Category Archive: Cybersecurity

New DHS resource guide and mail screening poster

Posted on June 04, 2019

New resource guide. Take a look at DHS’ new resource guide, Security of Soft Targets and Crowded Places. It’s essentially a one-stop table of contents for DHS’s free materials, including links for help on identifying suspicious activity, access control and screening, active assailants (they’re not just shooters anymore) and bomb threats. Follow the supplied links for an introduction to facility security that can serve as a good first step for houses of worship, schools and other soft targets. Resources include fact sheets, guidance, and online training and education courses.


Mail screening poster. Thanks to the world’s leading geopolitical intelligence platform, Stratfor, for its timely reminder about mail and package screening after an attempted bombing.

  • While many questions remain in the case of a parcel bomb sent to a Mexican senator, the largest is why the mail of such a high-level official was not screened.
  • While politicians and large corporations clearly must take significant measures to screen their mail, even ordinary people (and Jewish organizations) should open their mail cautiously.
  • Simple steps can help everyone from the largest entities to the average citizen.

Note that Cesar Sayoc, 57, admitted in court to having mailed 16 explosive devices to a variety of officials and to CNN’s offices in October 2018. He allegedly said he would “eradicate the Jews” if he had the power to, along with lesbians, black people and Hispanic people.

We urge you to download the tips found on the Stratfor graphic and share it with your staff and others.

May 5779 be a year of peace and security; what you can do to help

Posted on August 09, 2018

Rosh Chodesh Elul includes clarion calls indicating that the High Holidays are coming soon. So, now is a good time to check out a recent presentation on synagogue security or to take a deeper dive into the library of documents available on the JCRC-NY Security Resources pages. Here are some relevant selections:

High Holiday Security and Emergency Preparedness Planning Library

Topical guidance

Vulnerability, Risk and Safety Assessments and Planning

Could you be the next victim? How the Russians hacked us.

Posted on July 16, 2018

Phishing has been in the news lately. The latest indictment from the Special Counsel’s Office (i.e., Mueller) shows that it’s easy to become a victim (see the screenshot below and click on it for more info).  The attack was both sophisticated and surprisingly simple.

Government sources report that phishing attacks are up. You don’t have to be the target of sophisticated government cyber-warriors. Too many bad actors know the tricks of the trade and they can hijack your identity, your data and/or plant ransomware on your computer.

We’ve collected tips from various sources to help you to identify potentially-dangerous phishing emails. Just click on How to spot phishing like a pro. The document has several examples and is in PDF format so that you can download it and distribute it widely.

Remember to practice the basics:

  1. Don’t click on links that you don’t recognize.
  2. Use strong passwords.
  3. Install anti-virus/anti-malware protection and keep the definitions up to date.
  4. Install security updates for the software on your computer as they are released.

For more information, tips and resources see our dedicated webpage: www.jcrcny.org/cybersecurity.

 

Happy Tax Identity-theft Awareness week

Tax Identity Theft Awareness Week is a campaign run by the Federal Trade Commission (FTC) from January 29 to February 2 to spread awareness of tax-related identity theft and IRS imposter scams. The FTC, IRS, Department of Veteran Affairs, and others are hosting various events throughout the week to educate the public on these threats.
Tax identity theft remains one of the top scams listed on the IRS “Dirty Dozen” list and, although safeguards put in place by the agency in 2016 did reduce the number of fraudulent tax returns processed last year, large-scale data breaches that exposed hundreds of millions of American’s personal and financial information have drastically increased the risk that identity theft and tax fraud will occur in 2018. Tax return preparer fraud also remains a concern as dishonest preparers often surface this time of year to target unsuspecting victims and use their personal information to conduct tax refund fraud and identity theft.

  • File your tax return as early as possible.
  • Use a secure internet connection to file electronically, or mail your tax return directly at the post office.
  • Never respond to emails, texts, or social media communications claiming to be from the IRS. The IRS will only contact you by mail. Report any suspicious or unsolicited emails claiming to be sent from the IRS to phishing@irs.gov.
  • Never provide personal information to anyone purporting to be an IRS representative who contacts you via an unsolicited telephone call. Instead record the caller’s name, badge number and a call back number. Hang up and then contact the IRS at 1-800-366-4484 to determine if the caller is an IRS employee with a legitimate need to contact you. Also, remember that the IRS will never call demanding immediate payment of taxes owed or a specific method of payment, such as a prepaid debit card, gift card, or wire transfer.
  • Monitor your credit report to verify there is no unauthorized activity.
  • Enroll in the IRS Identity Protection Pin (IP PIN) program to obtain a 6-digit pin.

Organization payroll and human resources departments must remain vigilant in safeguarding employee tax records. Cybercriminals target HR and payroll departments using various social engineering schemes designed to trick them into believing upper management has made an urgent request for employee W-2 forms. Because these schemes are often very sophisticated and convincing, many targets act on the request quickly without taking additional steps to verify the source. Payroll and HR officials should be wary of any requests for employee W-2 forms or Social Security numbers and security procedures should be implemented that require the written approval of multiple people before a request for personal information is fulfilled. The following are additional IRS tips for protecting yourself against potential tax identity theft:

  • IR-2017-193: Online Security – Seven Steps for Safety
  • IR-2017-194: Don’t Take the Bait; Avoid Phishing Emails by Data Thieves
  • IR-2017-196: Victims of Data Breaches Should Consider These Steps
  • IR-2017-197: Employers, Payroll Officials, Avoid the W-2 Email Scam
  • IR-2017-198: Small Businesses: Be Alert to Identity Theft
  • IR-2017-211: Get Ready for Taxes: Choosing a Tax Return Preparer?
  • IR-2017-203: IRS Warns Taxpayers, Tax Pros of New Email Scam Targeting Hotmail Users
Posted in Cybersecurity

Cybersecurity is everybody’s business

Cybersecurity in the Workplace Is Everyone’s Business. Whatever your place of business – whether it’s a large or small organization, healthcare provider, academic institution or government agency – creating a culture of cybersecurity from the breakroom to the board room is essential and a shared responsibility among all employees. Spread the word by posting online safety tips on your social media platforms, including Google+, Facebook, Twitter and LinkedIn. Remember to use the official NCSAM hashtag, #CyberAware.

Over the past year multiple synagogues were hit with Ransomware demands and many Jewish-related websites were hacked and defaced. Here at JCRC, members of our board still receive pleas for cash from a deceased, former board member. His email account was hacked. It can happen to anyone. Please consider the simple tips below from our wonderful NJ partners and send an email to njccic@cyber.nj.gov to subscribe to their weekly newsletter, with important updates and information. Click here to check out the JCRC-NY’s Cybersecurity Resources for more ideas.Creating a culture of cybersecurity is critical for any organization. From new employees to leadership, effective cybersecurity requires the awareness and vigilance of every employee to keep data, customers, and capital safe and secure. The following are simple tips to help foster a culture of cybersecurity in your organization.

  • When in doubt, throw it out. If an email, attachment, or link looks suspicious, even if you know the source, it is best to delete it.
  • Back it up. Make electronic and physical backups of all important work to prevent the loss of data from malfunctions, malware, theft, viruses, and accidental deletion.
  • Guard your devices. Never leave laptops and devices unattended in a public place or unlocked when not in use.
  • Secure your accounts. Do not share usernames and passwords with anyone, and turn on stronger authentication for an added layer of security beyond a password.
  • Report anything suspicious. If you experience any unusual problems with your computer or device, or suspect an attachment or link to be malicious, immediately report it to your IT department.
Join one of our cyber intelligence analysts as she discusses how organizations can protect against the most common cyber threats and the resources available to help strengthen cyber resilience.

____________________________________

David M. Pollock
Associate Executive Director & Director, Public Policy and Jewish Security
225 West 34th Street, Suite 1607 | New York, NY 10122 | 212.983.4800×132
pollockd@jcrcny.org | http://www.jcrcny.org/security

Click here to subscribe to the JCRC-NY Security and 
Emergency Preparedness Alert list.


 


  
Posted in Cybersecurity