Be a Cyber Security Ambassador

October is Cyber Security Awareness month, and got off to an exciting start with major new security breaches at Experian, Scottrade, and Trump Hotels.

Many of us in the IT world deal with information security on a daily basis, but others in our communities may not have the same expertise. Take the opportunity this month to reach out and help educate the non-IT communities. Some ways you can contribute include:

  • Share knowledge on social media
  • Speak to a non-IT group (Chambers of Commerce, trade organizations, PTA)
  • Write brief tips and articles for email alerts, newsletters
  • Share Cyber Security resources

Here is my current cyber security hit list, focusing on issues that can cause significant financial loss:

  • Tax return fraud
    • Thieves file a tax return under the victim’s name to steal refund
    • Weak passwords on TurboTax accounts have recently become a target
    • Not on most people’s radar in October, but comes roaring back every January

  • ATM skimming
    • Thieves have applied a substantial amount of technology
    • Most at risk: freestanding ATMs in public areas
    • Use only ATMs at banks
    • Cover the PIN pad
    • Keep a close watch on your bank statements; promptly report any discrepancies.
    • Use text and email alerts to learn of possible unauthorized transactions
    • More information: https://www.fbi.gov/news/stories/2011/july/atm_071411

A compromised PC may not cause the owner direct financial loss, but armies of them are essential to a wide variety of cyber crimes. Krebs has a fascinating analysis of the many ways a compromised PC can be used by cyber criminals:

Tips for keeping PCs secure and cleaning up infected PCs is an entire topic itself, to be addressed in a future post.

A collection of Cyber Security resources for non-technical computer and Internet users:

StaySafeOnline.org: information and education sponsored by major technology companies.

Microsoft Safety and Security Center

Internet Crime Complaint Center
FBI web site for reporting Internet related crimes; also hosts a number of informational alerts.

IRS Tax Scams and Consume Alerts
Information about both Internet and non-Internet tax return scams

Tips from the US-CERT
US-CERT is primarily a technical resource, but offers information for non-technical people as well.

Department of Homeland Security “Stop. Think. Connect” campaign

IT professionals can reduce the number and impact of cyber security incidents by helping to informing the general public about how to recognize and avoid these common threats. Let’s make the only scary part of October the Halloween costumes!