e-Management brings commitment, expertise and proven success to every opportunity.
Solutions

Posts Tagged ‘Phishing’

Cybersecurity is mostly about you…

Monday, March 28th, 2016

By Dennis Powell, e-Management

cyber attacks

Experts say cybersecurity is 90% YOU and only 10% technology. What are you doing to protect yourself from hackers?

Newsflash! There is no privacy on the Internet. I repeat: There is NO privacy on the Internet. Anyone with a web browser can see everything anyone has ever posted online! That’s according to the e‑Management Chief Information Officer (CIO) team (and numerous other cyber experts). Cyber experts say online security is 90% user and 10% technology. I know it sounds like a lot of responsibility. But securing the things stored on your Internet-enabled devices that are important to you (e.g., finances, pictures, intellectual property, work products, family stories) may be easier than you think.

Clearly, you should invest in anti-virus and anti-malware software or services. But that’s just 10% (technology) of the solution. The other 90%, remember, is you.  Here are a few simple considerations to help you protect yourself from hackers.

  1. Keep work and home separate. We are not talking about a work-life balance here. Keep your work and personal devices separate. Hackers will sometimes target you to steal valuable information about work projects or sensitive customer or client information. Oftentimes, the easiest way to hack a nonprofit, business, or government agency is through the organizations’ staff. Avoid using your smartphone for dual purposes, such as accessing your corporate enterprise network and visiting sites to download apps/games on the same device. Still, it may be best if you talk to your company’s  or agency’s information technology (IT) or cybersecurity team about  BYOD (Bring-Your-Own-Device) policies and best practices before accessing work products from home or downloading personal-use entertainment on business devices.
  2. Be mindful of online phishing and social engineering scams. You’re only human. And that’s what hackers are counting on. They prey on admirable qualities in people, including being helpful and trusting of others. Clever and “social” hackers employ tactics such as having chats with you while claiming to be someone you would normally trust. In reality, their intentions are nefarious—potentially tricking you into giving away clues and facts to obtain sensitive information. Similarly, phishing scam artists carefully craft e-mails and posts on social media sites like Twitter and Facebook. The phishing goal is to get you to click on links that launch malware, which downloads to your device and essentially gives hackers free range to your sensitive information and privacy. To protect yourself, never respond to online requests for personally identifiable information such as your full social security number. In addition, do not complete forms within the body of an e-mail message. And, avoid clicking on the links of sensational posts on social media sites.
  3. Avoid tricks that will hold your computer ransom. It’s true. Hackers have an arsenal of malware to infect your computer. Even your cloud files can be destroyed if you’re a victim to ransomware. That’s malware that holds your files hostage and demands payment for you to re-gain access. (As if the anti-virus subscription you paid for was not expensive enough). Hackers have even gone one step further with the encrypted CryptoLocker, which made ransomware headlines last year. How do you get infected? According to a Symantec blog posting, it’s the old enticing e-mail that you just gottah open trick AND then the ransomware infection downloads. The good news is that there is protection for malware/ransomware through security products like Symantec. Also, the e-Management CIO team recommends daily backups of your data to avoid the pain and inconvenience of losing or paying for access to your files.
  4. Get training. But before you sign up for a class, accept the fact that you are important enough to be a target for online predators. Next, take advantage of possible free training available to you. Several government agencies such as the Small Business Administration (SBA) offer free training. One best practice is continuous cybersecurity training. At e-Management, for example, we have a commitment to cybersecurity readiness. One of the first things our employees learn in the training is: There is the possibility that someone will deliberately or accidentally attempt to steal, damage, or misuse the data in our computer system(s).

Remember, online security is 90% user and 10% technology. By the way, if your company needs support figuring out where you may be at risk and what you can do to improve your level of readiness, do . We can help.

Knowledge is protection.

You get it. Cybercrime is on the rise and you have to do something to protect yourself from the cyber-crooks. The recently relaunched e-Management blog will focus on technology and cybersecurity, providing useful tips to help you navigate the ever-changing landscape of apps, policy, privacy protection, and consumer tech. So, (1) how do you protect yourself from hackers? (2) Does the organization you work for have clear guidelines around cybersecurity? (3) What are other consumer technology or cyber-focused topics you’d like for the e-Management blog team to tackle?

iPhone, BlackBerry, and Android. Oh My!

Tuesday, July 13th, 2010

By Dennis Powell, e-Management

Before I purchased my Android smartphone, I could live definitely without smartphones. Today, not sure so much. What would I do without my movie show time app, my GoogleMap app, GPS, YouTube, Gmail, touch screen…and you know I could go on; but, I will spare you my app-obsession.

What would happen to your personal data if you lost your mobile phone?

What would happen to your personal data if you lost your mobile phone?

Whether you like it or not, smartphones are everywhere. The fascination with these convenient devices isn’t limited to my fixation. Remember the long lines for the release of the iPhone 4? Not surprising if you consider CommScore’s most recent estimates that more than 234 million Americans (ages 13 and older) are mobile subscribers. Among that number, more than 42.7 million people own smartphones.

Meet the Jetsons
Smartphones such as the iPhone, Android, Palm, or BlackBerry offer 21st Century convenience reminiscent of the classic TV show, The Jetsons. (Personally, I have never seen this show since I just celebrated my 21st birthday again for the 20th time. :-) ) But seriously, as a kid growing up, I never thought I would be able to use a futuristic device to get or store phone numbers, birthdays, or find my way to the closest dry cleaner or novelty shop in a city I have never visited. And yet, here we are—a future not much different from the videophones of The Jetsons.

Technology is great. Right? And, no one doubts if smartphones are good for us. But, if used improperly, they can easily become liabilities. Here are a few security tips that should keep you and your organizations safe from smartphone predators.

Don’t Lose It
A few months ago, I lost my mobile phone and I totally lost my mind. I panicked because so much of my life was housed in the phone. Lucky for me it was in the seat of my best friend’s SUV. Plus, I didn’t have sensitive data connecting me to work or home. Personally, I avoid having my social security number, credit card digits, notes regarding passwords, or financial data on my mobile device. Along with those best practices, be sure to back up data on your home computer, authorized and approved work computer, or in the cloud (online data storage services)—just in case you’re “unlucky” like me when it comes to mobiles devices. (Click here to read a link to Gizmodo that provides easy ways to back up your smartphone).

Keep in Mind Passwords Are Your BFF
So let’s say you are “unlucky” and lose your phone. What then? Well, you may be better protected if you have a password in place that allows access to your device’s information. Seriously, passwords are your best friends forever (BFF). Some smartphones use alphanumeric codes to grant access to users. Others, such as touch screen devices, may require patterns to unlock smartphones. Be sure to have a strong password or code to gain access to your phone. For alphanumeric best practices, check out Doug Pitcher’s blog posting that addresses creating strong passwords.

There’s a Scam for That!
All of the security issues you have with your laptop and/or desktop are relevant when it comes to your BFF…oops, I mean your smartphone. And while there are fun commercials claiming that “there’s an app for that,” buyer beware. If you plan to download apps, be sure to use the same caution you would with your personal computers. Specifically, avoid unfamiliar third party apps—especially the free ones from anonymous developers. These rogue apps could be spyware or malware that have the power to steal valuable personal information or even hack into your work network. Similarly, avoid clicking links included in text messages to unknown sites, or coming from strange sources. The Internet is loaded with con artists trying to take over your identity or steal your organization’s or company’s intellectual property, secrets, or workers. And yes, there truly is a scam app for that!

Have Your Smartphone Validated by Your Office Security/IT Team
Even company and government agencies are trying to figure out how to secure their sensitive data with smartphones, which are essentially minicomputers connected to IP networks. To reduce the risk of compromising your work network, be sure to have your smartphone approved by your organization if you plan to access its network. At the very least, you should use secure connections (e.g., VPN) to access company resources. Ask your security/IT team about using encryption technology to safeguard sensitive, confidential, or proprietary data.

Don’t Even Think About Jailbreaking
Some iPhone users aren’t happy with their exclusive mobile carrier. (True story.) So, they “jailbreak” or hack their own phones in order to take advantage of another mobile network. Unless you are a credentialed cyber security professional, jailbreaking may open your smartphone up to serious security issues. We advise you to find another smartphone that works on your network of choice. Hacking your phone is “not a good look.”

Time for you to chime in…
We want to hear from you. Have you ever lost your smartphone? If so, how did it affect you? Are smartphones overpriced toys? What smartphone is the best for security? Why? Do you have any smartphone security tips you would like to share?

Feel free to comment and/or share this blog thread with your social networks (e.g., Twitter, Facebook, Digg, Google, MySpace, LinkedIn).

Let’s Quit Social Networks! C’mon, What’s the Fun in That?

Tuesday, June 8th, 2010

How to Stay Safe and Still Connect

by Grant Sewell, e-Management

These days, it seems like everyone wants to stay connected. Think about it. We have our social networks, our smart phones, and dozens of our “friends” to keep in touch with. I’ll admit. I just have to stay connected. I have for my college buddies, I tweet on to get my daily news, I’m to build my  professional network, and you can find out where I’ve been each day on FourSquare. Oh yeah, I’m also on Digg, Delicious, , Last.fm, , , Stickam and . Okay, okay, I’m kind of addicted. Don’t judge me.  :)

Is there a price for staying connected to our online “friends”?

Is there a price for staying connected to our online “friends”?

But is there a price to pay for staying “connected?” Checking the most recent statistics, Facebook has more than 400 million active users, of which 50 percent log in daily. The average user has 130 “friends”—can you even name 50 of your friends? Recently, concerns over information privacy have put Facebook under fire by technology activists, the government, and even the Facebook community.

With our privacy at risk, it’s important to reflect on the networks we’re connecting to, the people we’re connecting with, the information we’re sharing, and the risks we’re accepting with membership. Obviously, the easiest and full-proof solution to prevent identity theft or information loss from social networks is to not use them altogether. C’mon, what’s the fun in that? Here are a few other options for protecting your data that I’ve read (and don’t agree with):

I don’t accept “friend” requests.
Then you’ve completely missed the intention of connecting with people on these networks.

I use Firefox.
Good job – unfortunately 90 percent of social media information loss is due to social engineering attacks requiring action from the end user. Your Internet browser has nothing to do with it.

I only post fake information.
So why join at all? Do you connect with “fake friends” too? Just kidding, sorry.

Back to Reality!
The reality is we use social networks to find old “friends” and keep up with people with whom we contact rarely. If you’ve noticed, I keep using the word “friend” in quotes because it’s a commonplace term for social networks. We’re always friending, following, or linking; however, these may be people we only met once at a party or somebody we haven’t seen in 20 years. It could also be your family, colleagues, or even an enemy. In real life, they would merely be an acquaintance, but online, everybody’s our “friend.”

So with the standard ideas in mind, here are my Top 5 Realistic Tips for staying safe in social networks:

Are social networking sites the same letting a burglar know when you are not at home?

Are social networking sites the same as letting a burglar know when you are not at home and inviting them in?

Only post what you want to share (with everybody in the world).
I’m still an information security professional, so I like to err on the side of caution. Of course you’re not going to post your social security number, but decide whether you want anybody else to know things like your cell phone number, home address, or even a witty comment. Just like a rumor mill, the sharing network is exponential: your “friends” can see your information and possibly share it further.

If it looks phishy, it probably is!
A popular phishing attack these days is a fake Facebook friend request. They look surprisingly realistic, but a quick click of the mouse and typing your user name and password can give a bad actor access to all of your data—and all of your friends’ too. Just like your bank, your social network will never ask you for deeply personal information or request that you divulge your password to them. If you think this could have happened to you, change your password and notify the network right away.

Don’t “check in” at home.
Foursquare, Gowalla and are popular examples of geosocial networks that let you “check in” and share your current location with everybody. Websites such as PleaseRobMe.com have already pointed out that when you’re checking in somewhere, you’re obviously not at home. Social networks typically have excellent search features—it doesn’t take long to gather a lot of information about one person across many websites. Although a home address might be easy to find in public record searches, criminals are looking for the easy targets (most of the time). Don’t “check in” at your house, somebody else’s house, or where your kids go to school.

Don’t save your password, and change it often.
As an IT administrator, I remember a lot of passwords. In my head. Today’s count is around 30 or so. Most popular web services don’t require a frequent password change like you would have to do at the office. I would also venture to say that a typical home user lets the browser remember the password for them. Take initiative with your personal affairs—type your password every time you go to the website and change it at least twice a year. Take a look at one of our previous blog posts for some good info on strong passwords.

Be social! Stay active in your networks.
Wait a second? I’m telling you to actually use these super-dangerous websites I just revealed horrible realities about? Absolutely. In the information security community, one of the keys in a secure environment is awareness. If you’re going to use social networks, you need to know who’s writing on your wall, which applications you’re using and who’s tweeting about you. If your account is compromised, being proactive and catching it early will reduce the damage. Nobody is de-friended by me quicker than someone who just spammed me about Viagra. Now on the other hand, if you don’t think you use your profile enough, close your account. I’m not talking about not logging in—delete your account and all the information with it. If you’re on the fence, many services allow you to suspend your account and hide all your data, with the option of coming back at a later time.

Ten years ago, you would find people hesitant to even use their real name on a website. Today, people are overly confident in how and where they share personal information. It’s easy for someone to say “don’t use social media, it’s too dangerous!”, but the fact is that it’s only as dangerous as you make it. Awareness will always be the cornerstone to staying safe in social networks. I’m staying active—feel free to look me up on Facebook, FourSquare, LinkedIn, or Twitter if you’re in need of a new “friend.”

Let’s chat!
What are your favorite social networks?  Has privacy been a major issue for you? Have any of your social network accounts been compromised? If so, how did you resolve the issue?

The Department of Homeland Security Would Like to Add You as a Friend? How Weird is That?

Tuesday, June 2nd, 2009

by Dennis Powell, e-Management

Social networking sites attract hundreds of millions unique visits per month according to Internet media tracker comScore. Among the most popular is Facebook. The site started out as a place for college students to connect with other computer science majors at Harvard University. Today, it seems like everyone is embracing the site from your little nephew Billy to grandma Davis. Facebook mania is everywhere.

Much to the chagrin of rival site MySpace and their loyal fan base, Facebook is quickly becoming the preferred social network site in the USA.  In fact, Facebook has over 200 million users worldwide. What’s more, Facebook’s membership eclipses the populations of Brazil, Pakistan, Nigeria, Russia, and Japan. Okay, you get the picture. Facebook is an online hit. So guess who has jumped on the Facebook band wagon? You guessed it, your friendly neighborhood government agency.

Why has government embraced 3rd party social networking technologies?

Depending on who you asked, there is certain to be a different answer. But for the sake of argument, government officials might say they are adopting Facebook and other social media sites to:

  1. Become more accountable and transparent as directed by the new Obama Administration
  2. Encourage more engagement with government agents, elected officials, etc., for the purpose of alerting you to new policy, public health information as well as a myriad of other issues and activities
  3. Save money by taking advantage of technology already in place and tested to connect with diverse audiences
  4. Take advantage of tens of millions of other Americans who are already using the cutting-edge technologies of Facebook and other social networking sites, which make “marketing” and information dissemination seamless

Let’s face it, social networking sites are cool and government has a serious image problem. Federal agencies are often seen as the enemy, wasteful, slow to act, etc. Perhaps social media agreements with the “Feds” are a step in the right direction for government agencies looking to transform their image into something more likeable, relatable, and yes “awesome.”

So is government adoption of Facebook and other social media sites risky?

Absolutely. And here’s why according to some of the biggest critics of government/3rd party social networking technologies agreements.

  1. Social networking sites are hot-beds for phishing scams. Will government be liable for cyber attacks against citizens who are a part of its network?
  2. Facebook, for instance, has in the past been infiltrated by hackers who have been able to steal personal information including e-mail, date of birth and passwords—information that in the wrong hands could results in fraud or identity theft.
  3. Information provided on social networking sites might have to be captured and retained as “.” Do “friends” of government agencies constitute official records?
  4. Personal Use vs. Official Use: Will the public know that a private citizen who works for the government (and has a social networking presence) is different from an official government agent acting on behalf of an agency?

Mitigating the Risks around Government Adoption of 3rd Party Social Networking Technologies

Some government agencies have taken steps to mitigate their risks. Leading the charge to the social networking gold rush is the General Services Administration (GSA). Over the past year, GSA has announced agreements with the two leading online social networks Facebook and MySpace as well as YouTube, blip.tv, and Slideshare, among others. According to the service agreements, federal employees apparently will be able to use many of the features of these popular social networking sites and stay within compliance of statutes and laws.

The GSA agreements with social networking providers make it easy for other agencies to quickly deploy public outreach efforts with these popular technologies. Since GSA’s agreement at least deals with risks particular to government agencies such as liability, freedom of information act (FOIA), active policy, promotions, and endorsements, adoption of social networking technologies may be less of a big deal than some are making it out to be. On the other hand, some critics have said that if the government wants to get into the social media “business,” it should build its own ultra-secure technology.

Online Social Media for Government: Friend or Foe?

So, what’s your take on the new marriage between government and 3rd party social networking sites such as Facebook? Do you think it is a good idea? What extra steps must government take to ensure successful implementation of online social media tools? Is it conceivable that enemies of the state could use these sites to launch cyber attacks? Should the government abandon 3rd party social networking technologies altogether?

Everyone is invited to discuss this topic. Be sure to check earlier blog threads as well as our recent Webinars.