Maverick Cyber Security Newsletters
April 2017 - The Rule of Three: We are surrounded by the number three. When arming cyber-aware citizens on the third rock from the sun, we rely on three security triads: The CIA Triad, Domains Triad, and Many Lives Triad lay the foundation of what it means to be secure in every aspect of the ongoing battle against cybercrime.
1. Which of the three triads is considered to be the pillar of information security? (The CIA Triad)
2. What should you do with sensitive documents that are no longer needed? (Shred them)
3. You should never connect to a public network without one of these. (VPN or Virtual Private Network)
4. What are the three lives of the Many Lives Triad? (Professional, Personal, and Mobile)
5. What are the three domains of the Domains Triad? (Cyber, Physical, and People)
2016-2017 Fiscal Year Archives:
March 2017 - Become a Human Firewall: Whether you know it or not, YOU are a human firewall. That is not up for debate. It’s just a matter of how good you are at being one. As a human firewall you have a lot of responsibilities. The good news is that those responsibilities don’t require strong technical or computer skills. They simply require common sense, good decision making, and a commitment to fighting cybercrime! If everyone does their part, maybe we’ll have a different – more secure – conversation at this same time next year.
February 2017 - Cybercrime Update: Cyber threats are not going away. Most experts think the Security of Things will get worse before it gets better. Tech companies will continue to release products rife with security flaws, errors or misconfigurations. Cybercriminals will continue to discover new ways to find and steal data and to compromise organizations. We can’t predict what the next new wave of cyber threats will be in 2017, but we can rely on security fundamentals with a proven success rate to minimize their effect. If everyone does their part, maybe we’ll have a different – more secure – conversation at this same time next year
January 2017 - Common Sense Security: No piece of information security technology, like biometrics (fingerprint scanners, facial recognition, etc.), is totally secure. There is always a way to enter, bypass, fool or otherwise render security ineffective. At the same time, we can’t just sit around and wait for it to improve, just like we can’t sit around waiting for tech companies to enhance security features, or for governments to regulate tech companies. As always, security awareness and implementation is a non-technical, human process with an end goal of improving our security behavior. Once we understand the problem, the solution becomes as simple as common sense. Let’s change our habits and become security assets instead of liabilities.
December 2016 - What is PII?: PII stands for Personally Identifiable Information. But what info is considered PII? And what info isn’t considered PII? Those can be tough questions to answer. PII is any data that can be used to specifically identify an individual. But that’s rather vague and can be confusing. In this issue we will clear up these questions and more.
November 2016 - Horrors of Malware: Malware is any malicious software, script or code installed on a computer that alters its function in some manner without permission. It might be malicious or it might not be. Malware comes in all shapes and sizes and can go undetected for long periods of time. Like with all things computer security, infections can be prevented by maintaining good cyber hygiene: keep software and firmware up-to-date, use strong passwords, backup data regularly, implement anti-virus and anti-malware software, think before you click, and always follow policy.
October 2016 - Safe Surfing: From our homes to our mobile devices to our computers at work, we are connected, we are surfing. If we’re not doing it safely, we can easily drown in a sea of malware, spyware, viruses and even identity theft.
September 2016 - Insider Threats and Data Breaches: E-commerce has taken over the way we do business, which means there’s a lot of sensitive information being exchanged. This opens more doors for criminals. Instead of going after goods and services, they can target our data (and yours) without even leaving home. The worst thing any of us can do is assume we’re not a target.
2015-2016 Fiscal Year Archives:
August 2016 - Mobile in the Cloud: Because of mobile devices and the cloud, we live in a world of constant access. Which means we need to be constantly vigilant to avoid scammers. Do you know what to do if you lose your smartphone? Do you know what data Google collects on you?
July 2016 - The CIA Triad: The CIA Triad is one part Confidentiality, one part Integrity and one part Availability. As a whole, it is the single most crucial element to protecting sensitive data. Failure at any one level can lead to failure at every level. It’s our duty to not only keep data private, but also make sure it is consistently accurate and accessible for authorized users.
June 2016 - Living a Healthy Cyberlife: Maintaining a healthy life-style is a challenge even for the best of us. Our busy lives make it difficult to eat right, exercise regularly and get enough sleep. But, when we make a habit out of all of those things, it comes a bit more naturally. In this issue we want to help you achieve a healthy cyberlife by practicing good security habits on a regular basis.
May 2016 - Spam, Scams & Hacking You on Social Media: Your email, LinkedIn, Facebook, (all social media) and even your text messages can pose potential security threats. With a little security awareness you can learn to identify and avoid such threats by using simple common sense and easy to follow security practices.x
April 2016 - Personal & Home Network Security: The path to great security awareness doesn’t begin and end at work, you must also be vigilant at home and in your personal lives. In this issue we discuss the steps you can take to protect your home network and PII (personally identifiable information), and what steps can be taken to avoid ransomware.
March 2016 - The Secrets of Data Classification: Data classification is essential to our everyday lives, both at work and at home. In general, data can be classified into one of four sensitivity levels: public, internal use, regulated and confidential or top secret. Do you know the sensitivity levels of the data you handle at work? How do you handle your personal data at home?
February 2016 - The Three Domains of Security: People remember things best in groups of three. In this issue, we are exploring in depth the Three Domains Triad, which consists of the Cyber, Physical, and Human domains. Each domain has its own unique security risks that a security savvy person must be aware of and prepared for. As we explore each domain, think of how it can apply to your specific job. Have you ever been phished? Have you ever been social engineered? Did you know what actions to take?
Janurary 2016 - Security Awareness Top 10: If you could only have one food for the rest of your life, what would it be? What are your three top wishes? What are your Top-10 best security behavior and practices at work and at home? In this issue, we even take Top-10s further, by introducing the Top-10 of Security Top-10s! The Top-10 Mobile Security tips and tricks. Top-10 ways to protect kids on line. Top-10 Social Media best behaviors... and of course, we will relate all of those common sense activities to work policy and best practices...
December 2015 - Be a Human Firewall: We may not think about it, but we all need to be human firewalls and understanding just what that entails in our professional and personal lives, might seem complicated or overwhelming. In this newsletter, we take a look at the top concerns of human firewalls both at work and at home. Across all domains; cyber, people and physical, being a strong human firewall is really just about common sense, making good decisions and asking for clarification whenever you are in doubt!
November 2015 - The Social Engineering Issue: This newsletter adds some context to the most successful attack method ever devised - Social Engineering. Yes, Social Engineering attacks work because the bad guys attack YOU - the human - and not the technology. We’ll look at Social Engineering throughout history, going back more than three millennia. Then we will find out what a Social Engineer looks like! And today in Hollywood, USA, Social Engineering is embedded into all forms of Pop Culture - from Die Hard to Inception. Remember, only you can prevent Social Engineering!
October 2015 - The Malware Issue, Catching it, avoiding it, and what to do when you're infected: The hostile world of malware, viruses, Trojans and more! Did you know that the majority of successful cyber-attacks include malware? Some people believe that mobile devices are immune from malware, but with Facebook and an endless number of Apps, nothing could be farther from the truth. Take a look at this engaging issue and see if your 'malware smarts' are up to par!
September 2015 - The A to Z Guide of Security Awareness: Newsletter about all things security, from A to Z. What are the 'A-B-C's of security awareness that begin with a 'Z'? What about an 'X'? Or how about the awful Scrabble letter, 'J'? All it takes is a little bit of awareness and minding your 'P's and 'Q's to notch your security profile!
2014-2015 Fiscal Year Archives:
August 2015 - A deeper look at Nontechnical & Physical Security: Take a deeper look at nontechnical and physical security in our professional, personal, and mobile security lives. Topics also include, Social Media Sharing, Hotel Bills & Personally Identifiable Information (PII), Dumpster Diving & Garage Door Hacking, No Tech Hacking
July 2015 - The Privacy Issue: Privacy – defining what is PII, the many different lives of PII, the difference between Privacy versus Security, and how to protect yourself and your family from Identity Theft. BONUS – a full-page compliance chart of compliance standards related to privacy!
June 2015 - The Cloud is Not Yours: We hear the term used a lot but many still don’t truly understand what is meant by “the cloud.” A simple explanation: the cloud is someone else’s computer. It’s not yours. And that is exactly why there is so much debate about security in the cloud.
May 2015 - Cyber Crime Update: Review of 2015 network security threats, what are they and how to avoid them.
April 2015 - The Identification & Authentication Issue: Did you know that passwords are only one small part of identifying yourself to a computer, a network or any online service? Accessing hardware and software resources, also sometimes called the front door, usually consists of two components: Identification & Authentication, or I&A.
March 2015 - Let's Get Social!, Smart Social Networking: Properly using social networks and media can be quite complex and the security issues even more so. ‑ The security and privacy settings can change overnight and you never know when a hosting company (ISP, social media platform) might get hacked, violating your personal lives even further. If this all sounds somewhat dire, your own security awareness can come to the rescue! At least, a good dose of awareness can help you make better choices and be safer while using these social networks.
February 2015 - The Many Lives of Security: Security in our personal, professional, and mobile lives as newer technology causes overlap in areas that were distinct at one time. This issue also addresses the internet of things, a question and answer section, the importance of policy, comments to contemplate, and more.
January 2015 - End of Year Review: The biggest security issues of 2014 to include top 5 security threats, notable data breaches, critical infrastructure protection, and the use of USB drives and data loss.
December 2014 - Social Engineering, Making Puppets out of All of Us: The December 2014 newsletter focuses on Social Engineering and introduces 4 new scams currently in play
November 2014 - The Phishing Issue: Phishing Issue covering the different types of phishing, and realistic phishing email examples that can prove useful at work and at home.
October 2014 - The Mobile Issue: Focusing on securing our mobile devices and the data that we store on them . Special topics of interest include the iCloud Hack of 2014, exactly what is the “Cloud”, and the basics of Two-Factor. Read up to learn more!
September 2014 - The Identity Theft Issue: What to do if your're the vicitm of ID Theft. Identity theft can take many different forms. For example, a criminal might try to log-in to another customer’s account and make transactions without their authorization. Or another might use a stolen credit card number to buy products and services.