Monday, October 24, 2016

October is National Cyber Security Awareness Month!



Cyber Security is a Shared Responsibility

At Cyberwyze, we feel both privileged and obligated to join our nation in highlighting the importance of the safety of our sensitive information online and offline during the 2016 national cyber security awareness month.

Enough, Already!!!

Shhhhhhhh!!!  Sometimes, silence is safety! 

As a nation, we need to be wise with the information we put out in cyberspace, yes, it is very American to be open and transparent; that is what makes us an open society and free. But we must know that the sensitive information that we throw out in the cyberspace for all Americans, who has the right to them to see, are all also accessible to our enemies who would use those information to harm us. We all know that the element of surprise is crucial in warfare, there cannot be an element of surprise without silence or privacy. In this largely asymmetric warfare, sometimes, perhaps more often than not, we need to be seen not heard, seen taking action, not just talking and tipping our adversaries off on what we are going to do or expressing weakness by constantly bemoaning what has been done to us.  We have to keep our mouths sealed sometimes, if not most of the times, if we want to succeed in the cyber warfare that we are in. Period!  

In the midst of what seems, almost a daily occurrence of security breaches, we, as a nation of innovators and visionaries, need to urgently change our strategies in the cyber warfare.  Primarily, we need to stop arming the adversaries with our careless handling of sensitive national information. For example, just because we have open government provisions, such as FOIA, does not mean that the information acquired through those provisions are less sensitive and does not require protection. We are shooting ourselves on the foot, in fact, jeopardizing our national security, and essentially waging losing cyber warfare.  Our government leaders have to understand that we are living in a global environment, and that any information put out on the Internet is not restricted to the consumption of American citizens alone, but to the whole world, both friends and foes.  Those who are in war don’t divulge information that could aid the enemy.  What we are doing is counter-productive, people!  

Let’s learn to protect ourselves by keeping our sensitive information safe; it is not such a great idea to put it out there for the whole world to see, if we want to overcome in this unrelenting and ferocious cyber warfare, else we are toast!  What will it be, folks?  

Talk Less, Act More!!!



Thursday, September 22, 2016

About Cyberwyze


Whether you admit it or not, cybercrime is the new battle frontier, from theft to terrorism, and everything in between—scam, espionage, sabotage, you name it, it is here and growing. As long we have this vast and expanding parallel universe called the Internet, as long as technology keeps evolving, for good and bad, cybercrime is here to stay. The question is---what will you do about it? Let me be the first to tell you, if you haven’t heard, ignorance is no bliss here, apathy is no option, retreat offers no reprieve, you can’t run or hide, you can’t leave your safety to your government; you must do your part. Equipping you to do just that is why am doing this; the sole reason for this blog.

The United States, in her quest for openness and freedom for all, gave the world the Internet, we will not let our enemies make that gift our Achilles heel. The enemy may be thousands of miles away, yet can strike in a split of a second, needs no army or fire power, just keystrokes to deal a devastating blow that can rob you of your life savings, steal your identity, sabotage our government, undermine our system of government, and cripple our society and destroy our way of life.

Our biggest weakness is negligence, our adversaries’ greatest weapon is our negligence. You can do your part wherever you are, all you have to do is take simple steps to protect your personal information, protect information entrusted to you by your employer, whether public or private. Those simple steps is what this blog is about and hopes to give you. So read on.

Wednesday, September 21, 2016

Are you Cyberwyze?

Growing up we were always taught to be streetwise, and most of us still are, but how about “cyberwyze”—are you “cyberwyze”?  My goal is to keep us safe from the ploys of the adversaries who are constantly looking for whom to defraud.  So you keep reading, and I’ll keep researching everywhere to get credible information to help you and I render unachievable the nefarious plots of the adversaries (hackers).

·         Here are some practical ways to help us be Cyberwyze (Courtesy of the Department of Homeland Security):
Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on. Never
open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

For e-Mail, turn off the option to automatically download attachments.

Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.


Friday, June 10, 2016

Are you Cyberwyze?

Growing up we were always taught to be streetwise, and most of us still are, but how about “cyberwyze”—are you “cyberwyze”?  My goal is to keep us safe from the ploys of the adversaries who are constantly looking for whom to defraud.  So you keep reading, and I’ll keep researching everywhere to get credible information to help you and I render unachievable the nefarious plots of the adversaries (hackers).

Here are some practical ways to help us be Cyberwyze (Courtesy of the Department of Homeland Security):
  • Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

  • Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

  • Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

  • Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

  • Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

  • Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

  • Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

  • For e-Mail, turn off the option to automatically download attachments.


  • Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

What is PII?

Personally Identifiable Information (PII) include, but not limited to name, Social Security Number (SSN), and date of birth (DOB).  In addition, any information that can be joined or added to another piece of information to establish an individual’s identity could be described as PII. Such information could be an individual’s address, mother’s maiden name, bank account number, PIN number, credit card number and related information (PCI) as well as health information (PHI).

PII must be protected to avoid all the heartache and the ripple effect that a breach of PII could cause individuals as well as organizations.  One breach is one too many; therefore, awareness, education, and training are key components of securing information both on an individual level and organizational level.  Most times, individuals and employees are their own enemies because of lack of knowledge which is, as a matter of fact, very prevalent. 

Many people have no clue on what constitutes a PII, let alone how to protect their information.  Several times, people discard the sensitive information into trash cans without a care in the world, not knowing that such information if fallen into the hands of an adversary could cause them more trouble than some minutes of care, such as taking time to properly shred or delete forever any sensitive information they intend to discard, rather than just tossing it into a physical or electronic trash bin. 

Thursday, May 12, 2016

Data Security Best Practices


Data Encryption:
             
One of my favorite best practices and policies when it comes to data security is encryption at rest and in motion or transit.  Email, which is fast replacing the traditional letter-writing, is a common practice for most people, from insignificant to significant contents being transmitted every minute via email.  As a result, the adversaries who are roaming the Internet snooping for sensitive information to grab at the detriment of the legitimate and innocent Internet users are also posing problematic for every email sender and receiver.  That’s why I am big on data encryption as a practice that ensures peace of mind for email users, especially United States citizens, and highly recommend it as a must adopt best practice for data security and an antidote to combating the ongoing cyber warfare. The urgency and criticality of the use of Encryption/Cryptography and Electronic Data Interchange (EDI) via the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol to protect data in transit can never be overemphasized.
So, to beat the snoopers and maintain peace of mind—use encryption and EDI!

What is Encryption?

Encryption is “the process of encoding a message so that it can be read only by the sender and the intended recipient. Encryption systems often use two keys, a public key, available to anyone, and a private key that allows only the recipient to decode the message” (Dictionary.com).

What is TLS?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL) (TechTarget.com).

Check out the following article, courtesy of Google.  Give it up for Google for encouraging users to share this article with everyone highlighting the importance of data encryption, more so for emails and other types of data transited back and forth every minute by internet users on individual, organizational, and government level.


 _______________________________________________

The following information is by courtesy of Google!

How encryption works 

What it takes to make email safer from snooping. 


Privacy is important to all of us
If you mail a letter to your friend, you’re hoping that she’ll be the only person who reads it. But a lot could happen to that letter on its way from you to her, and there may be prying eyes who try to read it. It's why we send important messages in sealed envelopes rather than on the back of postcards.
Sending and receiving email works in a similar way.
As you go about your day reading, writing, and checking messages, there’s a lot that happens to deliver your emails to their intended recipients. But when you send or receive messages with an email provider who doesn't transmit messages via a secure connection, your emails could be open to snooping. 


Encryption depends on everyone 

Encryption with Transport Layer Security keeps prying eyes away from your messages while they’re in transit. TLS is a protocol that encrypts and delivers mail securely, for both inbound and outbound mail traffic. It helps prevent eavesdropping between mail servers – keeping your messages private while they're moving between email providers.
However, your messages are encrypted only if you and the people you email with both use email providers that support Transport Layer Security. Not every email provider uses TLS, and if you send or receive messages from a provider that doesn't, your message could be read by eavesdroppers.

TLS is being adopted as the standard for secure email. While it's not a perfect solution, if everyone uses it, snooping on email will be more difficult and costly than it is today.
Spread the word about the importance of proper email encryption in transit – more messages encrypted in transit makes the Internet safer for all of us.