Helping to keep yourselves safe on the interent

Here is an idea that you can share with your business, friends, and/or family to help keep everyone as safe as possible.

Subject: Keeping your work and personal data safe 

All our systems are increasingly under attack from growing hordes of bad actors (whom actively use automation to probe Everywhere/Everything).  There are some things we can all do to keep our data and identities safe from abuse, loss, and/or exposure.

A) Make sure that you are routinely restarting all your systems (phones, computers, tablets, etc.) at least once a week, so that the background patching can finish.  All patches require that the running software is stopped for the newer software to take its place. While some software can do this while we work, several key security sensitive parts can't do that without a full restart/reboot.

B) Make sure your Security Awareness training is complete, to help you keep clear of the ever-evolving scams facing us all, whether though work or personal communications, whether targeting the business or you personally. 

Your IT team is working all the time to make sure your systems and processes are as secure as they can get them. It is a never-ending game as the bad actors figure new ways to get at us and try to catch us in those slip ups in getting the safe things done in a timely manner. Please remember that just putting your device to sleep or closing your laptop is not restarting/rebooting your system.

As for all automation you may have setup, "Fire and Forget" is fine, provided you never actually forget. Check the automation regularly to ensure they are working. 

Tech versus non-tech terms

There are times that when you are listening to a group of people have a discussion you may think that they are talking a foreign language, but they are speaking English, just that they are using terms that don’t seem to make sense in the conversation. In some of these cases, it isn’t the word or term that they are using, it’s how it is understood by everyone that is part of the conversation. I do know that a lot of technical people have what seems to be a secret language that they speak, and it can be very confusion for those that are not directly related to a particular expertise.

I have decided to try and decode some of the words that I have been hearing and how they can be misunderstood by those around us. Now let’s have some fun and see how one acronym or term can mean a lot of different things, and it all depends on who is listening to the conversation.

DC

• Direct current
• District of Columbia
• Domain controller
• Data centre

Backup

• Extra help or support
• Copy of a file
• A situation in which something is not moving
• Music that accompanies the main singer or tune

SAN

• Storage Area Network
• SANS institute

Farm

• A plot of land that grows crops and livestock
• A group of computer systems in one or more cabinets.

These are just four examples of how a word or acronym can have more than one meaning and when you are in a conversation with a bunch of people it can be very confusing to listen to a conversation. One important thing to remember is when you are writing an email, or a document, and you use any of these terms it is important to ensure that everyone that may read the email or document understands the correct meaning of the term. Be careful of prejudging what "Everyone" knows.

It is very important to know the audience that you are writing something because even if they are in a different area of Technology, they may have an entirely different meaning for the same term. So, a term can have a lot of different meanings, and understanding how to communicate to the various people in an organization is very important. It is the translating infosec into regular IT and IT into regular business terms that is vital for good communication.

Rebooting and why I should do it

For many, having to reboot/restarting our computers seems to be such an issue. Why can’t I just leave it turned on for days at a time and even connected to the company for hours and days without anyone complaining.

Here are some of the reasons why we all need to reboot/restart our computers/device:

• A full shut-down restart/reboot is required for completing many of the security patches needed to keep your (personal, corporate, and family) data and reputation safe.
• A restart refreshes your system of the many "temporary" processes that have done their job, but haven't fully release system resources

We have been working with a client and when we talk to them about getting the end users to reboot/restart their devices it seems to be such a challenge. Of course, there are so many reasons why someone cannot reboot their system on a timely basis:

• I have files open that I need to keep open because I am working on the files (these files are open for hours even when the person isn’t working).
• My system takes too long to reboot when I do a restart (maybe the issue is you haven’t done restarts lately and there are too many things that need to be updated).
• I just don’t have time to do a restart (why not restart your computer at the end of the day, and it will ready when you get back the next business day).

There are so many reasons why someone will tell you that they cannot reboot/restart their system, and a lot of those reasons are that they just can’t be bothered or there isn’t a reason for them to reboot. In some cases, the reason someone isn’t rebooting/restarting their device in a timely manner is because there is no policy in place that says that all devices must be restarted with x number of days. When a business doesn’t have a policy as to how often machines need to be rebooted/restarted, that doesn’t help at all.

For a business to be successful and secure, they need to understand the importance of restarting/rebooting each machine is vital. Some users think that either putting their device into hibernation mood/sleep or a system crash means that a computer has rebooted, has completed the task. What people don’t understand is a crash doesn’t mean a total system restart, and putting a computer into hibernation is not a restart.  For a device to work effectively, they need to have regular, total reboot/restarts. It doesn’t matter if it is a computer or tablet, they all need that bit of time when they can turn off and restart to clear all the stuff that has been bothering/hindering them.

It is important that we understand that our devices, either a computer or tablet, need a bit of time when they can turn off and refresh. So, yes, it is important that we remember that our devices need a bit of time to sleep, even if it is just for a couple of minutes. It helps them recharge and know that they are ready to go and meet your needs again.

The risk of inactive/off-line systems

 The risk of inactive/off-line systems if just turned on and used

In our fast-paced world with cyber warfare going on, from nation states jockeying for the secrets of other nations with zero day hacks, to the many criminals looking for every way to get value out of everyone they can, software is constantly being patched to try and keep ahead. With so many people and businesses not patching, even old bugs are being probed all the time, and getting attacked. Using unpatched systems is a huge risk, sometimes even if just a few weeks, or sometimes days, out of date.

There are many reasons why a system might be unused for a while. They aren't just sitting there for no reason, but generally in one of the following paths

• Primary user on extended vacation or other extended leave.

• Pending deployment, with an active plan to do so.

• In reserve, with not active plan, other than to be available if needed. Perhaps on an eventual path to be decommissioned.
  

• On the way to being decommissioned and disposed.

If there is any intention of bringing a system into active use with little warning, they must be kept up to date, otherwise they represent a security risk as breachable/hackable defects are found but not patched. These machines would need to be regularly (every week or two) brought online and the full patch process run (Not just the few obvious ones, but the whole patch management process). This does not mean for all the system in reserve inventory, just enough for quick deployments (loaner or replacement) and the next ones are brought up to ready from extended off-line status.

Or

Any system that has been off-line for an extended time, is a huge safety risk to us if it is just deployed, until it has been through a few restarts, with time in between for the patch process to see what is needed and deployed. After the OS has gotten its patches, open the primary apps, and go to their ‘Help’ ‘About’ menu to check for any updates there. Browsers and email clients are a big target and the front lines of many cyberattacks.

If a system is on the path to likely being decommissioned, but we are just keeping it around "Just in case" then pull it out of any active monitoring systems it might be a part of, as those usually have a licensing cost you can free up, and they usually alarm/bug someone when they haven’t “called home”. Essentially some effort to ‘Mothballing’ the device, just like the Navy does with their ships, Air-forces often do with planes, or even clothes kept in the attic for that ‘maybe some day we might need this again’

There is a very active cyberwar going on, nation states juggling for control to avoid bullets, through all the criminals trying to get at what every they can grab. This has been accelerating at a rapid pace, and we can not rest on "it won't hit us" as we are all being actively probed all the time.

To be safe or as safe as possible, it is important that you keep your systems (both personal and business) as up to date as possible before and when actively using them.

A messy computer desktop is a slow computer

How many icons do you have on your desktop? Is it just a few icons (like 15 or so) or it is so populated you cannot see your background?

The reason we ask is that each of the icons takes a finite amount of time to load and display. The further away the information that each icon represents, the longer it will take to update/load the icon. It may be just milliseconds per icon, but that does add up. This applies to folders on your desktop as well. We've seen systems with thousands of files in folders on their desktop, but after moving them to a regular documents folder off the Desktop, they noticed how responsive their system got.

Recently I was able to see a desktop on a monitor, and you couldn’t see very much of the background because of all the different icons that were there. This person was also complaining that his computer was no good because it just took way too long to start up.

Here are some questions that I asked this person about their computer.

• How often do you reboot your computer?
• Are all these icons on your desktop necessary?

Now these are the answers that I got.

• I don’t reboot my system very often because it just takes way too long to start up again.
• All of these icons are necessary so that I can do my job, and he immediately pulls up a photo that has nothing to do with work.

What is very important to understand is that a lot of the icons on the desktop were for files that he felt he needed to access quickly. Of course, these files were located on a server and not on his computer, so each took longer to load. I tried to explain to him that having all these file icons on his desktop was a major reason why his system took so long to startup. When you have icons on your desktop, what happens when the system starts up is it must look up each of these files so that it can draw it on the desktop. The more files you have on your desktop, the longer it is going to take for your system to start up and refreshes during the day. If you need access to these files quickly, it is better to have them in a folder elsewhere and then just the link to the folder on the desktop. Then the only time the files will be searched for is when you open the folder.

So, the best thing you can do to ensure that your computer starts up at a reasonable speed is to limit the number of icons that you have on your desktop, especially icons that are to remote files. Shortcuts can be useful but remember that they can also impact how you work. The convenience of all these icons has it's cost in time.

 

Scams, scams and more scams

There seems to be more and more scams out there, and probably because people are falling for them. We recently heard that a student lost quite a bit of money from their bank account as they fell for one of these scams. Nowadays, it just seems that every day you either get a phone call, email or text message that doesn’t look like. Businesses get similar scam emails, so don’t think you are alone. Below are some of the scams that we have received in the last little while, that is not including our favourite “Duct Cleaning” phone calls.

Scams:

Netflix: Your payment cannot be completed. To keep access to the service, please visit (factious website)

• If you don’t have Netflix never click on the link and even if you do have Netflix DO NOT click on this lick. To see if there is an issue with your Netflix account, go to where you would normally log in into your account and check the status of it.
  

RBC Your client card starting with 4519** has been flagged due to unusual activity. To reactivate your online access, please visit: (Factitious website)

• All RBC credit cards start with this, so that isn’t any information that is helpful. Also, most banks have other means of letting you know that there is an issue with your card. I know that when our card had some unusual activity, we received a phone call. If you think there might be something wrong with your card, DO NOT click on the link. You can sign in to your account the normal way and check your account.

[Canada-post]Your package has been put on hold because the street number is missing from the package. Please check and submit the correct address. (Factitious website)

• If you aren’t expecting a package to be delivered, just ignore this text message. If you are, contact the sender to see if they may have missed addressing it correctly. DO NOT click on the link no matter what.

Amazon: This is to inform you that today your account will be charged for Amazon Prime (funny the phone number you are calling isn’t linked to an Amazon account)

• This is a phone scam that they want you to click a number on your phone and provide them with your credit card and other personal information. DO NOT click on that number.

Email: your e-mail account has been disabled and some features might be restricted or may not work. It seems there has been a violation of the terms and conditions with your email account xx@xx.ca. If the account has been already access from unusual or suspicious locations or devices, Google might have disabled it to prevent potential unauthorized access. (now the interesting thing about this one is the account that they showed had nothing to do with Google at all and the website in the form also had nothing to do with Google)

• If you receive an email like this from a company that has nothing to do with where your email is hosted, DO NOT click on the link. Now, the other thing about this message is it contradicts itself. First it says the account has been disabled, and then it says some features might be restricted or not working. Well, if the account has been disabled, all the features won’t work.

Invoice email: Good afternoon! I am quite disappointed! Obtained the complaint from our contractor, and I have a large amount of questions. Please resolve this problem, or I shall apply legal penalties! It is very important! Copy of the complaint you’ll find via the Invoice Link lower (well we don’t do business with the company that is sending the complaint and when you read the actually working it doesn’t make sense)

• This is something that some accounts payables or receivables may receive. Again, DO NOT click on the link that is provided. Check with others to make sure that this company is real and if not block the sending.

Summary

What we have been trying to show you is there are a lot of different methods of text, phone, and email scams that are out there. We have left the messages just as we received them to show you some of the things you can see when you take the time to really read a message. We all must be extremely careful and try and black as many of these accounts as we can. I know that it is hard to control all these scams because when one is caught, at least one more starts up, so we just must be as careful as we can.

It is very important that we start educating our kids and family members about what not to click on when they are on social media or on their email. Being able to increase the awareness of SCAMS may help fewer people become victims of them. If you have any Cyber Security Awareness available, take it as it applies everywhere. Our biggest piece of advice is if a message, whether text, call, email or any other path, doesn’t make sense, it’s best to ignore it.

Why Cybersecurity Awareness Training is Important

So many people, when you mention to them about cybersecurity awareness training, they think it is a waste of time. Cybersecurity awareness training is a good idea and not just for you at work but also for you as an individual and for your family as well.

Cybersecurity awareness training is a means of teaching someone what all the different ways you can be compromised through different media/channels. It also trains you to be aware of all those other techniques that someone wanting to get access to your information or your company’s information can do it. Yes, it is amazing how many people fall for those messages that sound too good to be true. Cybersecurity awareness training also educates you on what to be aware of when you are visiting websites as well.

There are so many different techniques that a scammer/bad actor can do to make it look like the message you are getting looks valid. It doesn’t matter the size of the company because attacks can happen to any size of company or any individual. Being aware of what you should look at to ensure you aren’t clicking on something you shouldn’t or replying to something you shouldn’t help a lot.

If your company provides you with this type of training, it is a good idea to step into the training and take full advantage of it. It may require you to watch some short videos and answer questions, but they are normally not very long but are often required if the company has Cyber insurance. The other part of this training is you maybe getting random messages that will be testing your knowledge. It is a great way of making sure that you have been paying attention to the training, and it also reinforces it. If you happen to be clicking on everything in these messages, you will get more training to take to make sure you are learning the material. The training is a continual process to ensure that you are staying current to the new threats.

One thing that is important to know is that it doesn’t matter how large or small your organization is, everyone is a target. Also, anyone at home or at work can click on something that they shouldn’t or answer that question that they shouldn’t answer when it comes in a message. Remember, if you have a credit or debit card or have internet access, you can get taken advantage of personally. The material that you learn at work through this type of training will also help you and your family at home. If you have learned something, remember to pass this on to those that you love because it will help them as well.

Cybersecurity awareness training may seem like a waste of time, but you don’t want to be the person that clicks on something that they shouldn’t and cost your company hundreds of thousands of dollars or worse, they are forced to close. In some cases, the information that was stolen meant they couldn’t get back to operating like they did before the attack, therefore your job is gone. This training can also mean that it could help you prevent clicking on something at home and giving someone access to your banking information. So, remember it’s important to take that training when it’s offered as it is important to you as both an individual and an employee.