October 23, 2014 by Eric Cates
As the social media world continues to flourish, so do the threats of online deception. The next generation of social media attacks are being categorized in a slang term known as a “catfish” attack. The concept behind these threats are similar to internet hackers and malicious social engineers; convince the victim that you are someone else by ways of deception, most commonly through social media applications.
What these criminals seek are revenge on past relationships, identity theft and fantasies. The reason these threats are becoming so common are because online users are often willing to disregard warning signs in hopes of this false reality.
What we need to keep an eye out for?
Often times dating sites and social media can be the biggest misconception because you never really know who you are communicating with and sending personal information to. On the MTV series Catfish, it told the story of a female victim who put her trust in a fake celebrity. The attacker in this case was an average man who posed as a popular musician and when this “musician” reached out to the victim, she was all too willing to play along. The victim used her own expenses to fund this “celebrity” not knowing she would never receive compensation for the money she put out.
What to look for/how to avoid getting catfished online:
Do your research, use online tools, google searches and google images to find if your online connection is real.
Check for multiple Facebook profiles with the same profile images.
Look for low number of Facebook friends, then check for common friends.
Look for missing tags in pictures or no tags at all, images may be taken from other sources to create a profile.
Watch for excuses on why the person cannot meet in person, talk on the phone, Skype or FaceTime.
Watch for aggressive questions for personal information. Ex. What is your phone number? What is your address? Etc.
Never provide financial support or personal information that could compromise your bank account, location, or identity.
October 21, 2014 by The GLS Team
The Internet has quickly become an essential part of virtually everyone’s lives, but our dependence on the Internet has come at a cost. Every time we use the Internet either for social or business purposes we put ourselves at risk. The more personal information we allow into cyberspace, the more vulnerable we become to the perpetrators of theft, fraud or other cyber hazards. Thankfully there are precautions we can all take to make our time on the Internet safer.
For those of you who don’t know, October is cyber security awareness month. According to the Homeland Security website, cyber security month is designed to educate the public and private sectors in practices that raise awareness about cyber security.
Create Policies and Provide Awareness Training
One of the most effective ways companies can foster cyber security is to create policies and enforce them. A policy can be something as simple as dictating password strength. As with any policy, a key to it being effective is to assure it is followed, so be sure to reward those who comply and punch those who don’t. Further, it is necessary to train employees on how to comply with the set policies. In short, a good rule of thumb to follow is policies need to be documented, taught, audited and enforced.
In addition to training on specific company policies, we recommend an awareness program. This program should include a mixture of relevant courses to your organization: Security Awareness Essentials, Anti-Phishing Training, HIPAA, PCI, Ethics and more. These courses will help protect your organization from cyber theft, as a major cause of breaches is negligent insiders. Educate your insiders both about your internal policies and general security and anti-phishing best practices.
Have a Strong Defense
It is important to defend your computer against danger. You can do this by making sure everything on your computer is up to date. This includes your software and web browser. A good practice is to set up automatic updates. It is also a good idea to install security updates. Be sure to use safeguards such as anti-virus, anti-spam, and anti-spyware software. The more safeguards you have the less likely it will be that someone can hack into your system and take your information. For your company computer or devices, check with your IT department before making any changes.
Watch for Email Scams
It seems like every day a new email scam is popping up. It’s hard to keep on top of what scams to keep an eye out for. But, there are some telltale signs that indicate an email is not legitimate. First, be leery of any email that comes to you from an unknown sender. When looking at the content of the email, look out for misspellings and grammatical errors. Deals that seem to good to be true are probably scams, so are cries for help from foreign lands, especially if they are asking for money. Be sure to question any emails that ask for sensitive or personal information such as social security or account numbers. Look out for blue hyperlinks. Clicking on these could spell disaster for you. To add an extra layer of protection, it is a good idea to add a filter that will warn you of suspicious web sites.
Smartphones have made it easy for us to be constantly connected to the Internet. But, they bring additional security issues. So, it is important to make sure you are protected when using your mobile devices as well as your desktop computers. Be sure to use the most secure Wi-Fi option available. It is best if it includes encryption and password protection. Sometimes cyber thieves try to trick people by using slight misspellings of wireless networks. Be sure to carefully check what network you are connecting to. Encrypt your data so it can’t be accessed if your device is lost or stolen. Also, before you get rid of an old mobile device, be sure it is clear of all personal information.
Don’t be too Social
Our generation has become somewhat obsessed with social media. Most of us can’t go a whole day without checking our Facebook page or Tweeting about something. But, our seeming need to perpetually keep in touch with everyone has a downside. Posting about an upcoming weekend trip can alert a thief to the fact that you will be out of the house for an extended period of time. Posting pictures of your kids makes them vulnerable to kidnappers. Anything you post or share says something about you and puts you in a position of vulnerability. Take precautions when you are using social media. Think before you post anything. Think about limiting access to your posts to a small group of people. Never post your full name, social security number, address, phone number, or any account numbers. Make sure your social media experience is about fun and not something to constantly worry about.
The 21st century has without a doubt seen technology advance faster than any other era in time. These advancements have afforded our culture many wonderful things. However, we have to be more careful than ever in order to safeguard ourselves from those who wish to benefit from our carelessness. There is no way we can assure we won’t be victims of cybercrime, but by being vigilant and following a few simple guidelines whenever we’re online, we can make it less likely that we will become cyber victims.
October 08, 2014 by Carsen
In two recent blog posts
, we discussed many tips and best practices for implementing information security best practices with your family, and I want to emphasize the importance of open dialogue with your children. When it comes to protecting their identity, reputation and emotional well-being, continuous awareness and discussions are imperative. We’ve all seen the commercials that encourage parents to talk about drugs and alcohol, which are definitely important, and just as important is discussing technology and what they are sharing with others online or via mobile devices.
Not only can children be unaware they are carrying on conversations with much older men or women who are posing as teenagers, but also they can fall into traps of sharing information that is then used against them for manipulation, blackmail or bullying. Sexting and sending inappropriate images has lead to many unfortunate events for both children and adults alike, and your children need to be aware of the outcomes should they participate. It should also be known that what they send and share via email, text or over social media platforms could then be shared by others that they did not intend to receive the messages. Our general rule to all individuals is do not share anything publicly you wouldn’t want seen in a newspaper.
Give them examples of what has happened to others, and be sure to emphasize the importance of protecting not only their reputation but also their emotional and physical security. Be sure to discuss the importance of never providing personal information with individuals met online such as home addresses, school names, siblings’ names, parental work schedules and birth dates.
Talk to them about phishing scams (via text, phone or email) and other internet scams that come in the form of gifts, requesting financial information and more. Here is our recent videos on email phishing
that can be good starts to discussions and education.
As we mentioned it the previous blogs, password security should remain a priority, and reminding the children to set a schedule to consistently update and change passwords should be a family effort. I suggest sitting down once a month as a family and discussing internet activity, recent scams, security settings and current access controls with your children. Let them know why you are putting the parental controls in place and how to avoid falling victim to cyber criminals. Consistent communication keeps the entire family accountable in maintaining security best practices to protect your information security, emotional security and physical security.
October 01, 2014 by The GLS Team
Children often find interesting friends and information on the Internet. Unfortunately, scam artists and hackers understand that children are easy marks. Kids spend hours on their phones and surfing online without thinking about security risks. The possible results of revealing information include compromising home and business security and kids' personal safety. Back-to-school time is an ideal opportunity for parents to talk to their kids about cyber security.
Business Risks of Children's Vulnerability
Business risks of unsecured passwords and computers at home include deleting files and programs, unintentionally visiting malicious websites and encountering phishing or social engineering schemes. Talking to your children about security should include the following:
• Explain how con artists can trick even adults into revealing information that could result in viruses or identity theft.
•Help children understand that child predators often pretend to be kids.
• Set boundaries appropriate to each child's age, maturity and knowledge.
• Discuss the risks of sharing information with strangers, which includes seemingly innocuous details about family vacations, extracurricular plans or family outings.
• Partition computers into separate accounts so that kids have their own dedicated settings.
Cyber Security Awareness Begins at Home
Deficiencies in home computer security are serious threats to businesses, so your kids could disrupt your business at work. Possible threats include:
• Children disclosing information that can be used for spear phishing attacks.
• Viruses and malware on smartphones, laptops and tablets easily crossing security barriers at the office to infect company computers.
• Kids talking about sensitive or proprietary information while bragging about their parents.
• Harried parents failing to close websites or protect their Internet sessions when children fight or get injured, leaving their computers unprotected.
How to Talk to Your Kids About Cyber Security
Keeping communications open goes a long way to minimizing risks. Explain that anyone can make a mistake---even trained adults---so kids should never fear reprisals for discussing their problems. If your kids accidentally reveal information online or discover a questionable contact, they should bring the matter to your attention. Teach kids never to reveal personal information, including addresses and extracurricular activities. Other tips for your children include:
• Ignore messages from people whom you don't know.
• Never post your phone number on the Internet.
• Don't provide financial or personal information.
• Ask trusted adults before downloading anything from the Internet.
• Avoid clicking on links, programs and videos unless they come from a trusted source.
• Don't play games that require personal information to open an account.
• Beware of free offers.
Kids are amazingly talented at ferreting out information about their parents' passwords and Web behavior and getting around parental controls. Companies should remind their employees with children that most security risks happen because of internal carelessness. Companies might consider offering a customized training course for their employees to address the security vulnerabilities caused by children using company or home-based computers. We at Global Learning Systems offer excellent training services for all types of customized training needs.
Of course, you also need to set limits, use parental controls and supervise what your kids do online. Surf the Web with your kids to find out what they're doing, and show them examples of questionable sites and messages. Explain that talking to a trusted adult is essential when problems occur. Awareness training begins with parents and extends throughout the family.
Children need rules, and you should regularly update security discussions to include topics like sexting, sending sexually explicit photos and discussing sexual issues with strangers. Internal threats are a major cause of security risks, and your children could be easy targets unless you educate them about the dangers lurking in cyberspace.