July 7, 2020
Good morning, everyone!
You know, one of the reasons I postponed doing this for so long is that I worried I wouldn't have enough things to write about. What was I thinking? LOL
Forbes recently reported that cyber criminals are upping their game (again) -- it's not enough for them to encrypt your data and demand ransom, but they are often copying your data before encryption so they can sell it on the dark web. What's your best defense? Forbes says (and I agree!):
"The best defense: education. Email inboxes are still the most common starting point for ransomware attacks. Being able to identify a phishing message could keep your secrets from being spilled to the highest bidder."
TIP: Consult (and trust) only Original Sources of Information
For example, if an email or text message from your bank asks you to confirm suspicious activity or verify information to complete a loan, etc., don’t click on any links in the email/text. Instead, open your web browser and go to the login page for the bank that you have previously bookmarked. Or get the ATM card out of your wallet and call the number on the back.
Right now we are seeing lots of phishing emails related to COVID-19. The FBI recently stated that over 20,000 coronavirus (COVID-19)-related cybersecurity threats have been reported to their Internet Crime Complaint Center (IC3) so far this year. Thousands of new domain names with “COVID” in the name have been purchased for use by cyber criminals. This week I received two very high-quality phishing emails purportedly from the SBA asking me for additional information to process my PPP loan, with known malware in the attachments.
Don't click on those links, or open those attachments! Go to websites you know and trust for information on COVID-19 -- sba.gov, cdc.gov, trusted news sites (not links in FB!).
Cyber Essentials Toolkits from CISA
CISA has released the second of their Cyber Essentials Toolkits aimed at educating SMBs on developing an effective information security program. Download “CISA Cyber Essentials Toolkit Chapter 2: Your Staff, The Users” at https://www.cisa.gov/publication/cyber-essentials-toolkits
Remember, there is no amount of technology you can throw at the problem of cyber crime to make it go away! If that were true, large corporations would never have data breaches – but they do.
Important Security Vulnerabilities Revealed by Netgear, Palo Alto
If you have a Netgear router or modem in your home or office, read this security advisory, check your model against those with newly-reported vulnerabilities, and follow their instructions if applicable.
If your organization has firewall and/or VPN appliances from Palo Alto Networks, read this important security notice and follow the instructions.
Be sure to check out my upcoming Work(fromhome)Shops!
Midsummer Cyber Self Defense Series starts July 14
Three one-hour online classes covering social engineering, social media, password management & more!
Details and online registration at https://theneteffect.com/workshops/register.php
And hey, check out our new website!
As always, I’d love to hear your thoughts or questions in response to this email -- especially if there's a particular topic you'd like me to talk about. I'm thinking next week's subject will be "To Cloud, Or Not To Cloud" -- sound interesting?
Talk to you again soon!