Show All Answers

1. Phishing Emails

• Never respond to requests for personal information via email. Businesses will never ask for personal information in an email.
• Do not enter personal information in a pop-up screen.
• Do not click on any links listed in an e-mail message. Copy and paste the URL into your browser.
• Use anti-virus and anti-spyware software and update them regularly.

2. Dispose of Information Properly

• Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, and health records.
• Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices.

3. Ethics - Be a Good Cyber Citizen

• Do not engage in inappropriate conduct, such as cyberbullying, cyberstalking, or rude and offensive behavior.
• Do not do something in cyberspace that you would consider wrong or illegal in everyday life.
• Do not impersonate someone else. It is wrong to create sites, pages, or posts that seem to come from someone else.
• Adhere to copyright restrictions when downloading material from the Internet.
• Do not use someone else's password or other identifying information.

4. Lock It When You Leave

• It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
• Set up a screensaver that will lock your computer after a pre-set amount of time and require a password to log back in.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Do not set the option that allows a computer to remember any password.

5. Protect Data on Mobile Devices

• Ask yourself "Is it really necessary that I transport this sensitive information?" If the answer is no, then do not copy the information.
• Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts.
• Store your portable devices securely. When not in use, store devices out of sight and when possible, in a locked drawer or cabinet.

6. Protect Mobile Devices

• Password-protect your portable device.
• Be sure all critical information is backed up.
• Disable Bluetooth when not required.
• Store your portable devices securely.
• Record identifying information such as serial number and label your equipment if possible.
• Report the loss or theft to the appropriate authorities as soon as possible.

7. Types of Cyber Threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption.

2. Cyber-attack often involves politically motivated information gathering.

3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common methods used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware, is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make money or in politically motivated cyber-attacks. 

There are several different types of malwares, including:

1. Viruses: These are programs that can replicate themselves and infect other files or systems by attaching them. Viruses often cause damage to files, data, or system functionality.
2. Worms: Worms are self-replicating programs that spread across networks and systems, often exploiting security vulnerabilities. They can consume network bandwidth and cause performance issues.
3. Trojans: Trojans disguise themselves as legitimate software or files to trick users into executing them. Once activated, they can perform a variety of malicious actions, such as stealing data, granting unauthorized access, or enabling remote control of the infected system.
4. Ransomware: Ransomware encrypts files or locks down a user's system, demanding a ransom payment in exchange for restoring access. It can be highly destructive, impacting individuals, organizations, and even critical infrastructure.
5. Spyware: Spyware is designed to gather information about a user or organization without their knowledge or consent. It can track online activities, capture keystrokes, record passwords, and transmit sensitive data to third parties.
6. Adware: Adware displays unwanted advertisements, often in the form of pop-ups or banners, within software or websites. While not inherently malicious, it can be intrusive and negatively impact user experience.
7. Botnets: Botnets are networks of infected computers or devices, controlled remotely by cybercriminals. They can be used for various malicious activities, such as launching distributed denial-of-service (DDoS) attacks or sending spam emails.

Malware can be distributed through various means, including infected email attachments, malicious websites, software downloads from untrustworthy sources, or exploiting security vulnerabilities. It's crucial to maintain up-to-date security software, regularly patch software and operating systems, exercise caution when clicking on links or downloading files, and practice safe browsing habits to reduce the risk of malware infections.

 

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information.

While some phishing emails can be quite convincing, there are several signs you can look for to determine if an email is a phishing attempt. Here are some indicators to consider:

1. Check the email address: Examine the sender's email address carefully. Phishers often use email addresses that mimic legitimate ones but may contain small variations or misspellings. For example, an email from "yourbank.com" could be altered as "yourbank-info.com."
2. Inspect the salutation: Phishing emails frequently use generic greetings like "Dear Customer" instead of addressing you by name. Legitimate emails from reputable organizations are more likely to use your name or a personalized greeting.
3. Look for urgent or threatening language: Phishing emails often create a sense of urgency or fear to prompt quick action. They may claim that your account will be closed or that there is an immediate problem requiring your attention. Be cautious if the email tries to pressure you into providing sensitive information.
4. Analyze the email content: Poor grammar, spelling mistakes, and awkward sentence structures can be signs of a phishing attempt. Legitimate organizations typically have proofreaders and professional communication standards in place.
5. Hover over links: Phishing emails often contain links that lead to fake websites or malicious downloads. To check the link's legitimacy, hover your mouse over it without clicking. A small pop-up should display the actual URL. Verify that it matches the expected destination and be cautious of shortened URLs.
6. Be cautious of attachments: If an email includes unexpected attachments or files, exercise caution. Phishing emails may contain malware or viruses within these attachments. Only open attachments from trusted sources.
7. Check for official branding: While it's relatively easy to copy logos and email templates, phishing emails might have subtle differences in colors, fonts, or overall design. Compare the email to previous communications from the same organization to identify any inconsistencies.
8. Verify requests for personal information: Legitimate organizations typically do not ask for sensitive information, such as passwords, credit card numbers, or Social Security numbers, via email. If an email request such data, be skeptical.
9. Trust your instincts: If something feels off or suspicious about the email, trust your intuition. If it seems too good to be true or raises red flags, it's better to err on the side of caution.

Remember that phishing techniques are constantly evolving, and attackers can become quite sophisticated. If you have any doubts about an email's authenticity, it's advisable to contact the organization directly through their official website or customer support channels to verify its legitimacy.