What should I do after a breach is announced?
Use the tips below to properly secure your online credentials and avoid future impact from this breach, as well as any other major data breach event:
Password Security Tips:
1. Change your passwords immediately, especially online banking portals and email accounts.
2. Do NOT use the same login credentials for multiple accounts. Having the same passwords makes it much easier for hackers to legitimately access your accounts – even if they were not directly affected by a breach.
3. Create unique passwords, keep them secure, and don’t share them. Password tools like password managers and generators are widely available, and they can be used for both personal and work-related accounts.
Online Resources & Tools:
1. Have I Been Pwned? (https://haveibeenpwned.com): Use this online resource to see if your usernames/email addresses were impacted by a major data breach.
2. Password Strength Test (https://www.fightingidentitycrimes.com/secure-password/):
Use this online resource to see how long it would take hackers to crack your passwords, and get tips on how to improve them.
Protect Yourself from Tax Scams
For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe consumers into giving out their personal information.
Common email scams to be aware of this tax season:
• Email Says you are Owed a Refund – The requests are typically for you to send your bank account number to where the refund may be deposited.
• Email Contains Exciting Offers – Refunds or specials are offered for participating in an “IRS Survey.” This is a fake survey used to acquire the consumer’s personal information.
• Email Threatens the User – Fines or jail time are threatened if immediate payment isn’t made.
• Email Includes a “Helpful” Downloadable Document – New changes in the tax law or tax calculators try to entice users to download a potentially malicious file.
Avoid being a Tax-Scam Victim:
• Do not respond to emails appearing to be from the IRS – The IRS does not initiate taxpayer communications through email or social media to request personal information.
• Do not respond to unsolicited emails and do not provide sensitive information via email.
• Carefully select the tax sites you visit.
• Secure your computer.
Tips for Shopping Online Securely
• Conduct research: When using a new website for purchases, read reviews and see if other consumers have had a positive or negative experience with the site.
• When in doubt, throw it out: Links in emails, posts and texts are often how cybercriminals try to steal your information or infect your devices.
• Personal information is like money: value it and protect it: When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember, you only need to fill out required fields at checkout.
• Use safe payment options: Credit cards are generally the safest option because they allow buyers to seek a credit from the issuer if the product isn’t delivered or isn’t what was ordered.
• Don’t be disappointed: Read return policies and other website information so you know what to expect if the purchase doesn’t go as planned.
• Protect your $$: When shopping, check to be sure the site is security enabled. Look for web addresses with https:// indicating extra measures to help secure your information.
Reducing Risk Using Public Wi-Fi
Public Wi-Fi networks can be found almost anywhere making it easy to connect to the internet wherever you are. Although convenient, they are not always secure, potentially exposing you to online risks and presenting cybercriminals with an opportunity to steal sensitive information.
• Think Before You Connect – Before you connect to a public wireless connection, confirm with the appropriate staff that the network is legitimate.
• Use Your Mobile Network Connection – Your wireless hot spot is generally more secure than the public wireless network.
• Avoid Conducting Sensitive Activities – Avoid online shopping, banking, or inputting sensitive data while using the public Wi-Fi.
• Keep Software Up-to-Date – Install updates for your apps and your device’s operating system to keep cybercriminals from taking advantage of known vulnerabilities.
• Use Strong Passwords – Use different passwords for different accounts and devices and do not allow your device to remember your passwords.
• Disable Auto-Connect Features and Always Log Out – Turn off features that automatically connect your device to an available Wi-Fi network and be sure to log out when finished browsing the internet.
• Ensure Your Websites are Encrypted – When entering personal information over the Internet, make sure the website is encrypted. Look for https:// on every page, not just the login page. You can add an “s” after http:// and force the website to display the encrypted version.
The Three "Be" Rules of Cyber Security
Almost any company can be vulnerable to a range of cyber attacks. A company manager or network security professional needs to know about the various types of digital threats and how to limit vulnerability.
There are some attacks that every employee should know about. The most common attacks use a method called “phishing,” or a variant that specifically targets one potential victim, called “spear-phishing.” These typically take the form of email messages that appear to be sent by coworkers or supervisors asking for sensitive information.
The best defenses against these types of attacks involve skepticism and vigilance. Attackers can be very clever and persistent: If just one person has one weak moment and clicks on one malicious link, an entire network can be compromised.
Most companies go to great lengths to protect their physical assets and personnel. But many do not take similar precautions with their digital information. A key computer may be kept disconnected from the internet, but if it accepts flash drives or rewritable CDs, or if its password is easy to guess, the information is just as vulnerable.
Without proper preparation, even large companies can find themselves unprepared for cyber attacks. When Sony was hacked in 2011, it did not have an executive focused solely on information security. But hiring someone did not prevent another hack in 2014.
Planning ahead is vital, instead of just being reactive. The National Institute for Standards and Technology Cyber Security Framework lists five main functions of cyber security efforts: Identify vulnerabilities, protect against attacks, detect anyone who gets through, respond to the attack quickly and recover after the attack has been stopped.
There’s no way to avoid being the target of a cyber attack, but that doesn’t mean becoming a victim. Simple steps can have huge results: The Australian government reported resisting 85 percent of cyber attacks by taking three basic steps: restricting which programs can run on government computers, keeping software updated regularly and minimizing the number of people who have administrative control over networks and key machines.
Cyber security doesn’t have to be rocket science; it’s just computer science.