a user knows and something the user owns. The device that they own then provides a solution where a Passcode is generated locally or is received by SMS, Voice, or a Secure Email”.
  • Tuesday, October 17th: Delete old or unused apps that may leave you vulnerable to security breaches.
    • PCWorld.com discusses that, as old or unused apps are less likely to be patched for security updates, they may leave your PC or devices vulnerable.
    • Deleting these apps can not only free up storage on your device but help you limit access to your sensitive files and reduce the possibility of unexpected exploits.
  • Wednesday, October 18th: Download and utilize an ad blocker program.
    • Hackers are increasingly developing technology to implant malicious software into ads on common websites that could be used to compromise users security.
    • Popular adblocking software company, Adblock Plus discusses many of the benefits of utilizing ad blocker software, including limiting ads users are subjected to on websites that could contain malicious software as well as hindering website’s ability to track their location and cookies.
    • While the site asserts that adblocking software is not a substitute for quality anti-virus software, it is an extra layer of protection that could be beneficial for users.
  • Thursday, October 19th: Don’t run your PC or devices as “Administrator” except for essential downloads.
    • According to Microsoft, running your PC or devices as administrator can leave your system vulnerable to “Trojan Horses” and other malicious software exploits.
    • Microsoft elaborates that if “you are logged on as an administrator of a local computer, a Trojan horse could reformat your hard drive, delete your files, and create a new user account with administrator access.”
    • They recommend that users “add your domain user account only to the Users group (and not to the Administrators group) to perform routine tasks, including running programs and visiting internet sites.”
  • Thursday, October 20th: Be careful what information you make public online, such as “geotags” on social media or “location check-ins”.
    • According to Forbes, consumers should only use locational settings for specific uses and should set it to off as the default setting.
    • Forbes discusses that companies may sell geolocation data to “data brokers” containing sensitive information such as medical conditions, daily habits, religious affiliations, as well as other private information.
    • Forbes further explains that many apps don’t disclose upfront whether or not they are collecting geolocation data siting the FTC’s Director of the Bureau of Consumer Protection Jessica Rich who testified that “companies often claim that they have an opt-in approach to geolocation data but do not follow it in practice.”

Firm News & Press Releases