Are You a Target for Hackers?

Protection concept: arrows in Shield With Keyhole target on wallBy Bruce Barnett, NYSTEC Information Security Consultant

Let’s be honest:  everyone who has a computer is a potential target for cybercriminals, but not all targets are equal.  How much effort a hacker may be willing to expend to compromise your account or your computer depends on what your information is worth.  Continue reading

Is it Phishing?

Have you ever received an email from a company that you would have sworn was a phishing scam (a method of online identity theft and virus spreading) — and yet wound up being completely legitimate? In an age of increasing cybersecurity, customers are becoming more wary of potentially fraudulent email messages. And yet, when companies take pains to  make their email notifications more secure, the end result can be a suspicious-looking (but safe) email.

How can companies send their customers email securely without sacrificing user-friendliness? This article from Lenny Zeltser looks at the challenges in “How to Send Customer Emails That Don’t Look Like Phishing.”

The link to this content is provided because it has information that may be useful. NYSTEC does not warrant the accuracy of any information contained in the link and neither endorses nor intends to promote the advertising of the resources listed therein. The opinions and statements contained in such resources are those of the author and do not necessarily represent the opinions of NYSTEC.

Cyber Security Shopping Tips

Senior couple doing shopping on internetBy Paul Romeo, NYSTEC Information Security Consultant

Being a safe and secure shopper starts with taking security precautions and thinking about the consequences of your actions online. Remember the following tips:

  • Use websites with trusted names and strong reputations. Well-established retailers usually have more robust online security.
  • Use credit cards instead of debit cards. A compromised debit card will enable access to your money, but a compromised credit card will only expose the bank’s money, and the consumer is typically not responsible for purchases they did not make. Just be sure to regularly check your statement and notify your credit card company of any suspicious charges. Whenever possible, use a payment service like PayPal.
  • Look for the “https” URL and the padlock symbol.  The “s” in “https” stands for security. It signals that the site uses encryption.

https-url-padlock-symbol

  • Avoid using public WiFi for online shopping. Public WiFi is easily compromised. In public, you are better off using your cell phone network with WiFi disabled.
  • When in doubt, throw it out. Don’t click on links in emails, texts, or social media posts. Links are the most popular means for cybercriminals to install malware on devices.
  • Make your password a sentence. These days, your password should be more than 15 characters long. Using a remembered sentence mixed with letters, numbers, and symbols is a good way to create a password that’s difficult to crack. Avoid using birthdays or anniversary dates.

Example: #y0uCantH@ckM3!

  • Use different passwords for different accounts. Don’t use the same password twice. If you reuse the same password, hackers need to steal it only once to access all your accounts.
  • Multi-Factor Authentication. Use strong authentication tools. Google and Apple allow two-step verification by sending a one-time PIN to your cell phone coupled with a password while logging in.
  • If possible, use a separate computer for online shopping and banking. Most viruses and malware are transmitted through casual web browsing. If possible, use one computer or device for web surfing, email, and social networking, and a different computer for online banking and shopping.

Network Forensics 101

elektronischer FingerabdruckBy John Mounteer, NYSTEC Information Security Consultant

A cybercriminal has just wiped all traces of an attack from your server. Now you’ll never know the source of the attack or the extent of the damage, right?

Not if you have a network forensic investigator on the trail.

The ability to interpret the data in log and capture files and recognize malicious activity in the data is a special skill that requires in-depth knowledge of network and application protocols. This article provides a short introduction to network-based forensic investigations of suspected criminal activity related to information technology systems.

Continue reading

The Internet of Everything: What Are the Risks?

The Internet of things market connected smart devices tag cloudBy Paul Romeo, NYSTEC Information Security Consultant

I recently attended a training class where, during the break, one of the instructors told me how excited he was about the new refrigerator he’d just bought, which was going to be part of the Internet of Everything (IoE). From his smart phone, he said, he would be able to inventory the items in his refrigerator and know when he ran low on key items such as milk, eggs, and, of course, beer.

I said he might want to rethink putting beer in the new refrigerator, because he might not be the only one with deep insight into his dietary purchases. His health insurance company could have access and observe his sugar, fat, and sodium intake by monitoring his purchases—and even potentially raise his health insurance rates based on that data.

The instructor replied, “I never thought about that. I’ll have to keep my old refrigerator for my beer and junk food.”

What is the IoE? Is it something great, or should we be worried? The answer is likely a little of both. Continue reading