All members of the public can take some simple actions to protect themselves online and to recover in the event a cyber incident occurs. This week’s topic is simple steps that an individual or organization can take to improve their online safety. CSIAC has a substantial repository of information available to its users. We will highlight a few topics we feel are critical to protecting yourself and point you to both CSIAC and external resources we feel can assist you.
What is it?
Ransomware is essentially advanced malware whose mission is to take everything you have stored on your computer and encrypt it. After encrypting your information the offender will then offer to decrypt all your content for a fee, therefore ransoming your data. Ransomware is particularly concerning to businesses who often are asked to shell out thousands of dollars to be provided the decryption keys and in many cases pay but never receive the necessary information to recover their files.
How can I protect myself and my company?
The number one protection against ransomware is vigilance. These malware infections usually make their way onto a user’s computer by convincing them to open a file or run a program. In addition to training, your company would be wise to invest in commercially available antivirus software, network monitoring, and web appliance gateways. Simple things like applying the principle of least privilege can help stop the spread of malware throughout a business. Also, it is important to regularly backup your system to a removable drive that can be completely detached after the backup is complete.
What should I do if I am infected with ransomware?
If you believe the infection is currently confined to a single machine at your home or business you should immediately disconnect the infected machine from the network. This will help prevent any further spread. In some cases, ransomware can be cleaned using software available from anti-virus and anti-malware vendors. In other cases, the user must decide if the content they have lost is worth the ransom and whether the risk of paying without receiving unlock codes is acceptable. It is important for companies to determine exactly what ransomware the machine was infected by and how it was activated to prevent any accidental spread after the event has concluded.
What is it?
Phishing is a method of obtaining sensitive information, such usernames and passwords, social security numbers, and banking information, for malicious reasons by disguising an electronic communication as coming from a trustworthy person or organization. The malicious person “fishes” for a victim to perform an action by “baiting” the victim with what appears like legitimate and trustworthy email or instant message. The victim is often directed to enter their information into a fake website that looks identical to a legitimate one. Communications purporting to be from social media websites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.
How can I protect myself and my company?
The best way to protect yourself, your company, and your family is to make sure everyone is aware of what phishing attempts look like. Generally, phishing attempts implement social engineering and fear tactics in order to get you to become a victim. Also if the offer seems too good to be true, it probably is. You should always thoroughly examine any email asking for confidential information, especially of a financial nature. Many phishing scams have obvious signs of fraud such as poor spelling or grammar.
Lastly, if you are unsure about a message, try calling the sender or visiting their website without clicking on links or attachments in the message by searching for them online or typing their website directly into your browser. Never reply to the phishing attempt, as you would be confirming to the criminal that your email address is valid and you are reading your messages.
What should I do if I’m targeted by or fall victim to a phishing attempt?
If you believe an email or instant message on your work computer is a phishing attempt, you should notify your Facility Security Officer (FSO) and/or your IT people. You may not be the only one to receive the phishing attempt and sharing with others, may stop them from falling victim. Also, many email service providers provide a form to report spam and phishing attempts.
If you have become a victim and disclosed your username or password, immediately go to the real website or call the organization directly to change that information. Acting quickly may stop the criminals before they have a chance to hijack your account.
Probably one of the most important steps to online safety is good password practices. Passwords are a part of our everyday lives and are the main form of online account security. Here are some simple tips to make a secure password.
Make your password several words. Use at least 12 characters and make sure that you will remember the password. Writing the password on a piece of paper under your keyboard is NOT secure.
For every account, create a different password. Even if a criminal is able to crack one of your passwords, they should not be able to get into all your accounts.
Use a reputable password manager. Password managers can randomly generate unique passwords for every account and store them securely for you.
Provided by CSIAC