Security Tips & Alerts
About National Cyber Security Awareness Month
We now live in a world that is more connected than ever before. The Internet touches almost all aspects of everyone's daily life, whether we realize it or not. We connect with friends and family, conduct business and banking online and rely on my services, like transportation and electricity, that are supported with online systems. Technology has spearheaded advancements in healthcare, education , business, music, government, and many other industries. As technology advances, our lives become easier and more connected. However, being constantly connected brings increased risk of theft, fraud, and abuse. No country, industry, community, or individual is immune to cyber risks. As a nation, we face constant cyber threats against our critical infrastructure and economy. As individuals, cyber security risks can threaten our finances, identity, and privacy. Since our way of life depends on critical infrastructure and the digital technology that operates it, cyber security is one of our country's most important national security priorities, and we each have a role to play- cyber security is a shared responsibility.
National Cyber Security Awareness Month is designated to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cyber security and increasing the resiliency of the nation in the event of a cyber incident.
Week 2 Cyber Security Awareness Tips
10 Security Precautions You Should Take on Every Device
1. Keep a clean machine
Running the most recent versions of your mobile operating system, security software, apps and Web browsers is the best defense against malware, viruses and other online threats.
2. Don't lose track of your device.
Avoid putting down your devices in public places. The small size and portability make them ease to lose or steal. A brightly colored case or sticker on our device will increase the chances you won't leave it behind.
3. Protect your personal information.
When using a public, unsecured wireless connection, avoid using apps or websites that require you enter a password. This applies to the wireless networks provided on many airlines, as well as Wi-Fi connections in places like coffee shops, hotels, airports and libraries.
4. Connect with care.
Switch off your Wi-Fi and Bluetooth connections when not in use to help prevent malicious parties from connecting to your device without your knowledge. If your banking or shopping, remember, a 3G or 4G connection is safer than an unsecured Wi-Fi connection.
5. Secure your device.
Activate key lock features and / or use a passcode. If your device allows for a complex password, take advantage of the feature.
6. Back it up.
Sync your contacts, photos, videos and other mobile device data with another device or cloud service on a weekly basis.
7. Provide contact info.
Due an Internet search for the best way to add your name and an alternative contact number to your lock screen, in case a Good Samaritan finds your device. (Don't use highly personal information, such as your home address.)
8. Activate locator apps
Many manufacturers have free apps you can download to help you locate your device in the event it gets lost or stolen. These apps often allow you to remotely lock the device or wipe data.
9. Think before you app.
Only download apps from reputable sources, like verified app stores. Understand what information (i.e., location, social networking profiles, etc. ) the app would access and share before you download.
10. Record the serial number.
By dialing these five characters -*#06#- you can access your phone's unique, 15-digit International Mobile Equipment Identity (IMEI) number. Write this number down and store in a secure location, so you can report it if your phone goes missing.
Other Security Features
In addition to activating locator apps and backing up your phone, there are other ways to safeguard your device. before purchasing or downloading other services, check with your smartphone carrier or service provider to see what additional security measures it provides. These might include:
Remote wipe, which enables you to remotely clear all of your data- including email, contacts, texts, and documents- off your device.
Siren trigger, called the "scream" feature- a high-pitched sound on your smartphone that lasts for about one minute. The scream may be used to draw attention to the smartphone or someone might answer it; or it's owner may find the person who has the device.
If you lose it...
If you can't find your smartphone, call your mobile number to make sure it's not just misplaced and nearby. Hopefully, either you will hear your phone or an honest person will answer and assist in returning to you.
Contact your mobile service carrier immediately to report your device lost or stolen, and to freeze your service. Your service provider may be able to send a "wipe" command that will remotely erase all data and settings. Reporting the loss will also be essential to avoiding any charges (for phone calls or downloaded apps) that may have been incurred while in another person's possession.
Change all passwords to any service that is automatically connected to your device, such as email, payment services, texting services, online banking account and social networking account.
Contact the police. For your safety, do not attempt to track and recover your device yourself. Provide as much information as possible to the police. Also, carriers may be able to assist in disabling your device if a police report already has been filed.
Glossary of Terms:
Botnet- a network of private computers, each of which is called "bot" (short for "robot") infected with malicious software (malware) and controlled as a group without the owner's knowledge for nefarious and, often, criminal purposes; computers are typically infected when users open up an infected attachment or visit an infected website. infected computers are also referred to as "zombies".
Cloud computing- a technology that uses the Internet and remote servers to maintain data and applications, allowing user to access applications without installation and access to their personal files from computers with Internet access; centralizes storage, memory, processing, and bandwidth; examples include Yahoo email or Gmail with the software managed by the cloud service providers Yahoo and Google.
Denial of Service Attack/Distributed Denial of Service Attack (DDoS)- type of online computer attack designed to deprive user or groups of users normally accessible online services; generally involves effort by hackers to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Encryption- the conversion of digital information into a format unreadable to anyone except those possessing a "key" through which the encrypted information is converted back into its original form (decryption), making it readable again.
Firewall- A software or hardware that, after checking information coming into a computer from the Internet or external network, either blocks the transmission or allows it to pass through, depending on the preset firewall settings, preventing access by hackers and malicious software; often offered through computer operating systems.
Geotagging- the process of adding geographical location, or label, to photographs, videos, Web sites, SMS messages, OP Codes or RSS feeds; a geotag usually consists of latitude and longitude coordinates, altitude, distance, place names, and other details about the origin of the media being tagged helping users find a variety of online location specific information.
HTTPS- Hypertext Transfer Protocol Secure, provides secure communication over a network, such as the Internet; basically layers additional security measures over HTTP; used by financial and online commerce websites to ensure the security of private information.
Keylogger- also called keylogging and keystroke logging, is the action of tracking (or logging) the key struck on a computer keyboard; usually runs hidden in the background and automatically records all keystrokes so that users are unaware of its presence and that their actions are being monitored.
Malware- short for malicious software, software that disrupts or damages a computer's operation, gathers sensitive or private information or gains access to private computer systems; may include botnets, viruses, worms, Trojans, keyloggers, spyware, adware, and rootkits.
Botnet- a network of private computers, each of which is called a "bot" (short for "robot") infected with malicious software (malware) and controlled as a group without the owners' knowledge for nefarious and, often, criminal purposes. Infected computers are also referred to as "zombies".
Virus- type of malware that has a reproductive capacity to transfer itself from one computer to another spreading infections between online devices.
Worm- type of malware that has a reproductive capacity to transfer itself from one computer to another spreading infections between online devices.
Trojan- type of malware that gives an unauthorized user access to a computer.
Spyware- type of malware that quietly sends information about a user's browsing and computer habits back to a server that gathers and saves data.
Adware- type of malware that allows popup ads on a computer system, ultimately taking over a user's Internet browsing.
Rootkit- A type of malware that opens a permanent "back door" into a computer system, once installed, a rootkit will allow more and more viruses to infect a computer as various hackers find the vulnerable computer exposed and attack.
Phishing- sending emails that attempt to fraudulently acquire personal information, such as usernames, passwords, social security numbers, and credit card numbers, by masquerading as a trustworthy entity, such as a popular social website, financial site, or online payment processor; often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
SMishing- An alternative form of phishing that occurs vial text or SMS message.
Spam- the use of electronic messaging systems to send unsolicited bulk messages (usually advertising or other irrelevant posts) to large lists of email addresses indiscriminately.
Spyware- a type of malware (malicious software) installed on computers that collects information about user's without their knowledge; can collect Internet surfing habits, user logins and passwords, banks or credit account information, and other data entered into a computer; often difficult to remove, it can also change a computer's configuration resulting in slow Internet connection speeds, a surge in pop-up advertisements and unauthorized changes in browser settings or functionality of other software.
Wi-Fi- a technology that allows an electronic device (personal computer, video game console, smartphone tablet, digital audio player) to exchange data wirelessly (using radio waves ) over a computer network.
Wi-Fi Hotspot- a wireless access point to the Internet or other computer network over a wireless local area network through the use of a router connected to a link to an Internet service provider; frequently found in coffee shops and other public establishments, a hotspot usually offers Internet access within a range of about 65 feet indoors and a greater range outdoors; many smartphones provide built in ability to establish a Wi-Fi hotspot.
Scam Alert: Secret Shopper Scam
Grandview Bank has recently seen an increase in fraudulent solicitations via mail, print, text and email, and we want to keep you informed about these scams and help protect your finances.
Secret Shopper scams, sometimes referred to as Mystery Shopper scams, have become more common. There are legitimate secret shopper jobs, but scammers also like to use this potential business opportunity as an avenue to take advantage of unsuspecting consumers. A “Secret Shopper” is an individual hired to “act” like a customer, and evaluate services at a business. The individual is essentially paid to shop, and then report on their experience. These “Secret Shopping” scams use fraudulent offers, fake checks and wire transfers to persuade unsuspecting consumers into sending money to fraudsters. The “job” isn’t real and isn’t associated with an actual store. You’re dealing with a scammer, and the check you receive is fraudulent. AND, if you cash the fraudulent check you will be responsible for the money that is withdrawn- putting you out of cash and enabling these fraudsters even further.
Consumers need to know that a LEGITIMATE COMPANY will never send you a check out of the blue or require you to send money to someone you have never met. The scam artists use realistic looking documents, the “secret” nature of the job, and usually a 48-hour deadline to pressure consumers into cashing the check and wiring the money quickly before the bank or consumer can determine that it was a fake check. By then, it’s too late.
Fake check scams come in many forms
· Do not depend on the funds from a check from a source you do not know.
· There is no legitimate reason for someone who is giving you money to ask for money to be wired or sent back.
· Do not rely on the fact that the check was accepted for deposit as evidence of the check’s authenticity. It can take up to a week or longer for your financial institution to determine whether a check is good.
· Consumers are responsible for the deposited fake check, even if it was a cashier’s check. When the check is returned, the amount that was credited from the fake check is deducted from your account.
Follow these tips to help you avoid falling prey to a secret shopping scam:
· Do your research. Most legitimate secret shopper jobs are posted online by reputable marketing research or merchandising companies. A quick Internet search can help you verify the company’s reputation and legitimacy. Scammers like to use the names of well-known companies to gain your trust, but they are often branded incorrectly- so keep your eye out for anything that looks off.
· Be cautious with wire transfers. This is a very popular way scammers seek funds, so as a rule of thumb never send a wire transfer to someone you do not know.
· Never deposit a check from someone you don’t know. If the check turns out to be fraudulent and is returned, you will be responsible for the money you withdrew, since you’re responsible for the account.
· Never give your personal or financial information out online. Guard your personal information. Never enter your Social Security number, bank account, online credentials or credit card numbers online or by phone to someone who gets in touch with you. No REAL company should ever ask you for information like this.
Technology Topic of the Month
SECURING YOUR HOME NETWORK
A protected home network means your family can use the Internet safely and securely.
Most households now run networks of devices linked to the Internet, including computers, laptops, gaming devices, TVs, tablets, and smartphones that access wireless networks. To protect your home network and your family, you need to have the right tools in place and confidence that family members can use the Internet safely and securely.
The first step is to Keep a Clean Machine and make sure all of your Internet-enabled devices have the latest operating system, web browsers and security software. This includes mobile devices that access your wireless network.
Secure Your Wireless Router
A wireless network means connecting an Internet access point- such as a cable or DSL modem- to a wireless router. Going wireless is a convenient way to allow multiple devices to connect to the Internet from different areas of your home. However, unless you secure your router, you're vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cybercrimes.
Here are ways to secure your wireless router:
- Change the name of your router: The default ID- called a service set identifier" (SSID) or "extended service set identifier" (ESSID) - is assigned by the manufacturer. Change your router to a name that is unique to you and won't be easily guessed by others.
- Change the pre-set password on your router- When creating a new password, make sure it is long and strong, using a mix of numbers, letters and symbols.
- Review security options- When choosing your router's level of security, opt for WPA2, if available, or WPA. They are more secure than the WEP option.
- Create a guest password- Some routers allow for guests to use the network via a separate password. If you have many visitors to your home, it's a good idea to set up a guest network.
- Use a firewall- Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard,, watching for attempts to access your system and blocking communications with sources you don't permit. Your operating system and/or security software likely comes with a pre-installed firewall, but make sure you turn on these features.
Protect yourself with these STOP, THINK, CONNECT, Tips:
- Keep a clean machine- Having the latest security software, web browser, and operating system are the best defenses, against viruses, malware, and other online threats.
- Automate software updates- Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.
- Protect all devices that connect to the Internet- Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
- Plug & scan- "USBs" and other external devices can be infected by viruses and malware. Use your security software to scan them.
- Protect your $$- When banking and shopping, check to be sure the site is security enabled. Look for web address with "https://" or "shttp://" , which means the site takes extra measures to help secure your information. "Http://" is not secure.
- Back it up- Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.