Tuesday, January 16, 2018

STAFF PLEASE READ: Social Engineering Attack Prevention Tips


  • Never allow anyone to take control of your computer unless you verify in person that the individual is allowed access!
      
    Cyber criminals will contact staff impersonating Microsoft, Comcast, or other vendors claiming that your organization has been hacked and directing the employee where to go on their computer to fix the problem.  Don't do it.  You may be inadvertently installing a virus that will give them access to your computer or system.
  • Never email sensitive documents to anyone without first verifying on the phone that the request is legitimate.  Cyber criminals can send emails that appear to be legitimately from superiors, like the superintendent.  These emails will request information like health insurance data, W2 forms, account numbers and financial wire transfer codes.  Never send this type of information without picking up the phone and verifying the request!
  • Never give out your password to anyone!  And change it frequently on important accounts.  There is no legitimate business reason to share your password.  Customer service staff, who assist with account access, can reset passwords or direct you to a self-service password reset.
  • Cyber criminals are pretending to be contractors and vendors who have changed their bank account numbers.  They will send your accounting department realistic emails that appear legitimate, with an explanation that the contractor/vendor has changed bank accounts or wire transfer accounts.  The request is fake and money will go directly to the cyber criminal.  Pick up the phone.  Call and verify!
  • Conduct regular trainings on cyber security.  Experts recommend "people patching" or reserving a portion of your budget to fund employee cybersecurity training.  They explain that it is important to invest in hardening employee skills and keeping them abreast of new breaches and attack vectors.3 As a member of SDIS your entity has access to online training through SafePersonnel.  They offer training on a variety of subjects including Cybersecurity Overview, Email and Messaging Safety, Password Security Basics and Protection Against Malware.
  • Individuals should strongly consider signing up for a credit and dark-web monitoring service 

Sources
1. Perrin, Chad. "Mitigating the social engineering threat." Tech Republic, CBS Interactive, April 21, 2010, https://www.techrepublic.com/blog/it-security/mitigating-the-social-engineering-threat/
2. Vigliarolo, Brandon. "Report: Email attacks increasing, but none as much as impersonation phishing." Tech Republic, CBS Interactive, December 5, 2017, https://www.techrepublic.com/article/report-email-attacks-increasing-but-none-as-much-as-impersonation-phishing/
3. DeNisco Rayome, Alison. "These 3 departments are causing the biggest cybersecurity probelms at your office."Tech Republic, CBS Interactive, December 6, 2017, https://www.techrepublic.com/article/these-3-departments-are-causing-the-biggest-cybersecurity-problems-at-your-office/

Thursday, January 4, 2018

Google Calendar has a new look starting January 8th, 2018

Yesterday, Google announced that they will start automatically upgrading users to their new Google Calendar web user interface (UI) on Janurary 8th. You can read the original announcement which talks about the changes. Highlights of what's new are available in Google Calendar Help.

I switched to the new calendar this week and really like the look. This is what my current week looks like:


If you have changed any settings on any of your calendars, you will see more of a difference there, but I have been able to find what I need. The change is more in line with the new versions of Chrome and other web applications I have used.


Enjoy!

Week of Dec 9th - Holiday (TECH) Safety Tips

How to have a SAFE and SECURE Winter Season: Watch OUT for very savvy Scammers and Phishing attempts! - These "bad actors" are no...