Cybersecurity resources

 

Staying safe online

One wrong click could let hackers steal your identity, access your financial accounts, or encrypt all the information on your hard drive and demand a ransom to get it back.

The bad actors who want to steal your information are constantly getting better at what they do. It's no longer sufficient to install anti-virus software on your computer and call it good.

Here are six ways to help protect yourself online:

• Use one credit card for all online purchases: Credit cards are safer than debit cards for online purchases. The Fair Credit Billing Act protects credit card use, and using one card limits the potential for financial fraud to affect all of your accounts. Even so, check your statements regularly.
• Don't use the same login and password for all your accounts. Make sure the passwords you do use contain more than ten characters, with numbers, special characters, and upper and lower case letters.
• Add a layer of security by requiring another form of identification€Š-€Šin addition to a login and password€Š-€Što gain access to your accounts. Many companies, like Google for example, allow a "two-step" authentication that involves sending a code to your phone by text in order to login.
• Don't trust your email. It's becoming increasingly difficult to distinguish phishing attempts by hackers from legitimate messages. (Including those sent through social media) If a message contains a link to a web page offering a great deal, do not click the link. Go to the company web page directly. Same rule holds true for attachments.
• Look for "https" in the internet address (URL) when making an online purchase. The "s" in "https" stands for "secure" and shows that communication with the webpage is encrypted. This helps ensure your information is transmitted safely to the merchant and no one can spy on it. You can also look for the lock symbol (sometimes it's green) in the internet address bar.
• Do not use public computers or public wireless internet access for your online shopping. Public computers and wireless networks can contain viruses and other malware that steal your information, which can lead to identity theft and financial fraud.

For more information, here are some additional resources:

• Federal Trade Commission
• Stop.Think.Connect
• U.S. Cybersecurity and Infrastructure Security Agency (CISA)

Secure your network

The digital keys to your life likely reside inside a single device in your home€Š-€Šthe ubiquitous wireless router.

When unsecured, wireless routers can let hackers access any device connected to your home network, including TVs, smartphones and computers. The bad guys can also take control of your devices to launch attacks on other networks, and even assume your identity based on information taken from your system.

This is a growing problem. The vast majority of U.S. households now have wireless internet access. All too often, internet users do a poor job of protecting their home networks. A common mistake is to rely on default logins and passwords issued by the router manufacturer, or use an easily guessed combination such as "admin/password."

In addition, many people also stick with the default broadcast SSID used by the router€Š-€Šwhat you see when you sign into your wireless account€Š-€Šwhich often identifies the make and model. That's an immediate tip off to hackers that the person who installed the network may not have taken the time to change anything else.

You may want to consider taking the following steps to help protect your network from bad actors:

• As soon as you set up your wireless network, immediately change the SSID, or name of the network. Leaving the default name lets hackers know what kind of system you're using. They likely also know the default login and password for the system as well, because that information is widely available.
• Given that, you should also change the default login and password. Use a strong password that's at least 12 characters long.
• Turn on the highest level of encryption for your router.
• Create a guest network for visitors to your home that uses a separate password.
• Make sure to update the router firmware regularly. The updates will fix known security vulnerabilities that could allow hackers to access your network.
• Regularly check to make sure you recognize all devices connected to your network, and block any you don't recognize.

Device disposal tips

Before you toss your old cellphone, computer or gaming console in the garbage, consider all the sensitive information you may have stored on the device over the years that hackers would love to have - including financial information, passwords and social media accounts.

Simply deleting files or erasing storage devices isn't enough. When you delete files, although the files may appear to have been removed - data remains on the media even after a delete or format command is executed. Bad actors with even limited technical ability can easily recover the information.

Here are some methods recommended by US-CERT for cleaning devices before you get rid of them:

Computers: Use "Secure erase," which is a set of commands in the firmware of most computer hard drives. If you select a program that runs the secure erase command set, it will erase the data by overwriting all areas of the hard drive. Alternately you can use a "Disk wiping" utility that erases sensitive information on hard drives and securely wipes flash drives and secure digital cards.

Smart Phones/Tablets: Ensure that all data is removed from your device by performing a "hard reset." This will return the device to its original factory settings. Each device has a different hard reset procedure, but most smartphones and tablets can be reset through their settings. In addition, physically remove the memory card and the subscriber identity module (SIM) card, if your device has one.

Digital cameras, media players, and gaming consoles: Perform a standard factory reset (i.e., a hard reset) and physically remove the hard drive or memory card.

Office equipment (e.g., copiers, printers, fax machines, multifunction devices): Remove any memory cards from the equipment. Perform a full manufacture reset to restore the equipment to its factory default.

Destroying: Physical destruction of a device is the ultimate way to prevent others from retrieving your information. Specialized services are available that will disintegrate, burn, melt, or pulverize your computer drive and other devices. These sanitization methods are designed to completely destroy the media and are typically carried out at an outsourced metal destruction or licensed incineration facility. If you choose not to use a service, you can destroy your hard drive by driving nails or drilling holes into the device yourself. The remaining physical pieces of the drive must be small enough (at least 1/125 inches) that your information cannot be reconstructed from them.

Tabletop exercises

Training is a critical step in being prepared to respond to real cybersecurity incidents. A quick and easy way to help prepare your team is to hold short 15 minute table top exercises every month. Here are a few of the important questions you may want to ask while holding a tabletop exercise:

• Do you have a Cybersecurity Incident Response Plan?

• Do you have compliance requirements you must adhere to? (PCI-DSS, HIPPA, FISMA, IRS, or Sarbanes-Oxley)

• Who should you notify internally in your organization? External to your organization?

• Do you have a backup point-of-contact for key roles in your organization? (For example, who do you contact if the manager who handles cybersecurity issues is out sick or out of town on vacation?)

• What are the resources available to your team?

• Who do you contact to get more resources? (For example: consultation, equipment, or additional cybersecurity professionals.)

 

Here are some tabletop exercises you can use:

• An employee casually remarks about how generous it is of state officials to provide the handful of USB drives on the conference room table, embossed with the State logo. After making some inquiries you find there is no state program to provide USB drives to employees -.

• Your agency has received various complaints about slow internet access and that your website is inaccessible. After further investigation, it is determined that your agency is a victim of a DNS amplification attack which is currently overwhelming your DNS server and network bandwidth -

• Have one or two people from your agency visit two sites recommended by our federal partners as safe for browsing. Have the team identify which logs would be needed to trace this activity through the network -

• The news is reporting that a major chemical plant, located 2 miles away, has had a significant toxic chemical leak. There is a chemical "cloud" and your office building is in the path of the plume -

• A pandemic flu starts. Employees start calling in sick, but it's not clear if they are ill or afraid to go out in public. Enough people are absent that the organization struggles to maintain the IT infrastructure -

• Your agency has received a phone call indicating that you will experience a Telephony Denial of Service (TDoS) attack beginning in two days unless you pay a ransom by 12 p.m. local time -

• An international terrorist group publicly claims successful cyber attacks on various government organizations. You learn that your organization's official social media accounts have been compromised and someone is sending out notifications through your social media website to your public claiming that your organization has been compromised -

• You receive news that an employee accidentally disclosed sensitive personally identifiable information records. This occurred when they accidentally emailed a document that had not been properly scrubbed to a contractor ...

• One of your organization's internal departments frequently uses outside cloud storage to store large amounts of data, some of which may be considered sensitive. You have recently learned that the cloud storage provider that is being used has been publically compromised and large amounts of data have been exposed -

• Numerous sensitive internal documents are found on the internet. It appears that the multi-function printer/copier is connected to an external facing IP. All documents found on the internet are known to have been printed or copied on this machine -

• An employee calls to ask for the password for the Wi-Fi network, indicating they would like to use it on their personal cellphone. You don't have a Wi-Fi network. A scan of the building indicates there are 4 Wi-Fi networks broadcasting a variety of names that suggest people are using them for work purposes -

• Malware containing a backdoor is discovered on the surveillance cameras used in sensitive locations, including the conference room used by senior executives. It was determined that the cameras were active during several meetings -

• A routine financial audit reveals that several people receiving paychecks are not, and have never been, on payroll -

• A severe vulnerability has been identified in a common open source application that is used to securely transmit information. This common application provides communication security for application such as web email, instant messaging and some virtual private networks ...

• The browser deployed on all machines in your organization has a significant zero-day vulnerability which is actively being exploited ...

• You have been notified that a device, which appears to control an aspect of building management (such as a water valve or HVAC), is found to be accessible from the internet -

• An executive from your organization has been requested to speak at an international symposium. The country, known for past espionage, has a customs policy that requires off-site "inspection" of computers, smartphones, and other technologies -

• Cybersecurity has become a big topic of interest to the leadership of your organization. How do you develop a holistic, cost-effective security awareness program?

• One of your websites has been compromised and is hosting a propaganda video by a hacktivist group -

• Upon review of your logs, several of your organization's internet facing assets are being scanned. After investigation, the scans are originating from what seems to be a legitimate private cyber security company that refuses to disclose any information -

• You have been notified that your organization may be targeted through spear phishing emails and social engineering phone calls ...

• You've been receiving emails from concerned citizens that one of your websites has been periodically unavailable. In addition, you are informed that a known hacktivist has tweeted your website's address -