How to stay safe on the internet

How to stay safe on the internet Published: 

With much of our lives centered around computers, technology and the internet, the Oconee County Sheriff’s Office is offering these tips to help keep you and your family safe.

“The Sheriff’s Office has committed itself to providing helpful information to help you and your family from becoming a victim,” according to Oconee County Sheriff’s Office Public Information Officer Jimmy Watt. “This includes updates periodically on various types of scams but also information, such as is contained in this press release, on how you protect yourself while you enjoy visiting the internet and your favorite sites and staying in touch with family and friends.”

The Sheriff’s Office is offering the following internet safety tips:

• If anyone calls claiming to be from a technology company and you did not initiate the call and they say that your computer contains viruses or malware or has some type of problem and if you pay money they will repair your computer or remove the harmful items, it is a scam and if you allow those individual(s) remote access to your computer, then your computer could be compromised and any personal or financial information could be compromised and other information could be erased or held for ransom. If someone from the outside gains remote access to your computer in this way, contact your local law enforcement agency immediately and do not pay any ransom, as this could further embolden the scammers. Also, make sure you have your files backed up in a virtual cloud environment and/or on some type of thumb drive.

• Change you passwords on a frequent basis and use different passwords for each internet account you have. The more unique you make them and the more difficult to guess, the better the chance you have from becoming a victim.

• You may also want to consider using two-factor authentication, which provides an additional layer of security by using a second known device. For example, when you change something on your account, such as a password, a text can be sent to you phone advising you of the change.

• Set your internet and social media accounts on the highest security level possible and post as little personal information as you can. Anything could be potentially used by individuals looking to scam and/or steal personal and financial information.

• If someone sends you an e-mail with an attachment and/or a link to another site and you do not know that person, do not open the attachment and/or click on the link as this is a way for viruses, malware or Trojans to be downloaded on your computer or allow someone to gain remote access to your computer.

• Be careful in regards to the sites you log into while in public places that offer Wi-Fi service as those hotspots may not provide enough security.

• Make sure you have your computer’s firewall turned on at all times and keep your antivirus software updated and current. Also make sure that the critical updates on your operating system for your computer are current.

• Look out for social media scams that offer gifts cards, for example, as a prize for taking a survey or for online shopping scams that offer merchandise at discounted prices. If an offer sounds too good to be true, more often than not it is and it could be used to steal personal or financial information.

How to stay safe on the internet Published: 

3 tips to help make and manage complex passwords

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg

Passwords, despite the rise of biometrics, are still the most common form of user protection. It is important, therefore, to understand the best methods of producing and managing the most secure passwords possible

Every platform, every service we use requires a password or some other form of authentication.

Remembering dozens, perhaps hundreds, of unique passwords and usernames and keeping all of our devices up to date is difficult, to say the least, and these necessities conflict directly with our desire for maximum convenience.

Most people are guilty of re-using simple passwords across services and of writing them down to make them easier to recall when needed.

In the balancing act between security and convenience, convenience currently has the upper hand at the cost of immeasurable amounts of our most private data.

How can we begin to manage this growing list of passwords in a secure way? Here are 3 key tips and tricks you can use when it comes to password generation and management.

Apply mnemonics

You are probably aware of the rules of password best practice: Passwords must be long; they must contain a mix of characters; they should not be easily guessable; you should never share them; change your passwords often; use different passwords for different applications. The list goes on.

Satisfying all of these criteria can be a challenge, especially when considering that if you create a different password for each service you use you will somehow need to remember each one and avoid writing them down.

An easy way to approach this problem is by applying mnemonics to generating passwords.

For example, take the phrase ‘I would love to fly British Airways first class to Singapore!’ I can easily remember this phrase because it is true and it is not personal.

Also, it doesn’t include a name, an employer, a home location, or any other information about a person that’s easy to guess.

From this phrase, someone can formulate a password by using the first letter(s) of each word, numbers, capitalisation, and special characters.

Suddenly, this sentence creates a strong password that satisfies all the length and complexity requirements set forth by most services: IWLtoFBA1stCtoS!

You can also use other forms of mnemonics, such as misspelling common dictionary words, as a basis for your password instead of just the first letter. Be creative—the important factor is creating a complex password that you can actually remember!

Use a password manager

Though now you know an effective technique for creating passwords, you might still be struggling to remember enough different phrases to cover every account you own.

To help avoid re-using passwords across accounts, you can use password management applications or your web browser’s ability to save and remember passwords.

Password managers typically store passwords in the cloud and secure them all with a master password.

If you or your employer are not comfortable with cloud solutions, some password managers offer local storage as an alternative, giving you control and full responsibility over your password store.

However, bear in mind that though password managers are becoming increasingly feature rich, they can be vulnerable just like any other service.

For example, last year password manager LastPass experienced “suspicious activity” and urged users tochange their passwords.

As an alternative, saving passwords in your web browser is also convenient, as some browsers allow you to set a master password as an extra layer of protection, preventing your password from potentially being displayed in clear text.

Add more layers of protection

As well as passwords, you can add other forms of authentication to the data protection mix.

Authentication can be something you know (password), something you have (smart card, token, or mobile device app), or something you are (fingerprint).

On their own, each form of authentication has its weaknesses, but using multiple forms together – known as multi-factor authentication – strengthens the process.

So, even if your passwords are compromised, a malicious actor still needs another authenticator to access your data. Unless they also have access to that second factor, your data remains secure.

Everyone’s responsibility

Effective cybersecurity is not just a matter of installing the right software.

Technical ability alone is not enough to resolve the issue. If it were, breaches wouldn’t occur in such great numbers and with such frequency.

Only a holistic security stance will enable you to limit the opportunities cyber criminals have to steal your organisation’s data.

Preventing breaches requires encouraging secure behaviour at all levels across your organisation.

Every employee, contractor, third party vendor, intern or volunteer should understand the basics of password protection, as well as the basics of identifying, deflecting and reporting potential threats.

That way, if someone succeeds in breaking through your defences, which unfortunately seems inevitable, having a well-educated and aware user base will only help reduce the damage and identify the problem sooner.
Sourced by Stuart Clarke, chief technical officer, cybersecurity, Nuix

3 tips to help make and manage complex passwords by Nick Ismail.  Available from <http://www.information-age.com/3-tips-complex-passwords-123462571/> [October 11, 2016] Photo: AdobeStock_21942031-634x0-c-default.jpeg

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Don’t wait another day to create a cyberthreat intelligence sharing team. Delve into the web’s dangerous corners, exchange what you find, learn from banking and defense. Just don’t presume cyberthreats won’t happen to you.

Anytime a major security incident occurs whether in healthcare or elsewhere the cyberintelligence team at insurer Aetna springs into action.

“When a large batch of credentials is released to the public on the dark web or on a website like Pastebin, we apply analytics to identify credentials that may be the same as what members are currently using,” Aetna CISO Jim Routh said.

If Routh’s team spots a match, that means there’s enough of a possibility that the cybercriminals could try to use those credentials for nefarious purposes that Routh has to address the situation.

“Out of an abundance of caution, we will force a password reset to proactively protect those accounts,” Routh explained. “Then we look for similarities in user IDs that may apply to our top vendors and we alert any that are impacted.”

And that’s just to start.

More sophisticated than traditional security
It’s worth noting that Denise Anderson, executive director of the National Health Information Sharing and Analysis Center, otherwise known as NH-ISAC, described Aetna’s team as particularly strong and savvy compared with the current state of healthcare organizations.

In other words: Many CIOs and chief information security officers could learn a lot from Routh and company.

Routh, in fact, was the global head of application and mobile security for JP Morgan Chase and worked for American Express before signing on with Aetna.

Indeed, Anderson explained that banking and defense sectors are ahead of healthcare in cyberthreat intelligence sharing—healthcare was hardly even talking about cyber as recently as five years ago.

“Threat intelligence is a relatively new concept and term,” Anderson said. “Intelligence should influence the more granular day-to-day work like looking at IP addresses and subject lines in emails.”

Sharing makes it better
Healthcare organizations that have not yet established a cyberthreat intelligence program should not rest on the presumption that you won’t have a security incident.

Many a CISO has said that there are two types of information security professionals in healthcare: Those who have been attacked or hacked and those who just don’t know they have.

Even though threat intelligence sharing is relatively new to healthcare there are a fistful of best practices that forward-thinking security professionals are employing already.

A first step is to participate in the intelligence sharing community that already exists by becoming a member of the NH-ISAC Anderson runs, joining InfraGard, the joint FBI-private sector partnership, work with the U.S. Computer Emergency Readiness Team (US-CERT), Department of Homeland Security’s Cyber Information Sharing and Collaboration Program (DHS CISCP), among others.

Don’t settle on just one, either. Routh recommended cultivating multiple sources to achieve best results because each can uncover different information.

“Gather information and read, read and then read some more. Develop a way to consume the intelligence you receive and make it actionable,” said Dan Wiley, head of incident response and threat intelligence head at Check Point. “Context is key to intelligence. The only way you can provide context to intelligence is to layer your knowledge about your environment with the intelligence you receive from others.”

Consider it a community. Give back. Share what you know about threats, solutions, what works, what doesn’t, and recognize that attackers — whether they’re acting alone, as part of a criminal syndicate, or even state-sponsored bad actors — are growing increasing sophisticated.

Delve into the dark web
To truly grasp what CISOs and infosec professionals are up against, it’s necessary to understand the threat landscape and, to every extent possible, your enemies.

“Get your house in order before stepping out into the threat intelligence arena,” said Bob Chaput, CEO of Clearwater Compliance. “This team must have the ability to identify a cyber incident and shut it down before the entire IT infrastructure is compromised.”

That encompasses having an intelligence team, strategy, framework, plan and infrastructure in place to defend the fortress, and only then exploring the internet’s murkiest corners.

“Ensure that some of your sources are active in the dark web and apply economic analysis to behaviors of criminal syndicates that use the dark web,” Routh said.

These practices require more acuity than the daily grind of security and compliance.

NH-ISAC’s Anderson said that seasoned intelligence experts, many of whom come out of the military, have the expertise to gather information about Tactics, Techniques and Procedures (TPPs), tracking cybercriminals, following campaigns and understanding the motivations of bad actors.

Anderson noted that healthcare entities can either hire infosec professionals with that experience or outsource threat intelligence. Either way, she recommended looking to other industries to learn about their processes and procedures, glean insights from how they sold cyberthreat intelligence sharing programs and the money required to fund them to the C-suite, and what they have learned working with security vendors.

A powerful warrior: Patience
Threat intelligence is an evolving and ongoing process. Never ending, even.

Check Point’s Wiley went so far as it to call it a life-long learning process, while Chaput rattled off regular testing, keeping current with application and operating system vulnerabilities, continual awareness and training about imminent threats, among the tasks to conduct on a regular basis.

Anderson, for her part, pointed out that the banking and defense industries started out slowly and healthcare is poised to follow suit.

“Intelligence activities take time,” Aetna’s Routh said. “So be patient and choose trends and topics for the long term.”

Dark web, what dark web? Tips for beating back hackers and savvy cybercriminals by Tom Sullivan.  Available from <http://www.healthcareitnews.com/news/dark-web-what-dark-web-tips-beating-back-hackers-and-savvy-cybercriminals>. [October 10, 2016; 07:15 AM] Photo Credit: By Andersson18824 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons

Here are some tips to improve your cybersecurity

Here are some tips to improve your cybersecurity Posted  by 

October is cybersecurity month.  As cyber hacks continue to increase, the landscape is changing in many ways.  Companies and business owners are taking on more responsibility to ensure their businesses are more protected or face legal and financial consequences.  We as individuals are required to be more conscientious when sharing our personal information. And, with the Internet of Things, our families, property and confidentiality are constantly being invaded.  So what can you do other than unplugging everything and crawling under a rock?  Below are a few simple tips for you, your business and your family to increase your protection.

Protect your business

If you’re a small to mid-sized business owner, you need to pay attention to your cybersecurity.  Particularly if you are a supplier to larger companies with sensitive information. More than 60 percent of data breeches occur at small- and medium-sized businesses. Remember that cyber hack some years ago at Target? Well, their network was tapped by going through the HVAC system networks.  That hack changed everything.  Banks and customers sued and the courts determined that Target had a duty to protect their customers and banks from criminal conduct of a third party.  This court case was followed by the Alpine Bank lawsuit that established that small companies are not immune from liability for their role in data breaches.  Scared yet?  It gets worse so read on. 

So how can you limit your business liability? 

• Protect your data.   Here are few tools to get you started. The Federal Communications Commission has a custom planning guide that you can create dependent upon your business needs.  The other is a 30-minute web-based class offered by the U.S. Small Business Administration (SBA).

• Ensure your suppliers are cyber savvy.  They should have a least the same level of security you have and yes, this should be more than nothing.  Your contracts should require suppliers to adhere to customary practices designed to provide safeguards.  Confirm this during the beginning of your relationship, not after something occurs.

• Consider cyber insurance. The National Association of Insurance Commissioners and the Center for Insurance Policy and Research has a good overall article on cyber risk management.

Protect yourself

In 2014, CNN Money reported that 47 percent of U.S. Adults had their personal information exposed by hackers, likely this number has increased during the past few years. The Identity Theft Resource Centerreported more than 28 million records exposed between the beginning of the year and September 8, 2016.  The industry response to its consumers seems to be a letter stating, sorry your security has been breached. Here is your free year of credit monitoring services.  While there isn’t a lot you can do to change their system, you can change the way you do things.

• Use complex different passwords.  This is like flossing your teeth.  Your dentist says do it every day and we either ignore them or hate doing it but in reality it really helps.  The easiest way to select more secure passwords is to create phrases that you’ll remember and then insert numbers and symbols inside them.  For instance, if your phrase is “My cat ate my two fish” the password becomes Mycatatemy2fish.  You then create more complexity by changing the values to symbols and numbers, “Myc^t^t3my2fish!”

• Shred your information.  Place the shredder by your door and shred your unneeded mail before it gets into the house. The benefit is you’ll also reduce clutter in your own environment.

• Set your online social media privacy settings.  Social media sites like Facebook, Pinterest, Instagram and Snap Chat all have security settings.  The University of Texas at Austin Center of Identity has information on all of these, the settings that are available, and what they mean.

Protect your family

What is this Internet of Things we all keep hearing about on the news and radio?  In a nutshell, the IoT is the network of products that all connect to the Internet in some way.  It’s your printer, your car, possibly your television, refrigerator, your security system and even your toaster.  All of these things are collecting data from you and your family.  That talking Barbie doll, it’s also listening along with other learning toys and gadgets like Amazon’s Alexa.  Now, are you getting scared?  In reality, it comes down the price to play.  If you want the convenience of the product, you may have to give up some of your information.  These days, big data is also big business.  Here are a few tips:

• Keep your software updated.  Those pesky updates often contain new code to help ward off prior computer breaches.

• Limit your apps on your phone to reputable companies. And read the reviews before downloading.

• When using social media, don’t take that quiz unless you’re really willing to give away your preferences and receive future spam.

• Really think about the privacy price you are paying and whether it’s worth value you personally receive before you buy that new fangled device.

Here are some tips to improve your cybersecurity Posted  by 

National Cyber Security Awareness Month: Why Your Online Security Matters

National Cyber Security Awareness Month: Why Your Online Security Matters by Julie Myhre-Nunes.  Available from < http://www.nextadvisor.com/blog/2016/10/05/national-cyber-security-awareness-month-why-your-online-security-matters/>. [

October is in full swing, which meansBreast Cancer Awareness Month is upon us and Halloween is closing in. Something more frightful than the ghouls in the night is a cybersecurity threat. To shed some light on this pressing and timely topic, the U.S. Department of Homeland Security teamed up with public and private partners like the National Cyber Security Alliance to create National Cyber Security Awareness Month, which is now in its 13th year. Because cybersecurity is so important, throughout the month of October we’re dishing out ways you can keep your online identity safe. In this post we dig into why cybersecurity matters and detail some simple steps you can take to secure your online information.

Why does cybersecurity matter?

The Internet is a major part of our lives. From our smartphones and computers to our TVs, home appliances and cars, we are almost always connected. As such, it’s important for consumers to know how to stay safe online and on their devices. While it’s true your information can be revealed through acompany’s data breach, a large part of cybersecurity is user habits, which is why it’s important to understand how you can protect yourself.

What can I do to protect myself online?

While there are a number of ways to protect your information online, these are some basic cybersecurity tips for all Internet users.

1. Create strong passwords and change them regularly. We’ve all heard it a million times — creating strong passwords is one of the best ways to protect your information online — but we often fail to remember that these passwords must be changed regularly (at least every six months) to remain secure. To help you remember when it’s time for a password change, mark your physical or digital calendar and set alerts. And remember that every password you create should be a unique one made up of at least eight characters (the longer, the better) and include a combination of letters, numbers and special characters. While you may be tempted to use personal information, like your child’s name, it’s best to steer clear of that because that information is relatively easy to find online, which can put your accounts at higher risk of being hacked. Cultural references are also not a good idea, as we learned from the list of 2015’s worst passwords. Having a hard time thinking of a new password? Try to connect two completely random words like foxtrotpizza, then change some letters to characters and add some extra characters to be safe. If you need some extra help remembering all of your unique passwords, you may want to consider a password manager, which can store all of your passwords in one secure, digital safe.

2. Use a trusted browser. An Internet browser is a user’s key to the web. As such, it’s especially important to make sure you’re choosing a trusted browser, such as Google Chrome, Mozilla Firefox, Internet Explorer, Microsoft Edge and Safari, when you connect to the Internet. Safe and trusted browsers allow you to access the web securely by warning you of potentially harmful websites before you enter them, as a number of browsers have build-in malware protection. Similarly, they clearly let you know if you’re visiting a secure site, meaning the URL starts with HTTPS, by displaying a lock or green color at the beginning of the URL, which is essential to know before you log into your account or enter any of your personal information.

3. Don’t overshare. A large number of us live our lives on social media, sharing some of our special life moments with people we (hopefully) know in real life. Although sharing can be a fun activity, it can also be an exposing one. That’s why it’s important to know how to responsibly share online by setting strict privacy settings, turning off geolocation and knowing your social media friends in real life. After all, oversharing your information with a stranger can reveal not only information about your home or place of work, but also expose information about your personal life that can be used to unlock your security questions and even reveal your passwords if you opt to use something like your pet’s name, which we don’t recommend. When you’re deciding what to share online, ask yourself if this is information you’d share with someone you just met or someone you don’t know that well. If it’s not, you may want to considering texting or emailing the news to a couple of family members or friends instead of sharing with all of your online friends.

4. Know which sites have your information. It’s no secret that we’re accustomed to passing out our information online. From shopping and checking our credit card statements to posting photos and sending an email, most of us are fluent on how to do this online. And since so much of our lives is digital, we should be aware of who we give our personal information out to, especially since security breaches are more and more common these days. Tracking down all of the sites that have your information stored can be a challenge, so it’s best to start with the ones you know, then look into the ones that email you — if they have your email, you may have created an account with them in the past. If you haven’t used a service or website for over a year, you may want to disable or delete your account — if it’s not clear how you can do this, contact the site’s customer support team and they should be able to help you. Identity theft protection services may also help you keep tabs on where your information appears, as most of the top-rated services do regular scans of the Internet black market as well as monitor your information on public records and people search websites. As an added bonus, most ofthese services offer free trials that allow you to test out the service before you make a financial commitment, which can be a good way for you to locate where your information appears online, then cancel if you don’t see the value in the service.

5. Be skeptical of unfamiliar emails, texts and links. Scammers work year-round to try to steal the personal information or money of unsuspecting victims, which is why it’s important for you to always be on alert. Although scammers have used email-related methods in the past to spam consumers with scammy links designed to steal their identity, they have more recently been known to text their victims posing as a friend looking to share a funny video or news story, which is part of the reason whymillennials are the most likely to fall for a scam. To prevent falling for a scam, you’ll want to be skeptical of any emails or texts you receive from unfamiliar senders. Never click on any links sent in these messages, and if you’re ever unsure of a link you receive from a number you do recognize, contact the person through email or call them to find out if they really sent you the link. If not, delete that text immediately and report it to the FTC. While there is usually some sort of ongoing email/text scam going on, consumers should also be aware of seasonal scams, like voting scams during the election andcharity scams during the holidays. Follow our scams blog to learn more about the newest scams.

National Cyber Security Awareness Month: Why Your Online Security Matters by Julie Myhre-Nunes.  Available from < http://www.nextadvisor.com/blog/2016/10/05/national-cyber-security-awareness-month-why-your-online-security-matters/>. [