Skip to main content

Maverick Cyber Security Newsletters


December 2017 - Privacy vs Security.:

Do you know the difference between privacy and security? Understanding how these two concepts work together, and how they differ, is key to improving our overall defense. From policies and compliance regulations, to using common sense and staying alert, privacy and security have one common goal in mind: guaranteeing the confidentiality, integrity, and available of sensitive data. Achieving that goal is a responsibility we all share!

  1.  People who have been granted access, from sensitive data to controlled rooms and buildings, are considered to be what? (Insider Threats)
  2. When someone moves on from an organization, they must go through this process. (Offboarding)
  3. What does HIPAA stand for? (Health Insurance Portability and Accountability Act)
  4. How many people were impacted by the Equifax data breach? (Over 143 million)
  5. Full names, credit card numbers, and date of birth are examples of what?(PII or personally identifiable information)

2017-2018 Fiscal Year Archives:

November 2017 - Social Engineering and Phishing. Cybersecurity is a human process that social engineers attempt to exploit in many different ways. From phishing to tailgating to dumpster diving, we need to be aware of the threats we face in all three domains (cyber, physical, people). Understanding the psychology of a scam and how cybercriminals target their victims is key to staying secure!

  1. This type of social engineering attack targets specific individuals or companies. (Spear Phishing)
  2. This type of social engineering attack targets senior executives and high-profile individuals. (Whale Phishing)
  3. What does BEC stand for? (Business Email Compromise)
  4. Victor Lustig fraudulently sold this iconic structure… twice. (Eiffel Tower)
  5. This is the practice of developing fabricated scenarios to trick victims into giving up sensitive information. (Pretexting)

October 2017 - Being Smart About Smart Devices  Imagine a world where your refrigerator orders groceries on your behalf, which are then delivered by computer-controlled drones or driverless vehicles. It may sound like science fiction, but in reality, the Internet of Things, or IoT, is already on that path. We live in an age of access and convenience, and it’s only a matter of time before everything we own is connected.

But we need to consider the dangers and consequences of that convenience. With each new device that comes online, a new attack surface presents itself to cybercriminals. Until developers prioritize security over convenience, it’s on the rest of us to upgrade privacy efforts, both at work and at home.

  1. An army of compromised smart devices used to launch DDoS attacks is known as what? (Botnet)
  2. What does DDoS stand for? (distributed denial-of-service)
  3. True or False: Hiding your SSID is a great security feature of routers that we should all utilize. (False)
  4. How many smart devices are projected to be connected by the year 2025? (75 billion)
  5. What’s the name of the malware strain responsible for the largest DDoS attack to date? (Mirai)

September 2017 - The Front Door  It’s often said that passwords are the first line of defense when it comes to information security. But is that still the case? And what does the future hold for identification and authentication? Are biometrics any better?Understanding how we access accounts and how we protect networks and the Internet of Things (IoT) is vital to security. From proper password construction to respecting privileged access, it all works together, and we all play a role. 

  1. What does SNL stand for in regard to passwords?(Symbols, Numbers, Letters)
  2. This software stores and syncs all logins and passwords across multiple devices. (Password Manager)
  3. Fingerprint scanners and facial recognition are both examples of what? (Biometrics)
  4. If you use your credentials to unlock a door, and then hold that door open for someone else, what did you just allow that person to do? (Piggyback)
  5. What are the three common types of insider threats? (Malicious, Accidental, Negligent)

2016-2017 Fiscal Year Archives:

August 2017 - Malware How much is your computer worth? What about your smartphone? Your identity? Everything has a price and cybercriminals are looking to profit. The World Economic Forum estimates that the global cost of cybercrime was $445 billion in 2016. This is big business.

But the stakes are much higher than money. We’ve seen ransomware attacks hit hospitals, putting lives at risk. We’ve seen attacks on critical infrastructure, like power grids and water treatment facilities—things we rely on every single day. Cyber threats become more sophisticated every day. The need for us to be strong human firewalls united in the fight against cybercrime is greater than ever!

  1. According the Verizon Data Breach Investigations Report, what percentage of phishing emails are clicked through? (12 percent)
  2. What does BEC stand for? (Business Email Compromise)
  3. Malicious advertising that cybercriminals run on legit websites is known as what? (Malvertising)
  4. How many mobile malware detections were there in 2016? (18.4 million)
  5. Malicious mobile applications that impersonate legit banking apps and steal account info are known as what? (Banking Trojans)

July 2017 - See Something? Say Something! Security incidents are going to happen, sometimes because of mistakes and sometimes because of things beyond our control. What’s important is how we handle them. If we don’t report them—even those little things that seem unimportant—chances are they’ll happen again. How we handle incidents is just as important as what we do to prevent them! See something? Say something!

  1. What is the most common way malware finds its way onto computers and networks? (Phishing)
  2. This is the telephone equivalent of phishing? (Vishing)
  3. Aside from not clicking on any links or attachments, what should you do if you receive a phishing email? (Report it)
  4. The process of recognizing, identifying and reporting security events is known as what? (Incident Response)
  5. Allowing someone else to use your credentials to gain access is known as what? (Piggybacking)

June 2017 - Safely Sailing the Cyber Seas:  Most of us never think about how much work goes into the way we communicate. When we do consider the greatness of the networks that connect us, we should treat them with respectful caution; respect for the power that flows through the cables, caution for interacting with the people who want to do us wrong. We need to constantly educate ourselves so we can fight back against the crime that travels across those wires and circuits.

  1. What year was the first transatlantic telegraph cable laid?  (1858)
  2. What does the “S” in HTTPS stand for? (Security)
  3. This browser plugin effectively removes popup advertisements.  (AdBlock Plus)
  4. The use of advertising to spread malware is known as what? (Malvertising)
  5. What’s the number for Facebook Customer Service? (There isn’t one.)

May 2017 - The Top Ten Security Practices:  Knowledge is power. And, in this case, that power enables us to protect ourselves, our organizations, our families, and our friends. Check out our collection of top ten lists and see how they can be applied to your everyday life at work, at home, and on the go. Remember that each and every one of us has it in ourselves to be a strong human firewall and combat cybercrime.

  1. 2016 set an all-time high in data breaches with how many records exposed globally? (4 billion)
  2. A cyber thief spoofing the email of a high-level executive and requesting sensitive information is an example of what? (CEO Fraud or Business Email Compromise)
  3. If your Android phone is stolen, you can use this to remote erase your data. (Android Device Manager)
  4. If your iPhone is stolen, you can use this to remote erase your data. (Find My iPhone)
  5. By always doing this, everyone within our organization becomes a security asset and strengthens our resistance to cybercrime. (Following policy.)

April 2017 - The Rule of Three:  We are surrounded by the number three. When arming cyber-aware citizens on the third rock from the sun, we rely on three security triads: The CIA Triad, Domains Triad, and Many Lives Triad lay the foundation of what it means to be secure in every aspect of the ongoing battle against cybercrime.

  1. Which of the three triads is considered to be the pillar of information security? (The CIA Triad)
  2. What should you do with sensitive documents that are no longer needed? (Shred them)
  3. You should never connect to a public network without one of these. (VPN or Virtual Private Network)
  4. What are the three lives of the Many Lives Triad? (Professional, Personal, and Mobile)
  5. What are the three domains of the Domains Triad? (Cyber, Physical, and People)

March 2017 - Become a Human Firewall:  Whether you know it or not, YOU are a human firewall. That is not up for debate. It’s just a matter of how good you are at being one. As a human firewall you have a lot of responsibilities. The good news is that those responsibilities don’t require strong technical or computer skills. They simply require common sense, good decision making, and a commitment to fighting cybercrime!   If everyone does their part, maybe we’ll have a different – more secure – conversation at this same time next year.

February 2017 - Cybercrime Update:  Cyber threats are not going away. Most experts think the Security of Things will get worse before it gets better. Tech companies will continue to release products rife with security flaws, errors or misconfigurations. Cybercriminals will continue to discover new ways to find and steal data and to compromise organizations. We can’t predict what the next new wave of cyber threats will be in 2017, but we can rely on security fundamentals with a proven success rate to minimize their effect.  If everyone does their part, maybe we’ll have a different – more secure – conversation at this same time next year

January 2017 - Common Sense Security:  No piece of information security technology, like biometrics (fingerprint scanners, facial recognition, etc.), is totally secure. There is always a way to enter, bypass, fool or otherwise render security ineffective. At the same time, we can’t just sit around and wait for it to improve, just like we can’t sit around waiting for tech companies to enhance security features, or for governments to regulate tech companies.  As always, security awareness and implementation is a non-technical, human process with an end goal of improving our security behavior. Once we understand the problem, the solution becomes as simple as common sense. Let’s change our habits and become security assets instead of liabilities.

December 2016 - What is PII?:  PII stands for Personally Identifiable Information. But what info is considered PII? And what info isn’t considered PII? Those can be tough questions to answer. PII is any data that can be used to specifically identify an individual. But that’s rather vague and can be confusing. In this issue we will clear up these questions and more.

November 2016 - Horrors of Malware:  Malware is any malicious software, script or code installed on a computer that alters its function in some manner without permission. It might be malicious or it might not be. Malware comes in all shapes and sizes and can go undetected for long periods of time. Like with all things computer security, infections can be prevented by maintaining good cyber hygiene: keep software and firmware up-to-date, use strong passwords, backup data regularly, implement anti-virus and anti-malware software, think before you click, and always follow policy.

October 2016 - Safe Surfing: From our homes to our mobile devices to our computers at work, we are connected, we are surfing. If we’re not doing it safely, we can easily drown in a sea of malware, spyware, viruses and even identity theft. 

September 2016 - Insider Threats and Data Breaches:   E-commerce has taken over the way we do business, which means there’s a lot of sensitive information being exchanged. This opens more doors for criminals. Instead of going after goods and services, they can target our data (and yours) without even leaving home. The worst thing any of us can do is assume we’re not a target.

2015-2016 Fiscal Year Archives:

August 2016 - Mobile in the Cloud: Because of mobile devices and the cloud, we live in a world of constant access. Which means we need to be constantly vigilant to avoid scammers. Do you know what to do if you lose your smartphone? Do you know what data Google collects on you?

July 2016 - The CIA Triad:  The CIA Triad is one part Confidentiality, one part Integrity and one part Availability. As a whole, it is the single most crucial element to protecting sensitive data. Failure at any one level can lead to failure at every level. It’s our duty to not only keep data private, but also make sure it is consistently accurate and accessible for authorized users.

June 2016 - Living a Healthy Cyberlife:  Maintaining a healthy life-style is a challenge even for the best of us. Our busy lives make it difficult to eat right, exercise regularly and get enough sleep. But, when we make a habit out of all of those things, it comes a bit more naturally. In this issue we want to help you achieve a healthy cyberlife by practicing good security habits on a regular basis.

May 2016 - Spam, Scams & Hacking You on Social Media:  Your email, LinkedIn, Facebook, (all social media) and even your text messages can pose potential security threats. With a little security awareness you can learn to identify and avoid such threats by using simple common sense and easy to follow security practices.x

April 2016 - Personal & Home Network Security:  The path to great security awareness doesn’t begin and end at work, you must also be vigilant at home and in your personal lives. In this issue we discuss the steps you can take to protect your home network and PII (personally identifiable information), and what steps can be taken to avoid ransomware.

March 2016 - The Secrets of Data Classification:  Data classification is essential to our everyday lives, both at work and at home. In general, data can be classified into one of four sensitivity levels: public, internal use, regulated and confidential or top secret. Do you know the sensitivity levels of the data you handle at work? How do you handle your personal data at home?

February 2016 - The Three Domains of Security:  People remember things best in groups of three. In this issue, we are exploring in depth the Three Domains Triad, which consists of the Cyber, Physical, and Human domains. Each domain has its own unique security risks that a security savvy person must be aware of and prepared for. As we explore each domain, think of how it can apply to your specific job. Have you ever been phished? Have you ever been social engineered? Did you know what actions to take?

Janurary 2016 - Security Awareness Top 10:  If you could only have one food for the rest of your life, what would it be? What are your three top wishes? What are your Top-10 best security behavior and practices at work and at home?  In this issue, we even take Top-10s further, by introducing the Top-10 of Security Top-10s! The Top-10 Mobile Security tips and tricks. Top-10 ways to protect kids on line. Top-10 Social Media best behaviors... and of course, we will relate all of those common sense activities to work policy and best practices...

December 2015 - Be a Human Firewall:  We may not think about it, but we all need to be human firewalls and understanding just what that entails in our professional and personal lives, might seem complicated or overwhelming. In this newsletter, we take a look at the top concerns of human firewalls both at work and at home. Across all domains; cyber, people and physical, being a strong human firewall is really just about common sense, making good decisions and asking for clarification whenever you are in doubt!

November 2015 - The Social Engineering Issue:  This newsletter adds some context to the most successful attack method ever devised - Social Engineering.  Yes, Social Engineering attacks work because the bad guys attack YOU - the human - and not the technology. We’ll look at Social Engineering throughout history, going back more than three millennia. Then we will find out what a Social Engineer looks like! And today in Hollywood, USA, Social Engineering is embedded into all forms of Pop Culture - from Die Hard to Inception.  Remember, only you can prevent Social Engineering!

October 2015 - The Malware Issue, Catching it, avoiding it, and what to do when you're infected:  The hostile world of malware, viruses, Trojans and more!  Did you know that the majority of successful cyber-attacks include malware? Some people believe that mobile devices are immune from malware, but with Facebook and an endless number of Apps, nothing could be farther from the truth.  Take a look at this engaging issue and see if your 'malware smarts' are up to par!

September 2015 - The A to Z Guide of Security Awareness:  Newsletter about all things security, from A to Z.  What are the 'A-B-C's of security awareness that begin with a 'Z'? What about an 'X'? Or how about the awful Scrabble letter, 'J'?  All it takes is a little bit of awareness and minding your 'P's and 'Q's to notch your security profile!

2014-2015 Fiscal Year Archives:

August 2015 - A deeper look at Nontechnical & Physical Security:  Take a deeper look at nontechnical and physical security in our professional, personal, and mobile security lives. Topics also include, Social Media Sharing, Hotel Bills & Personally Identifiable Information (PII), Dumpster Diving & Garage Door Hacking, No Tech Hacking

July 2015 - The Privacy Issue:  Privacy – defining what is PII, the many different lives of PII, the difference between Privacy versus Security, and how to protect yourself and your family from Identity Theft. BONUS – a full-page compliance chart of compliance standards related to privacy!

June 2015 - The Cloud is Not Yours:  We hear the term used a lot but many still don’t truly understand what is meant by “the cloud.” A simple explanation: the cloud is someone else’s computer. It’s not yours. And that is exactly why there is so much debate about security in the cloud.

May 2015 - Cyber Crime Update:  Review of 2015 network security threats, what are they and how to avoid them.

April 2015 - The Identification & Authentication Issue:  Did you know that passwords are only one small part of identifying yourself to a computer, a network or any online service? Accessing hardware and software resources, also sometimes called  the front door, usually consists of two components: Identification & Authentication, or I&A.

March 2015 - Let's Get Social!, Smart Social Networking:  Properly using social networks and media can be quite complex and the security issues even more so. ‑ The security and privacy settings can change overnight and you never know when a hosting company (ISP, social media platform) might get hacked, violating your personal lives even further.  If this all sounds somewhat dire, your own security awareness can come to the rescue! At least, a good dose of awareness can help you make better choices and be safer while using these social networks.

February 2015 - The Many Lives of Security:  Security in our personal, professional, and mobile lives as newer technology causes overlap in areas that were distinct at one time. This issue also addresses the internet of things, a question and answer section, the importance of policy, comments to contemplate, and more.

January 2015 - End of Year Review: The biggest security issues of 2014 to include top 5 security threats, notable data breaches, critical infrastructure protection, and the use of USB drives and data loss.

December 2014 - Social Engineering, Making Puppets out of All of Us:  The December 2014 newsletter focuses on Social Engineering and introduces 4 new scams currently in play

November 2014 - The Phishing Issue:   Phishing Issue covering the different types of phishing, and realistic phishing email examples that can prove useful at work and at home.

October 2014 - The Mobile Issue:  Focusing on securing our mobile devices and the data that we store on them . Special topics of interest include the iCloud Hack of 2014, exactly what is the “Cloud”, and the basics of Two-Factor. Read up to learn more!

September 2014 - The Identity Theft Issue:   What to do if your're the vicitm of ID Theft.  Identity theft can take many different forms. For example, a criminal might try to log-in to another customer’s account and make transactions without their authorization. Or another might use a stolen credit card number to buy products and services.