Latest Security News & Threats

Recent Posts
February 2018 - Posts
ScamLowlife internet scum are trying to benefit from the Florida Parkland school shootings. They are now sending out phishing campaigns with topics and hashtags like Parkland, guncontrolnow, Florida, guncontrol, and Nikolas Cruz that try to trick you into clicking on a variety of links about blood drives, charitable donations, "inside" information or "exclusive" videos. Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for!

Anything you receive about the Parkland shooting, be very suspicious. With this topic, think three times before you click or tap your phone. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.

In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, and tell your family.

Thanks for your continued vigilance.
Posted by melson  On Feb 22, 2018 at 8:17 AM

Should you be doing that on your work computer?

  • Personal pictures, social networking, online banking... These are the kind of things that you should try not to have/do on your work computer.
  • Work computers are for work, visiting work-related web sites, researching, emailing, generating Powerpoint slideshows, etc.
  • Much like posts to social networking sites... everything you say or do can be used against you.

Acceptable use policy

  • Most organizations (our included) have a 'workstation acceptable use policy' with regards to proper use of your work computer.
  • If there is one and you haven't read it, you should.
  • Visited web sites, how much time is spent on facebook, playing solitare, instant messenger chat... technically all of this can be monitored.

- Think about what you are doing... and realize, that it can be logged. Anything you post on the internet is there forever. 

Be safe online

  • Especially when it comes to visiting web sites or opening personal email... those actions that take place on your work computer can affect other work computers.
  • If you happen to visit a site that has malware on your work computer, you may now have exposed the rest of the company to a malware infection.
  • It is difficult to explain why you were doing what you were doing when its against the policy to be performing non-work related activities on your work computer. 

Try to be aware that you are using a computer that is not yours, things you do on that computer are not private. Lawyers say that anything that happens on the corporate network, the company owns and can monitor. In most cases the IT department does not have the time and resources to monitor everything, but if you give them a reason to, management may ask them to do so.

Stop Look Think - Don't be fooled KNowBe4
The KnowBe4 Security Team

Posted by melson  On Feb 12, 2018 at 11:54 AM
NJCCIC LogoThe NJCCIC assesses with high confidence that educational institutions across the globe will remain attractive targets for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom

In October 2017, the US Department of Education issued an updated Cyber Advisory warning schools about a new method of cyber extortion impacting institutions across the country. Inr ecent attacks, cyber-criminals demanded large ransom payments in exchange for sensitive student record information obtained via schools’ compromised networks. In some instances, cyber-criminals made direct threats to the safety of students and staff members via SMS messaging.

According to Verizon’s 2017 Data Breach Investigations Report, the education sector was impacted by approximately 455 security incidents in 2016, with at least 73 of these events involving the disclosure of data. As the use of technology within the classroom is increasingly required for educational purposes, more schools are implementing Bring Your Own Device (BYOD) policies, allowing students and employees to connect their personal computers, tablets, and mobile phones to their networks. Unfortunately, if BYOD is not implemented with security in mind, schools could be exposing their networks and sensitive data to an increased risk of compromise created by vulnerable and infected devices. Sophisticated and profit-motivated threat actors are cognizant of this fact and will continue to target universities and school districts as many of them do not have adequate resources, funding, or staffing to properly protect and defend their networks.

Read more here: 20180207 - Education Sector - An Attractive Target for Cyber-Attacks.pdf
Posted by melson  On Feb 12, 2018 at 8:37 AM