Friday, June 10, 2016

Are you Cyberwyze?

Growing up we were always taught to be streetwise, and most of us still are, but how about “cyberwyze”—are you “cyberwyze”?  My goal is to keep us safe from the ploys of the adversaries who are constantly looking for whom to defraud.  So you keep reading, and I’ll keep researching everywhere to get credible information to help you and I render unachievable the nefarious plots of the adversaries (hackers).

Here are some practical ways to help us be Cyberwyze (Courtesy of the Department of Homeland Security):
  • Never click on links in emails. If you do think the email is legitimate, whether from a third party retailer or primary retailer, go to the site and log on directly. Whatever notification or service offering was referenced in the email, if valid, will be available via regular log on.

  • Never open the attachments. Typically, retailers will not send emails with attachments. If there is any doubt, contact the retailer directly and ask whether the email with the attachment was sent from them.

  • Do not give out personal information over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. Just because they may have some of your information does not mean they are legitimate!

  • Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

  • Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

  • Verify the authenticity of requests from companies or individuals by contacting them directly. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request.

  • Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

  • For e-Mail, turn off the option to automatically download attachments.


  • Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

What is PII?

Personally Identifiable Information (PII) include, but not limited to name, Social Security Number (SSN), and date of birth (DOB).  In addition, any information that can be joined or added to another piece of information to establish an individual’s identity could be described as PII. Such information could be an individual’s address, mother’s maiden name, bank account number, PIN number, credit card number and related information (PCI) as well as health information (PHI).

PII must be protected to avoid all the heartache and the ripple effect that a breach of PII could cause individuals as well as organizations.  One breach is one too many; therefore, awareness, education, and training are key components of securing information both on an individual level and organizational level.  Most times, individuals and employees are their own enemies because of lack of knowledge which is, as a matter of fact, very prevalent. 

Many people have no clue on what constitutes a PII, let alone how to protect their information.  Several times, people discard the sensitive information into trash cans without a care in the world, not knowing that such information if fallen into the hands of an adversary could cause them more trouble than some minutes of care, such as taking time to properly shred or delete forever any sensitive information they intend to discard, rather than just tossing it into a physical or electronic trash bin.