Everyday is Cybersecurity Awareness Day

Topics in this category pertain to planning. Discussions include how to prepare yourself, your family and your community for catastrophes and what you plan to do when they hit you.

Moderator: ZS Global Moderators

MPMalloy
ZS Member
ZS Member
Posts: 3964
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Mon Feb 04, 2019 8:38 pm

NT2C wrote:
Mon Feb 04, 2019 8:30 pm
Sometimes though, you can take security a little too far and screw yourself over:

https://www.foxnews.com/tech/cryptocurr ... eports-say
I read that on NPR. Very poor business planning. No idea about disaster recovery or chain/line of succession in of catastrophe.

Big-Time-FAIL. He knew he had the medical condition. It was all on him & now everybody else pays for his mistake.

I don't see insurance covering the loss. Maybe...I dunno. I was a personal lines guy.

MPMalloy
ZS Member
ZS Member
Posts: 3964
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Tue Feb 12, 2019 11:41 am


User avatar
JasinSwift
Posts: 7
Joined: Wed Jan 24, 2018 5:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by JasinSwift » Fri Feb 22, 2019 7:41 am

Agree with this topic.
Currently, we are living in the Cyber-age where Internet & computers have foremost impacts on our way of living and social life. The usage of information technology has posed great safety challenges and moral questions in front of us. Decided to use the services of software developers for protecting my bussnies now - https://clockwise.software/blog/category/business/ . Thanks for motivation :clap:
Last edited by JasinSwift on Tue Feb 26, 2019 3:06 am, edited 1 time in total.

User avatar
flybynight
* * * * *
Posts: 2505
Joined: Sun Dec 01, 2013 12:30 am

Re: Everyday is Cybersecurity Awareness Day

Post by flybynight » Fri Feb 22, 2019 10:06 am

The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it. :vmad:
As of now I bet you got me wrong

John Titor was right

User avatar
JayceSlayn
* * *
Posts: 630
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Wed Mar 06, 2019 7:59 am

flybynight wrote:
Fri Feb 22, 2019 10:06 am
The number of spear phishing emails at my place of work is at a staggering level. Never click on links unless positive knowledge of the sender. ( example family member telling you by phone they are sending a link,)
If you receive email thanking you for the $1400.00 order you didn't make. The electric company is shutting off your power, Or even your bank warning you of possible fraudulent activity. Don't click on the link. No legitimate business is using this method of contact anymore.
This also includes phone calls/txts. If you are not expecting a call from a business or don't recognize the number or locality of call origination. It's some type of fraudulent attempt to gain information from you or access to your phone and anything stored on it. :vmad:
A while back the "CEO" of my company sent me an email asking me to simply contact them back as soon as possible, but that they were in a meeting, so to respond to their email rather than calling them. I responded to the email (something like "OK - what do you need?"), but the follow-up response was definitely out of character (asking me to purchase a bunch of gift cards for the people they were in a meeting with ASAP). I then checked the sender's address and found that they'd spoofed the CEO's email account. No further responses to them, but I did forward the exchange to our actual CEO for reference. I assume that they gathered enough information from the public company site or LinkedIn to make a passable attempt.

Generally, when I get any kind of official correspondence to my personal account (e.g. water bill, bank statement notification, fraud alert, etc.) I will read it, but never use any of the links or contact numbers in the email to respond. I will go to the official site and log-in there or use the contact phone numbers from the website instead. It helps reduce the chance that a phisher will redirect you via email.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

User avatar
JayceSlayn
* * *
Posts: 630
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Wed Mar 06, 2019 8:27 am

In other news today, MIT Technology Review posted a good article about spreading "Triton"/"Triss" malware, targeting industrial safety controllers: https://www.technologyreview.com/s/6130 ... n-malware/. If you somehow hadn't heard of the Stuxnet or Russia hacking Ukraine electrical grid stories, they cover those briefly as well, but there are even better full stories elsewhere.

I am far from a luddite when it comes to interconnected industrial technology - some people like the term Industrial Internet of Things (IIoT), but I don't like that whole concept as much as I don't like normal IoT. I've had a hand in proliferating the industrial interconnectedness of data/controllers/etc. and it is clearly an unstoppable change in business because of the efficiency it can bring. Nonetheless, I am resistant to its over-application, and I think security must always be taken as a high priority, particularly in instances where it doesn't appear to be of great concern.

A lot of devices that we might invite into our houses and workplaces may seem convenient and productive, but do their manufacturers and/or implementers take security into account? Things like WiFi routers, PLCs, Nest, Alexa, and even things as sophisticated as cell phones and laptops each bring a lot of extra attack surface with them. Not every business is going to be able to afford in-depth security auditing for every project, or able to follow best-practice guidelines perfectly every time. Unfortunately, you have to be perfect all the time, or wrong once, to make the difference against a sophisticated attacker. The attack surface across many industries is already very large, and we have a lot of catching up to do before I'd start to feel "safe" with it.

I've added a generic "State-actor cyber attack" to my list of possible scenarios to prepare for. The extent of which could range from inconvenient to catastrophic depending on the specifics, but preparing for the zompocalypse is a good goal, as always.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

Post Reply

Return to “Contingency Planning & Preparation”