Don't give away your data when you give away your handheld device.

by Neal Fisch in awareness, data cleanup, data security, devices, faculty, passwords, personal security, security, staff, students, tips 0

Be careful before you resell or give away your handheld devices such as smart phones or any other device that can store data. The new owner will be able uncover your previous data from the device including id's, passwords or any other personal information that may have been stored. At a minimum, figure out how to reset it to the factory standard before turning it in or reselling it. Refer to your manual or call the manufacturer. Follow this link for more information on deleting data.

How to spot a phishing email.

by Neal Fisch in awareness, data security, email, faculty, passwords, personal security, phishing scams, security, social networking, spear phishing attack, staff, students, tips, vishing 0

With the recent flurry of phishing emails being received these days I thought I would post this quick guide to assist you in determining if the email you received may actually be a phishing email.

It could be a phishing email if:

There are misspelled words in the email or it contains poor grammar.
The message is asking for personally identifiable information (PII), such as credit card numbers, account numbers, passwords, PIN's or Social Security Number.
There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address".
The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example:

Phishing Website: www.regionsbanking.com
Real Website: www.regions.com

Paper Files Have to be Protected Too!

by Neal Fisch in awareness, data security, faculty, personal security, security, staff, students, tips 0

You've probably heard that "To err is human, but to foul things up completely you need a computer". We know it's important to protect the large databases that we use to store data, but we shouldn't ignore our paper records. The amount of information held on paper may be much smaller than in databases, but many of the most serious leaks happen through very human methods — reports stolen from desktops or read over someones shoulder. Sensitive paper files should be locked away when they are not being used and shouldn't be read public places.

Google Strengthening Keys on SSL Certificates to 2048 Bits

by Neal Fisch in attacks, cloud, data security, email, encryption, passwords, security 0

As attacks against cryptographic systems and the SSL infrastructure have advanced in recent years, experts have begun to fret about the future utility of the system. Companies that rely on the security of the SSL technology are beginning to take steps to address the issue, with the latest being Google, which is planning to change the length of the keys on all of its SSL certificates to 2048 bits.

Follow this link to read the full article from Threatpost.com.

Think Before you Click!

by Neal Fisch in awareness, data security, email, faculty, personal security, phishing scams, security, spear phishing attack, staff, students, tips 0

Be cautious about all communications you receive, and clicking on links in an email, instant message or a website. Even if you know and trust the sender of the email, or an instant message, or are on a known website or a friend's social networking page, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code placed there by hackers.

For more information, please visit:
SANS OUCH! Newsletter on "Email Phishing Attacks"

Protect Yourself When Using Cloud Services

by Neal Fisch in awareness, cloud, data security, faculty, personal security, security, staff, students, tips 0

In simplest terms, cloud computing is a subscription-based or free service where you can obtain networked storage space and other computer resources through via the Internet. While these systems may remove the need for owning physical components, they also introduce new risks to your information. Before you float your digital assets to the cloud, make sure you take the appropriate steps to protect yourself.

Know your needs. Before you start, make sure you carefully plan what your security and privacy needs are. This includes knowing what your legal and regulatory requirements are for protecting data.
Read the contracts. End User License Agreements and Service Level Agreements are important because they describe the terms and conditions of the cloud service. If you're not sure of what they do or do not provide, contact the provider to clarify the services.
Protect Your Machine. Enable your firewall, use anti-virus/malware and anti-spyware software.
Protect your data. Don't store unencrypted sensitive information in the cloud. You don't know with whom you're sharing the cloud!

Don't Reply to Unsolicited Email Messages (SPAM).

by Neal Fisch in awareness, counterfeit websites, data security, email, faculty, passwords, personal security, security, spear phishing attack, staff, students, tips 0

By responding to these messages, you're only confirming that your email address is active. Another thing you shouldn't do is click the "remove me" link in the message. Links in email can point to an IP address other than what is being represented or referenced. The best thing you can do is delete the message.

Many free email service providers (MSN hotmail, Yahoo!, AOL or GMail) will allow you to easily report it as spam if you received it through their email systems.