Category Archive: Cybersecurity

Training opportunity: Stepping up our game | Jan 5

Stepping up our game

 

What is cyber-hygiene? IRS guidance on Cyber-Monday

Sometimes the IRS really does want to help us. Their suggestions are straightforward and spot on:


Photo credit: Duke University

Seven Tips to Protect Your Computer Online

IRS Security Awareness Tax Tip Number 1, November 23, 2015

The Internal Revenue Service, the states and the tax industry urge you to be safe online and remind you to take important steps to help protect yourself against identity theft.

Taxes. Security. Together. Working in partnership with you, we can make a difference.

Scammers, hackers and identity thieves are looking to steal your personal information – and your money. But there are simple steps you can take to help protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.

We all have a role to play to protect your tax account. There are just a few easy and practical steps you can take to protect yourself as you conduct your personal business online.

Here are some best practices you can follow to protect your tax and financial information:

  1. Understand and Use Security Software.  Security software helps protect your computer against the digital threats which are prevalent online. Generally, your operating system will include security software or you can access free security software from well-known companies or Internet providers. Other options may have an annual licensing fee and offer more features. Essential tools include a firewall, virus/malware protection and file encryption if you keep sensitive financial/tax documents on your computer. Security suites often come with firewall, anti-virus and anti-spam, parental controls and privacy protection. File encryption to protect your saved documents may have to be purchased separately. Do not buy security software offered as an unexpected pop-up ad on your computer or email! It’s likely from a scammer.
  2. Allow Security Software to Update Automatically.  Set your security software to update automatically. Malware – malicious software – evolves constantly and your security software suite is updated routinely to keep pace.
  3. Look for the “S” for Encrypted “https” Websites.  When shopping or banking online, always look to see that the site uses encryption to protect your information. Look for https at the beginning of the web address. The “s” is for secure. Unencrypted sites begin with an http address. Additionally, make sure the https carries through on all pages, not just the sign-on page.
  4. Use Strong Passwords.  Use passwords of at least 10 to 12 characters, mixing letters, numbers and special characters. Don’t use your name, birthdate or common words. Don’t use the same password for several accounts. Keep your password list in a secure place or use a password manager. Don’t share your password with anyone. Calls, texts or emails pretending to be from legitimate companies or the IRS asking you to update your accounts or seeking personal financial information are generally scams.
  5. Secure Your Wireless Network.  A wireless network sends a signal through the air that allows you to connect to the Internet. If your home or business wi-fi is unsecured it also allows any computer within range to access your wireless and steal information from your computer. Criminals also can use your wireless to send spam or commit crimes that would be traced back to your account. Always encrypt your wireless. Generally, you must turn on this feature and create a password.
  6. Be Cautious When Using Public Wireless Networks.  Public wi-fi hotspots are convenient but often not secure. Tax or financial Information you send though websites or mobile apps may be accessed by someone else. If a public Wi-Fi hotspot does not require a password, it probably is not secure. If you are transmitting sensitive information, look for the “s” in https in the website address to ensure that the information will be secure.
  7. Avoid Phishing Attempts.  Never reply to emails, texts or pop-up messages asking for your personal, tax or financial information. One common trick by criminals is to impersonate a business such as your financial institution, tax software provider or the IRS, asking you to update your account and providing a link. Never click on links even if they seem to be from organizations you trust. Go directly to the organization’s website. Legitimate businesses don’t ask you to send sensitive information through unsecured channels.

To learn additional steps you can take to protect your personal and financial data, visit Taxes. Security. Together. Also read Publication 4524, Security Awareness for Taxpayers.

Each and every taxpayer has a set of fundamental rights they should be aware of when dealing with the IRS. These are your Taxpayer Bill of Rights. Explore your rights and our obligations to protect them on IRS.gov.

IRS YouTube Video:

  • Taxes. Security. Together. – English
Posted in Cybersecurity

Cybersecurity: it’s not too late

Security crosswordSee the blog entry below from TechSoup, and the Cyber-awareness pages from the FBI and the NYPD and the JCRC Cybersecurity Resources page. Take a quiz from Symantec. Raise your Cyber-awareness and Cyber-security before it’s too late!


Are you a trivia master? Or a security enthusiast? Put your security smarts to the test and take the weekly security quiz brought to you by Symantec! For the entire month of October, TechSoup and our donor partners will be participating in National Cyber Security Awareness Month (also known as NCSAM). We’ll have blog posts, virtual events, resources, and more to help your organization stay secure online.

Here’s the sweet part: if you answer the quizzes correctly, you’ll be eligible for a prize courtesy of Symantec! We’ll be doing a random drawing weekly for a $100 Amazon gift card. And if you answer all four quizzes correctly, you might win a $500 Amazon gift card.

Read the sweepstakes terms and conditions.

Week 1 Quiz: Malware, Adware, and Viruses, Oh My!
Do you know the difference between malware, adware, viruses, and worms, and how to avoid them?

  • Malware is a term used to describe programs that are written with malicious intent. There are multiple types of malware used for a variety of nefarious purposes.
  • Adware makes its way on to your computer and causes unwanted advertisements to pop up. It may change your home screen or redirect you to websites you do not intentionally access.
  • Viruses are like a bad cold; this specific type of malware spreads itself once it’s initially run. Viruses can attach themselves to good files on your machine, or be self-contained and search out other machines to infect.
  • Worms are a type of virus that do not need to attach themselves to a good file to run. These bad guys move around on their own, as self-contained viruses, searching out other machines to infect.

Take the Quiz Now

Study Up
Need some more information before you start the quiz? Check out these security resources from TechSoup and beyond:

    • Safer Internet Guide
    • Stay Safe Online. The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity. Check out their resources.

Image: Maksim Kabakou / Shutterstock

Posted in Cybersecurity

Focus on resources: DHS Protective Security Advisors

Posted on August 03, 2015

PSA imageRecently, we received an inquiry from an out-of-state colleague. Some of his questions could be answered over the phone, but it was clear that an on-site consultation was in order.

I asked my colleague, “Do you know your Protective Security Advisor (PSA)?” He replied, “What?”

DHS employs PSA’s in all 50 states and many states have multiple regions. Our experience here in NY is that our PSA’s are a wonderful resource. They are hard-working, knowledgeable and professional.

  • Security surveys. Subject to time constraints you can ask your PSA to conduct security surveys and assessments of your facilities. We’ve joined our PSA’s during some of these sessions and their suggestions are both sound and pragmatic.
  • Training. PSA’s have access to a wide variety of training options, e.g. active shooters, suspicious packages, severe weather. Even if you don’t know your exact need, talk to them. They can open up a variety of resources for you.
  • Special events planning. Let them know if you are planning a high profile event. They can advise you on security and logistical issues.
  • Outreach. Get on their radar. They will invite you to various trainings and events.

Click here for more information on Protective Security Advisors. To contact your local PSA, please contact PSCDOperations@hq.dhs.gov. To contact NY PSA’s or if you have questions or need other assistance please complete the form below.

Cybersecurity: WordPress Vulnerabilities

Posted on April 01, 2015

FBI (April 7) ISIL Defacements Exploiting WordPress Vulnerabilities. Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. Click here for the full alert.

Best practice. The FBI recommends the following actions be taken:


Hacktivist

Click on the graphic to open a PDF version of this notification.

The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber-attacks against Israeli and Jewish interests next week.  The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.”

“Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said.

The FBI predicts that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. So, make sure that your techies and hosts maintain and update your systems.

The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week. The hacker group Anonymous this week also threatened an “electronic Holocaust” in a video statement.

The FBI estimated that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. However, as part of its program to notify private industry of major cyber threats, the FBI is notifying several possible targets.