Be An IT Ambassador For Cyber Security Awareness Month

By Ross Oliver – Senior Technical Consultant

October is Cyber Security Awareness Month and got off to an exciting start with major new security breaches at Experian, Scottrade, and Trump Hotels. Many of us in the IT world deal with security on a daily basis, but others in our communities may not have the same expertise. Take the opportunity this month to reach out and help educate the non-IT communities.

Some ways you can contribute to include:

• Share knowledge on social media
• Speak to a non-IT group (Chambers of Commerce, trade organizations, PTA)
• Write brief tips and articles for email alerts, newsletters
• Share Cyber Security resources

Here is my current cybersecurity hit list, focusing on issues that can cause significant financial loss:

Wire transfer fraud via fake emails

• Strikes individuals as well as businesses
• FBI estimates nearly $800 million lost so far in 2015 alone
• More information: http://www.ic3.gov/media/2015/150827-1.aspx

Tax return fraud

• Thieves file a tax return under the victim’s name to steal refund
• Weak passwords on TurboTax accounts have recently become a target
• Not on most people’s radar in October, but comes roaring back every January



Unsolicited phone calls for tech support “help”

• The caller identifies him/herself as from Microsoft, Dell, HP, or a major ISP
• Claims victim’s computer “has a virus” and caller can fix it for a price
• Takes money, causes new infection, or both
• Just hang up
• More information: http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

ATM skimming

• Thieves have applied a substantial amount of technology
• Most at risk: freestanding ATMs in public areas
• Use only ATMs at banks
• Cover the PIN pad
• Keep a close watch on your bank statements; promptly report any discrepancies.
• Use text and email alerts to learn of possible unauthorized transactions
• More information: https://www.fbi.gov/news/stories/2011/july/atm_071411

Credit card data breaches

• Consumers are protected against direct loss
• Primary risk use of stolen data to incur unauthorized debt in your name (misleadingly called “identity theft”)
• Credit monitoring services are of minimal value
• “Credit freeze” is the most effective defense: http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

A compromised PC may not cause the owner direct financial loss, but armies of them are essential to a wide variety of cybercrimes. Krebs has a fascinating analysis of the many ways a compromised PC can be used by cybercriminals: http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

Tips for keeping PCs secure and cleaning up infected PCs is an entire topic itself, to be addressed in a future post.

A collection of Cyber Security resources for non-technical computer and Internet users:

• StaySafeOnline.org: information and education sponsored by major technology companies.
• Microsoft Safety and Security Center http://www.microsoft.com/security
• Internet Crime Complaint Center — FBI web site for reporting Internet-related crimes; also hosts a number of informational alerts. www.ic3.gov
• IRS Tax Scams and Consumer Alerts — Information about both Internet and non-Internet tax return scams http://www.irs.gov/uac/Tax-Scams-Consumer-Alerts
• Tips from the US-CERT — US-CERT is primarily a technical resource, but offers information for non-technical people as well. https://www.us-cert.gov/ncas/tips
• Department of Homeland Security “Stop. Think. Connect” campaignhttp://www.dhs.gov/stopthinkconnect

IT professionals can reduce the number and impact of cybersecurity incidents by helping to inform the general public about how to recognize and avoid these common threats. Let’s make the only scary part of October the Halloween costumes!