Skip to main content
Category

Cyber Security Awareness

Steps To Take If Your Identity Is Stolen

By Cyber Security Awareness

Identity theft affects over 17 million people every year reports the Bureau of Justice Statistics. While you hope it doesn’t happen to you, these steps can help you take action if you are an identity theft victim.

Take action immediately.

As soon as you think your identity is stolen, take action. The situation will only get worse if you wait to correct it.

Create a log.

In a notebook or on your phone, create a log that tracks every phone call, letter or email you send. Record the dates and times of the communication and the person to whom you speak. You’ll need this record to prove that you’re taking action to address the identity theft.

Contact the three credit bureaus.

Ask the three credit bureaus to put a fraud alert on your accounts.

Review your credit reports.

Check your credit reports carefully. Verify that your personal information is correct then look for any inquiries, open accounts or delinquencies that you did not initiate. Report suspicious activity to the credit bureau immediately.

File a Federal Trade Commission report.

When you report identity theft to the FTC at www.identitytheft.gov or 1-877-ID-THEFT (438-4338), you receive a personalized guide that helps you recover your identity. They also provide you with important forms for creditors and the police.

File a police report.

Identity theft is a crime, so report it to the police. Provide as much evidence of the theft as you can, and keep a copy of the police report to show your creditors.

Contact other organizations if necessary.

If you think your Social Security number or passport is compromised, contact the appropriate organizations.

Close compromised accounts.

Scan your bank and credit card statements, including dormant accounts, for suspicious or fraudulent activity. Alert the financial institution right away if you spot problems, and ask them to lock or close your account.

Open new accounts.

You must continue to pay bills after your identity is stolen, so open new bank and credit card accounts. For each account, choose unique PINs and passwords.

Deal with debt collectors.

You may receive notices from debt collectors about outstanding bills. Call them and send a letter that indicates you are an identity theft victim and not responsible for unpaid bills. Include any related documentation, such as the police report. Ask the debt collector to confirm in writing when the collection account is closed.

Identity theft is challenging to handle and disrupts your life. If you’re a victim, take these steps.

Workplace Cyber Risks

By Cyber Security Awareness

The federal Internet Crime Complaint Center received more than 330,000 complaints in 2009, and more than a third of them ended up in the hands of law enforcement. The damages from those referred to the authorities totaled more than a half billion dollars. The Government Accountability Office estimated that cyber crime cost U.S. organizations $67.2 billion in 2005; that number has likely increased since then.

With so much of business today done electronically, organizations of all types are highly vulnerable to theft and corruption of their data. It is important for them to identify their loss exposures, possible loss scenarios, and prepare for them.

Some of the questions they should ask include:

What types of property are vulnerable? 

The organization should consider property it owns, leases, or property of others it has in its custody.

Some examples:

  • Money, both the organization’s own funds and those it holds as a fiduciary for someone else
  • Customer or member lists containing personally identifiable information, account numbers, cell phone numbers, and other non-public information
  • Personnel records
  • Medical insurance records
  • Bank account information
  • Confidential memos and spreadsheets
  • E-mail
  • Software stored on web servers

Different types of property will be susceptible to various threats, such as embezzlement, extortion, viruses, and theft.

What loss scenarios could occur?

The organization needs to prepare for events such as:

  • A fire destroys large portions of the computer network, including the servers. Operations cease until the servers can be replaced and reloaded with data.
  • A computer virus infects a workstation. The user of that computer unknowingly spreads it to everyone in his workgroup, crippling the department during one of the year’s peak periods.
  • The accounting department discovers a pattern of irregular small funds transfers to an account no one has ever heard of. The transfers, which have been occurring for almost three months, were small enough to avoid attracting attention. They total more than $10,000.
  • A vendor’s employee strikes up a casual conversation at a worker’s cubicle and stays long enough to memorize the worker’s computer password, written on a post-it note stuck to her monitor. Two weeks later, technology staff discovers that an offsite computer has accessed the human resources database and viewed Social Security numbers, driver’s license numbers, and other personal information.

In addition to taking steps to prevent these things from happening, the organization should consider buying a Cyber insurance policy. Several insurance companies now offer this coverage; although no standard policy exists yet, the policies share some common features. They usually cover property or data damage or destruction, data protection and recovery, loss of income when a business must suspend operations due to data loss, extra expenses necessary to maintain operations following a data event, data theft, and extortion.

However, each company might define these coverages differently, so reviewing the terms and conditions of a particular policy is crucial. Choosing an appropriate amount of insurance is difficult because there is no easy way to measure the exposure in advance. Consultation with the organization’s technology department, insurance agent and insurance company might be helpful.

Finally, all policies will carry a deductible; the organization should select a deductible level that it can afford to pay and that will provide it with a meaningful discount on the premium. Once management has a thorough understanding of the coverages various policies provide in relation to the organization’s exposures, it can fairly compare the costs of the policies and make an informed choice.

Computer networks are a necessary part of any organization’s environment today. Loss prevention and reduction techniques, coupled with sound insurance protection at a reasonable cost, will enable an organization to get through a cyber loss event.

Downloading Software Safely

By Cyber Security Awareness

Getting new software for the office can be a trying process. Top quality programs like Photoshop can be prohibitively expensive for a small business when you need to outfit your whole office, and the free stuff is a bit of a crap shoot. Obviously, we have to recommend against pirating. Individuals using Sony Vegas or Adobe Illustrator without a license aren’t really taking a huge risk, but releasing professional work with pirated software is a recipe for a lawsuit that will wind up costing you quite a bit more than the licensing fees would have.

But then, the free and cheap alternatives bring their own risks. Check out some people’s Firefox and Google Chrome browsers and you’ll see about an inch of browser space and twelve inches of search bars, task bars and plugins. This is a problem you encounter when you’re not too picky about where you’re getting your free software. The problem is that it’s more or less legal to take any piece of open source software and add a ton of stuff to the install process that the user doesn’t need. They don’t even need to include viruses and adware if you’re actually choosing to do the auto-install without deselecting all the bloatware that comes with it.

If you can get your free software directly from the official website, then that’s always the best option. Unfortunately, sometimes the official website is long gone, in which case you will want to check some forums to see if anyone has posted a legit copy to a file sharing site.

A lot of torrents for pirated software carry viruses, spamware, adware and spybots, which is another reason why they can ultimately cost you in the long run. Getting a virus off of your laptop isn’t such a big deal. Getting a virus off of every laptop in your office, and out of all the software you’ve been distributing yourself, that’s another story.

If you see someone sharing freeware on social media, just don’t click the link unless the post comes from a verified account. People love to spread infected shareware and freeware on Twitter, Facebook and Youtube.

Basically it comes down to doing your research and getting your software from as close to the source as possible. Keep your security software up to date, don’t trust random links or Youtube spam, and don’t just click on the first download you see.

Preventing Cybercrimes

By Cyber Security Awareness

Legendary bank robber Willie Sutton supposedly said that he robbed banks because that was where the money was. Many small business owners follow this logic when it comes to computer system security.

They believe that people who rob with a mouse and a keyboard rather than a gun target large corporations, because those businesses have the most money. This leads them to the misguided belief that cybercriminals will not bother them. In fact, the NACHA – The Electronic Payments Association – reports that Eastern European criminal syndicates have targeted small businesses precisely because they have allowed themselves to become easy marks.

Experts in the field estimate that one in five small businesses do not use antivirus software, 60% do not encrypt data on their wireless networks, and two-thirds lack a data security plan. This failure to take precautions makes a small business easy pickings for computer hackers. However, there are several things business owners can do to protect themselves.

Use two-factor authentication. This is a mechanism that requires the user to do more than one thing for authentication. It ordinarily has two components — one thing the user knows (such as a password), the other a randomly generated number that the user must input. The number comes from an electronic token card, which generates a new number every few seconds. If the user enters a number that the system is expecting, the system will authenticate the user.

Inoculate systems against the Clampi Trojan virus. This virus resides on a computer, waiting for the user to long onto financial websites. It captures log-in and password information, relays it to servers run by the criminals, instructs the computer to send money to accounts that they control, or steals credit card information and uses it to make unauthorized purchases. The trojan monitors more than 4,500 finance-related websites.

Be on guard against “phishing” e-mails and pop-up messages. These messages purport to be from legitimate businesses with which the recipient does business. They ask the user to update or verify information, often threatening negative consequences if she fails to do so. Clicking on the links in the messages brings the user to an authentic looking Web site. However, it is actually bogus; the site collects personal information that the collector can use to steal the user’s identity. System users should ignore these messages.

Arrange for financial institutions to alert the business owner should they spot unusual activity involving the firm’s accounts. 

Install firewalls and encryption technology to block uninvited visitors from uploading to or retrieving data from the firm’s servers and to protect data sent on public networks. Intrusion detection systems can inform the business owner of attempts to hack into the network. Be cautious about opening attachments to e-mails, especially if the sender is someone unfamiliar to the user. Attachments may contain viruses or Trojan horses that can steal login information and passwords or corrupt a system.

Protect against intrusion by disgruntled former or current employees. Deactivate passwords for former employees, erect barriers to keep employees from accessing systems unrelated to their jobs, and implement sound accounting procedures for financial transactions.

In addition to these safeguards, small businesses may want to consider purchasing computer fraud and employee theft insurance. These policies will protect the business against those losses that still occur; insurance companies are likely to offer favorable pricing to businesses that take precautions against cybercrime.

One of our professional insurance agents can give advice on the appropriate types and amounts of coverage. Modern technology gives businesses unprecedented abilities, but it also presents significant risks. Every business owner must take steps to keep the cybercriminals out.

Cyber Risks That Affect Consumer Drones

By Cyber Security Awareness

Drones are becoming more popular with consumers. Drone operation does include cyber risks you should understand before you operate your machine.

Remote Takeover

Most drones operate via a Wi-Fi or Bluetooth connection through your smartphone or tablet. The connection may not be secure, though. A hacker can jam, intercept or terminate the connection or GPS, take over your drone and steal it or crash it into something.

Malware

The computer or mobile device you use to operate your drone could become infected with malware. It can affect the connection to your drone and cause the machine to crash and potentially cause physical or property damage.

Access Photos or Videos

A camera attached to your drone can transmit stunning photos and videos from the air. These images are usually transmitted over an unsecured FTP server which a cyber attacker could access and share. This privacy breach is your responsibility.

Ways to Protect Your Drone

Protect your drone from cyber crime when you take several steps.

Ask the seller about their cybersecurity measures.

Most drone sellers include the machine’s cybersecurity information on their website. If you can’t find it, contact the company for additional information.

Test your drone’s security.

Hire a cybersecurity professional to test your drone and ensure it’s safe from cyber threats.

Connect to your drone via radio control.

Use a secure radio control connection since Wi-Fi and Bluetooth connections rely on unencrypted data links that are vulnerable to hackers.

Subscribe to a VPN service.

A Virtual Private Network (VPN) encrypts your internet connection and protects it from hackers.

Install a seL4 operating system.

Equip your drone with new seL4 OS technology. This operating system isolates various functions on the drone, preventing a hacker from taking over your machine.

Install an anti-virus program.

Reduce viruses, malware and other threats when you install protective programs on your computer or mobile device. The most secure programs provide real-time antivirus and anti-theft protection.

Vary your flying habits.

When you fly your drone in the same flight paths and at the same time every day, you make yourself vulnerable to hackers. Instead, vary your flying habits and throw hackers off your trail. Consider flying in remote locations, too.

Purchase drone insurance.

A drone insurance policy provides you and your drone with important coverage. Look for a policy with:

  • Broad, legal and premises liability coverage
  • Personal injury and medical expenses
  • Hull coverage
  • Extra equipment coverage for any on-board cameras, tools and equipment
  • Invasion of privacy

Your drone is vulnerable to several cyber risks. Know the risks and how to stop them so you can enjoy your drone and keep it secure.

Cyber Risks In The Shipping Industry

By Cyber Security Awareness

Over 90 percent of the world’s trade is carried on ships. The shipping industry is essential for the global economy. It’s also a prime target for cyber crime. Whether you work in the industry or are a consumer, understand the cyber risks in the shipping industry.

Piracy

Pirates today still commandeer ships in person, but they also use technology to compromise a ship. They can access its Automatic Identification System (AIS), Electronic Chart Display or Information System (ECDIS) then plan and execute a theft or hold containers for a ransom.

Smuggling

Drug, contraband or other smugglers can access the information system of a ship, shipping company or port. With this control, they can alter shipping records or containers and hide contraband or identify which container holds contraband.

Fraud

Cyber criminals are fraud experts. They can impersonate a company official, client or customer and gain access to sensitive information. They can also access a company’s information system and introduce malware or ransomware, or they can divert, steal or alter shipments.

How to Combat Cyber Risks in the Shipping Industry

Maritime transport experts understand shipping and logistics, but they may not be IT experts. They will need training and professional assistance to navigate the cyber risks they face.

Take cyber risks seriously.

Greater reliance on technology and greater connectivity between industries increase cyber risks today. The shipping industry must take these risks seriously and plan for emerging threats and situations. Otherwise, they compromise their business, security and profitability. A cyber risk assessment gives companies personalized information on the specific cyber threats they face and then offers effective solutions.

Improve protection and loss prevention measures.

Criminals usually target the victim with the most vulnerabilities. Improving security can make the company a less attractive target for cyber crime. It reduces security holes, protects information and establishes a protocol to deal with breaches.

Train employees.

As many as 51 percent of security breaches are performed by an insider in the company who may be vindictive or simply careless. In addition to a strict vetting process, companies can train employees to:

  • Handle data, including file disposal, properly.
  • Recognize fraudulent information requests or data breaches.
  • Protect key information with custody guidelines.
  • Perform strict digital monitoring.

Purchase Adequate Cyber Crime Insurance

Despite strict measures, some cyber risks cannot be prevented. Cyber crime insurance provides a layer of protection and decreases the adverse financial impact of a cyber crime.

Secure the supply chain.

All suppliers and contractors should secure their information systems so it doesn’t introduce malware or other cyber threats into connected systems.

Cyber risks related to shipping industry affect companies and consumers around the globe. Understanding the risks can improve security and protect the economy.

Where Did Our Data Go?

By Cyber Security Awareness

During recent months I’ve been reading a large number of lawsuits related to industrial espionage, sabotage, misappropriation, and theft. Most of these cases involve a current or former employee or some third party stealing valuable financial or other information.

In several recent decisions, courts have ruled that they lack criminal jurisdiction over theft of information by an employee who had access to a company’s data base. The courts essentially held that the misappropriation in question did not violate the National Stolen Property Act, the Economic Espionage Act, or the Computer Fraud and Abuse Act (CFAA).

In the case of US v. Nosal, Judge Kozinski, known for his left-of-center opinions, engaged in a display of semantic gymnastics to rule that the Computer Fraud and Abuse Act was nothing more than an anti-hacking statute and doesn’t apply to misappropriation. Essentially, he argued that employees who wasted time on Farmville, Facebook, New York Times, daily Sudoku, etc. would be in violation of the Act, which is too broad for the government to enforce. If you want to see some feathers fly in a scorching dissent, read the case.

Bottom line: Make sure to buy Cyber Liability insurance; it looks like you’re going to have a hard time getting protection from the courts, especially if you happen to be in the Ninth Circuit.

Cyber Risks for Temporary Staffing Agencies

By Cyber Security Awareness

Temporary staffing agencies specialize in connecting client employers and employees. Whether you work in a staffing agency or are a potential client or temporary employee, discover cyber risks for temporary staffing agencies as you protect yourself.

Personal Information

Digital information theft has become almost more common than physical theft. Since the majority of staffing agencies make connections online, a variety of personal and confidential information found on cover letters, resumes and job descriptions is at risk, including:

  • Social security numbers
  • Addresses, current and former
  • Former employers
  • Other identifiable information

If this data is compromised or stolen, the agency is liable.

Breach by a Temporary Employee

Once a temporary employee is placed in a job, the staffing agency remains responsible for that employee. If the employee steals information or causes a security breach, the staffing agency could be held liable.

Breach by a Partner Employer

A partner employer may not use strict security measures. That means the agency or temporary employee’s information could be at risk or the temporary employee could easily breach the network and steal confidential information. In that case, the staffing agency could be liable.

How to Combat Cyber Risks for Temporary Staffing Agencies

Now that you know the cyber risks, learn how to combat them.

Purchase cyber insurance.

As a temporary staffing agency, make sure your cyber insurance policy us up-to-date. Ask your partner employers to purchase cyber coverage, too, that covers both full-time and temporary employees.

Secure information.

Resumes, cover letters and all data must remain secure. Use data encryption and update your IT security system, including software and passwords, regularly.

Review your errors and omissions coverage.

An E & O insurance policy protects the staffing agency if they’re negligent in recruiting, hiring or placement. However, it may exclude claims related to network security or privacy breaches, so review your Errors and Omissions coverage to ensure you’re protected.

Communicate regularly.

An open communication policy with partner employers and temporary employees ensures everyone feels comfortable sharing concerns. It also allows you to follow up and ensure everyone follows security procedures.

Write a clear Employee Handbook.

Ensure all your staff and temporary employees know the proper procedures for maintaining privacy and securing data.

Establish responsibility.

When a breach occurs, you have to decide who has responsibility. It could be the temp agency, the employer or the employee. Be clear in your contract for each job about who has responsibility.

When you know the potential cyber risks for a temporary staffing agency, you can take steps to protect the agency, client employers and temporary employees. Discuss your specific needs with your insurance agent as you purchase the right cyber insurance coverage and protect your assets.

Cyber Risks and Hacking Threats to Self-Driving Car

By Cyber Security Awareness

Self-driving cars are projected to be available via mass market by 2020. These vehicles are becoming more popular because they reduce accidents, congestion and fuel consumption, increase rider productivity and improve mobility. Despite these benefits, self-driving cars are at risk for cyber and hacking threats that can cause accidents, create chaos or perpetrate terroristic acts. Learn more about the cyber risks and hacker threats to self-driving cars as you prepare for the future.

How do Self-Driving Cars Work?

The technology that makes self-driving cars work is pretty amazing. Each vehicle is equipped with technological components, such as cameras, radar, sonar, LiDAR, GPS and sensors, that instruct the car on how to behave and where to go. The car also connects to a system that gives it information about its surroundings.

Ways Cyber Risks and Hacker Threats Compromise Self-Driving Cars

The same technology that operates a self-driving car also makes it vulnerable to cyber risks and hacker threats. If any part of the self-driving car’s connection or system is compromised, the car will perform improperly. Even an attack on a passenger’s personal smartphone, tablet or laptop could potentially interfere with the vehicle.

There are three distinct phases to a cyber attack on a self-driving car.

    1. Hackers access a car’s electronic control unit.
    1. They inject incorrect code into the unit.
    1. The car malfunctions and improperly brakes, moves in an unexpected direction, runs into objects or people, stops in the middle of the road or is taken over by a malicious person.

Solutions to Self-Driving Car Cyber Risks and Hack Threats

Manufacturers, researchers and security specialists take cyber risks and hack threats seriously. They’re working hard to overcome the obstacles and make self-driving cars safer for everyone.

One example is the Automotive Information Sharing and Analysis Center (Auto-ISAC). Manufacturers share threat data that’s used to correct components, networks and systems, reducing cyber risks and threats to self-driving cars.

Also, groups like the Cyber Statecraft Initiative for the Atlantic Council test vehicles and determine potential security flaws. Also known as white-hat hacking, they have discovered ways to hack into every major car system, including the windshield wipers, air conditioning unit, engine and transmission. Their findings make self-driving cars less vulnerable and more secure.

Manufactures are also investigating system updates. Right now, owners must visit the dealership for software updates. Researchers are working on reducing this delay and finding a more efficient way to perform these and other essential updates.

Researchers are also analyzing the GPS. At the first signs of erratic driving or other signs of a hack, someone can then notify authorities to access the vehicle’s system and prevent an accident or damage.

No one can anticipate a cyber attack or hack. However, the vehicle industry can secure its network and take steps to prevent cyber risks and hacking threats to self-driving cars.

What is U.S. Cybersecurity Emergency Response Team?

By Cyber Security Awareness

Malware, viruses and worms are only a few of the cybersecurity threats that affect your online security, privacy and personal information. Learn what is U.S. Cybersecurity Emergency Response Team (US-CERT), a tool that protects you every day.

History of the U.S. Cybersecurity Emergency Response Team

The US-CERT began in early 2000. The federal government noticed an increase in cyber breaches and began investigating ways to respond to these threats. Congress cooperated and created the Federal Computer Incident Response Center (FedCIRC).

In 2002, Congress transferred FedCIRC duties to the newly created Department of Homeland Security. The FedCIRC was renamed US-CERT in 2003, and its mission also expanded. The organization now coordinated and shared information and provided boundary protection for the government and cybersecurity leaders.

Over time, US-CERT developed into an authoritative source and trusted security partner for the federal government and international organizations. Private industries like banks and businesses use US-CERT resources, too.

What Does the U.S. Cybersecurity Emergency Response Team Do?

The U.S. Cybersecurity Emergency Response Team performs several critical mission activities. They:

  • Analyze data about emerging cyber threats.
  • Collaborate with foreign governments and international entities to improve the U.S.’s cybersecurity position.
  • Detect intruders and prevent cybersecurity attacks for civilian executive branches of the federal government.
  • Develop actionable tips, actions and information for a variety of agencies including international organizations, federal departments, critical infrastructure owners and operators and private industries.
  • Respond to emerging cyber threats and incidents.

How Does US-CERT Handle Potential Threats?

When the US-CERT receives a threat report from any source, including civilians, they act quickly. The team must assess the threat, determine its viability and take steps to stop it.

The department partners with several international and national organizations to ensure security of the infrastructure, systems and assets that are critical to United States security. These partners include federal agencies, international entities, research communities and private sector organizations.

Find Out About US-CERT Threats

Stay updated on potential and founded cybersecurity threats with several resources.

  • Weekly Vulnerability Bulletins – summaries of new vulnerabilities and any available patch information
  • Technical Alerts – information about incidents, vulnerabilities and trends that pose significant risk and the actions taken to minimize information loss or service disruption
  • Current Activity entries – concise descriptions of any issues and associated actions that help consumers and other entities remain safe
  • Tips – details about issues US-CERT’s constituents may find valuable, helpful or interesting
  • NVD – data that manages standards-based vulnerability

What is U.S. Cybersecurity Emergency Response Team? In a nutshell, it’s the organization that keeps you, your bank, businesses and the country safe from computer attacks that threaten our national security and your personal information. You can sleep peacefully at night because US-CERT does their job behind the scenes every day.