New resource guide. Take a look at DHS’ new resource guide, Security of Soft Targets and Crowded Places. It’s essentially a one-stop table of contents for DHS’s free materials, including links for help on identifying suspicious activity, access control and screening, active assailants (they’re not just shooters anymore) and bomb threats. Follow the supplied links for an introduction to facility security that can serve as a good first step for houses of worship, schools and other soft targets. Resources include fact sheets, guidance, and online training and education courses.
Mail screening poster. Thanks to the world’s leading geopolitical intelligence platform, Stratfor, for its timely reminder about mail and package screening after an attempted bombing.
- While many questions remain in the case of a parcel bomb sent to a Mexican senator, the largest is why the mail of such a high-level official was not screened.
- While politicians and large corporations clearly must take significant measures to screen their mail, even ordinary people (and Jewish organizations) should open their mail cautiously.
- Simple steps can help everyone from the largest entities to the average citizen.
Note that Cesar Sayoc, 57, admitted in court to having mailed 16 explosive devices to a variety of officials and to CNN’s offices in October 2018. He allegedly said he would “eradicate the Jews” if he had the power to, along with lesbians, black people and Hispanic people.
We urge you to download the tips found on the Stratfor graphic and share it with your staff and others.
Rosh Chodesh Elul includes clarion calls indicating that the High Holidays are coming soon. So, now is a good time to check out a recent presentation on synagogue security or to take a deeper dive into the library of documents available on the JCRC-NY Security Resources pages. Here are some relevant selections:
High Holiday Security and Emergency Preparedness Planning Library
- High Holidays: Are you ready to get out if you have to?
- JCRC-NY High Holiday Security Thinkplate
- Access control considerations during High Holiday services (PDF)
- Houses of Worship and the High Holidays
- Planning for the Unexpected – High Holiday Edition 2010 (PDF)
- Are you prepared? 5 steps to make your facility safer and more secure
- Sample Building Access Policies & Procedures (PDF)
- Bomb Threat Guidance resources. See also Hoax threats can be scary, too, To evacuate or not to evacuate? That is the question., DHS’ Introduction to Bomb Threat Management, Manhattan bomb threat: lessons learned, Bomb threat training video.
- Active Shooter Resources Page (DHS, FBI and NYPD)
- Cybersecurity Resources Page
- US Postal Inspection Service Guide to Mail Center Security (PDF)
Vulnerability, Risk and Safety Assessments and Planning
- FEMA: Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings
- FEMA, Emergency Operations Planning
- Potential Indicators, Common Vulnerabilities, and Protective Measures: Religious Facilities (Updated)
- Hometown Security Report Series: Houses of Worship
- K-12 School Security: A Guide for Preventing and Protecting against Gun Violence (2nd ed., 2018) provides preventive and protective measures to address the threat of gun violence in schools. The Guide is delivered in two parts: the first portion is a PDF with general security best practices and considerations in narrative format; while the second portion is a Microsoft Excel-based security survey. Together, these documents outline action-oriented security practices and options for consideration based on the results of the individual school’s responses to the survey. While the primary audience for the Guide is the K-12 community, institutions of higher education or pre-K schools may also benefit from the information presented.
- NYPD: Engineering Security: Protective Design for High Risk Buildings
- OSHA: Evacuation Plans and Procedures eTool. This expert system will help you to create a basic Emergency Action Plan. This basic plan likely will be adequate for needs of many small and medium-sized entities. Most small and medium-sized entities can create basic plans using this system in 10 to 15 minutes. Larger, more complex organizations will require more work.
- Practical Information on Crisis Planning: A Guide for Schools and Communities. U.S. Department of Education, Office of Drug Free and Safe Schools. Taking action now can save lives, prevent injury, and minimize property damage in the moments of a crisis. The importance of reviewing and revising school and district plans cannot be underscored enough, and Practical Information on Crisis Planning: A Guide for Schools and Communities is designed to help you navigate this process. The Guide is intended to give schools, districts, and communities the critical concepts and components of good crisis planning, stimulate thinking about the crisis preparedness process, and provide examples of promising practices.
- Emergency Preparedness Planning Guide for Childcare Centers. From the Illinois Emergency Medical Services for Children (a collaborative program between the Illinois Department of Public Health and Loyola University Chicago). Lots of ideas to keep toddlers safe.
- Readiness and Emergency Management for Schools (REMS) Technical Assistance Center, U.S. Department of Education
- REMS: Conducting a Safety Audit
- California STAS: Protective Measures for Enhanced Facilities Security
- New Jersey Office of Homeland Security and Preparedness Critical Infrastructure Protection Bureau: Facility Self-Assessment Tool (updated) and other tools here.
Phishing has been in the news lately. The latest indictment from the Special Counsel’s Office (i.e., Mueller) shows that it’s easy to become a victim (see the screenshot below and click on it for more info). The attack was both sophisticated and surprisingly simple.
Government sources report that phishing attacks are up. You don’t have to be the target of sophisticated government cyber-warriors. Too many bad actors know the tricks of the trade and they can hijack your identity, your data and/or plant ransomware on your computer.
We’ve collected tips from various sources to help you to identify potentially-dangerous phishing emails. Just click on How to spot phishing like a pro. The document has several examples and is in PDF format so that you can download it and distribute it widely.
Remember to practice the basics:
- Don’t click on links that you don’t recognize.
- Use strong passwords.
- Install anti-virus/anti-malware protection and keep the definitions up to date.
- Install security updates for the software on your computer as they are released.
For more information, tips and resources see our dedicated webpage: www.jcrcny.org/cybersecurity.
Tax Identity Theft Awareness Week is a campaign run by the Federal Trade Commission (FTC) from January 29 to February 2 to spread awareness of tax-related identity theft and IRS imposter scams. The FTC, IRS, Department of Veteran Affairs, and others are hosting various events throughout the week to educate the public on these threats.
Tax identity theft remains one of the top scams listed on the IRS “Dirty Dozen” list and, although safeguards put in place by the agency in 2016 did reduce the number of fraudulent tax returns processed last year, large-scale data breaches that exposed hundreds of millions of American’s personal and financial information have drastically increased the risk that identity theft and tax fraud will occur in 2018. Tax return preparer fraud also remains a concern as dishonest preparers often surface this time of year to target unsuspecting victims and use their personal information to conduct tax refund fraud and identity theft.
- File your tax return as early as possible.
- Use a secure internet connection to file electronically, or mail your tax return directly at the post office.
- Never respond to emails, texts, or social media communications claiming to be from the IRS. The IRS will only contact you by mail. Report any suspicious or unsolicited emails claiming to be sent from the IRS to firstname.lastname@example.org.
- Never provide personal information to anyone purporting to be an IRS representative who contacts you via an unsolicited telephone call. Instead record the caller’s name, badge number and a call back number. Hang up and then contact the IRS at 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate need to contact you. Also, remember that the IRS will never call demanding immediate payment of taxes owed or a specific method of payment, such as a prepaid debit card, gift card, or wire transfer.
- Monitor your credit report to verify there is no unauthorized activity.
- Enroll in the IRS Identity Protection Pin (IP PIN) program to obtain a 6-digit pin.
Organization payroll and human resources departments must remain vigilant in safeguarding employee tax records. Cybercriminals target HR and payroll departments using various social engineering schemes designed to trick them into believing upper management has made an urgent request for employee W-2 forms. Because these schemes are often very sophisticated and convincing, many targets act on the request quickly without taking additional steps to verify the source. Payroll and HR officials should be wary of any requests for employee W-2 forms or Social Security numbers and security procedures should be implemented that require the written approval of multiple people before a request for personal information is fulfilled. The following are additional IRS tips for protecting yourself against potential tax identity theft:
- IR-2017-193: Online Security – Seven Steps for Safety
- IR-2017-194: Don’t Take the Bait; Avoid Phishing Emails by Data Thieves
- IR-2017-196: Victims of Data Breaches Should Consider These Steps
- IR-2017-197: Employers, Payroll Officials, Avoid the W-2 Email Scam
- IR-2017-198: Small Businesses: Be Alert to Identity Theft
- IR-2017-211: Get Ready for Taxes: Choosing a Tax Return Preparer?
- IR-2017-203: IRS Warns Taxpayers, Tax Pros of New Email Scam Targeting Hotmail Users
Cybersecurity in the Workplace Is Everyone’s Business. Whatever your place of business – whether it’s a large or small organization, healthcare provider, academic institution or government agency – creating a culture of cybersecurity from the breakroom to the board room is essential and a shared responsibility among all employees. Spread the word by posting online safety tips on your social media platforms, including Google+, Facebook, Twitter and LinkedIn. Remember to use the official NCSAM hashtag, #CyberAware.
Over the past year multiple synagogues were hit with Ransomware demands and many Jewish-related websites were hacked and defaced. Here at JCRC, members of our board still receive pleas for cash from a deceased, former board member. His email account was hacked. It can happen to anyone. Please consider the simple tips below from our wonderful NJ partners and send an email to email@example.com to subscribe to their weekly newsletter, with important updates and information. Click here to check out the JCRC-NY’s Cybersecurity Resources for more ideas.Creating a culture of cybersecurity is critical for any organization. From new employees to leadership, effective cybersecurity requires the awareness and vigilance of every employee to keep data, customers, and capital safe and secure. The following are simple tips to help foster a culture of cybersecurity in your organization.
- When in doubt, throw it out. If an email, attachment, or link looks suspicious, even if you know the source, it is best to delete it.
- Back it up. Make electronic and physical backups of all important work to prevent the loss of data from malfunctions, malware, theft, viruses, and accidental deletion.
- Guard your devices. Never leave laptops and devices unattended in a public place or unlocked when not in use.
- Secure your accounts. Do not share usernames and passwords with anyone, and turn on stronger authentication for an added layer of security beyond a password.
- Report anything suspicious. If you experience any unusual problems with your computer or device, or suspect an attachment or link to be malicious, immediately report it to your IT department.
David M. Pollock
Associate Executive Director & Director, Public Policy and Jewish Security
225 West 34th Street, Suite 1607 | New York, NY 10122 | 212.983.4800×132
firstname.lastname@example.org | http://www.jcrcny.org/security
Click here to subscribe to the JCRC-NY Security and
Emergency Preparedness Alert list.