Most security folks (and IT folks, for that matter) would rather hear about a problem from you than to figure it out afterwards while troubleshooting a system failure. If you receive a phone call from "User Support" doesn't sound quite right, if a common email announcement is just a little off, or if a caller on the phone is too stressed to remember his or her password and asks you to provide it — don't be pressured and don't be rushed. Rush and pressure are among the "social engineering" hacker's best tools. 

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

This article discusses a study released Wednesday 2/20/2013 shows one in four consumers who receive a data breach letter become the victim of identity fraud. That statistic represented 12.6 million victims last year -- one million more than the year before, according to the 2013 Identity Fraud Report released by Javelin Strategy & Research.

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

It may be tempting to use useful-looking software that you can get free on the Internet, but these tools may carry a hidden cost.  Installing them may often cause other programs to stop working and it can take a long time for IT teams to track down the problem.  More seriously, the software can display unwanted ads, slow your PC down or make it less secure by letting the PC download more ads from the Internet.  Most seriously, the software can be infected by viruses or spyware that are intended to damage your PC or steal confidential information.

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

We've all received them, emails from a seemingly trusted source like a bank, delivery company or even your own place of employment, claiming there was some type of issue or another requiring you to offer up some personal information or to click on a link or button to help clear the issue up. If you receive an email similar to this DO NOT CLICK ON ANY LINK OR OFFER UP ANY INFORMATION! 

This is a common form of security attack called a phishing or spear phishing scam.

Groups attempting to steal personal information will often use e-mails that appear to originate from a trusted source to try and trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site look like they are part of a bank or some other organization the user is doing business with.

For example, it could be a phishing email if...

• There are misspelled words in the e-mail or it contains poor grammar. 
• The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers. 
• There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address." 
• The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example: 
• Phishing website: www.regionsbanking.com 
• Real website: www.regions.com

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

The executive order that President Barack Obama signed on February 12th in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in federal agencies and critical infrastructure.

Read the executive order on cybersecurity and see what is identified as mandated and what is being classified aside as volunteer initiatives.

Additional information may be found here.

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Passwords are like bubble gum, they're much better when used by only one person. If you share your computer with others, each person should have a unique account, username, and password. Don't allow another user to know or use your password, and don't ask another user if you can use theirs. When it's your turn to use the computer, log the last user off, and then log on using your own username and password. When you take a break, don't leave your computer open. Log off or lock it, and remember, passwords shorter than 8 characters are easy to crack. Avoid common words, proper names, and use both uppercase and lowercase letters, numbers, and symbols when creating your password.

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

This article discusses recently released endorsements by the Federal Trade Commission (FTC) regarding new privacy guidelines for mobile apps and devices. The guidelines or series of suggestions, have been released to assist developers, advertising networks and device companies better protect their users online.

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Each one of us has a responsibility to ensure that our building is secure. When you enter a building from a side door or after hours, make sure the door closes properly and check to see that no one has slipped in behind you. If you see someone you don't know wandering around, don't be afraid to grab a co-worker and ask which room they're looking for or who they're visiting. Security is everyone's responsibility and it's better to be safe than sorry!

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest