Wednesday, October 17, 2018

In This Issue

The Perils of Social MediaPhishing: Same OldProblem with a Few NewTwistsMobile SecurityMaking Your Home aHaven for Online Safety

Key Security Tips:Enable privacy settings andincrease the default securitysettings of the software you use.

Con artists may construct fakesocial media accounts. If you feelsuspicious about a profile or aperson, trust your instincts.

Spam emails may use the"Unsubscribe" option to determinewhether your email address isactive. Don’t unsubscribe frommailing lists that you did notsubscribe to.

Never click on a suspicious link inan email. This is a tell tale sign of aphishing attack.

The Perils of Social Media

Breaking news just in time for the start ofNational Cyber Security Awareness Month:Early this month, Facebook was attackedwith a massive hack that resulted in stolenaccount credentials for as many as 50 millionusers. Details are still emerging about thehack – no word yet on possible culprits – butusers whose information was compromised were notified on the site'shomepage.

This is just the latest major security breach perpetrated against a socialmedia service. Currently there are about 3 billion social media usersworldwide, which means Facebook and other popular sites includingTwitter and Instagram, will continue to be prime targets for hackers lookingto steal confidential information.

Hackers have a number of tools and methods at their disposal to commitattacks like those above. Here's a rundown of the most common ones:

Profile cloning, in which the hacker uses fake accounts toimpersonate a person known by the target, thereby making theperson more likely to share information and click malicious links.This tactic is also used to spy on the user's social networks.Hackers create software to turn accounts into robots thatautomatically spread malicious links. Bots can also be used as partof elaborate click-fraud scams on the networks.Phishing links typically point the victim to a malicious website. Thesite either impersonates a brand to trick the user into entering logininformation, or it attempts to infect the user with malware – or both.Attackers can launch a DDoS-like attacks against a brand's officialFacebook page, for example, and flood it with bot-generatedcomments, which are too numerous for the brand to respond to andcome in faster than the company can delete. This makes the siteuseless for the intended customer engagement or brand promotion.Become familiar with the privacy policies of the social mediachannels you use and customize your privacy settings to controlwho sees what.

These are just a few of the tactics used. Now how do we use social mediasafely? Unfortunately, Facebook users couldn't have prevented lastweek's attack. However, there are important steps to take that can helpanyone remain safe while using social media. Here are a few tips.

Use strong passwords and two-factor authentications, if available. Be selective with friend requests. If you don't know the person, don'taccept their request.Click links with caution. Social media accounts are regularlyhacked. Look out for language or content that does not sound likesomething your friend would post.Be careful about what you share. Don't reveal personal informationi.e. your home address, financial information, and phone number.

We can't fend off every kind of attack on our social media accounts, but ifwe do our part, we can at least minimize the chances of having ourinformation stolen.

Phishing: Same Old Problem with a Few New Twists

During National Cyber Security AwarenessMonth, it would be a mistake not to talk aboutphishing. We have insider threat training atwork, we read articles about how not to fall forthe scam, but we still fall victim to this simplebut effective form of attack.

And, unfortunately as users learn how to avoidphishing attacks, malicious hackers look fornew ways to launch attacks. Let's take a look at two kinds of phishingattack that are becoming more prevalent.

Vishing

Vishing is the telephone equivalent of phishing. It is described as the actof using the telephone to scam the user into surrendering privateinformation that will be used for identity theft. In a vishing call, which mightbe a voice message, you may be asked to buy an extended warranty, beoffered a "free" vacation, or told your computer is infected and you needanti-virus software. You're typically prompted to call a number and inwhich you will be asked for your credit card number or other personalinformation to get you to pay for associated fees or more.

SMiShing

SMiShing is when someone tries to trick you into giving them your privateinformation via a text or SMS message. SMiShing is particularly scarybecause people might be more inclined to trust a text message than anemail. Most people are aware of the security risks involved with clicking onlinks in emails; this is less true when it comes to text messages. Thistactic leverages your trust to obtain your information. The information asmisher is looking for can be anything from an online password to yourSocial Security Number to your credit card information.

Best Practices to Avoid Being Phished

So how do we protect ourselves and prevent becoming a victim? Here aresome tips to help avoid being scammed:

Vishing

Be suspicious of unknown callers. Don't trust caller ID. Caller ID spoofing is easy for attackers toexploit.Ask questions, especially if someone is trying to sell you somethingor is asking for your personal or financial information.Call them back, if they are legit you will probably get an answer.Register your number with the National Do Not Call registry atdonotcall.gov.

SMiShing

Avoid clicking on any links in messages in which you can't verify thesender. Do not reply to text messages that ask you about your personalfinances.Be on the lookout for messages that contain the number "5000" orany other number that is not a phone number.If the text messages (along with the unknown number) urge you toreply quickly, then that is a clear sign of smishing! Don't Respond.Make sure to be aware and informed of your bank's policy forsending text messages.

Vishing and SMiShing are increasingly common phishing threats to alltechnology users. We here at Inspired eLearning want you to be preparedand knowledgeable about these threats. During National Cyber SecurityAwareness Month, we should all be extra diligent to help keep our cyberworld safe and secure.

Mobile Security

Do you reply to your work emails while waitingat the doctor's office? Ever sent an importantfile to a client or colleague during your kid'sSaturday morning soccer game? We all do it,right? We integrate work with our personal livesfor balance. Being connected ALL the time hascreated a culture of the quick response. Thismeans regularly sending out corporate orconfidential company data over smartphonesthroughout the day making that data more susceptible to being interceptedby the wrong person. And as crazy as that all seems, the average cost ofa data breach up 6.4% from $21,155 per day from 2016 report by thePonemon Institute.

The good news is that unlike our desktops malware infections are not verycommon on smart devices thanks to both the nature of mobile malwareand the inherent protections built into mobile operating systems. However,there are overlooked areas that should be top of mind when discussing

your organizations mobile security threats and the ever-changing climateof the what is considered "the actual work place".

Data Leaks

One of the largest threats to enterprise security. The difference here ismore of an under-educated one. People are just not familiar with whichapps are the safest to use when sending and receiving information abouttheir organizations on their mobile devices.

Cybersecurity experts suggest using MTD's or mobile threat defensesolutions to detect this kind of behavior and automatically block theproblems such as: Symantec's Endpoint Protection Mobile, CheckPoint'sSandBlast Mobile, and Zimperium's zIPS Protection. However, if you havean overt leak such as transferring private internal files onto a publicstorage service or sending confidential emails to the wrong person theMTD's might not be enough. For that type of a loss, experts say to usedata loss prevention (DLP) tools. Such software is designed explicitly toprevent the exposure of sensitive information, including in accidentalscenarios.

Wi-Fi Interference

Security on a mobile device is only as secure as the network it isconnected to. Bottom line… use a VPN. If you are only using Wi-Fi, youare leaving a lot of room for hackers to encrypt traffic. Experts suggestresearching this thoroughly. An effective VPN will only activate whennecessary. It should not activate while surfing news channels or whenusing a trusted and secured app.

Social Engineering

This scam is still alive! Ninety percent of data breaches observed by largeorganizations are the result of phishing, while only seven percent of usersfall for phishing attempts, victims tend to be repeat offenders: Expertshave reported that fifteen percent of users who are successfully phishedwill be phished at least one more time within the same year.

Weak Passwords

A lost or unattended device can be a major security risk, especially if itdoesn't have a strong PIN or password and full data encryption.Organizations need to make policies for employees to create strongpasswords in case of a lost or stolen device. In 2016, Ponemon Institutereported, 35 percent of professionals indicated their work devices had nomandated measures in place to secure accessible corporate data. Policiesneed to mandate a password, PIN and a specific type of security thatguards their devices along with encryption also providing education onsharing passwords especially across mobile devices.

Making Your Home a Haven for Online Safety

While massive hacks and data breaches oforganizations like Equifax and Facebookgrab the headlines, less attention is given tohome security vulnerabilities that individualsneed to better understand and protectagainst. So, let's look at the most importantthings we can do to improve our homesecurity.

Passwords

We all have multiple passwords for multiple sites and applications. Thefact is that each site or app should have their own password, do no reusepasswords over multiple sites. Consider investing in a password manager,such as Last Pass to help you keep all your passwords straight. Yourpassword should also be as long as possible with upper case and lower-case letters, numbers, and special characters. Try not to use words thatare found in the dictionary as this makes it easier for malicious persons toguess the password. You can also try using passphrases. An examplemay be; "UseaPassphraseandchangeevery90days!" If it is available, youshould also turn on two factor authentication for your site or app.

Home Wireless Routers

Wireless router come from the factory with a default user ID andpassword. You can most likely find the default ID and password for yourrouter at routerpasswords.com. Follow the manufacturer’s user manualinstructions to change the default user ID and password. Even though arouter lacks moving parts, it needs to be maintained with the latestsecurity updates. Your router’s firmware must also be updated to thecurrent version.

IoT Devices

Your internet-connected devices such as smart TVs, security cameras,smart locks, gaming consoles, smart thermostats can add a level ofconvenience to your life, but they have created new opportunities forcybercriminals. Use a strong encryption method for Wi-Fi such as WPA2.Set up a guest network to keep your Wi-Fi account private. Visitors,friends and relatives can log into a separate network that doesn’t tie intoyour IoT devices. Your IoT devices might come with default privacy andsecurity settings. You might want to consider changing them, as somedefault settings could benefit the manufacturer more than they benefit you.IoT devices come with a variety of services such as remote access, oftenenabled by default. If you don't need it, be sure to disable it. You mightwant to manage your IoT devices through your mobile device in a coffeeshop across town. If you’re on public Wi-Fi, generally, not a good idea.Use a VPN.

These tips will help you on your way to making your home that haven for

online safety. After you have employed all these controls, don’t get lazy.The threat landscape to your home is ever changing and expanding.Always keep your guard up and follow good security practices.

Inspired eLearning | 4630 N Loop 1604 W | Suite 401 | San Antonio, TX 78249

Forward this email to a friend.

© 2018 Inspired eLearning, LLC. All Rights Reserved. All organizations with an active Security Awareness license are granted permission to republish any or all of the content in our Security

Awareness Newsletter, as long as distribution of that content is limited to employees within the organization.