The most recent SANS Institute Security Awareness Tips
Updated: 23 min 45 sec ago
The Dark Web is a network of systems connected to the Internet designed to share information securely and anonymously. These capabilities are abused by cyber criminals to enable their activities, for example selling hacking tools or purchasing stolen information such as credit card data. Be aware that your information could be floating around the Dark Web, making it easier for cyber criminals to create custom attacks targeting you..
Ransomware is a special type of malware. Once it infected your computer, it encrypts all of your files and demands you pay a ransom if you want your files back. Be suspicious of any emails trying to trick you into opening infected attachments or click on malicious links, common sense is your best defense. In addition. backups are often the only way you can recover from ransomware.
Eventually, we all have an accident or get hacked. And when we do, backups are often the only way to recover. Backups are cheap and easy; make sure you are backing up all of your personal information at home (such as family photos) on a regular basis.
Fake news is a false narrative that is published and promoted as if it were true. People (and organizations) create fake news to control and manipulate your thoughts and actions. Be skeptical of what you read on the Internet, use trusted sources that are vetted, check their motivations and funding.
The first step to creating a cybersecure home is to start by securing your Wi-Fi Access Point. Change your Wi-Fi Access Points default administrator password to something only you know. Many Wi-Fi Access Points or Wi-Fi routers are shipped with default administrator passwords that are publicly known and posted on the Internet.
You may be aware that cyber attacks will try to trick you over the phone or through email using phishing attacks, but do you realize they may try to attack you also over social media channels, such as Snapchat, Twitter, Facebook, or LinkedIn? Just like in email, if you get any social media messages that are highly urgent or too good to be true, it may be an attack.
Have you considered a career in cybersecurity? It is a fast-paced, highly dynamic field with a huge number of specialties to choose from, including forensics, endpoint security, critical infrastructure, incident response, secure coding, and awareness and training. In addition, a career in cybersecurity allows you to work almost anywhere in the world, with amazing benefits and an opportunity to make a real difference. However, the most exciting thing is you do NOT need a technical background, anyone can get started.
CEO Fraud / BEC is a type of targeted email attack. It commonly involves a cyber criminal pretending to be your boss or a senior leader and then tricking you into sending the criminal highly sensitive information, buying gift cards or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures.
When you forward an email to others or copy new people to an email thread, review all the content in the entire email and make sure the information contained in it is suitable for everyone. It is very easy to forward emails to others, not realizing there is highly sensitive information in the bottom of the email that people should not have access to.
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
Cyber criminals now have a wealth of information on almost all of us. With so many organizations getting hacked, cyber criminals simply purchase databases with personal information on millions of people, then use that information to customize their attacks, making them far more realistic. Just because an urgent email has your home address, phone number, or birth date in it does not mean it is legitimate.
Identity theft is when someone steals information about you and then uses that information to pretend to be you and commit crimes, such as credit card fraud. One of the key steps to protecting yourself is monitoring your financial, credit score and credit card accounts. The sooner you detect fraud in any of these accounts, the sooner you can minimize the damage.
You may not realize it, but you are a target. Your computer, work, personal accounts, and your information are all highly valuable to cyber criminals. Be mindful that bad guys are out to get you.
Virtual Private Networks (VPN) create encrypted tunnels when you connect to the Internet. They are a fantastic way to protect your privacy and data, especially when traveling and connecting to untrusted or unknown networks, such as at hotels or coffee shops. Use a VPN whenever possible, both for work and personal use.
Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it's so important you use common sense and be wary of any messages that seem odd or suspicious.
Using technology securely can be overwhelming or confusing, especially for those who did not grow up with it. When helping secure those who are uncomfortable with technology focus on just the basics - 1) be aware of social engineering attacks 2) secure your home network 3) keep your systems updated 4) use strong, unique passwords 5) backup your key personal data
Two-step verification (also called two-factor authentication or 2FA) is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. At a minimum enable two-step verification for your most important accounts such as email, financial and retirement accounts.
Do you plan on giving away or selling one of your older mobile devices? Make sure you wipe or reset your device before disposing of it. If you don't, the next person who owns it will have access to all of your accounts and personal information.
Ever wonder just how much information is publicly available about you? Ever wonder how cyber criminals harvest information and customize attacks for their victims? The technique is called Open Source Intelligence (OSINT) and it is far simpler and more powerful than you think.
Never give your password to someone over the phone. If someone calls you and asks for your password while saying they are from the Help Desk or Tech Support team, it is most likely an attacker attempting to gain access to your account.