Be a Cyber Security Ambassador
October is Cyber Security Awareness month, and got off to an exciting start with major new security breaches at Experian, Scottrade, and Trump Hotels.
Many of us in the IT world deal with information security on a daily basis, but others in our communities may not have the same expertise. Take the opportunity this month to reach out and help educate the non-IT communities. Some ways you can contribute include:
- Share knowledge on social media
- Speak to a non-IT group (Chambers of Commerce, trade organizations, PTA)
- Write brief tips and articles for email alerts, newsletters
- Share Cyber Security resources
Here is my current cyber security hit list, focusing on issues that can cause significant financial loss:
- Wire transfer fraud via fake emails
- Strikes individuals as well as businesses
- FBI estimates nearly $800 million lost so far in 2015 alone
- More information: http://www.ic3.gov/media/2015/150827-1.aspx
- Tax return fraud
- Thieves file a tax return under the victim’s name to steal refund
- Weak passwords on TurboTax accounts have recently become a target
- Not on most people’s radar in October, but comes roaring back every January
- Unsolicited phone calls for tech support “help”
- Caller identifies him/herself as from Microsoft, Dell, HP, or a major ISP
- Claims victim’s computer “has a virus” and caller can fix it for a price
- Takes money, causes new infection, or both
- Just hang up
- More information: http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
- ATM skimming
- Thieves have applied a substantial amount of technology
- Most at risk: freestanding ATMs in public areas
- Use only ATMs at banks
- Cover the PIN pad
- Keep a close watch on your bank statements; promptly report any discrepancies.
- Use text and email alerts to learn of possible unauthorized transactions
- More information: https://www.fbi.gov/news/stories/2011/july/atm_071411
- Credit card data breaches
- Consumers are protected against direct loss
- Primary risk use of stolen data to incur unauthorized debt in your name (misleadingly called “identity theft”)
- Credit monitoring services are of minimal value
- “Credit freeze” is the most effective defense: http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/
A compromised PC may not cause the owner direct financial loss, but armies of them are essential to a wide variety of cyber crimes. Krebs has a fascinating analysis of the many ways a compromised PC can be used by cyber criminals:
Tips for keeping PCs secure and cleaning up infected PCs is an entire topic itself, to be addressed in a future post.
A collection of Cyber Security resources for non-technical computer and Internet users:
StaySafeOnline.org: information and education sponsored by major technology companies.
Microsoft Safety and Security Center
Internet Crime Complaint Center
FBI web site for reporting Internet related crimes; also hosts a number of informational alerts.
IRS Tax Scams and Consume Alerts
Information about both Internet and non-Internet tax return scams
Tips from the US-CERT
US-CERT is primarily a technical resource, but offers information for non-technical people as well.
Department of Homeland Security “Stop. Think. Connect” campaign
IT professionals can reduce the number and impact of cyber security incidents by helping to informing the general public about how to recognize and avoid these common threats. Let’s make the only scary part of October the Halloween costumes!