Everyday is Cybersecurity Awareness Day

Topics in this category pertain to planning. Discussions include how to prepare yourself, your family and your community for catastrophes and what you plan to do when they hit you.

Moderator: ZS Global Moderators

MPMalloy
ZS Member
ZS Member
Posts: 4136
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Mon Feb 04, 2019 8:38 pm

NT2C wrote:
Mon Feb 04, 2019 8:30 pm
Sometimes though, you can take security a little too far and screw yourself over:

https://www.foxnews.com/tech/cryptocurr ... eports-say
I read that on NPR. Very poor business planning. No idea about disaster recovery or chain/line of succession in of catastrophe.

Big-Time-FAIL. He knew he had the medical condition. It was all on him & now everybody else pays for his mistake.

I don't see insurance covering the loss. Maybe...I dunno. I was a personal lines guy.

MPMalloy
ZS Member
ZS Member
Posts: 4136
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Tue Feb 12, 2019 11:41 am


User avatar
JasinSwift
Posts: 7
Joined: Wed Jan 24, 2018 5:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by JasinSwift » Fri Feb 22, 2019 7:41 am

Agree with this topic.
Currently, we are living in the Cyber-age where Internet & computers have foremost impacts on our way of living and social life. The usage of information technology has posed great safety challenges and moral questions in front of us. Decided to use the services of software developers for protecting my bussnies now - https://clockwise.software/blog/category/business/ . Thanks for motivation :clap:
Last edited by JasinSwift on Tue Feb 26, 2019 3:06 am, edited 1 time in total.

User avatar
flybynight
* * * * *
Posts: 2694
Joined: Sun Dec 01, 2013 12:30 am

Re: Everyday is Cybersecurity Awareness Day

Post by flybynight » Fri Feb 22, 2019 10:06 am

The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it. :vmad:
As of now I bet you got me wrong

John Titor was right

User avatar
JayceSlayn
* * *
Posts: 640
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Wed Mar 06, 2019 7:59 am

flybynight wrote:
Fri Feb 22, 2019 10:06 am
The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it. :vmad:
A while back the "CEO" of my company sent me an email asking me to simply contact them back as soon as possible, but that they were in a meeting, so to respond to their email rather than calling them. I responded to the email (something like "OK - what do you need?"), but the follow-up response was definitely out of character (asking me to purchase a bunch of gift cards for the people they were in a meeting with ASAP). I then checked the sender's address and found that they'd spoofed the CEO's email account. No further responses to them, but I did forward the exchange to our actual CEO for reference. I assume that they gathered enough information from the public company site or LinkedIn to make a passable attempt.

Generally, when I get any kind of official correspondence to my personal account (e.g. water bill, bank statement notification, fraud alert, etc.) I will read it, but never use any of the links or contact numbers in the email to respond. I will go to the official site and log-in there or use the contact phone numbers from the website instead. It helps reduce the chance that a phisher will redirect you via email.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

User avatar
JayceSlayn
* * *
Posts: 640
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Wed Mar 06, 2019 8:27 am

In other news today, MIT Technology Review posted a good article about spreading "Triton"/"Triss" malware, targeting industrial safety controllers: https://www.technologyreview.com/s/6130 ... n-malware/. If you somehow hadn't heard of the Stuxnet or Russia hacking Ukraine electrical grid stories, they cover those briefly as well, but there are even better full stories elsewhere.

I am far from a luddite when it comes to interconnected industrial technology - some people like the term Industrial Internet of Things (IIoT), but I don't like that whole concept as much as I don't like normal IoT. I've had a hand in proliferating the industrial interconnectedness of data/controllers/etc. and it is clearly an unstoppable change in business because of the efficiency it can bring. Nonetheless, I am resistant to its over-application, and I think security must always be taken as a high priority, particularly in instances where it doesn't appear to be of great concern.

A lot of devices that we might invite into our houses and workplaces may seem convenient and productive, but do their manufacturers and/or implementers take security into account? Things like WiFi routers, PLCs, Nest, Alexa, and even things as sophisticated as cell phones and laptops each bring a lot of extra attack surface with them. Not every business is going to be able to afford in-depth security auditing for every project, or able to follow best-practice guidelines perfectly every time. Unfortunately, you have to be perfect all the time, or wrong once, to make the difference against a sophisticated attacker. The attack surface across many industries is already very large, and we have a lot of catching up to do before I'd start to feel "safe" with it.

I've added a generic "State-actor cyber attack" to my list of possible scenarios to prepare for. The extent of which could range from inconvenient to catastrophic depending on the specifics, but preparing for the zompocalypse is a good goal, as always.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

MPMalloy
ZS Member
ZS Member
Posts: 4136
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Wed May 15, 2019 8:43 pm


User avatar
Adamski
Posts: 6
Joined: Wed May 08, 2019 8:00 pm

Re: Everyday is Cybersecurity Awareness Day

Post by Adamski » Thu May 16, 2019 12:24 pm

Decentralization seems to be key when it comes to device security. Which is hard to do when everything is linked to your email account.

The term "attack surface" makes a lot more sense to me now. Like in physical security, vulnerability will always exist and it is amplified by your overall exposure. It's more a matter of where you land on the spectrum than a binary situation of secure/not secure.


User avatar
JayceSlayn
* * *
Posts: 640
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Tue May 21, 2019 9:31 am

Ransomware attacks continue to work because the amount of the ransom is often insignificant compared to the operational value that the encrypted data embodies. This is particularly the case for municipalities and businesses, although sometimes a several hundred dollar ransom for a personal computer may be deemed too much.

Try to not be an easy target in the first place by keeping your systems updated and using other good security practices, and keep frequent offline/"cold" or distributed (e.g. cloud service) backups of data that you consider critical or irreplaceable. Flash drives and external hard drives are cheap, and though it is a pain to frequently un-plug/re-plug them to keep them updated, keeping them unattached is the only way you can ensure that they aren't also encrypted during an attack.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

User avatar
Stercutus
* * * * *
Posts: 13081
Joined: Wed Feb 10, 2010 8:16 pm
Location: Home where my thought's escaping

Re: Everyday is Cybersecurity Awareness Day

Post by Stercutus » Tue May 21, 2019 10:47 am

Our city policy is no flash drives. The risk is too high. In fact most, if not all of the USB ports on city computers are disabled.
These days of dust
Which we've known
Will blow away with this new Son

But I'll kneel down wait for now
And I'll kneel down
Know my ground

MPMalloy
ZS Member
ZS Member
Posts: 4136
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Sat May 25, 2019 9:50 pm


MPMalloy
ZS Member
ZS Member
Posts: 4136
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Fri Jul 26, 2019 12:49 pm

From US-CERT/CISA, via an email: Vulnerabilities in Multiple VPN Applications

This report lists three VPN's. I think I've heard of one of them. None of the 'big names'.

User avatar
Stercutus
* * * * *
Posts: 13081
Joined: Wed Feb 10, 2010 8:16 pm
Location: Home where my thought's escaping

Re: Everyday is Cybersecurity Awareness Day

Post by Stercutus » Fri Aug 02, 2019 1:42 pm

I made myself younger, liberal and female.

Tired of seeing all the ads and clickbait to help me with planning for my retirement as well as for stair lifts and reverse mortgage calculators I decided to answer a few MS polls and answered as best I could. That got hamster wheels turning. Now I get ads inviting me as a millennial to transgender days at Disney and how to do conflict resolution with my husband (hint: he is always wrong).


I'm trying to figure out what to do next. I don't really want to change my ethnic background or race but I was thinking about going ESL, just not sure which language to pick.
These days of dust
Which we've known
Will blow away with this new Son

But I'll kneel down wait for now
And I'll kneel down
Know my ground

User avatar
flybynight
* * * * *
Posts: 2694
Joined: Sun Dec 01, 2013 12:30 am

Re: Everyday is Cybersecurity Awareness Day

Post by flybynight » Fri Aug 02, 2019 10:37 pm

About an hour ago I got this sketchy txt from Chase Fraud asking me to reply if I used my card for $1.50 at a fast food restaurant. I figured it was some kind of phishing scam , but checked my account and saw no 1.50 charge. The txt though specified the last four digits of my card though which was concerning. So I called the debit card number. Long story short. Yes it was Chase Fraud txtn. Yes someone tried to use my card number for $1.50 in Texas and yes my card is now deactivated. :vmad: F@#$%&*
As of now I bet you got me wrong

John Titor was right

User avatar
SCBrian
* * * * *
Posts: 1196
Joined: Tue Sep 21, 2010 1:56 pm
Location: Charleston, SC

Re: Everyday is Cybersecurity Awareness Day

Post by SCBrian » Sat Aug 03, 2019 8:28 am

A lot of times, fraudsters will use small transactions 1-5$ to "test" a card before a major transaction.
My wife gets alerts on her phone anytime our card is used in addition to hard upper limits on the amount. She can change it near instantly for big purchases.
I tilt at Windmills
BattleVersion wrote:For my Family?...Burn down the world, sure... But, I'm also willing to carry it on my shoulders.
raptor wrote:...I am allergic to bullets;I break out in blood.
jnathan wrote:... you can choke on my Hebrew National.

bugmeout
Posts: 2
Joined: Sat Dec 26, 2015 10:09 pm

Re: Everyday is Cybersecurity Awareness Day

Post by bugmeout » Tue Aug 13, 2019 9:23 am

BTW, Cybersecurity is designed to protect software applications from digital attacks in order to avoid opening access to confidential information. Effectively ensuring cyber security is a rather complicated task. The search for solutions to such problems is possible through the use of artificial intelligence and machine learning. Read in more detail: https://mindy-support.com/ai-and-machin ... ng-service


Post Reply

Return to “Contingency Planning & Preparation”