In its most recent annual Cost of a Data Breach report, the Ponemon Institute reviewed more than 500 incidents around the world. The results were sobering: the average data breach costs an organization $4.24 million, and takes 287 days to identify and contain.

That’s why Cybersecurity Awareness Month – designated every October for the last 18 years – is an important reminder of just how critical cybersecurity awareness is at all levels of government and across every industry.

The best way to protect your organization and yourself is by being able to recognize potential cyber threats, understand their significance, and sharing that knowledge with others. The weakest link in many cybersecurity programs is people. They make mistakes, it’s bound to happen. But if you can raise your end users’ awareness about cybersecurity across all of the platforms and devices they use, it can drastically reduce the likelihood of a mistake happening. Even more important – when a mistake does happen and you have a strong cybersecurity posture, people recognize it and know how to respond.

This October, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are emphasizing the overarching theme of “Do your part. #BeCyberSmart.” Additionally, four weekly messages, have been established for Cybersecurity Awareness Month 2021.

Week 1: Be Cyber Smart

Knowing and sharing the cybersecurity basics is the foundation for any good awareness program. Knowledge is power, and that power should be shared. To be cyber smart you should assess your posture, implement a defense in depth strategy, ensure strong password and access management practices, patch regularly, and continually educate yourself and others in your organization.

Week 2: Fight the Phish!

Phishing is one of the most common ways that bad actors attack organizations, because it’s an easy and simple way to get in front of users. Fight back by implementing solutions that block phishing emails and educating users to identify those that would otherwise get through your defenses. Users who can quickly identify and report phishing emails can help tip the scales in your favor. The more people you have fighting phishing attacks, the stronger your organization’s cybersecurity posture will be. Learn more about how to prevent email compromise here.

Week 3: Explore. Experience. Share

The third week of October is Cybersecurity Career Awareness Week! The world of cybersecurity and the threat landscape is ever-changing, and that presents outstanding career opportunities for people who want to apply their skills and passion to this growing area. Week 3 is all about inspiring and promoting awareness and encouraging people to explore careers in cybersecurity by calling attention to the contributions they can make to our society and our economy in doing so.

The National Initiative for Cybersecurity Education (NICE) has put together some resources to help you learn more about career paths in cybersecurity.

Week 4: Cybersecurity First

Being online and connected is part of our everyday lives – from work, to shopping, to entertainment. So we also need to make sure cybersecurity is at the forefront of our minds every day. If you’re sharing information online, you should take a couple of seconds to validate that the receiver is a trusted source and is applying cyber best practices. Likewise, if you’re receiving information, you should make sure you’re doing everything possible to protect it from bad actors. Cybersecurity should be the first and last thing we consider when interacting with the digital environment.

These messages should be shared at all levels. We encourage you to take these Cybersecurity Awareness Month themes and develop short, but impactful weekly communications to everyone in your organization. Then post them on social media and other platforms to play your part in spreading the word. The more people we can encourage to be #BeCyberSmart, the more connected, informed, and protected our communities will be.

If you or your organization is interested in taking an active role in Cybersecurity Awareness Month, download CISA’s Cybersecurity Awareness Month 2021 Toolkit. It provides valuable messaging, articles, social media graphics, and other resources for promoting and modeling this important initiative. We at the MS-ISAC have developed social media templates that we encourage you to share to help promote the campaign and our goal to create an elevated level of cybersecurity posture across the United States.

We like to think we can trust our co-workers to do the right thing. Unfortunately, this is not always the case. Some people become insider threats; that is, they use their authorized access to systems to harm their organization. For example, someone may sell information from a database to a third party.

There are three types of insider threats:

1. Unintentional –This person does not intend to cause a threat, but they do so through carelessness. They may misplace their laptop or flash drive, fail to update software, or ignore instructions when setting up software or cloud storage. Their attention to detail may be poor and they can make mistakes that damage the organization, such as causing a breach by emailing data to the wrong person.
2. Intentional –This person intends to harm their organization and is often called a “malicious insider.” They may be in it for financial gain, to get revenge for some perceived slight, or for some other motivation. They may leak information to third parties for money or political beliefs, steal information to advance a side business, or destroy data to sabotage the organization.
3. Collusive or Third-party – Collusive threats occur when an insider collaborates with an outsider to compromise an organization. The outsider may recruit an insider to obtain information to commit fraud, intellectual property theft, espionage, or some other crime. Some insiders may be manipulated into becoming a threat and may not recognize that what they are doing is harmful. Third-party threats occur when the insider works for a contractor or vendor who has access to the organization’s network or facilities.

Some of the indicators of an intentional insider threat include:

• Life changes, such as financial, relationship, family, or work problems.
• Behavioral changes, such as signs of depression, anger, or possible drug or alcohol addiction. However, a colleague who seeks help is showing good judgment.
• Changes in work habits such as working through lunch, accessing or asking questions about information or systems not part of the scope of the colleague’s employment, or a disregard for security policies and practices.

Many unintentional insiders are:

• Poorly trained in cyber hygiene, either because the organization does not train staff or because they do not pay attention.
• Disorganized; loses laptops or flash drives.
• Unfamiliar with technology or thinks they know more than they do and do not follow instructions when installing new software or setting up cloud storage.

We all make mistakes, but many unintentional insiders simply do not pay attention to what they are doing. The lack of attention to detail puts their organization at risk for breaches and malware.

To reduce the likelihood of an insider threat, organizations should develop a comprehensive program that includes knowing the people within the organization, identifying the assets and prioritizing the risks, and establishing the proven operational approach of detect and identify – assess – manage.  Organizations should take extra steps to vet third party service providers to ensure they can access only necessary systems and areas of the building.

The Cybersecurity and Infrastructure Security Agency (CISA) has more information about insider threat mitigation at https://www.cisa.gov/insider-threat-mitigation.

As technology continues to evolve, the tools and toys available to your children increase in number and evolve in capabilities. Technology can be used to educate and inspire creativity in kids, but it also exposes them to a risky landscape most of us didn’t have to worry about during childhood.  Adults can discuss with children how the digital world is a great resource, but we must remain cyber aware. We all should be responsible with the information we share, and the ways we explore.

Here are a few things we should all do to protect our kids and our home networks.

Keep Software Updated

Think of all the devices in your household that connect to the internet - phones, tablets, computers, gaming systems, smart appliances, even lightbulbs! One of the most important things you can do to keep your devices safe is to ensure your devices are up to date and using the latest software. When your devices notify you about a software update, install the update right away, or set them to automatically update.  Those updates contain security patches that close loopholes that hackers can use to gain entry and access your data like your passwords, payment information, photos, and more.

Always make sure you know what apps are on your children’s devices, know what those apps do, and what type of information they monitor or collect.  This can be done easily by checking the app settings and privacy disclosures.

If you have children prone to installing anything that looks new and flashy, consider requiring a PIN or password you only know before allowing installation of new applications.

Implement Domain Name System (DNS) Filtering

As we all know, surfing the web can be a risky business.  While we can usually identify scams and malicious links, children may not catch on so quickly and see that the link their friend’s hacked account just sent them for a free game is a malicious website in disguise.

Implementing DNS filtering, which prevents devices on your network from connecting to known bad websites, is a free and easy way to help prevent everything from phishing and ransomware, to spyware and viruses.  It is so useful, some of largest IT companies in the world have joined forces to provide it for    DNS filtering can even be set up on your home router with very little effort, which will help protect anyone or device on your entire network. DNS filtering services can also be used to implement parental controls to deter kids to going to unwanted or inappropriate websites. You can additionally limit kids’ screen time and monitor their online surfing activity if you choose to do so. By doing this, you can create a family-friendly online space in your home while also protecting your identity and blocking cyber-villains.

Free DNS filtering options for families

• Quad 9: When your computer performs any Internet transaction that uses the DNS (and most transactions do), Quad9 blocks lookups of malicious hostnames from an up-to-the-minute list of threats.
• Cleanbrowsing: A free DNS system that focuses on privacy for households with children. It provides 3 free filter options and blocks most adult sites.
• OpenDNS: Owned by Cisco, OpenDNShas two free options: Family Shield and Home. These are incredibly useful for monitoring and preventing adult site access as well as general internet safety and performance.

Talk to Your Kids

Finally, make sure you talk to your kids about cybersecurity. Just like other issues that have the potential to harm our children, keeping an open line of communication regarding cybersecurity is vital to keeping them safe.

Outside of adjusting privacy settings and parental controls on devices your kids use, make sure they learn how to spot unusual behavior and encourage them to tell you about it. Teach your kids about proper online etiquette and encourage appropriate interactions.

Supervise their screen time and make sure you are in the know about who they talk to and interact with online. Talk to them about the importance of keeping some information private – such as your name, home address, and phone number.

Check their apps and devices frequently to make sure your kids haven’t turned on location sharing or made their social media accounts public to anyone and everyone.  As they get older, remind them that once information is online it can’t be taken back – it’s online forever.

Cybersecurity was not something past generations of parents had to worry about when raising their children but is a big part of all our lives now.  And even though we may not like all that comes with these technologies, they’re here to stay and it is imperative that we teach our children how to responsibly and safely use them. Let’s give our children the foundation they need to be able to safely and securely engage in today’s connected world.

In response to the pandemic, many end-users are now working from home instead of commuting to their business locations. Homes are being used as business offices, and computers and networks are being shared by family members. Families are taking classes, doing homework, and surfing the web in addition to performing business functions.

The data created may be stored locally or in the cloud. Backups may not happen until the device is returned to the office or the end-user manually backs it up. This new environment is ripe for cyber-attacks.

The Perils of Ransomware

Ransomware is one of those cyber-attacks that are on the rise. Ransomware is a type of malware that is normally delivered through a phishing message. The phishing message entices the reader to click on a link or open an attachment. When the recipient falls for the phish, the process of infecting the device is started. It initiates a connection back to the attacker’s device to receive instructions for encrypting the device.

Once the encryption is completed, the user is locked out of their data and the device. At this point, a ransomware note is displayed and a ransom is demanded in cryptocurrency (i.e. Bitcoin) to regain access to their data and their system.

Protect Your Family, Data, and Devices

So, what does this mean to you? How can you protect your family, data and devices from these cyber attackers? Here are some best practices for cyber hygiene that can help protect you from becoming a victim of ransomware:

• Don’t open any emails from someone you don’t know or that you aren’t expecting to receive.
• Don’t click on links in messages.
• Avoid opening attachments in messages. Download the attachments and scan them for malware before opening.
• If it sounds too good to be true, it probably is. Don’t give away any personal information that could allow an attacker to compromise your devices or steal your identity.
• Install anti-virus/anti-malware software on your device and keep it up to date.
• Apply patches to all applications and the operating system as they become available.
• Don’t browse suspicious sites. Cybercriminals count on users mistyping the name of a legitimate site. These sites are made to look like the legitimate site but are used to deliver malware to the device.
• Don’t respond to pop-up windows instructing you to call a number for support. Attackers use this method to steal your personal and credit card information. Once you allow them to remotely access your device, they will install additional malware on your device instead of removing it.

What to Do if You Get Infected with Ransomware

1. Don’t respond to a ransom note on the screen. Paying the ransom does not guarantee that you will gain access to your data and/or your system. The attackers will normally request payment in a form of cryptocurrency, like Bitcoin, that can’t be traced. Once the ransom is paid, your money is gone.
2. Seek professional assistance. Contact your employer’s IT security department and/or law enforcement to allow them to trace the source of the infection.
3. Using a separate non-infected device, change passwords on all accounts that were accessed from that device.
4. If you provided the attacker with personal and/or credit card information, put a fraud alert on your account at the three major credit reporting bureaus (Experian, TransUnion, and Equifax). This should prevent the cybercriminal from using your information to open new accounts in your name. If credit card information was provided, contact your credit card company to report it to their fraud department. They will normally issue you a new credit card number and shut down the old account to prevent it from being used fraudulently.

Many of the crimes that occur in real life happen on the internet too. Credit card fraud, identity theft, embezzlement, and more, all can be and are being done online.

Seniors and the elderly are often targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them more attractive to scammers.

Seniors are considered easy targets by criminals because they might not know how to report cybercrimes against them. In some cases, seniors can experience shame and guilt over the scam. They may also fear that their families will lose trust in their ability to continue to manage their own finances.

Cybercrimes Targeting Seniors

Here are some common cyber scams used against senior citizens and how to avoid them:

• Tech support scam: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers can gain remote access to victims’ devices and their stored sensitive information.
• Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide payments.
• Financial scam: Criminals target potential victims using illegitimate credentials from legitimate services, such as reverse mortgages or credit repair.
• Romance scam: Criminals pose as interested romantic partners on social media or dating websites, particularly targeting women and those who are recently widowed.

A new twist is to use the romance scam to recruit victims for other illegal activity. This could include using the victim’s bank account to launder illegally obtained money or apply for benefits in another person’s name. Institutions may become suspicious, especially if these transactions are out of character. They may close the victim's account, or even refer the account for prosecution, putting the senior citizen at risk for legal action.

Tips to Protect Seniors Against Cybercrimes

Here are some tips on how to protect yourself or someone you love from cybercrimes:

• If you use social media, limit the amount of personal information you post and only add people that you know.
• Resist the scammer’s urge for you to act quickly. Scammers are very skilled at manipulating emotions and will fabricate an emergency to persuade a victim to act without thinking.
• Search for information about the proposed offer and any contact information given by the scammer. There are people and agencies online or in your community who can tell you if an individual or business is a scam. Never be afraid to ask other people for help.
• Never send money or personally identifiable information to unverified people or businesses. Be suspicious about anyone who demands gift cards as payment.
• Use reputable antivirus software and firewalls and make sure you regularly update them. If possible, configure your device to automatically download and install updates.
• Disconnect from the internet and shut down your device if you see unusual pop-ups or get a locked screen. Pop-ups are often used by criminals to spread malicious software.
• Be cautious what you download. Never open email attachments from someone you don’t know.

What to Do if You're Targeted by a Scammer

If you think you are being targeted by a scammer:

• Never share financial account information, and do not allow anyone access to your accounts.
• Monitor your accounts and credit for unusual activity, such as large sums of money that you did not deposit or loans that you did not apply for.
• Contact your local law enforcement agency to file a report and notify your financial institutions.

Sources:

• https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud
• https://www.cisa.gov/publication/stopthinkconnect-older-american-resources
• https://cybersecurityventures.com/3-cyber-fraud-tactics-targeting-seniors-and-why-theyre-so-effective/

An email account can be compromised in a number of different ways. In some cases, your password may be weak and easily guessed or obtained through a public breach. In other cases, you may have clicked on a malicious link in an email, social networking site, or webpage. Or, you may have downloaded an app or file that contained malicious scripts.

In this edition of the security newsletter, we’ll look at potential warning signs that your email account may have been compromised, what you can do to recover, and steps you can take to help prevent it from happening again.

How to Tell if Your Email Account is Compromised

Here are some red flags that may indicate your account has been compromised:

1. You are unable to access your e-mail account. If an attacker gained access to your email address and password, they may have logged in and changed the password to lock you out of the account.
2. Your family, friends, and coworkers receive emails from you that you didn’t write. Once your email account is compromised, the attacker can use your email address to send spam or phishing emails to the contacts in your address book.
3. You see activity on your social media accounts that you didn’t post. Some social media sites use single sign-on (SSO) with credentials from other accounts (e.g. Google, Yahoo) so you can login to social media without having to create a separate username and password. If your email account is linked to your social media accounts or if you use the same username and password for all your accounts, the attacker can gain access to everything with a single username and password.
4. You notice your Sent messages folder is empty or includes messages that you did not send.

What to Do if Your Email Account is Compromised

Here are some steps you can take if your account has been compromised. If you think your account has been compromised but you are not sure, it is better to err on the side of caution and follow these steps:

1. Login to your email account and reset your password using a strong password.
   a. Use long passphrases to make passwords easier to remember and more secure.
   b.  Do not use information about yourself, the city where you were born, your age, or the names of relatives, friends, or pets.
   c.  Do not use common words such as the name of favorite sports team.
   d.  If you are unable to login, contact your email provider to find out how you can regain access.
2. End / sign out of all sessions on all devices. Even after you change your password, if the attacker has an active session, they may be able to continue to send emails from your account.
3. Reset any additional accounts that the attacker may have gained access to. These may include financial institutions, shopping sites, and social media sites. There may be references to these accounts in your email. Remember to use unique passwords for each and every account. If not, if one account gets compromised, they all become compromised.
4. Enable Multi-Factor Authentication (MFA) on your e-mail account. This provides an additional layer of protection to login to your email account. It requires a code from a text message, phone call, or authenticator app to further verify access. Visit STOP.THINK.CONNECT to learn how to activate MFA.
5. Review and change your security questions. If your email account was compromised from a device or location not matching your normal usage, it’s possible a malicious individual was able to answer your security questions.
6. Review your mailbox for any rules that you have not previously created. These rules can include message forwarding, deletion, or running unwanted applications.
7. Review outgoing messages and retract any malicious outgoing messages. In most cases, the attacker will not leave traces of any outgoing messages, but this should still be checked.
8. Contact the people in your email address book and let them know that your email was compromised. Remind them to delete any emails from you during the time your account was compromised to prevent them from becoming the next victim.
9. Verify if there is private or personally identifiable information in your e-mail that could be used maliciously.
10. Establish a routine where you change your password periodically. Consider changing your password on at least an annual basis (unless a breach requires it sooner).
11. Scan your computer for viruses and malware. This is especially important if you are experiencing problematic signs like unfamiliar applications loaded on your device, your computer operating slowly, or problems shutting down.

What Can I Do to Prevent an Email Account Compromise?

Good security best practices and safe browsing habits can help prevent your email account from being compromised in the future:

1. Make sure your devices are patched with the latest updates, including antivirus.
2. Set your security software, internet browser, and operating system to update automatically. Or, establish a routine to do this manually on a frequent basis.
3. Use unique strong passwords for account access.
4. Be wary of unexpected emails, especially when they contain links and/or attachments.
5. Verify the sender’s address. If you don’t recognize the address, don’t reply.
6. If an email request from a known contact seems out of place, verify the request by calling the sender on the phone.
7. Think twice before clicking a link. Always hover before clicking to see the address of the web site you are attempting to visit.
8. Never click text links like “Click Here” or “Unsubscribe,” or any other links in suspect emails.
9. Never input a password or your email address on an unknown site, and never provide your passwords to anyone.
10. Be vigilant when reviewing emails, as you may receive an email from a legitimate contact who has been compromised.
11. Don’t access your email account on a public computer or from a device using public Wi-Fi.

Additional Information

• CISA: Choosing and Protecting Passwords
• CIS: Securing Login Credentials
• Stay Safe Online: Hacked Accounts
• FTC: Hacked Email

It seems like it’s been much longer than one year ago since we last did our taxes, but somehow, it’s here again; Tax season. Let’s start out by acknowledging that this past year, fiscally, is fundamentally different from other tax years before it. The introduction of Stimulus payments from the government in the past year has added a new dimension to our taxes, and a potential increase of vulnerability to hackers and cyber criminals alike.

This is a period of time where extra vigilance and caution is needed while online and conducting business, especially avoiding any kind of online activity that could jeopardize your identity and finances. There are some important best practices and red flags to keep in mind while navigating through this season, and hopefully you’ll feel a little bit more secure with the knowledge that you haven’t fallen victim to a cyber scheme!

Scams to look out for

• An email, link, or phone call requesting personal and/or financial information, such as your name, social security number, bank or credit card account numbers, or any security-related information.
• Receipt of a notice that states your IRS account has been accessed or disabled when you haven’t accessed the account.
• Emails advertising bigger tax refunds, or that have incorrect spelling, grammar, or odd phrasing throughout.
• Emails that tell a story and entice you to open a link or attachment. Sometimes they will say they’ve noticed suspicious activity, claim there is a problem with your account, or want you to click on a link to make a payment. These links often contain malware that is used to infect your computer and retrieve your personal information.

Stimulus-specific scams

• Scammers have been mailing out fraudulent checks that appear to be sent from the government, and will request that money be sent back due to an “over-payment.” Always call your bank to verify a check is legitimate, and if you receive a request to return a portion of a check, report this immediately to your bank.
• Robo-call check scams are commonly reported. The caller will be asking for personal and/or financial information and try to convince you that this information is necessary in order for the check to be deposited. In reality, the government already has your information on file from when you completed your taxes. You will either get your stimulus check and tax refund in the mail or they will be directly deposited to your account.
• Carefully Select the Sites You Visit: Do not visit a site that doesn’t end in “.gov”. No non-governmental website is distributing stimulus checks.

How to avoid being a victim

• Never Send Sensitive Information in an Email: If there is any doubt that communication is coming from a suspicious source, don’t reply to any email requesting personal information.
• Keep Up your Cyber Hygiene: Keep up to date with recent data breaches. Ensure your computer has the latest security updates installed. Check that your anti-virus and anti-spyware software are running properly and receiving automatic updates from the vendor. If you haven't already done so, install and enable a firewall. Change your passwords frequently.
• Carefully Select the Sites You Visit: Do not click on links sent to you via email from a site claiming to give tax preparation advice or tax forms as there are many fake forms on scam sites that look authentic.
• Never Use Public Wi-Fi to File Your Taxes!
• Only Use a Bona-fide Preparer: If you choose to use a preparer to do your taxes, make sure they can provide their Tax Preparer Identification Number – you can use this number to look them up on the IRS website to confirm they are legitimate, as only professionals can hold this identification.
• Be Aware of IRS Typical Practices: The IRS will not contact you via email, text messaging, or your social network, nor does it advertise on websites. Starting in 2021, the IRS has created IP PINS available for all taxpayers. These PINS provide the IRS additional verification and security at the time of filing. You can log on to get an IP PIN tool offered by the IRS at https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin/.
• If you receive a tax-related phishing or suspicious email at work, report it according to your organization’s cybersecurity policy. If you receive a similar email on your personal account, the IRS encourages you to forward the original suspicious email (with headers or as an attachment) to its phishing@irs.gov email account, or to call the IRS at (800) 908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list.

For more information

• IRS | Taxpayer Guide to Identity Theft
• IRS | Report Phishing

Spring is not just a good time for cleaning your house or apartment, it’s also a good time to clean up your technology and cyber footprint.

Throughout the year, especially around the holidays and during tax season, you extend your cyber footprint by paying bills, shopping, using social media, and many other digital activities whether for business or pleasure. Spring cleaning your space is meant to improve the air quality after having it closed up all winter, and cleaning can improve your mood and remove a year’s worth of clutter. Cleaning your technology and cyber footprint can do the same thing; it removes clutter from your life while at the same time protecting you and your loved ones.

While spring cleaning, you often make a list to ensure you don’t forget to clean the spots you don’t normally think about, like behind the sofa or on top of the fridge. To help you spring clean your technology and cyber footprint, we have developed a checklist to help you through the process. And just like spring cleaning your house, you can assign these tasks to your family.

Passwords

• Review your passwords, updating them as needed, and ensuring they are strong.
• Establish a unique password for each account.
• Consider using a password manager if you haven’t in the past.
•  Remember to use Multi-Factor Authentication (MFA) on accounts wherever it is available, especially on accounts that have financial information such as online banking, credit card, and retirement accounts.

Email

• Review all your email accounts.
• Organize folders of emails that you want to keep, delete and purge emails that you no longer need.
• Be sure that there is no personally identifiable information stored in your mailbox.
• Review and update your contacts. Delete contacts that are no longer necessary or current.
• Review and update email filters to send spam and unwanted e-marketing messages directly to trash or another folder.
• Enable MFA whenever possible.

Stale Applications

• Review your applications and remove those you no longer use.

Social Media

•  Review social media accounts and associated privacy settings.
• Review any photos or videos and delete those that you no longer need or want to make viewable.
• Search yourself online to see what comes up.
• Don’t just delete a social media app that you’re no longer using, delete your entire profile.
• Be sure you are familiar with the privacy settings in your social media accounts.
• CISA Social Media Cybersecurity Tips

Closing Accounts

• Close out old application or system accounts that you are no longer using.

Clean Desk

• Shred old and unnecessary paperwork.
• Ensure paper documents that contain personally identifiable information, financial information, or other sensitive information is properly stored and locked up.
• Don’t write down passwords or security answers on paper and leave them out.

Backups

• Review your backup routines.
• Review your backup schedule, and what you’re backing up.
• Test your backups and validate they are being successfully completed.
• Make sure you can restore from a backup.
• Review your backup location and media.

Update Devices

• Make sure all applications, operating systems, and devices (computers, phones, tablets, smart devices, TVs, etc.) are updated, and are set to update on a regular basis.

Disposal

• Properly shred or destroy all unnecessary paper documents or files.
• Dispose of old electronic equipment (laptops, monitors, phones, tablet, smart devices, etc.)
  •  NIST 800-88
  • Leverage e-recycling programs in your area.

Cleaning can be a very satisfying process. If cleaning is not normally your idea of a good time, we hope that you’ll find this technology and cyber spring-cleaning checklist a way to speed up the process. Have fun getting rid of some clutter, and don’t forget to have your kids clean under their beds!

The ability to leverage current events is a dream scenario for modern-day cybercriminals. These criminals use events, such as the COVID-19 pandemic, to fuel their malicious intent.

With the global pandemic comes the desire to stay updated with the most current information. However, it can be difficult for internet users to navigate this information and separate fact from fiction. It is also difficult to ensure that links and resources are reliable. The reality is that malicious activity comes through just about every communication channel: email, social media, text and phone messages, and of course, misleading and malicious websites.

Here are some common examples of what you need to be on the lookout for in the months to come:

1. Malicious Websites

Throughout the COVID-19 pandemic, cyber threat actors have consistently capitalized on global interest surrounding the latest information on the virus. These threat actors take advantage of internet users by registering website domains related to COVID-19. Fake websites and applications typically claim to share news, testing results, or other resources, however, they ONLY want your credentials, bank account information, or to infect your devices with malware.

With many organizations and employees continuing to work from home, users may let their guard down and be more susceptible to emails from unverified senders. NEVER give out your personal information, including banking information, Social Security Number, or other personally identifiable information (PII) over the phone or email.

2. Phishing Emails

Expect phishing emails to be on the rise Cyber threat actors will utilize COVID-19 phishing emails in an attempt to convince the recipient to either reveal sensitive information (i.e. bank account information), or simply try to convince the recipient to open a malicious link or attachment, allowing them to potentially access your system.
COVID-19 vaccine-themed phishing emails may include subject lines such as the following:

• Vaccine registration
• Information about your vaccine coverage
• Locations you can receive the vaccine
• Ways you can reserve a vaccine
• Vaccine requirements

While some phishing emails might be easy for you to detect, never get complacent when reviewing your emails. Expect to receive well-composed phishing attempts that are impersonating well-known and trusted entities, such as government agencies, healthcare providers, or pharmaceutical companies. NEVER open any link or attachment from a source that you cannot clearly identify as being legitimate!

For instance, email phishing campaigns in the past have targeted state-level agencies impersonating the Centers for Disease Control and Prevention (CDC). These emails have requested recipients to click on links in order to view a secured message pertaining to COVID-19 vaccine information. Links such as these could easily direct the user to a webpage that attempts to collect PII, including name, address, date of birth, driver’s license number, phone number, and email address.

Here are some notable indications an email, text, or phone call may be a phishing attempt:

• Inspiring a sense of urgency to click a link or provide information
• Is overly formal or written in an overly complicated manner
• Requests sensitive information or that you review a link or attachment
• Asks users to follow a non-standard process, or a process you might find odd!

3. Fraudulent Charities

For as long as the pandemic is around there will always be consistent attempts by threat actors to create fraudulent charities seeking donations for illegitimate or non-existent organizations. Fake charity and donation websites will try to take advantage of one’s good will, especially during such hard times. Always do your research before donating and providing any information.

4. Unemployment Scams

As tax season is quickly approaching, be wary of identity theft scams involving fraudulent claims, especially surrounding unemployment benefits. This scam has especially skyrocketed during the COVID-19 pandemic as unemployment claims in general have been on the rise. The most typical scams to be on the lookout for (but are not limited to) include telling recipients that they’ve won contests, a cash prize, or are eligible for an award for applying for unemployment.

Recommendations

Phishing remains a prominent attack vector for almost all cyber threat actors. Your cybersecurity best practices will always be your first line of defense against phishing. Here are some recommendations you can take to shield yourself from these threats:

• Establish a properly-configured firewall
• Ensure your internet-connected devices are not connected to any public internet
• Report any suspicious emails to your organization’s IT department
• Enable strong authentication tools, such as Multi-Factor Authentication (MFA).
  • To learn how to activate MFA on your accounts, head to Stop.Think.Connect.: https://stopthinkconnect.org/campaigns/lock-down-your-login
  • Lock Down Your Login provides instructions on how to apply this tool to many common websites and software products you might use
• Continuously update your passwords and update any default unsecure settings Ensure backup protocols are in place with your devices
• NEVER give out your personal information, including banking information, Social Security Number, or PII over the phone or email
• Always verify a charity’s authenticity before making donations. For assistance with verification, utilize the Federal Trade Commission’s (FTC) page on Charity Scams. This information can be found here: https://www.consumer.ftc.gov/articles/0074-giving-charity

If you suspect you've been impacted by a scam or attempted fraud involving COVID-19, you can file a report with the Cybercrime Support Network. More information can be found here: https://cybercrimesupport.org/covid-19-scam-alerts/

Additional Resources

• CDC | COVID-19-Related Phone Scams and Phishing Attacks: https://www.cdc.gov/media/phishing.html
• CISA | Insights: https://www.cisa.gov/insights
• CISA | Information & Updates on COVID-19: https://www.cisa.gov/coronavirus
• DHS | Operation Stolen Promise: https://www.ice.gov/topics/operation-stolen-promise
• FDA | Beware of Fraudulent Coronavirus Tests, Vaccines and Treatments: https://www.fda.gov/consumers/consumer-updates/beware-fraudulent-coronavirus-tests-vaccines-and-treatments
• U.S. DOJ | Coronavirus: https://www.justice.gov/coronavirus

The holiday season has sadly come to an end, but hopefully you were able to treat yourself to some of the latest gadgets! Just remember that, however impressive the latest iPhone or gaming computer might be, the ability and knowledge to properly secure these devices is more important than ever, as any device that connects to the internet is potentially vulnerable and could become compromised. In honor of Data Privacy Day (January 28), here are five great tips to keep in mind that can help you securely configure your new devices!

1. Multi-factor authentication

If presented the opportunity, always enable multi-factor authentication (MFA) on your devices. This will ensure that only the person who has access to your account is you! If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a secure token. For instance, with an iPhone you can utilize your screen lock feature with a PIN or password. MFA can prevent hackers from accessing your accounts, computer, and mobile devices. The availability of MFA is becoming more and more widespread, and for good reason!

2. Disable your location and safeguard yourself from monitoring devices

Location services might allow someone to see where you are located, so make sure you consider disabling this feature when you aren’t utilizing your device. Additionally, consider disabling your Bluetooth feature when not in use as well. Bluetooth can be used to connect to other devices or computers, and disabling this feature when not using your device can help to further secure your private information.

Another form of device to always be cognizant of is your digital assistant. If you use an Amazon Alexa, baby monitor, audio recordable device, or anything of that nature, always be sure to limit your conversations when they are on, and cover any cameras on toys, laptops, and monitoring devices when they are not in use.

3. Consider installing firewalls and antivirus software

Installing a firewall on your home network can help defend it against outside threats. For instance, a firewall can block malicious traffic from entering your network, while also alerting you to potentially dangerous activity. Please note that some firewall features, including the firewall itself, may be turned off by default, so ensure that your firewall is on and all the settings are properly configured, as this will greatly strengthen your security!

In addition to a network firewall, antivirus software can be a very protective measure against malicious activity. This type of software possesses the ability to detect, quarantine, and remove malware. Fortunately, this software is typically very easy to install and adds another protective shield to your security arsenal.

4. Patch & Update!

Quite often, technology has settings that allow for automatic updates to occur, and this is very important! Updates to your devices aren’t always about creating a smoother and slicker interface. Manufacturers will typically issue updates when vulnerabilities in their products are discovered. A perfect example of this would be the update notifications you receive on your iPhone! Whether you have an iPhone or not, make sure that your device is configured to receive automatic updates. If updating your device is something that you need to do yourself manually, it is important that you ensure you are making updates directly from the manufacturer (i.e. Apple), as third-party applications could very well compromise your device.

5. Secure your Wi-Fi Network

The good news is that it isn’t too difficult to make your wireless network and your devices more secure, and this can be completed in a few simple steps:

1. The first thing you should do to secure your network is change your router’s default password to something more secure. Using a password manager is a great idea, as it will ensure you are only using strong passwords, such as those with special characters, numbers, upper- and lower-case letters, etc. This will prevent others from accessing the router and allow you to maintain the security settings you desire.
2. In addition to changing your password, it is also worth changing your SSID (Service Set Identifier), otherwise known as your wireless network name. Although changing this name won’t necessarily enhance your network security, it will make it clear which network you are connecting to. Make sure you do not use your name, home address or other personal information in your new SSID name.
3. To further improve your defenses, you should also use Wi-Fi Protected Access 3 (WPA3). WPA3 is currently the strongest form of encryption for Wi-Fi. Other methods are outdated and thus, more vulnerable to exploitation.

Conclusion

In today's world we are more connected than ever — not only to each other, but to our devices. In the same manner in which you protect your physical assets, such as your bike with a padlock, you need to similarly protect your internet-connected devices! This is how Data Privacy Day came to fruition. This international event occurs every year on January 28, with the purpose of raising security awareness as well as highlighting data protection best practices.

In addition to its educational initiative, Data Privacy Day also promotes events and activities that aim to enhance the development of technology devices which promote individual control over personal information. For further information on Data Privacy Day and how you can get involved, please copy and paste the following link into your browser: https://staysafeonline.org/data-privacy-day/

Here is to a very cyber-safe New Year!

It’s that time of year again -- holiday shopping is in full swing! Even though the shopping insanity of Black Friday, Small Business Saturday, and Cyber Monday have come and gone, holiday shopping is still at the forefront of many consumers’ minds. Due to the fact that many consumers are avoiding stores and buying more online, e-commerce sales are rapidly on the rise, with no sign of consumers reverting to their old ways anytime soon.

Thankfully, online shopping gets more intuitive and simplistic by the day, allowing you to get that perfect gift with ease. However, while embarking on your online shopping conquest, make sure you’re not leaving yourself at risk. It’s clear that businesses are after your dollars during the holidays, but cybercriminals are on the lookout as well, now more than ever.

While you may not have to worry about being pickpocketed in the cyber world, you still need to be careful that you don’t fall prey to criminals. Here are 10 online shopping tips that can help you keep your information out of the hands of those who are most certainly on the naughty list:

1. Do not use public Wi-Fi for any shopping activity

Public Wi-Fi networks can be very dangerous, especially during the holiday season. While they are very convenient, they are not secure, and can potentially grant hackers access to your usernames, passwords, texts, and emails. For instance, before you join a public Wi-Fi titled "Apple_Store," make sure you first look around to see if there's actually an Apple Store in your vicinity, and thus, confirm that it is a legitimate network.

While it is best to avoid public Wi-Fi altogether, if you need to utilize a public network ensure that you never establish an autoconnection, and that you are logged out of all personal accounts, such as your banking sites. Though it is perfectly acceptable to auto-connect to a trusted source such as your home, when out in public, consider shutting off the Wi-Fi option on your phone and use your data plan. Yes, it’s slower, but if you can wait for Santa’s elves at UPS to deliver your presents from Amazon, you can certainly wait the few extra seconds it takes to use the internet, especially if it means your information is not at risk.

2. Make sure the site is secure

Before entering your personal or financial information, you need to ensure that the site you are on is legitimate and can be trusted. When visiting a website look for the “lock” symbol; this might appear in the URL bar, or elsewhere in your browser. Additionally, check that the URL for the website has “HTTPS” in the beginning. These both indicate that the site uses encryption to protect your data.

3. Know what the product should cost

If the deal is too good to be true, then it may be a scam. Check out the company on ResellerRatings.com. This site allows users to review online companies to share their experiences purchasing from those companies. This will give you an indication of what to expect when purchasing from them.

4. Give your debit card a holiday break

When you are shopping online always remember that it is best to rely on your credit cards or payment services such as PayPal. Credit cards offer much more protection and less liability if your information were to be compromised. On the contrary, debit cards are linked directly to your bank account, thus, you’re at a much greater risk if a criminal were to obtain this information. Additionally, in the event of a fraudulent transaction were to occur, credit card companies possess the ability to reverse the charge and hopefully, investigate the issue further.

5. Stay updated

Updating your operating system and software (including anti-virus software) is one of the most important and easiest things you can do to prevent criminals from accessing your information, and needs to be taken very seriously. Most software updates are released to improve your security by patching vulnerabilities and preventing new exploitation attempts by criminal hackers. While waiting for your computer or mobile device to update might seem tedious, the benefits it can provide could be a blessing in disguise. If you see that your device needs to be updated, do it!

6. Outsmart the scammers

During the holiday season we often see an influx of emails with discounts. While many of these discounts and special offers might very well be legitimate, email scammers take advantage of this surge to send out their own viruses and malware, hoping it might get lost in the mix. These scams have evolved over time, to the point that they are depicted as a legitimate discount or special offer. Be wary when opening an email from someone you don’t know or a site you have not visited.

7. Make sure your passwords are complex

Updating and enhancing your passwords is a cybersecurity best practice as old as time itself, and creating unique passwords is arguably still the best security when it comes to protecting your personal and financial information. If you utilize the same password for multiple sites, you are setting yourself up for disaster. If you have difficulty creating a large number of unique passwords for all of your information, be sure to take advantage of password generators and managers to not only develop more complex passwords, but allow you to store them securely as well.

8. Understand your shopping applications

Apps have a way of making everything more convenient for your shopping experience, but certain apps could also make it convenient for criminals to take your information. Make sure you are only installing and utilizing trusted applications from reliable cyber markets, such as the Apple App Store or Google Play Store. Additionally, if you find yourself questioning certain applications, be sure to check out the reviews by legitimate user accounts, as this can help you identify if there is anything suspicious surrounding them.

9. Never save your information

Never save usernames, passwords, or credit card information in your browser, and periodically clear your offline content, cookies, and history. Always utilize strong passwords and consider setting up Multi-factor Authentication (MFA). This is as simple as receiving a text or code that you need to type in while signing on to a system. Oftentimes within the account preferences of your device, you can set up an Authentication Application.

Additionally, when online shopping, consider checking out as a guest user rather than creating an account, as well as utilizing your private browsing feature. For instance, Google Chrome’s Incognito Mode won’t save any of your browsing history, cookies, site data, or information you enter on forms. While the convenience of online shopping is unparalleled, never let this convenience override your security best practices.

10. Keep an eye on your credit

As cyber-safe and secure as you think you might be, we all make mistakes. During this time, pay close attention to your credit report to ensure that nothing out of the ordinary is taking place. The world of online shopping can bring lots of new products to your doorstep and can prove to be a lot of fun when finding that special gift. Just remember to be careful so you don’t make your data a special gift to cybercriminals. Always trust your instincts and make sure you stick to these cybersecurity best practices! ~ Happy Holidays and safe shopping!

What is Ransomware?

Ransomware is a type of malicious software, or malware, that blocks access to a system, device, or file until a ransom is paid. It is an illegal, moneymaking scheme that can be installed through deceptive links in an email message, instant message, or website.

Ransomware works by encrypting files on the infected system (crypto ransomware), threatening to erase files (wiper ransomware), or blocking system access (locker ransomware) for the victim. The ransom amount and contact information for the cyber threat actor (CTA) is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted.

Sometimes the CTA only includes contact information in the note and will likely attempt to negotiate the ransom amount once they are contacted. The ransom demand is usually in the form of cryptocurrency, such as Bitcoin, and can range from as little as several hundred dollars up to and exceeding one million dollars. It is not uncharacteristic to see multi-million-dollar ransom demands in the current threat landscape.

Ransomware is primarily delivered through the following means:

• Malicious attachments/links sent in an email.
• Network intrusion through poorly-secured ports and services, such as Remote Desktop Protocol (RDP) (e.g. Phobos ransomware variant).
• Dropped by other malware infections (e.g. initial TrickBot infection leading to a Ryuk ransomware attack).
• Wormable and other forms of ransomware that exploit network vulnerabilities (e.g. the WannaCry ransomware variant).

Why is Ransomware Awareness Important?

Ransomware is a growing and expensive problem. In 2019, the Multi-State Information Sharing and Analysis Center (MS-ISAC) observed a 153% increase in the number of reported state, local, tribal, and territorial (SLTT) government ransomware attacks from the previous year. Many of these incidents resulted in significant network downtime, delayed services to constituents, and costly remediation efforts.

Victims of ransomware are not only at risk of losing access to their systems and files. In many cases, they may also experience financial loss due to legal costs, purchasing credit monitoring services for employees/customers, or ultimately deciding to pay the ransom. The effects of a ransomware attack are particularly harmful when it impacts emergency services and critical infrastructure, such as 911 call centers and hospitals.

Additionally, CTAs target managed service providers (MSPs), a company that manages a customer's Information Technology (IT) infrastructure, to push out ransomware to multiple entities. This occurs when CTAs compromise an MSP and use their existing infrastructure to disseminate the ransomware to the MSP’s clientele. This exploits the trusted relationship between the customer and their MSP.

Over the past few years, the MS-ISAC observed an increase in means that allow CTAs to evade detection and maximize the impact of their attacks. One such means includes what is called “living off the land” (LOTL): deploying publicly-available penetration testing suites or tools (e.g., Cobalt Strike, Metasploit, or Mimikatz), to specifically target domain controllers and Active Directory to gain network wide access and deploy fileless ransomware to evade any signature-based antivirus.

What Can You Do About Ransomware?

Defending against ransomware requires a holistic, all-hands-on-deck approach that brings together your entire organization. While ransomware infections are not entirely preventable due to the effectiveness of well-crafted phishing emails and drive-by downloads from otherwise legitimate sites, organizations can significantly reduce the risk of ransomware by implementing cybersecurity policies and procedures and improving cybersecurity awareness and practices of all employees.

It is up to all of us to help prevent ransomware from successfully infecting our systems. To increase the likelihood of preventing ransomware infections, organizations must implement a cybersecurity user awareness and training program that includes guidance on how to identify and report suspicious activity (e.g., phishing) or incidents. This program should include organization-wide phishing tests to gauge user awareness and reinforce the importance of identifying potentially malicious emails. When employees can spot and avoid malicious emails, everyone plays a part in protecting the organization.

If your organization becomes infected with ransomware, there are some things you can do to respond. The most effective strategy to mitigate the risk of data loss resulting from a successful ransomware attack is having a comprehensive data backup process in place; however, backups must be stored off the network and tested regularly to ensure integrity.

Reporting Ransomware

If your organization is the victim of a ransomware infection, follow your organization’s incident response procedures to report it. Alternatively, the Cybersecurity and Infrastructure Security Agency (CISA) provides a secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities. To submit a report, visit https://us-cert.cisa.gov/report.