Cyber security, computer security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.
- Information Security Resources
- External Resources
Multi-State Information Sharing and Analysis Center
- The mission of the MS-ISAC is to improve the overall cybersecurity posture of U.S. State, Local, Tribal and Territorial (SLTT) government organizations through coordination, collaboration and cooperation, and increased communication.
Why You Should Avoid Using Public WiFi
- Wi-Fi users are at risk from hackers but fortunately, there are safeguards against them. The recent explosion of free public Wi-Fi has been an enormous boon for working professionals
How To Prevent Social Engineering Attacks
- When we think about cyber-security, most of us think about defending ourselves against hackers who use technological weaknesses to attack data networks. But there is another way into organizations and networks, and that's taking advantage of human weakness.
- Wireless providers and the broader wireless ecosystem work relentlessly to protect networks and devices and to stay ahead of constantly evolving cyber dangers.
- Keeping your computer secure helps you avoid malware and direct hacking attempts designed to steal your personal information. Here are some ways you can help reduce your online risk when you use your computer at home.
- RedHerring is a Phishing awareness product developed by the San Diego County Office of Education (SDCOE) with school district employees in mind. Phishing has become a huge issue in the recent years having shot up almost 600% since the start of the pandemic in 2020.
- Malicious cyber activity threatens the public’s safety and our national and economic security. Our goal is to change the behavior of criminals and nation-states who believe they can compromise U.S. networks, steal financial and intellectual property, and put critical infrastructure at risk without facing risk themselves.
- Develop, validate, and promote timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.
- Regardless of size, CISA recommends all organizations adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
- NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.
- CISA leads the Nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services and American way of life.
- Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have diverted security program resources from the constantly evolving attacks that must be addressed.
Security Training & Awareness
Cyber security is at the focal point of all operational activities in this Internet era. The digital world is on rapid growth, and at the same time, cyber-attacks and criminals have relied on using digital skills and assets to spearhead their motives. With the high growth of the Internet, much information and data are shared online. As a result, this data is vulnerable to cybercriminals. Globally, cyber-attacks are widespread. Phishing is a form of cyber-attack involving an email or text that is exploited and designed to trick a person into giving their personal information. Phishing attacks rely on social networking techniques to mask themselves as reputable entities or a person to distribute malicious links or attachments that can perform malicious functions.
Phishing is one of the most common cyber-attacks. Phishing relies on the use of emails. Text or phone to entice an individual into providing critical, personal, or sensitive information that may range from passwords to personal numbers and credit card passwords. Phishing attacks may lead to a more significant loss of the victim's sensitive information, identity theft, and loss of company secrets. Today, Phishing can use many forms of communication and has evolved from a low-level attack scheme to a more sophisticated attack targeting corporations and government agencies.
Different Types of Phising:
Cybercriminals continue to evolve and hone their skills in creating and making new sophisticated phishing scams. Some of the most common types of phishing attacks include:
Whaling attacks: This is a form of social engineering tactics that targets the executive level employees in an organization. This attack involves stealing a large sum and often appears as a command from an executive to authorize a larger payment from a vendor.
Email phishing: This is a form of attack where an attacker sends illegitimate emails asking for personal credentials or logins details
Clone phishing: This is a form of attack that involves an exact duplicate of an email to make it appear as legitimate as possible. It works by removing the doubt from the victim.
Pharming: It is a form of Phishing that uses Domain Name Server (DNS) temporary storage of information to redirect users from a possible legitimate site to a fraudulent one. It works by tricking the users into attempting to access and log in to the fake site.
Spear phishing attack: This attack is directed at a specific individual or an organization. This form of attack mainly gathers personal information about a victim and makes it look authentic.
In conclusion, phishing schemas have become very sophisticated and more varied today. It has made this attack to be more dangerous than before. With the innovation of social media, an attacker can potentially commit many data breaches, loss of data, and theft since more modern technologies like AI are being used to mimic the behavioral patterns of people. Since the end user is the weak link of any phishing attack, there is a need for end-user awareness and training on security measures to recognize and mitigate phishing attacks. The key to protecting and managing phishing attacks is recognizing any social engineering tricks as soon as possible.
Sample ransomware image
What is Ransomware?
Ransomware is a form of malware that encrypts/locks a computer’s files so they become inaccessible and unencryptable without a key. The attacker then demands money and promises to restore access upon receiving payment. Users will usually be shown a screen like the one on the left nstructing them on where to pay for the ransom, which can range from a few hundred dollars to thousands or even millions of dollars, depending on how valuable your data may seem to them. Usually smaller dollar values result in future ransom attempts.
How can we make our passwords more secure?
One way to prevent data loss or breaches in the company is by better securing our accounts. Suggestions include using stronger and longer passwords or using passwords that have not been previously identified in breaches. . As individuals, we may feel that our passwords are secure and not easily guessed, however a study conducted in 2018 by the UK’s National Cyber Security Center (NCSC), revealed the 3 most common passwords used in the year:
1. 123456
2. password
3. 123456789
These passwords had no complexity to them. Not only that, but as more data leaks are happening, usernames and commonly used passwords are being stored in word lists, which hackers then use to crack your password. Below is a password security checklist on how to keep your password secure.
- Never Share Your Password: No one should ever know your password except you. Never store your password in a document or write it down on paper. If possible, your password should stay in your head and in the system you are logging into.
- Create a Strong Password: What is a strong password? There are 3 key factors to creating a strong password. Number 1 is length. The rule is for passwords to be complex; they should have a minimum of 8 characters, but preferably 16 characters. Number 2 is the character sets you use. Using a mixture of lowercase, uppercase, and numbers can make a complex password. It just depends on what you use. ThisIsMyP@ssword is way more complex than thisismypassword for a computer to guess. Number 3 is avoid common words. Common words have already been compiled into a word list for hackers to use a dictionary attack on.
- Change Your Password: It does not have to happen every 30, 60, or 90 days, but a general rule would be to change your password at least once every 6 months.
- Different Passwords for Different Sites: Do not use one master password for everything. If an attacker gets your password, they have the key to your whole kingdom. You will have to change every single password.
- Use Two-Factor Authentication: As it is being enforced in a lot of companies, it is good to use two factor authentication on all your accounts. Two Factor Authentication can feel annoying and tedious at first, but it gives you an added layer of protection if someone figures out your password, but logs into it from another location.
Password Security is important when protecting our accounts from malicious activity. If you would like to learn more about Cybersecurity and how we can stay safe online, visit our website www.lacoe.edu/cybersecurity for more tips and training.
Data breaches have become a significant setback for many organizations across the globe. As technologies that capture and analyze data proliferate, so do businesses' ability to contextualize data and draw new insights. Through consumer behavior and predictive analytics companies regularly capture, store and analyze large amounts of daily quantitative and qualitative data on their consumer base. Many modern organizational businesses have been centered and built around consumer data. Data breaches are all too familiar since cyber criminals are becoming more intelligent about hacking target systems.
Capturing large amounts of data creates the problem of best securing this data against breaches. The BIG question often asked by consumers is, “How safe is my Data?” Below are measures organizations can fulfill and use to protect client data against attackers.
- Organizations should implement full disk protection measures and encrypt sensitive data. Data should be held securely. This includes encrypting data when not in use, when in transit, and storing it as an encrypted file in a safe password-protected environment. Organizations must protect their website by installing a Secure Socket Layer (SSL) certificate.
- Capacity building and educating their employees.
- Employees are always the weakest link against data protection. Train staff about general data protection regulation a requirement imposed by the United Nations and limit personal technology, such as personal computers, when accessing sensitive customers data
- Organizations need to implement a data protection policy that guides employees on how to protect and store customers' data securely.
- They should implement and ensure effective endpoint security measures, network protection measures, and email protection that will help filter out spam, malware, and any dangerous files that might harm and infect the systems.
- Securely back up client data: Organizations need to enforce a regular backup schedule for backing up data in a safe and secure location. Data recovery plans and measures should be enforced just in case of a breach.
- There is a need to implement a device control strategy to identify and control the use of removable storage devices. This helps to stop personally identifiable information (PII) and intellectual property (IP) from being accessed and going out.
- Organizations must implement and segregate the networks with good firewalls that manage and control the internal departments as possible hostile to each other rather than having one extensive enclosed department. There is a need to implement VLAN and other network security measures.
- Organizations need to have a patch assessment tool that will help to ensure the applications and operating systems being used within the organizations are up to date and have the latest security fixes.
- There is a need to install endpoint protection software and secure web gateway measures that can help to identify and block any exploits and spam that might affect the systems.
In conclusion, as machine learning algorithms and other forms of AI proliferate and improve, data analytics becomes an even more powerful field. There is a need for an organization to have a clear privacy policy on how best to protect its information. As we all know, information is power. Organizations need to have a public privacy policy explaining what data they collect, what they do with it, and how they protect it. Since cyber security is a virtual arms race against technology, an organization must survive and adapt with new sophisticated measures that ensure data is full proof.
