You are a SPECIAL Librarian! You are a Military Librarian!

Tag Archive | "cybersecurity"

Sun, Sand, and Cybersecurity

June 2017 Volume 12 Issue 06

From the desk of Thomas F. Duffy, MS-ISAC Chair

School’s out and the beach and mountains are calling. It is that time of the year when so many of us pack our bags and hit the open road or head to the airport for a well-earned vacation. We may be ready to take a break from our normal lives, but we still need to be cyber secure while we are enjoying our time off! In this month’s edition, we will explore some ways to be safe and smart with our devices, Internet usage, and social media while out traveling on vacation.

Stop-Think-Share

Always be careful about how much you post on social media about your vacations before and during your travels. Criminals can and do watch online posts to find people that are on vacation because that means you have left your home unattended.

Before “checking in” to a location on a social network, consider what else you are sharing – like the information that you aren’t home. Consider skipping the “check in” and making your vacation posts after you have gotten back. This is another way people can see you aren’t home. Perhaps this will have the double benefit of letting you take the time to choose only the best photos to post after your trip is over! At the very least, consider using privacy settings that only let friends see your posts. Additionally, consider turning off GPS and auto-tagging/auto-check in features, if you have them enabled.

Disable WiFi auto-connect services

Some devices have an auto-connect feature that will search for and automatically connect to available and accessible WiFi networks without your interaction. This can allow your device to automatically connect to an unencrypted, public WiFi network, or even one that was set up by a malicious actor to eavesdrop on your browsing and connection activity.

If you want to connect to a store or hotel’s network, check with an employee to see what the correct network is called, and see if they can provide a network password for a more secure, encrypted network. Always use a secure, encrypted network that requires login credentials if you have the option. In the event that isn’t an option, and you can use your phone as a WiFi hotspot, use that instead to get a more secure connection for another device that can’t make direct use of the cellular network’s connection.

Additionally, make sure you do not choose to “remember this network” or “join this network automatically” once you have settled on a more trusted network for use during your vacation. If you have these settings switched on for a very generically named network, your device may connect you to a less secure one that happens to have the same name. Even if you have this turned off, there’s another setting that will automatically connect you to a network you have joined before, which can be a problem since your device doesn’t know the difference between your coffee shop’s “Guest” network and a malicious “Guest” network. Turn these settings off so you don’t automatically connect, and choose to connect only to more trusted, safer WiFi networks.

Keep your devices close, and keep them locked when not in use!

Whether it’s your laptop, tablet, or smartphone, be sure to keep your device on you or with someone you trust. Never leave a device unattended in an airport, train station, restaurant, hotel lobby or anywhere else in public while travelling. There is a common scam that targets people who leave devices sitting next to them. In this scam, another traveler will approach you and ask for help and then lay a newspaper or map down over your device. While you’re distracted answering their question, they are picking up and pocketing your device under the cover of the newspaper or map!

Set a strong password: Use at least 8 characters in upper and lower case, numbers, and symbols

Set a strong pattern lock: Use at least 7 points and double it back over itself with at least 2 turns

Posted in Web/TechComments Off on Sun, Sand, and Cybersecurity

Registration Opens for U.S. Cyber Challenge’s Annual Cyber Quests Competition

Upcoming Cyber Quests Competition to Determine Qualifiers for Summer 2016 Cyber Campscyberchallenge
Washington, D.C., April 11, 2016 – U.S. Cyber Challenge opened registration today for the 2016 Cyber Quests online competition. The annual Cyber Quests competition
determines who qualifies for the U.S. Cyber Challenge (USCC) Summer Cyber Camps, a leading nationwide program in cybersecurity workforce development. While registration
opened today, the actual competition will open on Monday, April 25, 2016, with the competition closing on Friday, May 6, 2016. To register and compete, visit uscc.cyberquests.org.
The Cyber Quests competition and USCC camps are designed to improve cybersecurity skills, provide training & mentorship from renowned instructors and highlight skills for potential employers. For this specific Cyber Quests, competitors need to identify incident indicators and ultimately apply skills required of a Security Monitoring and Event Analyst job role as outlined in the Council on CyberSecurity’s Mission Critical Role Project report.
For Cyber Quests, participants will have 24-hours to complete the competition, beginning from the time they begin answering questions. Winners are determined based on who achieves the highest score in the shortest amount of time, and top performers who are 18 years or older and U.S. citizens, will then be eligible to receive an invitation to one of the week-long Cyber Camps offered across the country. The three camps will be hosted by Delaware State University, Moraine Valley Community College (Illinois), and Southern Utah University.
Those who attend a USCC Cyber Camp will receive high level instruction from some of the nation’s most talented cybersecurity teachers and practitioners, participate in handson
lab activities, network with employers at the camp job fair, and compete in a capture-the-flag competition that challenges both their technical skill sets and their ability to work
in a team environment.
U.S. Cyber Challenge is supported in part through sponsorships by AT&T, Cyber Ninjas, Workday, NIC, PCM-G, Monster Government Solutions, Federal CIO Council, Common Knowledge Scholarship Foundation, the Department of Homeland Security, Microsoft, SANS Institute, Lockheed Martin, AFFIRM, and Amazon Web Services.
For information about becoming a sponsor of a Summer Cyber Camp, contact Karen S. Evans, National Director at kevans@uscyberchallenge.org. To learn more about Cyber Quests, visit the website at USCC.CyberQuests.org. Details about the summer camps are on the U.S. Cyber Challenge website – www.USCyberChallenge.org.
###
About U.S. Cyber Challenge:
U.S. Cyber Challenge (USCC) is a program of the Council on CyberSecurity (CCS), a
501(c)(3) organization, and has the mission to significantly reduce the shortage in the
cyber workforce by serving as the premier program to identify, attract, recruit and place
the next generation of cybersecurity professionals. The goal of U.S. Cyber Challenge is to
find 10,000 of America’s best and brightest to fill the ranks of cybersecurity professionals
where their skills can be of the greatest value to the nation. For more information, visit
www.USCyberChallenge.org.

FOR IMMEDIATE RELEASE
Contact: Katie Hanson
Phone: 847-337-1818
Email: Katie@ShermanConsultingInc.com

Posted in Students, Training, Web/TechComments Off on Registration Opens for U.S. Cyber Challenge’s Annual Cyber Quests Competition

Phishing Emails and You — Monthly Cyber Security Tips Newsletter

Phishing Emails and You

From the Desk of Desk of Thomas F. Duffy, Chair, MS-ISAC

Be Aware of Phishing Scams

First and foremost you should utilize a spam filter (this service is should be provided by your email provider), keep all of your systems patched and your anti-virus software up to date. The second line of defense against phishing is you. If you are vigilant, and watch for telltale signs of a phishing email, you can minimize your risk of falling for one. Telltale signs of a potential phishing email or message include messages from companies you don’t have accounts with, spelling mistakes, messages from the wrong email address (e.g. info@yourbank.fakewebsite.com instead of info@yourbank.com), generic greetings (e.g. “Dear user” instead of your name), and unexpected messages with a sense of urgency designed to prompt you into responding quickly, without checking the facts. “Resume” and “Unpaid Invoice” are popular attachments used in phishing campaigns. Here are some scenarios you may encounter:Reserved: Social engineering refers to the methods attackers use to manipulate people into sharing sensitive information, or taking an action, such as downloading a file. Sometimes social engineers interact with the victim to persuade the victim to share details or perform an action, such as entering information into a login page.

  • An email appearing to be from the “fraud department” of a well-known company that asks you to verify your information because they suspect you may be a victim of identity theft.
  • An email that references a current event, such as a major data breach, with a malicious link to setup your “free credit reporting.”
  • An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your account.
  • An email with a link asking you to provide your login credentials to a website from which you receive legitimate services, such as a bank, credit card company, or even your employer.
  • A text message that asks you to call a number to confirm a “suspicious purchase” on your credit card. When you call, the operator will know your name and account information and ask you to confirm your ATM PIN. (This is a form of SMSishing – What should you do?)

Recommendations

  • Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal information via email.
  • If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email. Or, have the company send you something through the US mail (which scammers won’t do).
  • Only open an email attachment if you are expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious content could be packed inside.
  • Visit websites by typing the address into the address bar. Do not follow links embedded in an unsolicited email.
  • Use discretion when posting personal information on social media. This information is a treasure-trove to spear phishers who will use it to feign trustworthiness.
  • Keep all of your software patched and up-to-date. Home users should have the auto update feature enabled.
  • Keep your antivirus software up-to-date to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails.

For More Information

The information provided in the Monthly Security Tips Newsletter is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

Center For Internet Security

Northeast Headquarters | 31 Tech Valley Drive | East Greenbush, NY 12061 | Phone: 518-266-3460

Mid-Atlantic Headquarters | 1700 North Moore Street | Suite 2100 | Arlington, VA 22209 | Phone: 703-600-1935

Posted in Current Events, Web/TechComments Off on Phishing Emails and You — Monthly Cyber Security Tips Newsletter

Translate:

DMIL on Facebook

Military Libraries Division of the Special Libraries Association shared PEN/Faulkner Foundation's post. ... See MoreSee Less

Mon August 7th  ·  

View on Facebook

Military Libraries Division of the Special Libraries Association shared U.S. Army's video. ... See MoreSee Less

Mon August 7th  ·  

View on Facebook

Military Libraries Division of the Special Libraries Association shared The Man Booker Prize's post. ... See MoreSee Less

Sun August 6th  ·  

View on Facebook

Gravityscan Badge

Follow Us On:

Categories

Blog Archives