Tips for Spotting a Fraudulent Email
Personal Information Request
Provident will never ask you to respond to an email with any personal information. This includes your Social Security number (SSN) or your ATM or 24 Hour Access Plus Direct Talk Personal Identification Number (PIN) numbers
Threat of closing an account if information is not provided
This type of email informs you that your account will be closed if you fail to "authenticate" or verify your personal information. Provident will never ask you to confirm information in this manner.
Security or system emails.
This type of email indicates that the bank needs you to confirm important information. The email will ask you to update your information online. Provident will never ask you to confirm information in this manner.
An offer that sounds "too good to be true."
This email may ask that you complete a short survey in order to receive money credited to your account. It will ask for your account(s) and bank routing number(s) in order to complete the deposit to your account. Provident will never ask for your information in this manner.
Misspellings and/or grammatical errors.
Emails containing these issues are often an indicator of attempted fraud. Watch for typos, grammatical errors, awkward wording, and poor design.
Unusual URLs.
Many web pages and emails will display the destination URL of the link when you hover over the link with your cursor. (Please do not click the link) A URL formatted provident.suspicious.com will take you to a site that is not a part of the Provident web site even though Provident is contained within the URL.
Please, do not reply to any of these types of emails!
Tips for Secure Passwords
It is critical to use a highly secure password for all of your financial accounts. Never use passwords like your child's name, your pet's name, your Social Security number, your account or PIN number, or anything else that a person with the intention of performing fraud could easily discover. Passwords that are the most secure use combinations of letters, numbers, and special characters. Do not just use an address, phone number, birthdate, or worst of all, simple passwords such as 1111 or 1234. For additional security, please change your password on a regular basis and do not use the same password for multiple accounts.
If you feel you have given out any personal information in regard to your Provident account(s) (such as your account number, password, or PIN), or typed it into a website that may not be legitimate, please contact us immediately. We will take the necessary steps to help you secure your account.
Common Sense Tips
Don't give out financial information such as account numbers, credit card numbers, ATM PIN number, and especially your Social Security number over the phone unless you have initiated the call and know the person/organization you are transacting business with. Please do not give this information to a stranger even if they claim to be representing Provident.
Report lost or stolen checks, credit cards, or ATM cards immediately.
Don't preprint your driver's license, telephone, or Social Security numbers on your checks.
Please notify Provident of any suspicious telephone inquiries that might ask for account information.
Don't write your (PIN) on or with your ATM or credit cards.
Remember that protecting your financial information is often asking the question: How can I protect myself?
Online Banking Account Protection That Works 24/7... Just Like You Do
Provident Bank's Online Banking Identity Verification feature
What is the security feature?
In order to make your online banking experience as secure as possible we have introduced a security feature that watches for uncharacteristic or unusual behavior involving your internet banking access. If anything out of the ordinary is detected, we will ask you to verify your identity.
How does it work?
In the rare case we detect any unusual or uncharacteristic activity, we will ask you to answer security questions or if there are problems with answering the questions, allow us to phone you to make sure that it is really you trying to sign on. Most of the time you will not notice that the security feature is even there, but it will still be protecting you 24 hours a day and 7 days a week.
Do I need to sign up for the security system?
The security system is automatically available to all of our customers. Expect to be prompted at some point while banking online to enter additional information. This may include choosing some security questions that only you know the answers to as well as supplying phone numbers where you can be reached while banking online. Once this occurs, you have added a layer of protection to your Online Banking access and best of all, it's free!
Frequently Asked Questions for our Identity Verification Feature
What is this security system?
As our customer, we know how you typically behave. For example, when and from where you normally access internet banking. If we detect any activities that do not seem like your typical behavior, we will prompt you to further verify your identity. This process will ensure us it is you and not someone else trying to access your information. This will only happen on rare occasions. Normally you will not be asked for any additional information. For example, if someone tries to sign in with your user name and password from a computer in a foreign country shortly after you have logged off from your normal computer at home, we may decide to verify that it is really you trying to access your account.
How do I sign up for the security system?
There is no need to sign up. The security is there right from the start! Expect to be prompted at some point while banking online to enter additional information. This may include choosing several security questions that only you know the answers to, as well as supplying phone numbers where you can be reached while banking online. Once this occurs you have added a layer of protection to your internet banking access!
How much will it cost?
There is absolutely no cost associated with the new security system.
When will I be asked for more information?
You will only be prompted to enter additional information when a particular activity or transaction appears to be unusual or uncharacteristic of your typical behavior. You will also be prompted to enter your information when you are first prompted to set up your security information.
What additional information will I be asked?
If any unusual or uncharacteristic behavior is detected, you will be asked to answer several of the security questions you chose. You may also be asked to answer an automated phone call.
What is unusual or uncharacteristic behavior?
Uncharacteristic or unusual behavior is anything that appears out-of-the-ordinary compared to how you normally would bank online and where you normally bank online. If the action being requested does not appear to be something you would normally do, we will ask you for more information to make sure it is really you and not an unauthorized user.
Will I be asked for more information all the time now?
No, you will only be asked for more information when unusual or uncharacteristic behavior is detected. This will most likely be a very rare occurrence.
How are you able to detect unusual or uncharacteristic behavior?
The security system takes into account factors such as the computers you typically use to access your account, or the typical security settings for your computer. Hundreds of factors, such as these, create a profile that is unique to you that allows us to make decisions about whether the person conducting a given activity appears to be really you.
How do I know it is working?
You only need to complete the set-up process once; afterwards the new security system will work automatically. That means you are being protected every moment; when you are online and more importantly when you are not.
How will my phone numbers be used?
If any unusual or uncharacteristic behavior is detected, you may be asked to answer an automated phone call. Once you answer the phone call, you will be prompted to enter the code that will appear on your computer screen at that time in order to verify your identity. Your phone numbers will not be sold to a third party, nor will they be used to contact you about marketing offers and promotions.
How many phone numbers should I provide?
You must provide at least one phone number but are encouraged to provide up to three. In case we need to verify your identity, you may receive an automated phone call at one of the numbers you have provided. It is important to provide numbers where you can be reached when you are banking online. For instance, if you bank online at work you should provide your work or cell phone number so you can be reached there. This will ensure you can continue your online banking session without any inconvenience.
What if I need to change my phone number?
If you need to change your phone number, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 9AM to 2PM. You may also be occasionally asked to verify that your information is up to date during your Online Banking session.
What if I cannot be contacted at any of the phone numbers listed?
If you cannot be contacted at any of the phone numbers listed, please contact customer service at (800) 442-5201 Monday through Friday 8AM to 6PM and on Saturday 9AM to 2PM.
Is my personal information still safe?
Yes. In fact, your personal information is safer than ever before because we are making sure it is really you and not an unauthorized user trying to access your information.
I have already set up my contact numbers, why am I being asked for them again?
Occasionally we may prompt you to make sure that the information we have on file is up to date.
How will this help prevent online fraud?
If your user name and password are stolen, the fraudster would have to be able to answer your security questions correctly or answer a call at one of the numbers you provided before being able to access your information. If the user is not able to provide this information or be reached on the phone, the activity would be blocked. This added layer of security helps us protect your information.
I check my account very often, wouldn't I know if something unusual showed up on my account?
It is great you check your account! It is always a good idea to regularly monitor your account for any unusual activities (like payments you didn't make). This security service helps prevent those incidences from ever occurring, so when you check your account everything is exactly how it should be.
I share my computer with someone who has their own account. Can both of us still log in from this machine?
Yes, you can both use the same computer to log on to your individual accounts. There is no limit on how many people can log on the website from the same computer.
I already have anti-virus and a personal firewall. Why do I need this?
We are glad to hear you use anti-virus and a personal firewall. Be sure that you keep both software programs up to date for the best possible protection against viruses, Trojans, and hackers. This new security feature protects against other types of threats such as a stolen user name and password. It works with your other personal security programs, but it does not replace them.
Is Your Computer Secure?
If the computer you are currently using is not protected, identity thieves and other fraudsters may be able to get access and steal your personal information.
If you are using safety measures and good practices to protect your home computer, you can protect your privacy and your family. Here are some tips Provident would like to suggest to help you lower your risk while you're online.
Suggestions from Provident Bank
Install and use a firewall
Definition: A firewall is a software program or piece of hardware that blocks hackers from entering and using your computer. Hackers search the Internet in a similar manner as telemarketers automatically dial random phone numbers. They send out a ping (call) to thousands of computers and wait for a response. Firewalls prevent your computer from responding to these unsolicited calls. A firewall blocks communications to and from sources you don't permit. This is especially important if you have a high-speed Internet connection, like DSL or cable. Some computer operating systems have built-in firewalls that may be shipped in the "off" mode. Ensure that your firewall is on. To always be effective, your firewall must be set up correctly and updated regularly. You can check your online "Help" feature for specific instructions.
Install and use anti-virus software
Anti-virus software helps to protect your computer from viruses that can destroy your data, slow down/ crash your computer, or allow spammers to send email from your account. Anti-virus protection scans your computer and your incoming email for viruses, and then removes them. Anti-virus software must be updated regularly to cope with the latest "bugs" (viruses) circulating on the Internet. Most anti-virus software includes a feature to download updates automatically while you are online. Always make sure that the software is continually running and checking your system for viruses, especially if you download files from the Web or are checking your email. Set your anti-virus software to check for viruses when you first turn on your computer. You should also set the anti-virus software to scan your complete system at least twice a month.
Install and use anti-spyware software
Spyware is software installed without your consent or knowledge that has the ability to monitor your online activities and collect your personal information while you are surfing the Web. Certain types of spyware, called keyloggers, record everything you type in - including your passwords, credit card numbers, and financial information. Signs that your computer may be infected with spyware include a sudden influx of pop-up ads, being taken to websites you don't want to go to, and slower performance.
Spyware protection is included in some anti-virus software products. Review your anti-virus software documentation for information on how to activate the spyware protection options. You also purchase separate anti-spyware software programs. Keep your anti-spyware software up to date and run it regularly.
To avoid spyware in the first place, download software only from sites you know and trust. Piggybacking spyware is often an unseen cost of many "free" programs. Do not click on links in pop-up windows or in spam email.
Update and maintain your system and browser to protect your privacy
Hackers are continually searching and trying to find flaws and holes in operating systems and browsers. In order to protect your computer and all of your information on it, set the security settings in your system and browser at medium or higher. Review the Tools or Options menus for how to do this. Install updates to your system and browser regularly. You should consider taking advantage of automatic updating if it is available. Windows Update is a service offered by Microsoft. It will automatically download and install software updates to the Microsoft Windows Operating System, Internet Explorer, Outlook Express, and will also deliver security updates to you. Software patching can also be run automatically for other systems, including the Macintosh Operating System.
Secure your home wireless network
If you have a wireless network in your home, make sure you take precautions to secure it against hacking. Encrypt your home wireless communications. Select a wireless router that has an encryption feature and turn it on. WPA encryption is considered stronger than WEP. Your computer, router, and other equipment must use the same encryption type. If your router enables identifier broadcasting, be sure to disable it. Note the SSID name so you can connect your computers to the network manually. Hackers know the pre-set passwords of this kind of equipment. Be sure to change the default identifier on your router and the default administrative password. You may want to turn off your wireless network when you are not using it.
Remember that public "hot spots" found in many stores, restaurants and hotels may not be secure. It's safest to avoid accessing or sending sensitive personal or financial information over a public wireless network.
Is your company taking the steps necessary to safeguard information?
Most companies keep sensitive information in their files, whether it's names, Social Security numbers (SSN), credit cards, or other account data that identifies customers or employees. Businesses often need this information to fill orders, meet payroll, or perform other business functions. But if the information falls into the wrong hands, it can lead to fraud or identity theft. The cost of a security breach can be measured in the loss of your customers' trust and perhaps even a lawsuit, which makes safeguarding personal information just plain good business.
A sound data security plan is built on five key principles:
Take stock. Know what personal information you have in your files and on your computers.
Inventory all file storage and electronic equipment. Where does your company store sensitive data?
Talk with your employees and outside service providers to determine who sends personal information to your business, and how it is sent.
Consider all the ways you collect personal information from customers, and what kind of information you collect.
Review where you keep the information you collect, and who has access to it.
Scale down. Keep only what you need for your business.
Use Social Security numbers only for required and lawful purposes. Don't use SSNs as employee identifiers or customer locators.
Keep customer credit card information only if you have a business need for it. Change the default settings on your software that reads customers' credit cards.
Don't keep information you don't need. Review the forms you use to gather data - like credit applications and fill-in-the blank web screens for potential customers - and revise them to eliminate requests for information you don-t need.
Truncate the account information on electronically printed credit and debit card receipts you give your customers. You may include no more than the last five digits of the credit card number, and you must delete the card's expiration date.
Develop a written records retention policy, especially if you must keep information for business reasons or to comply with the law.
Lock it. Protect the information that you keep.
Put documents and other materials containing personally identifiable information in a locked room or file cabinet.
Remind employees to put files away, log off their computers, and lock their file cabinets and office doors at the end of the day.
Implement appropriate access controls for your building.
Encrypt sensitive information if you must send it over public networks.
Regularly run up-to-date anti-virus and anti-spyware programs on individual computers.
Require employees to use strong passwords.
Caution employees against transmitting personal information via email.
Create a laptop security policy, for within your office and when your employees are traveling.
Use a firewall to protect your computers and your network.
Set "access controls" to allow only trusted employees with a legitimate business need to access the network.
Monitor incoming Internet traffic for signs of security breaches.
Check references and do background checks before hiring employees who will have access to sensitive data.
Create a procedure to make sure that workers who leave your organization or transfer to another part of the company no longer have access to sensitive information.
Educate employees about how to avoid phishing and phone pretexting scams.
Visit OnGuardOnline.gov for computer security tips, tutorials, and quizzes.
Pitch it. Properly dispose of what you no longer need.
Create and implement information disposal practices.
Dispose of paper records by shredding, burning, or pulverizing them.
Defeat dumpster divers by encouraging your staff to separate the stuff that's safe to trash from sensitive data that needs to be discarded with care.
Make shredders available throughout the workplace, including next to the photocopier.
Use wipe utility programs when disposing of old computers and portable storage devices.
Give business travelers and employees who work from home a list of procedures for disposing of sensitive documents, old computers, and portable devices.
Plan ahead. Create a plan for responding to security incidents.
Designate a response team led by a senior staff person.
Draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others - a lost laptop or a hack attack, to name just two - are unfortunate, but foreseeable.
Investigate security incidents immediately.
Create a list of who to notify - inside or outside your organization - in the event of a security breach.
Immediately disconnect a compromised computer from the Internet.
Identity Theft
Identity theft happens when a person uses your name, Social Security number (SSN), or some other personal, financial, or medical information without your permission to commit fraud and/or other crimes. Online threats like phishing, malware, or hacking may also lead to identity theft.
If your personal information is lost, stolen, or compromised, you can reduce the potential damage from identity theft.
View Our Identity Theft Flyer
Protect Your Identity
Do not give out personal or account information over the phone, by mail, emails or through the Internet unless you initiated the contact or you are sure you know who you are dealing with.
Never respond to unsolicited requests for your SSN, or requests to verify your financial information.
Secure your personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
Guard your mail and trash from theft. Before discarding, shred all documents containing personal information. (Receipts, statements, etc.)
Check all credit card and bank statements monthly for accuracy.
Never open an email or click on the link provided in an email if you think it is fraudulent or is a request for personal information. Internet pages and email links may look like the official site. Call the institution or type in the site address you are familiar with instead of using the link provided in the email.
Obtain a copy of your credit report yearly and check it for accuracy. You can obtain a free copy of your credit report annually from the three major credit bureaus.
Report suspicious emails or calls to the Federal Trade Commission at:(877) IDTHEFT (438-4338)
If you Become a Victim
Put a Fraud Alert on Your Credit Reports
Contact one of the three nationwide credit reporting companies, so they can put a fraud alert on your credit report:
Equifax: (800) 525-6285 / Experian: (888) 397-3742 / TransUnion: (800) 680-7289
The one company you call is required to contact the others to place fraud alerts on your file.
A fraud alert may make it more difficult for an identity thief to open any accounts in your name. The alert is maintained on your credit report for at least 90 days. After you create an Identity Theft Report, you may request an extended alert on your file.
Review Your Credit Reports
After you place a fraud alert on your credit reports, you are entitled to one free copy of your credit report from each of the three credit reporting companies. Read and review the reports; verify that your name, address, SSN, accounts, and other information are correct.
If the report reflects accounts that you did not open or debts that are not yours, contact the credit reporting companies to report the fraud and have them corrected. You should also contact the security or fraud department of each company where an account was misused or opened without your consent. Ask the company to send you proof that the problem accounts have been corrected or closed.
Create an Identity Theft Report
An Identity Theft Report will help resolve issues with the credit reporting companies, debt collectors, and businesses that allowed the identity thief to open new accounts in your name. The Report can help you:
- Have fraudulent information permanently removed from your credit report
- Prevent a company from collecting debts that result from identity theft or selling the debts to other companies for collection
- Get an extended fraud alert placed on your credit report
Three steps are required to create an Identity Theft Report:
- File an identity theft complaint with the FTC. - Online: http://ftc.gov/idtheft / Phone: (877) 438-4338
- When you file your complaint with the FTC, obtain a copy of the FTC affidavit that shows the details of your complaint. The online complaint site describes how you can print your completed affidavit. If your complaint is filed by phone, ask the counselor how to get a copy of your affidavit.
- Take your completed FTC identity theft affidavit to your local police, or to the police where the theft occurred, and file a police report. Obtain a copy of the police report or the report number.
Your FTC identity theft affidavit plus your police report create an Identity Theft Report. Send a copy of the Identity Theft Report to each company where you report fraud. Request that they remove or correct fraudulent information on your accounts.
To learn more about how to protect your personal information and respond to identity theft go to https://identitytheft.gov
Privacy
Provident Bank values your trust and respects your expectation of privacy. As such, we are committed to maintaining the confidentiality of your personal financial information. This document outlines our privacy policy for visitors to our web site.
In addition to the protections you enjoy through our Online Privacy Policy, your online activities may also be covered by our Online Privacy Policy for consumers. This policy explains our collection, use, retention, and security of consumer information and applies to customers who obtain financial products and services primarily for personal, family, or household purposes.
At Provident Bank, protecting the privacy and security of your personal information is important to us. We collect, retain, and use information about you in order to administer our business and to provide quality products and services that may be of benefit to you. We consider safeguarding your financial information a fundamental part of our business philosophy.
Information We Collect
When you visit our website, we may collect the following information in order to service your accounts:
Information we receive from you on applications or other forms (such as your name, address, Social Security number, assets and income)
Information about your online transactions with us, as well as information about our online communications with you. Examples include your online bill payments and your activity on the website, such as collecting information on product information reviewed.
Visitors to Our Website
Visitors to our website remain anonymous, unless they register for a service or otherwise elect to disclose their identity to us. Although we do not collect personally identifying information about persons who simply visit our site, we do collect certain limited information about visitors, such as their IP address (a numeric address assigned automatically to computers when they access the Internet).
We also may place "cookies" on a computer to track a visitor's use of our website. A cookie is a piece of data that is stored on your hard drive. It takes up very little room on your system and helps us to customize our site and make its navigation easier for you. We sometimes use cookies to help estimate the number of visitors to our site and to determine which areas are the most popular. Unless you register with us for a service (such as our Online Banking service), the cookie does not provide us with any personally identifying information about you, such as your name or address.
Web Browser Settings and Control of Personally Identifiable Information Collection
You may have the ability to activate web browser tracking settings or other mechanisms that give you the option to control the collection of personally identifiable information about your online activities over time and across third-party websites or online services. Our response to these settings and mechanisms will depend on the setting and mechanism and the impact on our collection and tracking practices. At this time, our website only tracks your activities while on our website and, unless you register with us for a service, we do not collect any personally identifiable information about you. The tracking is facilitated using 'cookies' that we place on your computer. If you choose not to accept cookies or remove locally stored cookies, we will not track your activity on our website; however, some features and services on our website may not be available to you. For more information regarding cookies, refer to 'Visitors to Our Website' in this policy.
Third Parties
When you use our website or online service, third parties acting on our behalf may collect the personally identifiable information and website activity identified above. This may include the personally identifiable information collected when you register with us for a service. Depending on the third party websites you visit, as well as any preferences and authorizations you have provided to others, your activity on our website and across other websites, including personally information you provide, may be tracked and collected by third parties. Also, third parties may offer services on our website from time to time. If you access their websites or provide them with information, these third parties may track your activity across websites and collect your personally identifiable information, all subject to the third party's privacy and security practices.
For further details, refer to 'Links to Other Web Sites' and 'Services and Advertisements by Third Parties' in this policy.
Disclosure Of Non-Public Personal Information
We do not disclose non-public personal information about our customers to non-affiliated third parties, except as permitted by law. You do not have to take any action or instruct us to keep your information confidential. We will protect your privacy automatically. If you end your relationship with the Bank, we will continue to adhere to the information policies and practices described in this policy.
There are instances when information about you may be provided to others. For example, we are permitted by law to share information:
- Within the Bank in order to service your accounts or to market other products or services we may offer.
- With non-financial companies that perform services on our behalf, such as check printers, data processing companies, companies that prepare or mail account statements, or companies that perform marketing services on our behalf.
- With credit bureaus about loans we make, whether or not they are handled properly, and about deposit accounts that are not handled properly.
- In order to comply with a number of laws and regulations we are required to furnish various reports to federal, state, and/or local government officials regarding certain transactions or accounts.
- To comply with subpoenas and other legal processes that require us to provide information about your accounts or other business with the Bank.
- If we suspect that a crime involving you or your loan or deposit account may have been committed.
- With our regulatory agencies and agents of the Bank or its affiliated companies, such as our independent auditors, consultants or attorneys, all of who will be bound to protect the information as we do.
- With others that you, or any other person with signing authority over your account, have given us oral or written permission to do so.
Maintaining accurate Information
We have procedures in place that help us to maintain the accuracy of the personally identifiable information that we collect. Please contact us at the number or address set forth below if you believe that our information about you is incomplete, out-of-date, or incorrect. If you are an online banking customer, sign-on to Online Banking to review and correct information about yourself, such as a change in your address or email address.
Links to Other Web Sites
Our web site may feature links to third party web sites that offer goods, services or information. Some of these sites may appear as windows-within-windows at this site. When you click on one of these links, you will be leaving our site and will no longer be subject to this policy. We are not responsible for the information collection practices of the other web sites that you visit and urge you to review their privacy policies before you provide them with any personally identifiable information. Third party sites may collect and use information about you in a way that is different from this policy.
Services and Advertisements by Third Parties
Third parties may offer services from time to time at our web site. If you provide them with information, their use of that information will be subject to their privacy policy, if any, and will not be subject to this policy. If you accept third party goods or services advertised at our web site, the third party may be able to identify that you have a relationship with us (e.g., if the offer was only made through our site).
Minors
We feel strongly about protecting the privacy of children and teenagers. As such, we do not knowingly collect personally identifiable information from such individuals through our web site.
Changes to This Policy
We may add to, delete from, or otherwise change the terms of this Online Privacy Policy from time to time by posting a notice of the change (or an amended Online Privacy Policy) at this website. If required by law, we will send you a notice of the change. Your continued use of our web site or any on-line service following notification will constitute your agreement to the revised Policy.
Questions
If you have any questions or concerns about the integrity of your account information, or any other aspect of our business operations, please do not hesitate to telephone or come in to talk to our staff. You may also write to:
Provident Bank
Attention: Compliance Officer
3756 Central Ave.
Riverside, CA 92506
(800) 442-5201
We value your business and hope you will continue banking with us for many years to come.
At Provident Bank, protecting the privacy and security of your personal information is important to us. In order to proactively combat cybersecurity and decrease the likelihood of you, our customers, being compromised, we have implemented this CyberSecurity Tips Monthly Newsletter. It should help you grow to be security-conscious both at home and at work by providing helpful tips to consider in your everyday activities. A list of our current and previous issues of our newsletter have been provided below.
Disclaimer for links provided in this newsletter: If you click on a link within the following newsletters, you will be linking to another website not owned or operated by Provident Bank. Provident Bank is not responsible for the availability or content of this website and does not represent either the linked website or you should you enter into a transaction. We encourage you to review their privacy and security policies which may differ from Provident Bank.
Cyber Security Tips Monthly Newsletters
2022-08 Cyber Secure Families - Cyberbullying & Information Sharing
|
Aug 2022
2022-08 Cyber Secure Families - Cyberbullying & Information Sharing
|
Monthly Security - Tips Newsletter
|
|
As technology continues to evolve, the tools and toys available to your children increase in number and evolve in capabilities. Technology can be used to educate and inspire creativity in kids, but it also exposes them to a risky landscape most of us didn’t have to worry about during childhood. Adults can discuss with children how the digital world is a great resource, but we must remain cyber aware.
We all should be responsible with the information we share and the ways we explore. Here are a few things we should all do to protect our kids and our home networks.
Keep Software Updated
Think of all the devices in your household that connect to the internet – phones, tablets, computers, gaming systems, smart appliances, even lightbulbs! One of the most important things you can do to keep your devices safe is to ensure your devices are up to date and using the latest software. When your devices notify you about a software update, install the update right away or set them to automatically update. Those updates contain security patches that close loopholes that attackers can use to gain entry and access your data like your passwords, payment information, photos, and more.
Always make sure you know what apps are on your children’s devices. Know what those apps do and what type of information they monitor or collect. This can be done easily by checking the app settings and privacy disclosures.
If you have children prone to installing anything that looks new and flashy, consider requiring a PIN or password only you know before allowing installation of new applications.
Internet Domain Name System (DNS) Filtering
As we all know, surfing the web can be a risky business. While we can usually identify scams and malicious links, children may not catch on so quickly and see that the link their friend’s hacked account just sent them for a free game is a malicious website in disguise.
Implementing DNS filtering, which prevents devices on your network from connecting to known bad websites, is a free and easy way to help prevent everything from phishing and ransomware to spyware and viruses. It is so useful that some of largest IT companies in the world have joined forces to provide it for free to public users. This includes no sign-ups, tracking, or personal information saved by those providers. DNS filtering can even be set up on your home router with very little effort, which will help protect anyone or device on your entire network. DNS filtering services can also be used to implement parental controls to deter kids from going to unwanted or inappropriate websites. Additionally, you can limit kids’ screen time and monitor their online surfing activity if you choose to do so. By doing this, you can create a family-friendly online space in your home while also protecting your identity and blocking cyber-villains.
Free DNS filtering options for families –
- Quad 9: When your computer performs any Internet transaction that uses the DNS (and most transactions do), Quad9 blocks lookups of malicious host names from an up-to-the-minute list of threats. Quad9 is also free to use, and no contract is required. It also doesn’t collect any personal information about you.
- Cleanbrowsing: A free DNS system that focuses on privacy for households with children. It provides three free filter options and blocks most adult sites.
- OpenDNS: Owned by Cisco, OpenDNS has two free options: Family Shield and Home. These are incredibly useful for monitoring and preventing adult site access as well as general internet safety and performance.
Talk to Your Kids
Finally, make sure you talk to your kids about cybersecurity. Just like other issues that have the potential to harm our children, keeping an open line of communication regarding cybersecurity is vital to keeping them safe.
Outside of adjusting privacy settings and parental controls on devices your kids use, make sure they learn how to spot unusual behavior and encourage them to tell you about it. Teach your kids about proper online etiquette and encourage appropriate interactions.
Supervise their screen time and make sure you are in the know about who they talk to and interact with online. Talk to them about the importance of keeping some information private such as their name, home address, and phone number.
Check their apps and devices frequently to make sure your kids haven’t turned on location sharing or made their social media accounts public to anyone and everyone. As they get older, remind them that once information is online it can’t be taken back. It’s online forever.
Cybersecurity was not something past generations of parents had to worry about when raising their children, but it is a big part of all our lives now. And even though we may not like all that comes with these technologies, they’re here to stay, so it is imperative that we teach our children how to use them responsibly and safely. Let’s give our children the foundation they need to be able to safely and securely engage in today’s connected world.
Special thanks to the Education and Awareness Working Group for providing the content for this newsletter.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-07 Take Small Steps to Secure Your Identity Online
|
July 2022
Take Small Steps to Secure Your Identity Online
|
Monthly Security - Tips Newsletter
|
|
Have you ever taken a tally of every account you’re signed up with? According to a 2021 study done by NordPass, the average person has about 100 passwords and associated accounts (i.e., credentials). Whether or not these accounts are active, we all run the risk of having this information exposed and misused. Given this shocking average, we can take easy steps to ensure our information is protected in cyberspace. While use of multi-factor authentication (MFA) can mitigate the threat of credential misuse by requiring at least two pieces of evidence (e.g., password and code sent to mobile phone) to confirm a user's identity, not all organizations or users have adopted this preferred method of authentication. When MFA is not yet available, the simplest action we can take is to make informed choices when creating passwords, including what mode of protection we apply to them. Because there’s no rest for the wicked, cybercriminals are constantly finding new ways to circumvent what were previously thought to be secure online environments.
Why you should be using a password manager: A secure way to store your passwords is to use an electronic password manager that allows the use of multi-factor-authentication. Not only can a password manager generate strong passwords, but it can also hide them from view. Many password managers will only allow you to view your passwords via multi-factor authentication. The password manager also generates completely unique and long passwords without you having to come up with one on your own, and it stores each unique password for future use. Computers are much better at randomizing characters than humans, so you can rest easy knowing you aren’t inadvertently re-using character patterns – which is a big password no-no. Those previously mentioned 100 passwords likely won’t be learned by heart, and that’s okay, as your password manager has your back! Below are forms of multi-factor-authentication that can be utilized with a password manager to add that extra layer of protection:
- Voice call: Exactly what it sounds like – you can opt in to receive verification calls from many password managers to confirm your identity.
- Biometrics: This is a technology that uses fingerprint or facial recognition software.
- Push: You can download corresponding apps on your phone or laptop that will trigger a notification to click on and verify identity.
- Hardware token: This is a small device that is either connected to or separate from your password manager. It generates a randomized code.
- Email: You receive an email as a form of identity confirmation.
- SMS: Similar to a push notification, you receive a text message to verify identity.
We all have a lot to worry about these days, but taking a small amount of time to research and activate a password manager can help us avoid at least one type of online vulnerability. You don’t have to do much to become cyber-savvy either, as having and using the right tools is sometimes all you need.
Special thanks to Emma Kipniss, Education and Awareness Working Group Chair, for providing the content for this newsletter.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-06 Cyber-Safe Travel
|
June 2022
Cyber-Safe Travel
|
Monthly Security - Tips Newsletter
|
|
Summer is a popular time to travel whether it be for a relaxing overnight trip or a week away exploring a new destination. You are likely taking along that smartphone or other device to assist with getting directions, locating or identifying points of interest, and capturing that special photo. Practicing good cyber hygiene before, during, and after your trip will help secure your devices and allow you to connect with confidence when you’re away from home.
Quick note if you are traveling with business equipment: It’s best that you leave your work devices behind; however, if you can’t leave home without them, ensure that you are following your organization’s policies and procedures for protecting the devices and the information they contain while traveling.
Before You Travel
Update your devices. Updating devices will fix security flaws and help keep you protected. Whether it’s your computer, smartphone, or gaming device, be sure to update your operating system, applications, antivirus and malware software, and the like. If you haven’t already turned on automatic updates, now is a good time to consider doing so.
Back up your devices. Back up information such as contacts, financial data, photos, videos, and other data in case a device is compromised during travel and you have to reset it to factory settings.
Lock your device. Make sure to lock your device when you are not using it. Set your devices to lock after a period of time and use strong PINs and passwords.
Enable multi-factor authentication (MFA). Add an extra layer of protection so that the only person who has access to your account is you. For more information on MFA, see https://www.cisa.gov/mfa.
During Your Travel
Guard your devices. Your devices are valuable, but your sensitive information is, as well. Always keep your devices close at hand and secure in taxis, security checkpoints, airplanes, rentals homes, and hotel rooms.
Securely recharge. Never plug your phone into a USB public charging station, such as those in the airport or in hotel room lamp and clock radio inputs, as these cannot be trusted. Malicious individuals can hijack your session or install malware on your device through those seemingly-harmless means. Always connect using your own power adapter connected to a power outlet.
Delete data from your rental car. If you connect your phone to a rental car for navigation or other purpose, be sure to securely remove the device so that other individuals do not have access to your address book, device name, text messages (hands-free calling), or other sensitive information.
Avoid public Wi-Fi. While public networks are convenient, they are a security risk. Avoid connecting to public Wi-Fi unless absolutely necessary. Instead, consider using your phone carrier’s internet connection or use your phone as a personal hotspot if your plan allows.
If you do need to connect to public Wi-Fi, verify with the establishment the name of the network and use a virtual private network (VPN), software which will encrypt your internet traffic and prevent others from stealing your data. Verifying the network name is important. Oftentimes, malicious individuals create similar connection points with a slight misspelling, hoping you will instead connect to their network.
Turn off auto-connect. While auto-connect is enabled, devices will seek out and connect to available networks or Bluetooth devices. This could allow cyber criminals to access your device without you knowing it. Disable auto-connect, Bluetooth connectivity, and near-field communication (NFC) like airdrop so that you can select the network and control the connection.
Limit what you share. Limit the information you share on social media while on vacation and consider posting updates about your trip after you return. Revealing too much information while away can put you and others at risk. Criminals can gain useful information from such posts like knowing you are away from your home. Scammers may even attempt to contact your family and friends with a variety of scam tactics. Additionally, consider setting your social media accounts to only allow friends to view your posts.
Avoid the use of public computers. Public computers such as hotel business centers and internet cafes are often poorly managed and provide minimal security protection for users. If you must use a public computer, do not enter any username or password on the computer and do not connect or transfer data via thumb drive/USB.
When You Return Home
Shred your boarding pass and luggage tag. Scannable codes on boarding passes and luggage tags include full name, date of birth, and passenger name record. These can also contain sensitive data from your airline record like passport number, phone number, email address, and other information that you wouldn’t want to share publicly. For this same reason, never post boarding passes on social media.
Scan for virus and malware. It’s best to update your security software when you return home and scan for viruses and malware to be sure your device has not been compromised while you were away.
Conclusion and Resources
Knowing these helpful tips will aid in cyber-safe travel, allowing time to relax and enjoy your time away. For more information, see the additional resources below.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-05 Winning Posters for 2022
|
May 2022
Winning Posters for 2022
|
Monthly Security - Tips Newsletter
|
|
from the desk of Karen Sorady, VP MS-ISAC Member Engagement
We at the MS-ISAC are overjoyed to announce this year’s winning Kids Safe Online poster designs! Each October during Cyber Security Awareness Month, K-12 students across the country focus their creative genius on inventing artwork that teaches us about internet safety and security. As with past years, we received many wonderful pieces, and of those, 13 will grace the pages of our next Kids Safe Online Activity Book. MS-ISAC members nationwide use our posters to spread cybersecurity awareness and inform their employees about cyber threats.
A Look at the Winning Posters
“Wherever you go, your digital footprint follows.” — Madelyn, 8th Grade, New York
Madelyn, an 8th grader from New York, created this stunning design that reminds us to watch our digital footprint. Every text we send, every message we keep, and every file we download can carry dangers with it if we’re not careful. Sometimes, it takes a child to remind us that once we click “send,” it’s too late. In the digital world, it’s impossible to take things back, and any post we make could be misused.
“Don’t Give Out Personal Info Online” — Maylin, 12th Grade, New York
Maylin, a 12th grader, submitted an amazing piece of art meant to teach us a lesson about leaving our personal information exposed online. Even details that might seem inconsequential by themselves could be pieced together by a malicious actor. For this reason, it’s important to lock down our social media accounts with smart privacy settings and keep a close eye on what we allow the whole world to see.
“Do Not Fall for Internet Scams” — Megan, 9th Grade, New York
Megan, a student in 9th grade, provided useful info in an entertaining format. Takeaways include avoiding malware disguised as games or music and dodging internet scams. The adage that “if it sounds too good to be true, it probably is” applies in the virtual world. When we accept a friend request or chat with someone online, we let them into our circle of trust, and that can be a risky proposition.
“Choosing a Strong Password” — Leila, 3rd Grade, Virginia
Our last winning poster design comes from Leila, a 3rd grader in Virginia, with three steps to better password security. While we all hope for a beautiful, password-less future, in the present, they still constitute the keys to our various kingdoms. Along with other tips, Leila tells us to choose passphrases – something longer than just a single word – which is good advice to help us ward off brute-force attacks.
Cybersecurity as a Life Skill
Today’s kids have grown up with amazing tech that, if used responsibly, can greatly enhance their lives. No other generation has had so much information at their fingertips just a click away. Of course, there are tradeoffs in an always-connected reality. That’s why cybersecurity is not just a career field but also a life skill. The good news is that there are plenty of opportunities for students interested in learning about security, including great summer options, so these white hats-in-training can practice their art year-round.
Resources for K-12 Cybersecurity Learners:
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-04 Cyber Clean for Spring
|
Apr 2022
Cyber Clean for Spring
|
Monthly Security - Tips Newsletter
|
|
For two years, you’ve accumulated digital clutter and technical debt at a rate previously considered impossible, at least pre-pandemic. The good news is that spring has sprung, and spring is the time when we all agree to pretend we enjoy cleaning. We power through, at least until there’s a clear path from our WFH desk to the fridge. And we feel a little better when we see the results. In that same spirit, let’s take a moment to clear a virtual path and shore up our digital defenses because winter is always around the corner.
Delete with a vengeance. Be brutal. Be the digital minimalist Marie Kondo would envy. Uninstall apps you don’t use, both on your phones and your computers. Delete files you no longer need. Wipe and securely dispose of electronic media and hard copies. Do you really need to keep those laserdiscs and floppies? Everything we retain has a chance of being lost or stolen. Every item carries a liability and weighs us down.
Reduce your attack surface. Removing unused software makes a dent. It also makes it easier for you to keep everything up to date (and you need to keep everything up to date). Now, let’s shift our focus to your accounts. Haven’t used a website in a year? Don’t just leave your account idle and your login credentials unnecessarily exposed. Close your account. Need help finding targets? Check your spam folder for all those privacy policy updates and Christmas in July promotions. Attackers can’t compromise accounts that don’t exist.
Review your records. Take a good look at your bank statements. This is the 21st century. There’s no need to shuffle through paper records if you don’t want to. Just pull out your phone and scroll. Hunt down the source of anything suspicious, and then do yourself the favor of identifying recurring services you can cancel to save some money too. For IT geeks, when’s the last time you’ve read through your systems’ logs? The concept is the same. Give ledgers and logs some love, and tidy-up things you find.
For the sake of all that is nerdy, turn on MFA! Look, we’re going to set the cleaning metaphor aside for a second because this is important. Multi-factor Authentication (MFA) is the annoyingly beneficial feature that prompts you for a single-use code when you login. App-based is best, but text-based is better than nothing. Enable it everywhere you can. Demand it everywhere you can’t. Your password will be stolen or guessed; that’s a given. When that happens, MFA might be the thing that saves you.
Let your bad passwords enjoy their retirement. It’s time. Sure, ‘badger95’ has served you well since high school, but it’s time for you to thank it and send it on its way. Any password you use for more than one service needs to go. Ditto for any password shorter than eight characters. Use a unique password for every site. And use long passwords. If you need to remember it, use a phrase instead of a word. Better yet, use a password manager and let it invent and remember strong passwords for you.
Google yourself and censor your social media. PR is not just for celebrities. Do a search to see what others find when they look you up. Click into the privacy section of your accounts on Facebook, Twitter, Instagram, Snapchat, and other apps. Turn off anything that feels creepy. Want to achieve real enlightenment? Try the “download my data” feature to see just what tech companies know about you. Oh, and keep calm.
E-liminate your e-waste. Everything eventually falls apart. Or it grows obsolete. If you’re stepping over piles of iMacs and Blackberrys, you know the pain. Stop procrastinating. Is there a school or shelter nearby that could benefit from a donation? Look into trade-in programs your vendors offer when you upgrade. Find a local electronics recycler. The dumpster should be your last resort. And don’t forget to wipe and, if needed, physically obliterate your storage devices like hard drives. A good recycler will even handle that for you and give you a certificate of destruction. Remember, NIST SP 800-88 R1 is your friend. Don’t know where to go to get rid of your old electronics? Here you can locate a recycling facility in your area.
Purge but verify. As we lay waste to our waste, a reasonable person could be forgiven for lying awake at night, wondering whether they’ve trashed something they’ll actually need. You’re right to worry. The antidote is backups. But backups are useless. Or at least they’re useless if they aren’t tested. Backing up is easy. Ensuring restores will work and include everything you need is tough. Backups are likewise worthless if you can’t get to them in an emergency or if they’re not isolated and ransomware encrypts them. Do backups, test restores, and practice your recovery procedures so that your first attempt will happen during calm, daylight hours and not at 2 a.m. in the midst of a real-world disaster.
Finally, be ruthless. Getting your analog and digital lives in order does more than improve your state of mind. It pushes back against the creeping fallout from our hectic daily routines. It eliminates dangers we might otherwise miss, dangers that can lead to compromise. Breaches are seldom the result of a single vulnerability. They arise from cascading failures. They represent a fallen house of cards. Get your house in order. Refuse to abide a mess. Protect yourself and your organization so you can rest easy!
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-03 Do not Bust Your Bracket: Online Gambling Safety
|
Mar 2022
Don't Bust Your Bracket: Online Gambling Safety
|
Monthly Security - Tips Newsletter
|
|
With the NBA and NHL Finals and, of course, March Madness fast approaching, spring is a busy time for sports fans and people that like to gamble. Betting on sporting events can bring excitement–the possibility of financial reward and loss–and cybersecurity risks.
At first you might think to yourself, what does cybersecurity have to do with online sports betting? Due to the recent popularity of online betting, especially during the pandemic, online gambling sites have become a hot target for bad actors. This is because these sites collect and manage large amounts of financial and personal information. This means online gambling companies need to have many layers of defenses to protect themselves. Even with all these layers of defense, cyber threats are an ever-present risk to the industry and the millions of people accessing these sites every year.
According to a recent article from The Wall Street Journal, gambling during the Super Bowl this year reached record highs. It stands to reason that this increase in online betting will continue during the upcoming playoff season. Online betting is dependent on allowing users to easily access their sites, set up profiles, place bets, and more. However, ease of use and access should not supersede the need to protect users and their data.
With any seasonal, popular, or hot topic in the news, sporting events have become a prime target for spammers and bad actors. It might be sharing insider information on injuries, the latest upset, or a new deal, bad actors will leverage any headline that might be considered popular to get users to click on a link or open a document. Untrustworthy sites will even mimic popular sporting and betting sites to get people to click on a link and share their personal and financial information.
So, what can you do to protect yourself? Here are some helpful tips:
- Only use trustworthy online gambling sites that have good cybersecurity and privacy practices, such as enforcing strong passwords, multi-factor authentication, and more
- Only go to known and trustworthy news sites
- Use strong and unique passwords
- Review the privacy terms of online gambling sites before using them
- Watch out for phishing emails and spam
- If you’re using an app, make sure you have installed the latest software updates
- Keep your devices and firewalls up to date with antivirus and advanced threat protections
- Set up monitoring and alerts on your banking accounts
- Educate yourself, your organization, family, and loved ones on the cyber risks
- Set up internet filters to block traffic to online gambling sites
- Sporting events are exciting, and many feel that betting on the events heightens the experience. But don’t let your thrill of the game or the win cause you to lose—to a cyber incident.
If you or someone you know is struggling with a gambling addiction, please reach out to the National Problem Gambling Helpline for help.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-02 Fraud Alert Beware of Common Tax Scams
|
Feb 2022
Fraud Alert Beware of Common Tax Scams
|
Monthly Security - Tips Newsletter
|
|
Tax season is upon us, a time of year when the scammers go into overdrive. Be extra careful while online, and avoid activities that could put your identity and finances at risk. It doesn’t matter whether you owe money to the IRS or are expecting a refund, as the scammers will target you regardless of your situation.
Let’s explore some common tax scams, warning signs that you may be victim, and steps you can take to protect yourself, your identity, and your finances.
Common Tax Scams
Cyber criminals use the same tried-and-true methods for tax scams as they do with other targeted attacks.
- Phishing: This tactic involves using email or malicious websites to infect your device or trick you into disclosing your information. Phishing emails may appear to come from real financial institutions, e-commerce sites, charitable organizations, or even government agencies such as the IRS.
- Phone Calls: This tactic involves making phone calls or leaving voicemails of an urgent or threatening nature. In the case of tax scams, the calls may advise you of a refund you are owed or demand that you settle an outstanding payment for back taxes. Caller ID spoofing may be used, making it appear like the person calling is from the IRS.
Scammers using these tactics generally attempt to create a sense of urgency, or have a good story that would tend to compel you to disclose personal information such as such as your date of birth, social security number, driver’s license number, or even usernames and passwords to your accounts. Watch out for these common scams:
- Refund Calculation Scam: “The IRS recalculated your refund. Congratulations, we found an error in the original calculation of your tax return and owe you additional money. Please verify your account information so we can make a deposit.”
- Stimulus Payment Scam: “Our records show that you have not claimed your COVID-19 stimulus payment. Please provide us with your information so we can send it to you.”
- Verification Scam: “We need to verify your W-2 and other personal information. Please take pictures of your driver’s license, documents, and forms and send them to us.”
- Gift Card Scam: “You owe us back taxes and may be charged with a federal crime. You must pay a penalty to avoid being prosecuted. Purchase these gift cards and send them to us and we will wipe your record clean.”
- Fake Charity Scam: Scammers pose as a legitimate charity, often with a similar name as a real charity, to trick you into donating money to their own cause–filling their pockets.
- Fake Tax Preparers: Watch out for tax preparers that refuse to sign the returns they prepare. If they gain access to your information, they may file fraudulent tax returns redirecting your refund or attempt to access your bank accounts.
Warning Signs
Hopefully you have avoided the common tax scams, but the cyber criminals may have other methods of obtaining your information, such as data breaches of companies you do business with. Watch out for these warning signs that you may already be a victim.
- You attempt to file a tax return, either online or by mail, but are informed by the IRS or your state that they have already received one.
- You are informed by the IRS that an account has been registered in your name at IRS.gov even though you have never created one.
- You receive a transcript from the IRS that you did not request
How to Protect Yourself
- Identity Theft Resources
- If you believe you have become a victim of Identity Theft, visit IdentityTheft.gov to report it and create a recovery plan.
- For specific information and resources for tax-related identity theft, visit the Identity Theft Central web page on the IRS web site.
- E-mail and Internet Security Best Practices
- Never use public Wi-Fi to file your taxes or conduct other business such as online banking. Only connect to networks that you trust.
- Remember that IRS.gov is the only genuine website for the Internal Revenue Service. All Internet and email communications between you and the IRS would be through this site.
- Never send sensitive information via email. If you receive an email from an unknown source or one that seems suspicious, do not reply.
- Report tax-related phishing emails to Phishing@IRS.gov. Visit Tax Scams - How to Report Them on the IRS web site for additional information.
- IRS Representatives – Know How They Operate
- The first point of contact by the IRS is typically via postal mail. The IRS will not contact you via email, text messaging, or your social network, nor does it advertise on websites.
- IRS representatives always carry two forms of official credentials, and you can confirm their identity by calling a dedicated IRS telephone number for verification.
- The IRS does not accept payments by gift cards.
- Review How to know it’s really the IRS calling or knocking on your door on the IRS web site for additional information.
- Donating to Charities
- Only donate to charitable organizations that you trust. Beware of charities that require you to give or send cash.
- Verify charitable organizations using the Tax-Exempt Organization Search web page on the IRS web site.
- Using Tax Preparers
- Beware of tax preparers that only accept cash payments or offer to claim fake deductions to inflate your tax refund.
- Only use a preparer that can provide you with their Tax Preparer Identification. You can verify your tax preparer through the Directory of Federal Tax Return Preparers with Credentials and Select Qualifications on the IRS web site.
- Visit Topic No. 254 How to Choose a Tax Return Preparer for best practices on selecting your tax preparer.
- Secure Your Identity
- Get An Identity Protection PIN (IP PIN) from the IRS to prevent someone else from filing a tax return in your name.
- Check with your state to see if they offer a similar program to file your state taxes.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2022-01 New Year, New Privacy Settings
|
Jan 2022
New Year, New Privacy Settings
|
Monthly Security - Tips Newsletter
|
|
While January 28, 2022 marks the 15th annual Data Privacy Day, each of us faces privacy concerns on a daily basis. If our private information becomes public, it can affect our credit ratings, employment options, and even our safety.
In this month’s cybersecurity tips newsletter, we’ll focus on steps you can take to maintain privacy on social media. If you’re one of the lucky few who can live your life unplugged from Facebook, TikTok, and the like, you’re in the clear. If you find yourself among the majority of us who either want or need to engage with others via social media, then here are some tips and tricks to stay safe and secure.
1. Protect Your Accounts
Social media accounts are under constant attack by cybercriminals. Your account can give a scammer a good way to infect your friends with messages that come from a trusted source (i.e., you). There are three simple steps you can take that will thwart most attacks:
- Use long, unique passphrases: Criminals get your account details from breaches and malware. If you use the same one everywhere, cybercriminals will have access to all of your accounts. Consider using a passphrase with multiple words, such as DenverIsBeautiful. It’s easy to remember and tougher to crack.
- Use Multi-factor Authentication (MFA): MFA, sometimes called two-factor authentication (2FA) or advanced authentication, makes it almost impossible for someone else to log in to your account, even if they have your password. You trade the minor inconvenience of entering a one-time code for the huge benefit of keeping the baddies out of your stuff. Turn this on everywhere you can!
- Update Everything: Yes, everything. Keep your operating systems current on your computers, phones, apps, and internet-connected devices. Turn-on automatic updates and reboot when prompted. Networks are usually not compromised because of brand new, 0-day vulnerabilities. Instead, they are breached because a patch was never installed for a bug that was fixed months (or years) prior.
2. Reduce Your Attack Surface
- Your attack surface is the sum of all the ways your information can be compromised. Every account with your personal data or app with a security flaw adds to it. You can reduce your potential vulnerability by deleting online accounts you no longer use and uninstalling apps you no longer need so they can’t be used against you. With fewer things to manage and update, you can focus on protecting what is actually important.
3. Tweak Your Privacy Settings
- All major services offer privacy settings to limit what you share publicly. It may take a bit of exploration to find them, but you can use these tools to control your exposure. Pay special attention to location settings, permissions for facial recognition, who can tag you, and who can see your posts. Also, check the details you publish such as your hometown, birthday, family members, and where you work. Consider removing all of them.
- If it’s allowed by the service you use, you can go a step further by not using real information, such as your full name or actual date of birth. Don’t forget to check who can find you by your phone number and remember to also change your vanity name or username so it won’t give you away.
4. Don't Let Your Photos Betray You
- The photographs you upload to social media or share elsewhere online can expose your face, your address, the valuables you keep at home, the car you drive, and more. Keep this in mind before you post an image that might tell a stranger things you’d rather keep to yourself. Avoid sharing anything with your house number, license plate, or documents in view. For your kid’s safety, watch what they share online as well.
- Photos uploaded to major social media sites are scrubbed so that the metadata – hidden details that live within a picture or video file – are removed. Not all services protect you in the same way, and these metadata are always present when you email a file. Unless you disable the feature, your camera app is probably set to store your location which makes it easy for a criminal to see the exact latitude and longitude where a photo or movie was taken.
Would You Like to Know More?
These links will lead you to more resources to help protect your privacy:
Conclusion
While it’s almost impossible to remain anonymous in 2022, there’s no reason to make it easier for criminals to take advantage of you. Information you share online, even if it’s restricted today, may go viral tomorrow. The best way to protect yourself is to avoid posting anything you wouldn’t want your grandmother to read in your local paper. You can’t regret a photo you never take.
- Once you upload a picture or write an angry tweet, you lose control of it, and anyone with a screenshot can continue to spread it long after you press the delete button. Search for yourself online every now and again to see what others will find when they look for you. Opt-out of any websites that share your personal details. Invest some time to ensure that a would-be attacker will be frustrated and move on to easier prey.
- Perfect privacy is impossible, but by being careful you can stack the odds in your favor. Stay safe, take care, and have a secure and Happy (Cyber) New Year!
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-12 Beware of Uninvited Holiday Guests (On your Network)
|
Dec 2021
Beware of Uninvited Holiday Guests (On your Network)
|
Monthly Security - Tips Newsletter
|
|
Whether you are finishing your holiday shopping or celebrating early, this is the time when you will likely be adding new devices to your home. While you may be taking a holiday vacation, hackers don’t rest and are eagerly waiting for you to plug in your new devices so they can gain control.
This holiday season, stay one step ahead by securing your network and devices before cyber criminals get their chance.
1. Secure your Home Network
With a few configuration changes you can greatly enhance the security of your home network. If you are unsure of how to perform the following steps, please consult the product support documentation for your router.
- Change your router’s password from the default to a secure password. This will prevent others from accessing the router’s configuration, changing settings, and gaining visibility into your network.
- Enable automatic updates and install the latest router firmware. Keeping your router up to date with the latest firmware helps protect it as new vulnerabilities are discovered.
- Enable the router’s firewall. The firewall helps prevent the devices on your network from accessing malicious sites, as well as keeping outsiders on the outside of your network.
- Change the Wireless Network Name (SSID). The default wireless network name is typically the brand of the router, which can provide clues to outsiders as to what you are using and what vulnerabilities exist. Make sure you do not use your name, home address, or other personal information in your new SSID name. For added protection, disable broadcast of the wireless network name.
- Enable Wireless Encryption. Use Wi-Fi Protected Access 3 (WPA3) if supported by your device and choose a strong passphrase to connect devices to your network. When feasible, choose wired connections over wireless for enhanced security.
- Enable a Wireless Guest Network. A security best practice is to segregate network devices. Connect your computers, mobile devices, printers, and other trusted devices on your primary wireless network, while restricting devices such as Smart TVs, Personal Digital Assistants, and your refrigerator to the guest network.
2. Secure your Work-at-Home Devices
Here are tips when working remotely both over the holidays and at any time.
- Keep devices physically secured. Always keep your devices with you and store them in a secure location when not in use. Set an idle timeout such as a password protected screen saver to automatically lock the device when you are not using it.
- Keep devices up to date. Enable automatic updates and install the newest updates for the operating system, antivirus software, and other software when available.
- Secure data. Save your work files, e-mails, and other data to authorized locations in your organization’s network. Do not store your organization’s data in your personal e-mail, cloud storage, or USB devices.
- Use Secure Networks. Never connect your work-at-home devices to untrusted networks such as public Wi-Fi. Instead, use your cell phone connection or a personal mobile hotspot when you are working outside of your home. If using an untrusted network is absolutely required and supported by your organization, use a virtual private network (VPN) to keep your network communications encrypted.
3. Secure your Personal Devices
You may be tempted to plug in your new device and start to use it right away. Be sure to take a few minutes to configure security settings before you get started.
- Change Default Passwords. Some devices are configured with default passwords to simplify setup. If the password is not changed, these passwords are well-known and can give attackers full access to your device. Use strong and unique passwords for all your devices.
- Deactivate features that you don’t need. Many devices are equipped with features such as location services, remote connectivity, Wi-Fi, and bluetooth. Each feature that is turned on is a potential opening for an attacker to access your device and gain control. Only use the features that you need and turn them off when not in use. If you don’t need to connect a device to the internet, keep it offline and out of reach of hackers.
- Update and Patch Regularly. Manufacturers will issue updates as they discover vulnerabilities in their products. Configuring your device to receive automatic updates makes this easier for devices. However, if you need to manually update your device, make sure you are only applying updates directly from the manufacturer, as third-party sites and applications may be unreliable and can result in an infected device.
- Secure Accounts. Some personal devices such as gaming consoles require you to establish an account and maintain a subscription to access services. Pay close attention to the information being collected about you and the data that is visible to others. For gaming accounts, the default option may be to share the games that you play, when you are online, the number of hours played, and your contacts list to anyone who is subscribed to the same service. Change your privacy settings to only share data with people that you trust.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-11 Stress Less This Holiday Season With These 10 Shopping Tips
|
Nov 2021
Stress Less This Holiday Season With These 10 Shopping Tips
|
Monthly Security - Tips Newsletter
|
|
It is that time of year again, festivities, family gatherings and holiday shopping! Many consumers will avoid brick and mortar stores and choose to shop online instead. As such, it is important to remain vigilant and be aware of the cyber risks while online shopping. While legitimate businesses are after your money, so are cybercriminals. When it comes to holiday shopping, you should be wary of online criminals. The following 10 cybersecurity tips will make your online shopping experience less risky, not to mention keep you in the spirit of the season and safer from those on the “naughty list”.
1. Do Not use Public Wi-Fi for Shopping Activity
Public Wi-Fi networks can be very dangerous. While they may be convenient to use, they are not usually secure and can potentially grant hackers access to your personal information. Never log in to banking/financial sites or any site where the transaction involves sensitive personal data while logged into a public Wi-Fi network. If you do use public Wi-Fi networks, make sure that you are using a trusted network, that you do not allow it to connect automatically, and that you are completely logged out of it before logging into any site for transactions involving sensitive personal data. Please consider that it may be in your best interests to avoid public Wi-Fi networks altogether.
2. Make Sure eCommerce Shopping Sites are Legitimate and Secure
Shop at well-known retailers that you trust and where you have previously done business. Before entering your personal or financial information into an online commerce site, you must ensure that the site you are on is legitimate and can be trusted. Verify the site is the one you intended to visit by checking the URL. Also, look for the “lock” symbol in the URL bar and make sure “https” is in the beginning; indicating that encryption is used to protect your data.
3. Know What the Product Should Cost
Deal with legitimate vendors. The adage goes, “if it is too good to be true, then it probably is.” ‘Bait and switch’ or ‘teaser’ scams run rampant during the holiday season! Use a service like ResellerRatings.com; allowing users to review online companies and to share their experiences purchasing from those companies as part of your diligence in protecting your interests.
4. Do Not Use Debit Cards for Payment
When you are shopping online remember that it is best to use credit cards or payment services such as PayPal. Credit cards offer more consumer protections and less liability if your information were to be compromised. Alternatively, because debit cards are linked directly to a bank account, you are at a much greater risk if a criminal were to obtain this information. In a dispute regarding a purchase made with a debit card, you’ll be in a weaker position because the merchant will already have your money and it may take weeks to get it back. With a credit card you’ll have time to dispute a charge before any money is actually paid out.
5. Keep Systems Up-to-Date
Be sure to keep all of your internet accessible devices up-to-date. Most software updates improve security by patching vulnerabilities and preventing new exploitation attempts. This includes updates to your device operating system (OS), installed applications, and to your anti-virus software. This is one of the most important and easiest things you can do to help prevent criminals from exploiting vulnerabilities enabling them to access your information.
6. Think Before You Click
Scammers take advantage of the surge in holiday deals and communication to send out their own viruses and malware. Scams have significantly evolved in quality and can appear as legitimate discounts or reputable special offers. Be careful with messages regarding shipping confirmations and changes. Phishing scams include cleverly crafted messages that look like official shipping notifications. Always use official channels to stay updated. As always, NEVER open an email from someone you do not know, did not expect to receive, or from a site you have not visited.
7. Use Strong and Unique Passwords
Creating strong and unique passwords is still the best security practice for protecting your personal and financial information. Make sure your passwords are sufficiently long and complex utilizing a combination of upper- and lower-case letters, numbers, and special characters. Consider creating a cryptic passphrase that is longer than the typical password, but easy for you to remember and difficult to crack. MOST IMPORTANTLY, do not reuse passwords across multiple sites; especially between work and personal resources.
8. Avoid Saving Your Information While Shopping
Never save usernames, passwords or credit card information in your browser and periodically clear your offline content, cookies, and history. Avoid saving your payment information in your account profile when completing an online transaction. If the site autosaves your payment information, go in after the purchase and delete the stored payment details. Better yet, if the site has the option, check out as “guest” to avoid giving personal/payment information online.
9. Don’t Share More Than is Needed
Be alert to the kinds of information being collected to complete your transaction. If the site is requesting more data than you feel comfortable sharing then cancel the transaction and purchase elsewhere. You should only need to fill out required fields at checkout.
10. Monitor Your Financial Accounts
Even with good cyber hygiene and best practices, you may still find yourself a victim of a cyber scam. Pay close attention to bank and credit card accounts and be sure to monitor your credit report to ensure that there is nothing out of the ordinary.
For more information on holiday shopping safety, visit the following resources.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-10 This October: Commit to Being Cyber-Aware
|
Oct 2021
This October: Commit to Being Cyber-Aware
|
Monthly Security - Tips Newsletter
|
|
In its most recent annual Cost of a Data Breach report, the Ponemon Institute reviewed more than 500 incidents around the world. The results were sobering: the average data breach costs an organization $4.24 million, and takes 287 days to identify and contain.
That’s why Cybersecurity Awareness Month – designated every October for the last 18 years – is an important reminder of just how critical cybersecurity awareness is at all levels of government and across every industry.
The best way to protect your organization and yourself is by being able to recognize potential cyber threats, understand their significance, and sharing that knowledge with others. The weakest link in many cybersecurity programs is people. They make mistakes, it’s bound to happen. But if you can raise your end users’ awareness about cybersecurity across all of the platforms and devices they use, it can drastically reduce the likelihood of a mistake happening. Even more important – when a mistake does happen and you have a strong cybersecurity posture, people recognize it and know how to respond.
This October, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are emphasizing the overarching theme of “Do your part. #BeCyberSmart.” Additionally, four weekly messages, have been established for Cybersecurity Awareness Month 2021.
Week 1: Be Cyber Smart
Knowing and sharing the cybersecurity basics is the foundation for any good awareness program. Knowledge is power, and that power should be shared. To be cyber smart you should assess your posture, implement a defense in depth strategy, ensure strong password and access management practices, patch regularly, and continually educate yourself and others in your organization.
Week 2: Fight the Phish!
Phishing is one of the most common ways that bad actors attack organizations, because it’s an easy and simple way to get in front of users. Fight back by implementing solutions that block phishing emails and educating users to identify those that would otherwise get through your defenses. Users who can quickly identify and report phishing emails can help tip the scales in your favor. The more people you have fighting phishing attacks, the stronger your organization’s cybersecurity posture will be. Learn more about how to prevent email compromise here.
Week 3: Explore. Experience. Share
The third week of October is Cybersecurity Career Awareness Week! The world of cybersecurity and the threat landscape is ever-changing, and that presents outstanding career opportunities for people who want to apply their skills and passion to this growing area. Week 3 is all about inspiring and promoting awareness and encouraging people to explore careers in cybersecurity by calling attention to the contributions they can make to our society and our economy in doing so.
The National Initiative for Cybersecurity Education (NICE) has put together some resources to help you learn more about career paths in cybersecurity.
Week 4: Cybersecurity First
Being online and connected is part of our everyday lives – from work, to shopping, to entertainment. So we also need to make sure cybersecurity is at the forefront of our minds every day. If you’re sharing information online, you should take a couple of seconds to validate that the receiver is a trusted source and is applying cyber best practices. Likewise, if you’re receiving information, you should make sure you’re doing everything possible to protect it from bad actors. Cybersecurity should be the first and last thing we consider when interacting with the digital environment.
These messages should be shared at all levels. We encourage you to take these Cybersecurity Awareness Month themes and develop short, but impactful weekly communications to everyone in your organization. Then post them on social media and other platforms to play your part in spreading the word. The more people we can encourage to be #BeCyberSmart, the more connected, informed, and protected our communities will be.
If you or your organization is interested in taking an active role in Cybersecurity Awareness Month, download CISA’s Cybersecurity Awareness Month 2021 Toolkit. It provides valuable messaging, articles, social media graphics, and other resources for promoting and modeling this important initiative. We at the MS-ISAC have developed social media templates that we encourage you to share to help promote the campaign and our goal to create an elevated level of cybersecurity posture across the United States.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
2021-09 Hack the Human: End-User Training and Tips to Combat Social Engineering
|
Sept 2021
Hack the Human: End-User Training and Tips to Combat Social Engineering
|
Monthly Security - Tips Newsletter
|
|
We like to think we can trust our co-workers to do the right thing. Unfortunately, this is not always the case. Some people become insider threats; that is, they use their authorized access to systems to harm their organization. For example, someone may sell information from a database to a third party.
There are three types of insider threats:
- Unintentional –This person does not intend to cause a threat, but they do so through carelessness. They may misplace their laptop or flash drive, fail to update software, or ignore instructions when setting up software or cloud storage. Their attention to detail may be poor and they can make mistakes that damage the organization, such as causing a breach by emailing data to the wrong person.
- Intentional –This person intends to harm their organization and is often called a “malicious insider.” They may be in it for financial gain, to get revenge for some perceived slight, or for some other motivation. They may leak information to third parties for money or political beliefs, steal information to advance a side business, or destroy data to sabotage the organization.
- Collusive or Third-party – Collusive threats occur when an insider collaborates with an outsider to compromise an organization. The outsider may recruit an insider to obtain information to commit fraud, intellectual property theft, espionage, or some other crime. Some insiders may be manipulated into becoming a threat and may not recognize that what they are doing is harmful. Third-party threats occur when the insider works for a contractor or vendor who has access to the organization’s network or facilities.
Some of the indicators of an intentional insider threat include:
- Life changes, such as financial, relationship, family, or work problems.
- Behavioral changes, such as signs of depression, anger, or possible drug or alcohol addiction. However, a colleague who seeks help is showing good judgment.
- Changes in work habits such as working through lunch, accessing or asking questions about information or systems not part of the scope of the colleague’s employment, or a disregard for security policies and practices.
Many unintentional insiders are:
- Poorly trained in cyber hygiene, either because the organization does not train staff or because they do not pay attention.
- Disorganized; loses laptops or flash drives.
- Unfamiliar with technology or thinks they know more than they do and do not follow instructions when installing new software or setting up cloud storage.
We all make mistakes, but many unintentional insiders simply do not pay attention to what they are doing. The lack of attention to detail puts their organization at risk for breaches and malware.
To reduce the likelihood of an insider threat, organizations should develop a comprehensive program that includes knowing the people within the organization, identifying the assets and prioritizing the risks, and establishing the proven operational approach of detect and identify – assess – manage. Organizations should take extra steps to vet third party service providers to ensure they can access only necessary systems and areas of the building.
The Cybersecurity and Infrastructure Security Agency (CISA) has more information about insider threat mitigation at https://www.cisa.gov/insider-threat-mitigation.
|
|
|
|
|
|
The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.
|
Identifying and Preventing Elder Abuse
- What is Elder Abuse?
Elder abuse is a willful act or a failure to act that creates or causes a risk of harm to an older adult. An older adult is considered to be someone age 60 or older. The abuse occurs at the hands of a family member, a caregiver, or a person the elder trusts. Common types of elder abuse include:
- Physical abuse occurs when an elderly person encounters illness, pain, injury, functional impairment, distress, or death as a result of the willful use of physical force and may include actions such as kicking, hitting, pushing, slapping, or burning.
- Sexual abuse is the unwanted or forced sexual interaction of any kind with an older adult. This could include unwanted sexual contact or non-contact actions such as sexual harassment.
- Psychological or Emotional abuse refers to verbal or nonverbal behaviors that inflict anguish, mental pain, fear, or distress on an older adult. Examples may include humiliation and/or disrespect, verbal and non-verbal threats, harassment, and isolation (geographic or interpersonal).
- Neglect is a failure to meet an older adult’s basic needs. These needs may include food, water, clothing, shelter, hygiene, and essential medical care.
- Financial Abuse is the unauthorized, improper, or illegal use of an older adult’s money, assets, benefits, property, or belongings for the explicit benefit of someone other than
the elderly adult. Common financial abuse scenarios include:
- Misappropriation of income or assets
- Improper or fraudulent use of the power of attorney or fiduciary authority
- Obtain money or property by undue influence
- Scams
- How big is the problem?
Elder abuse is a serious problem in the United States. The number of cases is underestimated as the number of nonfatal injuries is limited to older adults who
are treated in emergency departments. The information doesn’t include those treated by other providers or those that do not need or do not seek treatment. Additionally, because elders are afraid or
unable to tell police, friends, or family about the violence, many cases aren't reported. Victims need to decide whether to tell someone they are being hurt or continue to be abused by someone they depend upon
or care for deeply.
Elder abuse is common. Approximately 1 in 10 people aged 60 and over who live at home experienced abuse, including exploitation and neglect. In the years 2002 through 2016,
more than 643,000 older adults were treated in the emergency department for nonfatal assaults and over 19,000 homicides occurred.
Financial abuse is hard-to-detect and is becoming a widespread issue. Financial neglect occurs when an older adult’s financial responsibilities such as paying rent or mortgage, medical expenses or
insurance, utility bills, or property taxes, are ignored, and the person’s bills are not paid. Even strangers can steal financial information using the telephone, internet, or email. Be careful about sharing any financial information
over the phone or online.
- How can elder abuse be prevented?
There are many factors that may increase or decrease the risk of inflicting and/or experiencing elder abuse. To prevent elder abuse, we must observe and correct the factors that put people at risk for or protect them from violence.
- Observe signs of insufficient care or unpaid bills despite adequate financial resources.
- Learn how signs of elder abuse are different from the normal aging process.
- Listen to older adults and their caregivers to understand challenges and provide support.
- Learn how to recognize and report elder abuse
- Provide stressed caregivers with support from family and friends, day care programs, and counseling.
- How can you avoid becoming a victim of financial abuse?
- Use direct deposit for all checks. Sign your own checks and do not sign a "blank check" for anyone.
- Have a trusted third person review your bank statement if someone helps you manage your finances. Put all financial instructions in writing and be specific.
- Establish a banking relationship with the staff at your bank.
- Execute a power of attorney with a trusted friend, relative, or attorney. The definition of this may be as limited or as broad as you wish.
- Do not sign over money or property to anyone in return for care, including family and friends.
- Keep all important documents together. This includes wills/trusts, insurance policies, and bank account information. Be sure to let someone know where these documents are kept.
- Never give out credit card numbers over the phone unless you placed the call. Never give out your Social Security Number or bank account number over the phone.
- If something seems "to good to be true," it is probably a scam. This includes being told you won a prize for a drawing you did not enter or that someone will get you 100 percent return on an investment.
- How can elder abuse be reported?
To report elder abuse and to learn more, please follow the links below.
Security Basics
Online Security
Computer Safety
Business Protection
Identity Theft
Privacy Policy
Cyber Tips Newsletters
Elder Abuse