Cyber-Security Tips

Ways to Protect Your Computer

Anti-Virus Software – Installing anti-virus software on your computer is the easiest way to limit the amount of attacks on your system. However, it must always be up to date, if not malware can be easily created and inputted quickly.
System Backup – It is essential to backup your system in both physical and cloud form. This is important if your computer is ever stolen or if it crashes and is destroyed because you will still have a copy of all your valuable information.
Firewalls –  are either hardware or software that aids in the prevention of unauthorized users or malware/software from accessing your network.
Strong passwords – Using strong passwords can help prevent hackers from breaching your information.

How to Build a Great Password

Never share passwords with anyone, except with parents or guardians. Strong passwords are based on a descriptive phrase or sentence thatʼs easy for you to remember and difficult for someone else to guess.

Good Passwords

  • Use a different password for each of your important accounts.
  • Use at least eight characters. The longer the better (as long as you can remember it!).
  • Use combinations of letters (uppercase and lowercase), numbers and symbols.
  • Make your passwords memorable so you don’t need to write them down.
  • Immediately change your password if you know or believe it may be known by someone other than a trusted adult.
  • Always use strong screen locks on your devices. Set your devices to automatically lock in case they end up in the wrong hands.

Bad Passwords

  • Donʼt use personal information – name, address, email, phone number, Social Security number, birth dates, etc.
  • Donʼt use a password thatʼs easy to guess, like your nickname, your favorite baseball team, a string of numbers like 123456, and don’t use the word “password”!

Cyber-Security Quick Tips

Do you keep a login and password written down on a Post-it or piece of paper near your desk?

If so, you should get rid of it by using a paper shredder to dispose of the Post-it. Do not simply place the Post-it in the trash.

While it may be tough to remember a login and password for all of the sites and portals you belong to, writing the passwords down on a piece of paper, or keeping them in an unsecured document on your computer, is a bad habit to have.

This can put you and your entire company at risk.

Try to use passwords that are easy for you to remember, but hard for others to guess.

Remember to Stop, Look, and Think before clicking on any email links.

When in doubt, open a web browser and visit the company website of the person who sent you the email. From there you can log in to your account to verify any activity that has taken place.

Do not click a link in the email to visit the site. Open a browser and type in the address of the company.

Have you ever found a USB Stick/Thumb Drive, or a CD on the ground or in a parking lot? Hopefully you did not put this into your computer.

While you may be tempted by curiosity to see what data is on there, or perhaps to identify the owner, Do Not insert any of these found objects into your computer.

If you have ever signed in to a website such as Facebook or Amazon, you will notice that on the login page, the URL will change from ‘http’ to ‘https’.

What that little ‘s’ stands for is secure. It means that your web browser and the website have both agreed to communicate securely so that no other individuals will be able to ‘listen in’ on your conversation.

Just remember to look for that little important ‘s’ when transmitting any sensitive information, such as a password, through a web browser.

Locking your screen when you get up from your desk is a security action that is often overlooked and can have dangerous consequences. Failing to lock your screen can open you up to several vulnerabilities–some more serious than others.

What Bad Guys Can Do With Unlocked Workstations 

  • Files can be downloaded from the internet and executed on your computers, such as malware, spyware, keyloggers, and other types of malicious software.
  • Emails can be sent from your email address to coworkers, your boss, or other business contacts.
  • If you save passwords in your browser (another no-no), they now have access to your online banking, Facebook, and other accounts.

Facebook, Twitter, LinkedIn

Chances are you are a member of one or more of these social networks.

Chances are you have posted something about work (positive and/or negative).

Chances are you have friends/followers/connections that are co-workers or your supervisor.

You have the right to remain silent . . .

Anything you post may be used against you, so be careful.

Consider that what you post online to social networks is a body of evidence. If a manager sees negative things being posted about work, it may trigger a meeting.

Be mindful of what you post regarding your company. Do not post anything sensitive about your employer online. Attackers use social networking sites to gather information about you and your company and use it against you.

Interview Over

Potential and current employers can research your posts and pictures and make a decision on whether or not you get the job, or get a promotion.

If you post pictures of you doing illegal things, or acting overly irresponsible, it could hurt you and your career.

Be mindful of posting strongly opinionated views. This could cause coworkers to feel uncomfortable around you if they do not feel the same way.

Think carefully about what you are posting and who can see it. It could come back to bite you.

Use What You Are Given

Most of the social networking sites allow you to only show specific groups of people specific information. Use this feature. Make as little as possible ‘public.’ Consider separating work relationships from personal ones online.

Be careful what you post online. It could come back to hurt you, or the company you work for. It is perfectly fine to make use of social networking, just make sure to be responsible about it.

You may already be aware that you should not open email attachments with an extension such as “.exe”, but did you know that even PDFs or Word Documents can be rendered unsafe to open? Opening these attachments from senders with malicious intent can cause your computer (and any networks to which you are connected) to be compromised, hacked or even riddled with ransomware.

The general rule is to NEVER open any email attachment if you do not know who it came from or why you received it.

You should always be on guard with any email attachments that are not .TXT files.

How can I tell if an attachment is safe to open?

  • Ask yourself – Was I expecting to receive this attachment, and did it come from someone I would expect it to come from?
  • Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
    Never open an email attachment if you don’t recognize the sender it came from.
  • If you recognize the person or email address sending you the file, but it was still unexpected, contact them first through a different form of communication (such as by phone) to ask them if they intended to send you the file.

Visit any website these days and it’s very likely that you will be viewing ads as well.  Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click!

Remember – just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.

Adspace can become infected. Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

Cyber criminals can take advantage of this system by fooling the ad networks into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.

Tips to Prevent the Effect of Harmful Ads

  • Disable Adobe Flash on your computer – or at least set the Adobe Flash plug-in to “click-to-play” mode – to block the automatic infections.
  • Keep up-to-date with all the security patches and install them as soon as they come out.
  • Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.

Cyber criminals not only use the internet and email to gain access to sensitive information, they use telephones to their unlawful advantage. Vishing is the term for criminal attempts to influence action or gain confidential information over the phone using social engineering.

How it Works

Criminals have the ability to call from a blocked, “spoofed,” or private number, making it easier to pose as a fellow employee, an authority figure, or any person or organization that you would commonly interact with.

Any information regarding the processes or technologies a company uses would assist in a breach of an organization. Information that you may not consider very sensitive, such as employee names, titles, or ID numbers, could certainly help these criminals.

Don’t Fall for Phony Attempts

Think twice about giving out personal information to someone who claims to be from a different organization, or within your organization, unless you initiated the call yourself and you are certain the number called was valid. If someone contacts you requesting sensitive information, you can check the caller’s validity by asking to speak to their supervisor, or tell them you will call back, which will buy you time to investigate the request.

Vishing is not limited to gaining data from your organization, as vishers are also known to prey on your personal information. Remember to stop, look, and think before answering unfamiliar numbers, or before calling phone numbers you see in emails, internet ads, or pop-ups.

How can you tell if an email is safe?

Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?

An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email—a mismatched or fake URL.

Why is hovering important? What can it do for you?

Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they’ll go.

When you hover, check for the following to ensure you’re staying safe and secure

  • If the email appears to be coming from a company, does the hover link match the website of the sender?
  • Does the link have a misspelling of a well-known website, such as micorsoft.com?
  • Does the link redirect to a suspicious external domain appearing to look like the sender’s domain, such as micorsoft-support.com rather than microsoft.com?
  • Does the hover link show a URL that does not match where the context of the email claims it will take you?
  • Do you recognize the link’s address or did you even expect to receive the link?
  • Did you receive a blank email with long hyperlinks and no further information or context?
  • If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you’re still not sure – Verify! Ask your IT team or leadership if the email is legitimate before proceeding.

Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.

If you’re known to dabble in a little online browsing, odds are you’ve encountered a pop-up once or twice. There are times when a user may think, “Wow, that’s a great deal!” and click on a pop-up.  Note to those users: put down the mouse. Why? That pop-up could be malicious or dangerous.

There used to be a time when malicious pop-ups were only on questionable sites, but those days are gone. Hackers are smart and develop ways to inject malicious malware into pop-ups and online advertisements – even on the most trusted sites.

One of the most common attacks we see occurs when you visit a site and a pop-up appears that says, “Your computer is infected! Download our antivirus now!” If you click on this, a bogus virus scan will start. After the scan completes, you’ll be asked to pay for a full-version of the software or to call a helpline to connect with a support representative.

Spoiler alert: The software is not real and the fake support representative will take control of your computer to try and “fix” the issue, but end up causing more damage.

How to Prevent Pop-Up Attacks

Although hackers are smart, you can be smarter. Here are some tips to protect yourself from these types of attacks:

  • Avoid clicking on pop-ups.
  • Update your operating system regularly. Don’t postpone or snooze updates!
  • Use web-filtering software to warn you before accessing potentially harmful sites.

Remember, these attacks are only successful if we fall for them. Stay alert and be cautious!

What Is Smishing?

Many companies, products, and services have started offering text message alerts to keep you up to date. Scammers are aware of these alerts and they’re taking advantage of unsuspecting individuals. They send a text with dangerous links, or prompt you to respond with personal information by posing as your bank, an online account, or other services –to name a few examples. This Short Message Service (SMS) or text-based phishing scam is called Smishing, and the bad guys have taken a liking to it.

How It Works

The following are only a couple of examples. The bad guys are constantly coming up with new ways to “smish” you:

Use this link – Scammers pose as a familiar company or service and send shocking alerts such as–“Your account has been locked due to multiple failed logins.”–accompanied by a link to supposedly resolve the issue. Smishing links can contain malware that instantly installs if you made the mistaking of clicking. This malware can contain keystroke-logging software or permit access to your applications and files–making it easy to steal your identity or hold your files for ransom.

Call this phone number – Smishing attacks often try to persuade you into calling a number by telling you there’s been an issue with your account or that suspicious activity has been detected. A scammer will be ready to take your call and persuade you into providing personal information or making a payment.

Think before you tap!

  • Remember that government agencies, banks or any other legitimate business will never request sensitive information over a text message.
  • Take your time. Much like email phishing, texting scammers will often use the social engineering tactic of creating a false sense of urgency in their message.
  • Never click on any links or call any phone numbers in unexpected texts. Contact the company directly if you’d like to verify the text message.

Today, data breaches are more common than ever. A data breach is a leak of sensitive or confidential information, whether intentional or unintentional. It almost guarantees that at least one of your passwords, past or present, has been exposed by a data breach.

When passwords are exposed, hackers can buy them for a small sum, giving them unlimited access to your accounts and sensitive information. And, if you’ve used that password for multiple online accounts, bad guys could access those accounts too. So, if you’re still using your old MySpace password for your Facebook account, change that password immediately!

Tips for Creating New Passwords

  • Make your passwords complex by using at least eight characters with a combination of upper and lower case letters, numbers, and symbols. Example: a3D$8k0*
  • Use passphrases which are a phrase or sentence. Don’t use the lyrics of your favorite song or a quote from a book! Make it unique but make it something you can remember. Example: Pa$$wordSafety1sC0ol
  • Use a password generator such as LastPass and 1Password to generate passwords for you.
  • Don’t use variations of your old passwords. Hackers know that untrained users will do this, so they use automated tools to figure out these variations. As a simple example, if your password is “Password”, don’t make it “Password1”. Hopefully, none of your passwords are actually “Password”!

Whether or not you’re sure that your password has been exposed, make the safe choice and make all of your passwords unique. Not sure how to keep track of all of these unique passwords? Ask your IT team or supervisor if they can recommend a password or credential manager that you can use.

adminCyber-Security Tips