Category: Cyber-Security

Staying Safe Online – September 2, 2020

Virtual conferencing safely and securely
What is Virtual Conferencing? With so many of us now working from home, you are most likely finding yourself remotely connecting with your co-workers using virtual conferencing solutions like Zoom, Slack, or Microsoft Teams. Your family members, perhaps even your children, may also be using these same technologies to connect with friends or for remote learning. Regardless of why you are connecting, here are key steps you can take to make the most of these technologies safely and securely.
Attending a Virtual Conference – If you will be attending a virtual conference, here are five key steps.
1. Update the Software: Make sure you are always using the latest version of the conferencing software. The more recent and updated your software, the more secure you will be. Enable automatic updating and quit your program when done, so it can check for the latest updates the next time you restart.
2. Configure Audio/Video Settings: Set your preferences to mute your microphone and turn off your video when joining a meeting and enable them only when you want. Consider placing a webcam cover or tape over your computer’s camera to ensure privacy when you’re not actively broadcasting. Remember: if your camera is on, everyone can see what you are doing even when you are not talking.
3. Double-Check What’s Behind You: If you want to enable your webcam, be aware of what’s behind you. Ensure you do not have any personal or sensitive information visible behind you during a call. Some video conferencing software lets you blur or use a virtual background, so people cannot see what is behind you.
4. Don’t Share Your Invite: The invite link is your personal ticket to enter the meeting. Even if a trusted co-worker needs the link, it’s much better they ask the conference organizer for their own invite.
5. Do Not Record: Do not take screenshots of or record the conference call without permission. You could accidentally share very sensitive information if those screenshots or recordings become public.
Hosting a Virtual Conference – If you will be hosting a virtual conference, here are some additional steps you should take.
1. Require a Password: To protect the privacy and security of your conference and control who can join, protect your meeting with a password. This way only people who have the conference password can join the event.
2. Review Attendees: Review the people attending your event. If there is someone you do not know or cannot identify, have that person confirm their identity. If you have any concerns, or if someone is being rude or disruptive, remove them from the conference. Many solutions offer the option to lock the conference once it has begun, so no one else can join unless you let them in. Another option may be to initially place people in a virtual waiting room, so you can approve who joins the call.
3. Inform if Recording: If you intend to record the event (and have permission to record), be sure to inform everyone on the conference ahead of time.
4. Sharing Your Screen: If you will be sharing your computer screen at any point, be sure to first close all other applications and remove any sensitive files from your computer’s desktop. Also disable any pop-up notifications. This helps ensure you don’t accidentally share sensitive or embarrassing information while sharing your computer screen. Another option is to consider sharing just the program you want to show instead of sharing your entire computer screen.
These technologies are a fantastic tool and, in many ways, represent the future of how we will work, collaborate, and communicate with others. These simple steps will go a long way to ensure you safely and securely make the most of them.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – August 5, 2020

Utility company calling? Don’t fall for it.
By Jim Kreidler,Consumer Education Specialist, FTC
Every day, millions of people who have lost their jobs are making difficult choices about how to pay their bills. As the Coronavirus continues to spread, scammers are taking advantage of people’s heightened economic anxiety. Their latest ploy is posing as representatives from utility companies to dupe people out of their cash and personal information by convincing them their utilities will be shut off if they don’t pay.
If you get a call from someone claiming to be your utility company, here are some things you can do:
Thank the caller for the information. Then firmly tell them you will contact the utility company directly using the number on your bill or on the company’s website.
Even if the caller insists you have a past due bill or your services will be shut off, never give banking information over the phone unless you place the call to a number you know is legitimate.
Utility companies don’t demand banking information by email or phone. And they won’t force you to pay by phone as your only option.
If the caller demands payment by gift card, cash reload card, wiring money or cryptocurrency, it is a scam. Legitimate companies don’t demand payment by gift cards (like iTunes or Amazon), cash reload cards (like MoneyPak, Vanilla, or Reloadit), or cryptocurrency (like Bitcoin).
Tell your friends and loved ones about the scam so they can protect themselves. If you got this scam call, others in your community probably did to. We know when people hear about scams, they’re much more likely to avoid them.
Tell the Federal Trade Commission (FTC). Your reports help the FTC and our law enforcement partners stop scammers.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – July 1, 2020

6 steps to securing IoT and taking back your privacy
In today’s world we are more connected than ever- not only to each other, but to our devices. For example, people now have the ability to open and close their garage doors and even start their cars directly from their phones. But what information do we put at risk when we do all of these amazing things? Securing Internet of Things (IoT) devices and keeping personally identifiable information (PII) safe and secure these days is of the utmost importance.
When you buy the latest IoT device, you need to be aware of two things: First, IoT devices collect your information, and second, that information is always accessible.
So, what exactly is information collection? Think of a common steaming service, like Netflix. Once you sign up, you’ll start receiving emails from Netflix letting you know they’ve added a new TV show that you might enjoy. And the thing is, they’re usually right! That’s because your viewing history and ratings have been transmitted through an algorithm to determine what else you’d be willing to watch, and thus, continue your subscription.
Now imagine every device you have on your home network collecting this type of information. It’s a scary thought! While technology enables you to control your life from your fingertips, your information is at everyone else’s fingertips as well. Security isn’t fun or flashy, and because of this, some companies do not give it the consideration it deserves before they bring their products to market.
Very often when you buy an IoT device or utilize a company’s service you have unknowingly allowed them to collect information about you. That agreement you have to sign before you can use any of their items is written by their lawyers, and unfortunately, without saying yes you can’t use that fancy new gadget. All of these companies know it, which is why hundreds of pages sit between you and your new purchase.
Always verify a charity’s authenticity before making donations. For assistance with verification, utilize the Federal Trade Commission’s (FTC) page on Charity Scams.
1. Change Default Passwords. On devices that are connected to your network you should always make sure you change the default password. It doesn’t matter if it’s a new security camera or a new fridge. Creating new credentials is the very first step in securing your IoT devices and protecting your privacy.
2. Automatic Patches and Updates. In today’s “set it and forget it” society, many electronic devices can take care of themselves. Quite often technology has a setting that allow for automatic updates. This is an important setting to turn on when securing IoT devices.
3. Set-up Multi-factor Authentication (MFA). MFA security settings are growing in popularity. This is as simple as receiving a text or code that you need to type in while signing on to a system. Often times within the account preferences of your device, you can set up an Authentication Application. If you can’t find this option call customer service, chances are it exists somewhere.
4. Utilize a Password Manager. Keep usernames and passwords unique. Most password manager applications can generate a random password for you, and will allow you to store them safely.
5. Update Default Settings. Check to see which settings are turned on by default, especially if you don’t know what they mean. If you are unfamiliar with FTP or UPnP, chances are you are not going to use them, or even notice that they are off.
6. Avoid Public Wi-Fi. It may be convenient to connect to a public Wi-Fi, but think again! If the Wi-Fi network does not require a password, then anyone can listen in on your computer’s information. Some public Wi-Fi networks are deliberately set up in the hopes that people will use it so they can steal information or credentials.
Remember that just like you lock your front door to protect the valuables inside, these days you also need to lock your IoT devices to protect your information and your privacy.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – June 3, 2020

The Power of Updating
You may not realize it but cyber attackers are constantly looking for and finding new vulnerabilities and weaknesses in the software people use every day. This software may run your laptop, could be the mobile apps you use on your smartphone, or perhaps even the software in your baby monitor or other devices in your home. Bad guys take advantage of these software weaknesses, allowing them to remotely break into devices around the world. At the same time, the software and device vendors are constantly developing fixes for these weaknesses and pushing fixes out as software updates. One of the best ways you can protect yourself is to ensure the technologies you use all have the latest updates, making it much harder for cyber attackers to break into them.
How Updating Works. When a software vulnerability is discovered, a software update (also known as a patch) is developed and released by the vendor. Most software programs and devices nowadays have a mechanism to connect over the Internet to a vendor’s server to obtain the software update. This update, nothing more than a small program, typically installs itself and fixes the vulnerability. Examples of software you need to update are the operating systems that run your laptop (such as Microsoft Windows or OSX) or run your smartphone (such as Android or iOS). Additionally, but often overlooked, you need to update the programs that run on your devices, such as your laptop’s web browser, word processor, messaging software or your phone’s mobile apps (especially social media apps).
This is why, whenever you purchase a new computer program or a new mobile app, check first to be sure the software vendor is actively updating the program or device. The longer software goes without any updates, the more likely it has vulnerabilities that cyber criminals can exploit. This is why many vendors, such as Microsoft, automatically release new patches at least every single month.
Finally, if you are no longer using a certain computer program, software or mobile app, remove it from your system. The less software you have to update, the more secure you are.
Updating. There are two general ways of updating a system: Automatic – Whenever a device, operating system, program, or mobile app detects that a new update has been released by the vendor, it automatically downloads and installs the update. The advantage of automatic updates is that you don’t have to do anything.
The software ensures that the technologies you are using are current. Manual – When an update for a device, operating system, program, or mobile app is available, you must manually download and install the update.
This gives you more control over what and when updates are installed. Larger organizations (such as hospitals or utilities) typically like manual updates because it allows them to test the changes first to detect and address any issues caused by the update.
Up-to-date devices and software make it that much harder for any bad guys to attack them. Enabling automatic updates is one of the simplest and most effective ways to protect yourself and securely make the most of today’s technology.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust

Staying Safe Online – May 6, 2020

Password Managers
Password managers work by storing all of your passwords in a database, which is sometimes called a vault. The password manager encrypts the vault’s contents and protects it with a master password that only you know. When you need your passwords, such as to log in to your online bank or email account, you simply type your master password into your password manager to unlock the vault. The password manager will automatically retrieve the correct password and securely log you in to the website. You no longer have to remember your passwords or manually log in to your accounts.
In addition, most password managers include the ability to automatically synchronize across multiple devices. This way, when you update a password on your laptop, those changes are synchronized to all your other devices. Finally, most password managers detect when you’re attempting to create a new online account or update the password for an existing account, and they automatically update the vault for you.
It’s critical that the master password you use to protect the password manager is long and unique. In fact, we recommend you make your master password a passphrase – a long password made up of multiple words or phrases. If your password manager supports two-step verification, use that for your master password as well. Finally, be sure you remember your master passphrase. If you forget it, you will not be able to access any of your other passwords.
There are many password managers to choose from. When trying to find the one that’s best for you, keep the following in mind:
Your password manager should be simple to use. If you find the solution too complex to understand, find a different one that better fits your style and expertise.
The password manager should work on all devices you need to use passwords on. It should also be easy to keep your passwords synchronized across all your devices.
Use only well-known and trusted password managers. Be wary of products that have not been around for a long time or have little or no community feedback. Cybercriminals can create fake password managers to steal your information. Also, be very suspicious of vendors that promote they developed their own encryption solution.
Avoid any password manager that claims to be able to recover your master password for you. This means they know your master password, which exposes you to too much risk.
Make sure whatever solution you choose, the vendor continues to actively update and patch the password manager, and be especially sure you are always using the most recent version.
The password manager should give you the option of storing other sensitive data, such as the answers to your secret security questions, credit card information, and frequent flier numbers.
Consider writing your master passphrase in a sealed envelope and storing it in a locked cabinet, physical safe, or lockbox.
Password managers are a great way to securely store all your passwords and other sensitive data, such as credit card numbers.
However, make sure to use a unique, strong master passphrase and always use the latest version of whichever solution you choose.
A Public Service Announcement Courtesy of Cedar Valley Bank & Trust


Fostered on The Farm