Category: Cyber-Security

Staying Safe Online – November 7, 2018

Communicate with caution in the digital space
In today’s digitally driven world, it has never been easier to shop, apply for loans, transfer money or even set up doctor appointments. We transmit all sorts of financial and personal information across the internet – and this information needs to be protected as it zigzags across cyberspace. Most of us use the web browsers on our phone or computer to interact with the internet. The easiest way to make sure the website you are using is secure is to look for the padlock icon next to the address bar. This icon may differ slightly depending on your browser, but if you see a closed lock with no red flags or warning, then the site is secure.
The padlock indicates that the website is using SSL/TLS, which just means that it is encrypted. If you don’t see the padlock, that means the website is not secure, and you’re putting your data at risk by visiting it.
Email is another major communication tool many of us use every day. For the most part, we send email in clear text (i.e. , information is sent as-is, rendering it readable without a keyword of some sort), store it on a server and then send it when the recipient is next available. Some security features are available for many web mail clients, but none are guaranteed to be secure because there is nothing forcing the recipient to abide by the request to send or receive the information securely. To make a long story short, it is definitely not a good idea to send sensitive data through your Gmail (or any other) email account.
Text messaging and phone calls are usually protected by the communication network protocol and providers themselves. The prevalent cell network protocols- GSM (Global System for Mobile Communications) and COMA (Code-Division Multiple Access) -have been cracked in recent years, so you shouldn’t assume they’re secure.
The past couple of years have seen a surge in the use of third-party secure chat programs. Be wary of these apps because while many of them claim to be secure, some do not follow good practices. Do your research before using these apps for your sensitive communications.
How Can You Protect Yourself?
Check your web browser for a padlock icon next to the URL in the browser. Most modern browsers provide a padlock icon when there is a valid certificate and a website is using an encrypted protocol. Before you enter personal information – even a password to log in – look for the confirmation that encryption is in use. If you do not see the padlock on a site you’re visiting, or there are errors in the address bar where you would normally see the padlock, DO NOT enter any sensitive information into it.
DO NOT send or store sensitive information via email unless you know it is secure. If you need to send emails or files securely over the internet, you should use a secure encrypted file-sharing tool or an email service such as Sharefile or Zixmail.
Use an app, such as Signal for Android or Signal for iOS, for secure chat and phone calls.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – October 3, 2018

Tips for using public Wi-Fi networks
Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.
How Encryption Works – Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so it’s not accessible to others. When you’re using wireless networks, it’s best to send personal information only if it’s encrypted – either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.
How to Tell If a Website is Encrypted – If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server- a powerful computer that collects and delivers content. Many websites, like banking sites, use encryption to protect your information as it travels from your computer to their server.
To determine if a website is encrypted, look for https at the start of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire account could be vulnerable. Look for https on every page you visit, not just when you sign in.
What About Mobile Apps? – Unlike websites, mobile apps don’t have a visible indicator like https. Researchers have found that many mobile apps don’t encrypt information properly, so it’s a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions – like filing your taxes, shopping with a credit card, or accessing your bank account- use a secure wireless network or your phone’s data network (often referred to as 3G or 4G). If you must use an unsecured wireless network for transactions, use the company’s mobile website, where you can check for the https at the start of the web address, rather than the company’s mobile app.
Don’t Assume a Wi-Fi Hotspot is Secure – Most Wi-Fi hotspots don’t encrypt the information you send over the internet and aren’t secure. In fact, if a network doesn’t require a WPA or WPA2 password, it’s probably not secure. If you use an unsecured network to log in to an unencrypted site, or a site that uses encryption only on the sign-in page, other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites- including sites that store your financial information.
Here’s how you can protect your information when using Wi-Fi:
When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider.
In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
Some Wi-Fi networks use encryption: WEP and WPA are common; WPA2 is the strongest.
Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPSEverywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – September 5, 2018

What are smart home devices?
Traditionally, only a few of your devices at home could connect to the Internet, such as your laptop, smartphone, or gaming console. However, today there are more and more devices connecting to the Internet, from your lightbulbs and speakers to your lV, door locks, and even your car. Soon, almost every device in your house could be connected to the Internet. These connected devices are often called the Internet of Things (IoT) or smart home devices. While these connected devices bring a great deal of convenience, they also bring unique dangers.
What’s the Problem? The more devices that are connected to your home’s network, the more that can go wrong. Hackers can program your devices to attack others, vendors can collect extensive information on your activities, or your devices could become infected and lock you out. Many of the companies making these devices have no experience with cyber security and see security as a cost. As a result, many of the devices you purchase have little or no security built into them. For example, some devices have default passwords that are well known or you cannot update or configure them.
How can I protect myself? So what can you do? We definitely want you to safely and securely leverage connected devices. These devices can provide wonderful features that make your life simpler. In addition, as the technology grows, you may have no choice but to use smart devices. Here are key steps you can take to protect yourself.
Connect Only What You Need: The simplest way to secure a device is to not connect it to the Internet. If you don’t need your device to be online, don’t connect it to your WI-Fl network. Do you really need your toaster sending notifications to your phone?
Know What You Have Connected: What devices do you have connected to your home network? Not sure or can’t remember? Turn off your wireless network and see what is no longer working. It may not catch everything, but you’ll be surprised at how many devices you forgot.
Keep Updated: Just like your computer and mobile devices, it’s critical to keep any and all of your devices up-to-date. If your device has the option to automatically update, enable that.
Passwords: Change the passwords on your devices to unique, strong passphrases only you know. You will most likely only have to enter them once. Can’t remember all your passphrases? Don’t worry, neither can we. Consider using a password manager to securely store them all.
Privacy Options: If your device allows you to configure privacy options, limit the amount of information it collects or shares. One option is to simply disable any information sharing capabilities.
Vendors: Buy your devices from a company that you know and trust. Look for products that support security, such as allowing you to enable automatic updating, change the default password and modify privacy settings.
Always listening: If a device can take your voice commands, it is constantly listening. For example, your Alexa and Google Home devices can record sensitive conversations. Consider that when you determine where to place the devices in your home and review the privacy options.
Guest Network: Consider putting your home devices on a separate “Guest” Wi-Fi network rather than the primary Wi-Fi network you use for your computers and mobile devices. This way, if any smart device is infected, your computers or mobile devices on your main network remain safe.
There is no reason to be afraid of new technologies, but do understand the risk they pose. By taking these few, simple steps you can help create a far more secure smart home.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – August 1, 2018

Phone call attacks and scams
When you think of cyber criminals, you probably think of an evil mastennind sitting behind a computer launching sophisticated attacks over the Internet. While many of today’s cyber criminals do use technologies like email or instant messaging, bad guys are also using the phone to trick their victims. There are two big advantages to using a phone. First, unlike email, there are fewer security technologies that monitor phone calls and can detect and stop an attack. Second, it is much easier for bad guys to convey emotion over the phone, which makes it more likely they can ttick their victims. Let’s learn how to spot and stop these attacks.
How do Phone Call Attacks Work?
First, you have to understand what these attackers are after. They usually want your money, infonnation, or access to your computer (or all three). They do this by tricking you into doing what they want. The bad guys call people around the world, creating situations that seem very urgent. They want to get you off-balance by scaring you so you won’t think clearly, and then
rush you into making a mistake. Some of the most common examples include:
The caller pretends that they are from a government tax department or a tax collection service and that you have unpaid taxes. They explain that if you don’t pay your taxes right away you will go to jail. They then pressure you to pay your taxes with your credit card over the phone.
This is a scam. Many tax departments, including the IRS, never call or email people. All official tax notifications are sent by regular mail.
The caller pretends they are Microsoft Tech Support and explain that your computer is infected. Once they convince you that you are infected, they pressure you into buying their software or giving them remote access to your computer. Microsoft will not call you at home.
You get an automated voicemail message that your bank account has been canceled, and that you have to call a number to reactivate it. When you call, you get an automated system that asks you to confitm your identity and asks you all sorts of private questions. This is really not your bank, they are simply recording all your information for identity fraud.
Protecting Yourself
The greatest defense you have against phone call attacks is yourself. Keep these things in mind:
Anytime anyone calls you and creates a tremendous sense of urgency, pressuring you to do something, be extremely suspicious. Even if the phone call seems OK at first, but then starts to feel strange, you can stop and say no at any time.
If you believe a phone call is an attack, simply hang up. If you want to confirm if the phone call was legitimate, go to the organization’s website (such as your bank) and get the customer support phone number and call them directly yourself. That way, you really know you are talking to the real organization.
Never trust Caller ID. Bad guys will often spoof the caller number so it looks like it is coming from a legitimate organization or has the same area code as your phone number.
Never allow a caller to take temporary control of your computer or trick you into downloading
software. This is how bad guys can infect your computer.
If a phone call is coming from someone you do not personally know, let the call go directly to voicemail. This way, you can review unknown calls on your own time. Even better, you can enable this by default on many phones with the “Do Not Disturb” feature.
Scams and attacks over the phone are on the rise. You are the best defense you have at detecting and stopping them.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – July 4, 2018

Stop that malware
You probably have heard of terms such as virus, Trojan, ransomware, or rootkit when people talk about cyber security. These are different types of malicious programs, called malware, that cyber criminals use to infect computers and devices. Once installed, they can do whatever they want. Learn what malware is, what danger it poses, and most importantly, what you can do to protect yourself from it.
Simply put, malware is software, a computer program, used to perform malicious actions. This term is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them. Once installed, malware can enable criminals to spy on your online activities, steal your passwords or files, or use your system to attack others. Malware can even take control of your own files, demanding that you pay a ransom to get them back. Many people believe that malware is a problem only for Windows computers. Unfortunately, malware can infect any device, from Mac computers and smartphones to DVRs and security cameras. The more computers and devices cyber criminals infect, the more money they can make. Therefore, everyone is a target, including you.
How to Protect Yourself – You may think that all you have to do is install a security program like anti-virus software and you are safe from getting infected. Unfortunately, anti-virus cannot stop all malware. Cyber criminals are constantly developing new and more sophisticated malware that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways it has become an arms race, and the bad guys are usually one step ahead. Since you cannot rely on anti-virus alone, there are additional steps you should take to protect yourself.
Cyber criminals often infect computers or devices by exploiting vulnerabilities in your software. The more current your software is, the fewer vulnerabilities your systems have and the harder it is for cyber criminals to infect them. Make sure your operating systems, applications, browser and browser plugins, and devices are always updated and current. The easiest way to ensure this is to enable automatic updating whenever possible.
A common way cyber criminals infect computers or mobile devices is by creating fake computer programs or mobile apps, posting them on the Internet, and then tricking you into downloading and installing one. Only download and install programs or apps from trusted online stores. Also, stay away from mobile apps that are brand new, have few positive reviews, are rarely updated, or have been downloaded by a small number of people.
No longer using a computer program or mobile app? Delete it.
A Cyber criminals often trick people into installing malware for them. For instance, they might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you were to open the attached file or click on the link, you would activate malicious code that installs malware on your system. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be suspicious, common sense is often your best defense.
Regularly back up your system and files to Cloud-based services, or store your backups offline, such as on disconnected external drives. This protects your backups in case malware attempts to encrypt or erase them.
Backups are critical. They are often the only way you can recover from a malware infection.
Ultimately, the best way to defend against malware is to keep all your software and devices up-to-date, install trusted antivirus software when possible, and be alert for anyone attempting to trick you into infecting your own system. When all else fails, regular backups are often the only way you can recover.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Loading
X

Forgot Password?

Join Us

Password Reset
Please enter your e-mail address. You will receive a new password via e-mail.