Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
titleColor#ffffff
titleBGColor#FF0000
titleRecommendations for Securing your Data & Protecting your Privacy


ALWAYS

NEVER

  • Be skeptical and carefully review every email
  • Lock your laptop screen before leaving unattended
    • Windows icon + L
  • Restart your laptop weekly
  • Check Google Drive sharing permissions
  • Be very careful if accessing District & personal Google accounts on same device
  • Assign students specific device and login/logout after EVERY use
  • Allow students to login to staff devices 
  • Login to student devices with staff accounts
  • Write passwords down or keep close to computer 
  • Access District email links/attachments on mobile device
  • Use your District email to register for personal programs or services; social media, banking, etc. 
  • Connect to a projector or interactive board while having email open, regardless of using the Outlook client or webpage.



Panel
titleColor#ffffff
titleBGColor#00193d
titleOctober 2019 Phishing Training Campaigns

41.3% failure rate, over 240 individuals clicked on the link, many provided their District login and password.


How does a computer become infected with Ransomeware? - Often spread through phishing emails that contain malicious attachments or unknowingly visiting an infected website where the malware is downloaded and installed within the user's knowledge.

What's the impact? - Passwords, accounts & data compromised, (personal and district), files encrypted and possibly lost, downed network services; including internet, phones and access controls for days or weeks, loss of instructional time, not to mention potentially tens if not hundreds of thousands of dollars. 

Why should we worry? - The frequency and severity of cyber attacks targeting school districts has increased significantly this year, not to mention become increasingly challenging to detect. 


Warning
titlePrevious Phishing Email Look-Fors


Expand
title2018-2019 District Training Campaigns . . . What did we miss?




Panel
titleColor#ffffff
titleBGColor#00193d
titleActual Recent District Phishing Attack

Phishing Attacks - Being Aware & Being Vigilant!

More Significant Than Ever!

Spring 2019: Over 20 staff members fell victim to the recent Phishing attack targeting our District entitled; "District Proposed Salary Schedule". Most of those involved downloaded the .pdf attachment while a few went as far as accessing the website linked within the attachment and inputting confidential information, resulting in their District accounts being compromised. Remember to be skeptical of every email and when in doubt, contact the Tech Dept. 
    
What happened as a result?

  • Close to 300,000 emails were generated from the compromised accounts to various accounts around the world.

  • Our email domain was "blacklisted" on two global SPAM filters forcing us to remediate until removed from lists.

  • Our Internet Service Provider threatened to block all district, email traffic due to receiving multiple complaints from other Districts & organizations.

What could have happened?

  • All data on the devices related to the compromised accounts completely lost. 

  • Any programs or services related to the accounts, including data & information available within each program, could have also been compromised. 

    • This includes any sites with login credentials stored using Google Password Manager such as banking, credit card & other personal websites

Moving Forward 

  • Increasing efforts to heighten staff awareness and vigilance, including more frequent & challenging Phishing Training Campaigns 

  • Increased accountability for those succumbing to Phishing attacks, both real and District generated 

  • Improved communication and remediation efforts related to actual Phishing attacks 

  • Improved security procedures and strategies at all levels 

 

Warning
titleBe Aware! - Review every email with skepticism

Ask yourself the "Key Three" questions below. When in doubt, ask the Tech Dept! 

  1. Who is the Sender and what is the email address listed?

  2. Is the Sender asking me to open an attachment or click on a link? Hover over the link/attachment

  3. Does the email seem odd? Is there an urgent message / not typically something the Sender would write? Mistakes? 



Panel
titleColor#ffffff
titleBGColor#4682B4
titleStudent Device Management & Work Order Expectations


Warning
titleStudent Device Management Expectations

Document and assign students the same computer to use whenever possible. Remember, the 1st login on any device takes more time.

  • Be vigilant. Actively monitor student use and assess the laptop/desktop after every use. Can be accomplished in less then 1-2 minutes.

  • Report negligent or malicious behavior and submit a work order IMMEDIATELY if there is an issue.

  • Students MUST LOGOUT after every use. 

  • Laptops should be rebooted, (powered off) at least once a week if not daily. 

  • Designate a staff member to be a Cart Manager to assure all the laptops have been returned, are plugged in and the cart secured at the end of each day. 

  • Be sure that the cart is plugged in and ALL laptops are charging after use. 


The Cost for damages exceeding normal wear and tear will be charged directly to the building/department and repeated damages to the same cart/cabinet will result in the removal of devices from use. Damages & repairs will be tracked by the Technology Department within the new Web Helpdesk Asset Manager.

To reiterate . . .The cost for replacing (3) Dell 3340 student laptop keyboards = one new Chromebook


Panel
titleColor#F0F8FF
titleBGColor#00193d
titleCOPPA Compliance Initiative

Image result for coppa logo

Information related to the Child Online Privacy Protection Act (COPPA) is provided via the link below. This new federal law requires that websites notify parents and obtain parental consent when collecting personal information from children under the age of 13. Under the law, schools are permitted to provide consent to the collection of personal information on behalf of its students, eliminating the need for individual parent consent be given directly to the web site provider. For more information on COPPA, please visit; https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.

Educational web-based tools and applications provide our teachers with resources to enhance, enrich and differentiate curriculum delivery and instruction to our students. Our district carefully reviews online resources for  the program's ability to meet our students’ needs while protecting the confidentiality of personally identifiable information.

Some web-based programs require some student data to create accounts. KCSD does not require nor encourage students to provide additional personal information beyond what is required to create student accounts. Each provider offers information about their organization's collection, use, protection, and disclosure of data through their unique privacy policies, which can be found on their websites.

  • For parents/guardians of children under the age of 13, you are required by COPPA to agree to the online consent form included within the KCSD Parent Portal in order for the District to allow your student to access online educational services for the upcoming school year.
  • For KCSD Staff, any programs not included on the KCSD Educational Services list must be pre-approved by a Building Administrator before acquiring parent consent to create accounts for children under the age of 13. 


Related Resources





Panel
titleColor#ffffff
titleBGColor#00193d
titleWhat Steps Are We Taking to Be More Secure (Devices & Accounts)

Already Implemented

  • District wide randomly generated, student password reset 
  • Substitute Laptop Restrictions - Accessed using Substitute Guest Accounts only, refreshed on a weekly basis 
  • Local Administrator Access Revoked on Staff Devices 

To Be Implemented 

  • Annual District wide randomly generated, student password reset
  • Annual District wide staff password reset (individually created during staff laptop assessment) 
  • Progressive consequences for staff with multiple failures from Phishing Attacks (Real/Training), “3 strikes & out” 
    • Restricted email access to internal email only then restricted internet access

Future Consideration

  • Staff Devices - Access restricted to staff only; no student access allowed 
  • Student Devices - Access restricted to students only; no staff access allowed 
  • Reduce Auto-Lock duration for staff and students 

Panel
titleColor#F0F8FF
titleBGColor#00193d
titleWhen is the last time you restarted your laptop?




Panel
titleColor#ffffff
titleBGColor#00193d
titleCurrent Cyber Safety Topic

KnowBe4 Tip of the Week

KnowBe4 Security Tips - What Are Browser Notifications?

Most internet browsers allow websites to offer browser notifications. The first time you visit a website that offers browser notifications, you will see a pop-up message at the top of your browser window asking you to either allow or block notifications. If you choose to allow them, browser notifications can be displayed at any time, even when you are not on that website. These notifications are typically used for things like blog updates, social media interactions, and upcoming sales. Unfortunately, cybercriminals can also send their own malicious browser notifications to steal your money and information.

How Do Cybercriminals Use Browser Notifications?

Cybercriminals can use two different methods to send you malicious browser notifications. They can either hijack a legitimate website and offer fake notifications from that website, or they can trick you into allowing notifications while visiting a malicious website. For example, in one scam, cybercriminals used a malicious website that appeared to be a video player and instructed users to click "Allow" before they could play a video. Once cybercriminals are able to send you browser notifications, they can use the notifications in several ways:

  • They can display excessive pop-up messages, inappropriate content, or other disruptive material in your browser. This tactic allows cybercriminals to hold your system hostage while they demand a ransom.
  • They can send you malicious advertisements, also known as malvertising. Malvertising is when cybercriminals use ads to spread malware, trick you into providing sensitive information, or steal your money using fake storefronts. 
  • They can include malicious files and code within browser notifications. If you click on one of these malicious notifications, your system may be automatically prompted to download a piece of malware. 

Hints and Tips to Stay Safe

Use the tips below to stay safe from malicious browser notifications:

·        Think before you click! Whether it is a browser notification or another kind of pop-up message, always read and consider a prompt before taking action.

·        Check the permissions settings within your browser and only allow notifications for websites that you know and trust. Most browsers include a list of websites that are allowed to send you notifications. Some browsers also allow you to globally block notifications for all websites.

·        Keep your browser and other software up-to-date. Software updates often include security patches that help close known vulnerabilities. We recommend enabling automatic updates to ensure that your browser is always up-to-date.

Image Added

Be Aware, Be Vigilant, Be Skeptical!


Tip
titleSecurity Tips of the Week Archive


Expand
titleExploiting the Coronavirus: Phony New Policies

Exploiting the Coronavirus: Phony New Policies

During the COVID-19 pandemic, organizations are acting quickly to update HR policies and new security measures in order to protect their employees. Unfortunately, the bad guys work just as fast to use these changes to their advantage. They are sending emails that appear to be from your HR or IT department, hoping to fool you into trusting them. These phishing emails direct you to review a new policy by downloading a malicious attachment or clicking a link that takes you to a phony login page. Don’t be fooled!

Here’s how to keep your organization safe:

  • Whenever you need to log in to an account or online service, always navigate to the login page using your browser, rather than clicking on links in an email.
  • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. 
  • When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.

Be Aware, Be Vigilant, Be Skeptical!

Security Tips of the Week Archive
Tip
title


Expand
titleMulti-Factor Authentication

Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.


Expand
titleGoogle Yourself

"Google" Yourself

With the rise of the digital age, it is difficult (if not impossible) to remain totally anonymous on the internet. Having an online presence and maintaining your social networks can be a wonderful and valuable tool, but sometimes we are unaware of how much personal information can be obtained about us over time.

When was the last time you typed your name or your email address in a web search like Google or Bing? You may be shocked at the results. You may find that old photos of yourself pop up, or an old user account from a forgotten social network or blog that is still associated with your name. You may even want to search for your work email, to make sure it has not been compromised and made available on the internet for the bad guys to find.

By searching and analyzing your online presence often, you can take steps to remove those things you may not want strangers to see. Like that embarrassing photo from college. You know the one I’m talking about.

 Be Aware, Be Vigilant, Be Skeptical!


Expand
title Keep Devices and Software Up to Date

Keep Devices and Software Up to Date

You know that little pop-up prompting you to restart your computer for a software update? The one that only seems to come up when you’re in the middle of something important? As annoying as it may seem, this notification is actually a valuable asset to your cybersecurity. So, before you click the “Later” option, let’s take a closer look!

What is a software update?
A software update is a new and improved version of a program, application, or operating system that you are already using. The update may include new features, bug fixes, or important security patches.

Why are updates important for cybersecurity?
Do you ever wonder how secure the programs installed on your device are? Cybercriminals do. They look for cracks in the security of programs and use these vulnerabilities to gain access to your device. With this access, they could enable a keylogger to track what you type, steal confidential information, or even install ransomware to lock you out of your files and demand payment for access. Developers help prevent this by fixing vulnerabilities as soon as possible. These fixes are included in software updates. Meaning, the longer you wait to install the update, the longer your system is at risk.

How do I check for software updates?
Any device that runs software, be it a computer, tablet, or even a smart tv, can release updates. Most software will prompt you when an update is available, but it’s good practice to check periodically. Here is a general guide to checking for updates on common platforms:
 

Mac System Updates (for macOS Catalina)

1.    Open the Apple menu and select About this Mac.

2.    Click Software Updates....

3.    If any are available, you will have the option to install it.

Windows System Updates (for Windows 10)

1.    Open the start menu and select Settings.

2.    Select Update & Security Settings then select Windows Update.

3.    Click Check for Updates. If any are available, you will have the option to install it.

iOS Updates

1.    Open the Settings app and tap General.

2.    Tap Software Update.

3.    If any are available, you will have the option to install it.

Android Updates (for most devices running Android 10 or higher)

1.    Open the Settings app and go to the System section.

2.    Tap About Phone. (If this is not an option, skip to step 3.)

3.    Tap System Updates.

4.    Tap Check for Update. If any are available, you will have the option to install it.

Don’t see what you’re looking for? Please consult the user manual or online support for your specific device.


Expand
titleHow to Use Cybersecurity in Your Everyday Life

How to Use Cybersecurity in Your Everyday Life

If you’re reading this, there is a good chance that you have multiple internet-connected devices in your home. These devices make our lives easier, but they also make us easy targets for cybercriminals. So, whether you are connecting on social media, shopping online, or listening to music on a smart speaker, here are some cybersecurity tips for everyday use:


Social Media Safety

  • We recommend keeping your social media profile set to private and only connecting with people who you know and trust.
  • Don’t share anything online that you wouldn’t want to be made public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands. 
  • Watch out for posts that trick you into oversharing. For example, there are a number of popular posts that give you a silly nickname based on random personal details. These personal details, such as your first pet’s name or the year you were born, can be used by cybercriminals to guess passwords, answer security questions, or even to spoof your social media profile.

Online Shopping Safety

  • Only shop at well-known, reputable websites.
  • Only pay using a credit or debit card. Never agree to send cash or wire money to a seller.
  • Shop around—not for the cheapest deal, but the safest. A website that is offering a product for a third of the price of other retailers is a red flag. Remember, if a deal seems too good to be true, it probably is.

Smart Device Safety

  • Smart speakers and some smartphones have an “always listening” setting to allow you to call its name when you need assistance. We recommend turning this setting off if you don’t use it. If you do use this feature, mute the microphone any time you’re discussing sensitive information or while working from home.
  • Like a web browser, smart devices keep track of your activity history. Review this history periodically to check for any unusual activity. We also recommend clearing your history on a regular basis. 
  • Keep your devices up-to-date. Smart devices receive important security patches through software updates


Expand
titleStaying Safe Around Listening Devices

Staying Safe Around Always Listening Devices     

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices. To help you stay safe from these devices, here are some tips:

  • Review and delete voice recordings: Your device will store your search and activity history to create a customized experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy. 
  • Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.
  • Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.
  • Change the settings to automatically manage data stored by the device: Personally managing what data is being linked with your account will give you more control on the information that is being stored by your device and will save you time when deleting your history.
  • Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By creating a habit of unplugging and deleting voice recordings from these always-listening devices, you can help to make sure that there is an extra layer of protection between your always-listening device and your private information.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleOrganization Safety, In and Out of the Office

KnowBe4 Security Tips - Holiday and Seasonal Scams

 With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays.

Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.

 

Fake Shipping/Postal Notifications: End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

What can I do? To check the legitimacy of these types of claims, always log in to your online account or service through your browser–not through links in unexpected emails.

 

Travel Deals and Offers: Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

What can I do? When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.

 

Social Media Deals and Sales: All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

What can I do? Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleHow to Safely Use Telehealth Services

KnowBe4 Security Tips - How to Safely Use Telehealth Services

Telehealth is a way for health providers to diagnose, treat, and communicate with patients remotely, by phone or video. Telehealth is a quick and easy alternative to your typical doctor’s appointment, but it could also be a quick and easy way for cybercriminals to find targets.
Here are some ways to safeguard your personal information while using telehealth services.

Keep Your Device Up-to-Date

Whether you connect to telehealth using a smartphone or a computer, make sure the device is up-to-date with the latest security patches. This includes updating all applications, not just the ones used for telehealth purposes. Each app is a potential point of entry for cybercriminals. If the bad guys gain access to your device in any way, then your sensitive medical information will be at risk.

Use an Advanced Login

Telehealth services typically require users to create a username and password. If the service offers Multi-factor Authentication (MFA), use it! MFA requires you to enter your password and then enter another form of verification, such as a code sent via text message. If MFA isn’t offered, we recommend using a password manager to generate and securely store complex passwords. 

Connect with a Secure Network

Never use a public wifi connection for telehealth services. You never know who could be watching and tracking your activity. When connecting from home, be sure to set up a strong password for your router. Default router passwords are often public knowledge or easy to guess. For the most secure network, connect to a virtual private network (VPN), which encrypts web traffic to protect your information. 

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleOrganization Safety, In and Out of the Office

KnowBe4 Security Tips - How to Keep Your Organization Safe—In and Out of the Office

October is Cybersecurity Awareness Month. Each week in October, we’ll cover a different cybersecurity topic to help keep you and your family safe online. This week, we’ll explore what you can do to help keep your organization safe from cybercriminals. 
Whether you work from home or work in an office, the security of your organization must be a top priority. While these two locations can feel quite different, you can use the same precautions no matter where you’re working. Let’s look at some important cybersecurity rules and how they can be used both in the office and at home.

Only Use Secure Devices

  • Remember that your device is only as secure as the apps running on it. Never install an application or plugin without checking with your IT department first. 
  • Only use your work devices for work. If you are using your personal computer for work, we recommend that you create a separate user account with a unique username and password. 
  • In the office, network security is probably managed by your IT department. To help keep your home internet connection secure, use a complex password on your router. If your organization offers access to a Virtual Private Network (VPN), connect to that as well. 

Protect Your Physical Workspace

  • In the office, watch out for piggybacking and tailgating. A piggybacker is someone who claims to be part of your organization and follows you into a secure area without the use of a badge or entry code. A tailgater is someone who waits for you to enter or exit a secure area and then sneaks in while the door is still open. Be suspicious of anyone who you do not recognize and don’t be afraid to ask for identification.
  • At home, find a private and comfortable workspace, where no one can view your screen while you work. You must keep all sensitive information out of sight for any unauthorized persons—including your partners, children, and friends. 
  • Always lock your computer when you step away from your desk. If you leave your computer unlocked, anyone can use it to access sensitive data, steal your login credentials, or even install malware. 

Think Before You Click

  • Never click a link or download an attachment from an email that you weren’t expecting. Even if the sender appears to be part of a legitimate organization, the email address could be spoofed.
  • When an email asks you to log in to an account or online service, navigate to that service through your browser and not by clicking the link in the email. That way, you can ensure you’re logging in to the real website and not a phony look-alike.
  • When in doubt, call the sender of the email to be sure the request, link, or attachment is legitimate. Do not call the phone number provided within the email as it may be a fake number.


Be Aware, Be Vigilant, Be Skeptical!


Expand
titleDisinformation Campaign

KnowBe4 Security Tips - Disinformation Campaigns

Have you ever seen an article with a dramatic title, but the article content was completely unrelated? 

This is called “clickbait” and it is a common example of how cybercriminals take advantage of large-scale media platforms to distribute disinformation campaigns that confuse and mislead audiences.

Let’s take a look at different types of disinformation campaigns to look out for:

  • Fabricated Content: Content that is completely untrue.
  • Manipulated Content: Content, imagery, or videos that have been edited or distorted.
  • Imposter Content: Content that pretends to be from a reliable source.
  • Misleading Content: Content that presents information in a misleading way.
  • False Context by Connection: Content that contains both facts and untrue information.
  • Satire and Parody: Humorous stories that exaggerate facts and may be used to fool readers.

Now, let's look at some methods you can use to combat disinformation.

  • Consider the Source
    Always consider the reliability of the source and author of the content you are viewing. Ask yourself: What is this author or source known for? Where was the information retrieved from? Credible news sources typically cite where their information came from and their cited sources are credible as well.
  • Fact-Check and Educate
    You can also combat disinformation by fact-checking information that you see and by educating yourself on the subject. You can use fact-checking sites such as FactCheck.org, PolitiFact.com, or Snopes.com to check the validity of content that you find.

Be Aware, Be Vigilant, Be Skeptical!


Expand
title How to Use Cybersecurity in Everyday Life 

KnowBe4 Security Tips - How to Use Cybersecurity in Everyday Life 

If you’re reading this, there is a good chance that you have multiple internet-connected devices in your home. These devices make our lives easier, but they also make us easy targets for cybercriminals. So, whether you are connecting on social media, shopping online, or listening to music on a smart speaker, here are some cybersecurity tips for everyday use:

Social Media Safety

  • We recommend keeping your social media profile set to private and only connecting with people who you know and trust.
  • Don’t share anything online that you wouldn’t want to be made public. No matter how cautious you are, any information posted on social media can still fall into the wrong hands. 
  • Watch out for posts that trick you into oversharing. For example, there are a number of popular posts that give you a silly nickname based on random personal details. These personal details, such as your first pet’s name or the year you were born, can be used by cybercriminals to guess passwords, answer security questions, or even to spoof your social media profile.

Online Shopping Safety

  • Only shop at well-known, reputable websites.
  • Only pay using a credit or debit card. Never agree to send cash or wire money to a seller.
  • Shop around—not for the cheapest deal, but the safest. A website that is offering a product for a third of the price of other retailers is a red flag. Remember, if a deal seems too good to be true, it probably is.

Smart Device Safety

  • Smart speakers and some smartphones have an “always listening” setting to allow you to call its name when you need assistance. We recommend turning this setting off if you don’t use it. If you do use this feature, mute the microphone any time you’re discussing sensitive information or while working from home.
  • Like a web browser, smart devices keep track of your activity history. Review this history periodically to check for any unusual activity. We also recommend clearing your history on a regular basis. 
  • Keep your devices up-to-date. Smart devices receive important security patches through software updates.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleNot So Fast! Is Your Zoom Account Really Suspended?

KnowBe4 Security Tips - Not So Fast! Is Your Zoom Account Really Suspended?

Whether you are commuting to an office or working from home, millions of employees rely on video conferencing apps like Zoom, to stay connected. If you were suddenly notified that your Zoom account had been suspended, how eager would you be to resolve the problem? Cybercriminals assume you’ll be quick to respond. In fact, they hope you won’t think twice about it.

A recent phishing scam spoofs an email notification from Zoom. The email claims that your account has been suspended and that you are unable to make or join video calls until you click the "Activate Account" button included in the email. Once you’ve clicked the button, you are brought to a convincing Microsoft 365 look-a-like login page. If you enter your details on this page, this information will be sent directly to the scammers. The bad guys could use your login credentials to gain access to your organization's network and sensitive information.

Keep you and your organization safe with these tips:

  • Never click on a link within an email that you weren’t expecting.
  • Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
  • When an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-a-like.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleExploiting the Coronavirus: “PANDEMIC IS WITHIN, BEWARE!”

KnowBe4 Security Tips - Exploiting the Coronavirus: “PANDEMIC IS WITHIN, BEWARE!”

With the recent increase in targeted attempts to specific people in the District, and the influx of Covid-19 related emails being sent out, it’s more important than ever to scrutinize any and all emails you receive. That said, we would like you to take 2 minutes of your time and view the following video related to phishing and its consequences as it relates to Covid-19. (Note: if you receive and error, click OK to proceed).

COVID-19 Campaign Notification Message

During this storm of COVID-19 phishing scams, the bad guys have loved posing as your trusted Human Resources department. One HR scam started with the following overdramatic subject line: “COVID-19 PANDEMIC IS WITHIN, BEWARE! WARNING!!!” In a series of run-on sentences, the email claims that some of your co-workers have tested positive for Coronavirus. Keeping with the HR theme, they ask that you do not discriminate against these people and they suggest that “everyone should rather cease panic”.

The email does not identify anyone by name, but asks you to download an attached photo of the infected employees. This attack targets your natural curiosity. 
Who could it be? Wasn’t Bill coughing last week? I have to know! If you were to download the attachment, you would find that it is actually a piece of malicious software designed to secretly steal data through your organization’s network. Don’t be fooled!

Remember these tips:

  • Watch out for sensational words like “BEWARE” and “WARNING!!!” The bad guys want you to panic.
  • Be wary of emails with spelling or grammatical errors, especially when it supposedly came from a reputable source. 
  • When questioning the legitimacy of an email sent from someone in your company, give them a call! One quick call could save your organization from a potential data breach.

With the recent increase in targeted attempts to specific people in the District, and the influx of Covid-19 related emails being sent out, it’s more important than ever to scrutinize any and all emails you receive. If you haven’t done so already, please take 2 minutes of your time and view the following video related to phishing and its consequences as it relates to Covid-19.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleExploiting the Coronavirus: Watch Out for Fake Charities!

KnowBe4 Security Tips - Exploiting the Coronavirus: Watch Out for Fake Charities!

With the Coronavirus pandemic still raging on, people all over the world are doing what they can to help one another. The bad guys are hoping to use this compassion to their advantage. They are posing as charitable organizations that claim to fund research, support hospitals, or provide help to victims of the virus. Don’t be fooled! 

Want to donate to real causes? Here are some tips:

  • Do your research. Use a trusted website like Charity Navigator to research an organization before making donations.
  • Reach out. Contact your charitable organization of choice directly by going to their website or calling your local chapter. 
  • Never trust a link. Even if the email appears to be sent from a legitimate organization, type the webpage into your browser instead of clicking a link provided in an email.


Expand
titleExploiting the Coronavirus: Watch Out for Fake Charities!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Exploiting the Coronavirus: Watch out for These Scams!

Look out! The bad guys are preying on your fear and sending all sorts of scams related to the Coronavirus disease (COVID-19) outbreak.

Below are some examples of the types of scams you should be on the lookout for:

  1. Emails that appear to be from organizations such as the CDC (Centers for Disease Control), or the WHO (World Health Organization). The scammers have crafted emails that appear to come from these sources, but they actually contain malicious phishing links or dangerous attachments.
  2. Emails that ask for charity donations for studies, doctors, or victims that have been affected by the COVID-19 Coronavirus. Scammers often create fake charity emails after global phenomenons occur, like natural disasters, or health scares like the COVID-19.
  3. Emails that claim to have a "new" or "updated" list of cases of Coronavirus in your area. These emails could contain dangerous links and information designed to scare you into clicking on the link.

Keep in mind, these are only a few examples and these scam artists are constantly coming up with new ways to fool you.

What Can I Do?

Remain cautious! And always remember the following to protect yourself from scams like this:

  • Never click on links or download attachments from an email that you weren’t expecting.
  • If you receive a suspicious email that appears to come from an official organization such as the WHO or CDC, report the email to the official organization through their website.
  • If you want to make a charity donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails, or other messages.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleProtecting Data During 2020 Census

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Safeguard Your Personal Data During the 2020 Census Season

It’s that time again. Every 10 years, United States residents are required to respond to the Census survey. The primary purpose of the census is to provide a count of every member of the U.S. population.

By law, each household is required to complete the census survey. From a cybercriminal’s perspective, this is a perfect opportunity for their social engineering scams. Scammers might send emails or other messages that appear to come from the U.S. Census Bureau, or they might even pose as official Census Bureau workers and show up at your door!

This census season, keep the following tips in mind so you can safeguard your household’s sensitive information:

  • If you receive an email to complete the 2020 Census survey, delete it! The U.S. Census Bureau will only send the official survey notification by mail, or if your survey response is late, an official Census Bureau worker may come to your home to ensure you have received the census.
  • If a Census Bureau worker visits your home, verify that they are who they claim to be. A valid ID badge should have the worker’s photograph, a U.S. Department of Commerce watermark, and an expiration date. If you’re still unsure, call your Regional Census Center and speak with a Census Bureau representative.
  • Remember, the Census Bureau will never ask for the following: your Social Security number, your bank account or credit card numbers, anything on behalf of a political party, donations, or money.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleCard Skimmers

KnowBe4 Tip of the Week

 KnowBe4 Security Tips -  Scam of the Week; Protect Yourself Against Card Skimmers

With the convenience and seemingly secure way of paying at the gas station pump and using drive-up ATMs, cybercriminals are now targeting these locations. They are using this technology called Card Skimmers to read and record your card information in a matter of seconds. With each Card Skimmer being able to hold details on about 80 cards, protecting yourself at gas station pumps and ATMs should be a priority now more than ever.


How Does It Work?

Card Skimmers are physical devices that cyber criminals attach to the credit card reader. The card skimmer then reads the magnetic strip on the card to gather your full name, the card number and the expiration date. Once the skimmer reads your card information, the cybercriminals can then sell your information or use it to gain access to your bank account. These skimmers are designed to fit tightly over the real card reader at the gas station and ATM making them undetectable if you don’t know what to look for.


How To Avoid Card Skimmers?

To protect yourself against the cybercriminals that are using Card Skimmers, follow these helpful tips:

  • Pay with cash. Paying with cash will completely eliminate the risk of coming in contact with a Card Skimmer.
  • Shake and pull the card reader. If it doesn’t seem right, pay inside and report it.
  • Go inside. Paying inside of the gas station or going into the bank will reduce the risk of coming in contact with a Card Skimmer since it is less likely that the card readers inside have been tampered with.
  • Use mobile payment options if they are available. Use options like Google or Apple Pay to eliminate having to use your card.
  • Download a Skimmer Scanner app. These apps, which are available on both the App Store and Google Play, will warn you about where Card Skimmers are located in the area.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleCoronavirus Phishing Attack

KnowBe4 Tip of the Week

KnowBe4 Security Tips -  Scam of the Week; Coronavirus Phishing Attack

The global threat of the coronavirus has everyone’s attention, and the cybercriminals are already taking advantage of it. The bad guys are using the coronavirus as clickbait so they can spread malware and steal your personal information.

They’ve crafted their phishing emails to look like they’re coming from health officials such as doctors or national agencies, such as the Center for Disease Control and Prevention. Some of these emails suggest clicking a link to view information about “new coronavirus cases around your city”. Other emails suggest downloading the attached PDF file to “learn about safety measures you can take against spreading the virus”. Don’t fall for it! If you click the phishing link, you’re brought to a webpage that is designed to steal your personal information. If you download the PDF file, your computer will be infected with malware.

Always remember: Never click on a link or download an attachment that you weren’t expecting. Because of the alarming subject matter, the bad guys expect you to click or download without thinking. STAY ALERT! Don’t be a victim.

Be Aware, Be Vigilant, Be Skeptical!


Expand
titleMulti-factor Authentication

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you're reading this from your work computer, you probably logged in to your computer - that's single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

Be Aware, Be Vigilant, Be Skeptical!



Expand
titleHoliday & Seasonal Scams

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Holiday and Seasonal Scams


With the ever-growing popularity of online shopping and online communications, you should always have your guard up in the cyberworld. Criminals will use any situation to their advantage–especially when it comes to annual holidays.

Below you’ll find a few examples of commonly used seasonal and holiday scams, and what you can do to protect yourself.

 
Fake Shipping/Postal Notifications: End of the year holidays invite a greater likelihood of this common phishing attack, but this is a scam you must be cautious of all year long. Scammers send fake notifications that appear to come from postal service companies. The emails include dangerous links that, if clicked, could install malware on your computer or take you to a fake login page where your credentials will be stolen.

What can I do? To check the legitimacy of these types of claims, always log in to your online account or service through your browser–not through links in unexpected emails.

 
Travel Deals and Offers: Scammers know that their potential victims travel for holidays throughout the year. Cybercriminals send emails offering fake travel deals from well-known travel sites. They’re even known to create phony websites for cheap hotels and flights so they can rob you of your money.

What can I do? When something seems too good to be true, it probably is. Never click on links in unexpected emails. Before booking through an unfamiliar service, do your research and ensure the company is legitimate.

 
Social Media Deals and Sales: All social media advertisements are not created equal. A “paid advertisement” may seem trustworthy, but be warned: Anyone can pay to put an ad on social media. During holidays and popular shopping seasons, fraudsters buy ads that offer deals for items that you’re more-than-likely interested in–considering social media ads target the buyer market. The ads typically contain phishing links that lead to fraudulent websites where they will steal your credit card data. Even if the malicious ad is reported and removed, the bad guys typically only need one victim to fall for their trick to make it worth their investment.

What can I do? Always hover over links and URLs before clicking to check whether the URL will take you to a dangerous or unexpected site. If a social media ad appears to be from a company you’re familiar with, check the company’s website instead of clicking on links from the ad.



Expand
titlePost-its are not for Passwords!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Staying Safe Around Always Listening Devices

With the overwhelming popularity of always-listening devices such as Alexa, Google Home, and smartphones, you’ve probably heard stories of these devices joining in on conversations without being prompted. Perhaps it’s even happened to you!

While this idea can be alarming and unsettling, there are ways to protect your private information, and conversations, from these always-listening devices. To help you stay safe from these devices, here are some tips:


  • Review and delete voice recordings: Your device will store your search and activity history to create a customized experience for you. However, you can review and delete these recordings from the device of your choice in order to protect your privacy.


  • Mute the microphone: You can mute your microphone to ensure that your device is not listening and recording when you are not using it. The recording capabilities will remain off until you turn them back on.


  • Don’t link accounts with sensitive information to your device: If you have any accounts containing your sensitive information in them, it is best not to link those accounts to your device. This will keep your sensitive information secure from potential data breaches.


  • Change the settings to automatically manage data stored by the device: Personally managing what data is being linked with your account will give you more control on the information that is being stored by your device and will save you time when deleting your history.


  • Turn off your device when you’re away: When in doubt, turn it off. If your device does not have a power button, simply unplug it.

By creating a habit of unplugging and deleting voice recordings from these always-listening devices, you can help to make sure that there is an extra layer of protection between your always-listening device and your private information.


Expand
titlePost-its are not for Passwords!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Post-its are not for Passwords!


Do you keep a login and password written down on a Post-it or piece of paper near your desk?

If so, you should get rid of it immediately! You should use a paper shredder to dispose of the Post-it.

Do not simply place the Post-it in the trash.
While it may be tough to remember a login and password for all of the sites and portals you belong to, writing the passwords down on a piece of paper, or keeping them in an unsecured document on your computer, is a bad habit to have.

This can put you and the entire District at risk.
Try to use passwords that are easy for you to remember, but hard for others to guess.


Expand
titleThink Before You Shop!

KnowBe4 Tip of the Week

 KnowBe4 Security Tips - Think Before You Shop!


The bad guys are taking advantage of mobile shoppers this holiday season! By using mobile apps, they can trick you into giving your personal information or installing malware onto your smartphone. This can give them access to your credit card information or lock your smartphone with ransomware, forcing you to pay a fee to unlock it. To stay safe this year, never download apps from offers that sound too good to be true, never download from unofficial app stores, and do your research. Make sure to check for any fake reviews, the number of downloads the app has, spelling errors, or strange logos. When in doubt, only use retailers you trust through their official sites or apps.

Stop Look Think - Don't be fooled  


Expand
titleBeware Look-Alike Phishing Sites

 KnowBe4 Security Tips - Top 5 Facebook Scams . . . UPDATED!

Facebook now has over a Billion users, that's a mind-boggling number of people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year.
  • Who Viewed Your Facebook Profile: This scam lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.
  • Fake Naked Videos: There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!
  • Viral Videos: Viral videos are huge on social media platforms. If you click on one of these "videos" you'll be asked to update your video player (similar to the scam above) but a virus wil be downloaded and installed instead. To avoid this, type the name of the video into Google and if it doesn't have a YouTube or other legitimate site link, it's likely a scam. 
  • Fake Profile Scam: Scammers are stealing the name and pictures from an existing profile and "friending" the real person's friends in efforts to scam friends and family by faking an emergency. Be very cautious of accepting friend requests from someone you're already friends with.
  • Romance Scams: A specific type of "Fake Profile Scam" where con artists create a fake profile using the photos and stories of another person, and then develop "relationships" with their victims over posts, photos, and Facebook messenger. These scammers typically shower you with romantic language, promise happiness, and eventually con you into giving up personal information, or even money. Avoid personal and financial heartbreak, don't "friend" people you don't know in real life.
Facebook is used for connecting with people you know. Be especially cautious of "friending" strangers, and of clicking on links in suspicious posts, and in messages. Stay away from these traps if you want to avoid giving away personal information or getting your PC infected with malware. 

Stop Look Think - Don't be fooled  


Expand
titleBeware Look-Alike Phishing Sites

KnowBe4 Security Tips - Beware Look-Alike Phishing Sites

The bad guys are changing their tactics and you need to be aware! They are now creating phishing sites that resemble the sign-in pages of popular companies.

They will try anything to get you to authenticate on their fake site. Some phishing sites will even try to fool you by appearing in your:

  • Pop-ups
  • Ads
  • Search results
  • Social media
  • Chat and IM applications
  • Rogue browser extensions
  • Web freeware
  • “Trusted” apps downloaded from app store

Don’t fall for this trick - the bad guys want you to give up your login credentials so it can be used as part of a larger attack! Make sure to always check a website for any signs that it may not be legitimate, or type in the company’s web address yourself.

Stop Look Think - Don't be fooled  



Expand
titleSocial Engineering Red Flags: Don't Trust Pop-ups

KnowBe4 Security Tips - Don't Trust Pop-Ups 

If you’re known to dabble in a little online browsing, odds are you’ve encountered a pop-up once or twice. There are times when a user may think, “Wow, that’s a great deal!” and click on a pop-up. To those users: put down the mouse. Why? That pop-up could be malicious or dangerous.
There used to be a time when malicious pop-ups were only on questionable sites, but those days are gone. Hackers are smart and develop ways to inject malicious malware into pop-ups and online advertisements - even on the most trusted sites.
One of the most common attacks we see occurs when you visit a site and a pop-up appears that says, “Your computer is infected! Download our antivirus now!” If you click on this, a bogus virus scan will start. After the “scan” completes, you’ll be asked to pay for a full-version of the software or to call a helpline to connect with a support representative.
Spoiler alert: The software is not real and the fake support representative will take control of your computer to try and “fix” the issue, but end up causing more damage.

How to prevent
Although hackers are smart, you can be smarter. Here are some tips to protect yourself from these types of attacks:
  • Avoid clicking on pop-ups.
  • Update your operating system regularly
 - don’t postpone or snooze updates!
  • Use web-filtering software to warn you before accessing potentially harmful sites.
Remember, these attacks are only successful if we fall for them. Stay alert and be cautious!

Stop Look Think - Don't be fooled  



Expand
titleSocial Engineering Red Flags: Email Body

KnowBe4 Security Tips - Social Engineering Red Flags: Email Body 

The prevalence of phishing scams is at an all-time high. Because you are the key to preventing a cyberattack within your organization, it is important to question the legitimacy of every email you receive. Below is a list of questions to ask yourself about the content and body of the email that may help you realize that you are being phished.

Review the content of the email. 

  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know? 

If you notice anything about the email that alarms you, do not click links, open attachments, or reply. You are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to phishing attacks.

Stop Look Think - Don't be fooled  


Expand
titleKnowBe4 Security Tips - That's Suspicious!

 KnowBe4 Security Tips - That's Suspicious!

 

Have you ever encountered a situation at work that was suspicious?
Perhaps this was a suspicious person, a suspicious email, or even a phone call that didn't seem right.
Most organizations have a policy regarding how to handle these suspicious 'events'.
These 'events' could potentially put the organization and/or the computer systems of the organization at risk.
Some of the more common events are listed below:

 Suspicious persons - Trespassing

When it comes to physical security (securing the building and its assets from unauthorized access), identifying suspicious persons is key.
If you notice someone that you do not recognize, you should ask who they are and what they are doing.
It is possible they are a new employee, or on a short term work contract... or it is possible they are not authorized to be there.
- Attackers will try to enter the building posing as an employee, or a contractor. From inside the building they can gain access to internal computer networks

 Suspicious Emails - Phishing

The majority of all recent cyber attacks have been a result of social engineering via an email.
These phishing emails can be designed to be sent to: everyone in the organization, a division within an organization (accounting, sales), or YOU specifically.
- Using social networks like Facebook and LinkedIn, attackers can gather just enough personal information about you to make a very convincing email

 Suspicious Phone Calls - Vishing(Voice Phishing)

The oldest trick in the book, and has been in use by hackers, fraudsters, and scam artists for decades.
This involves someone calling you and pretending to be someone they are not: (IT Dept, Insurance Company, Bank, etc).
The attacker will try to build credibility and a good rapport with you before asking for sensitive information such as a password, social security number, or bank account information.
With the latest in technology, attackers can now change the caller-id to show whatever number they would like (adding more credibility).
- You get a call from a number that appears to be the IT department. They claim there is an issue in IT that is too technical to explain, but they require you to give them your password over the phone to fix it.

Always remember to follow your organization's security policies when it comes to suspicious events. If your organization does not have a specific policy regarding these situations, escalate ANY suspicious events to the IT or Security department.
Security is a team effort. Every employee has a responsibility to the organization to report these events.

Stop Look Think - Don't be fooled



Expand
titleKnowBe4 Security Tips - Protected Health Information (PHI)

 KnowBe4 Security Tips - Protected Health Information (PHI)


What is sensitive information? Sensitive information is privileged information which – if compromised through alteration, corruption, loss, misuse, or unauthorized disclosure – could cause serious harm to an individual or organization. You must always give the highest level of protection to privileged information. Here we discuss one example of sensitive information, Protected Health Information, or PHI.

What is Protected Health Information?
For the purpose of data protection, PHI is defined as: all recorded health information about an identifiable individual that relates to that person’s health, health care history, provision of health care to the individual, or payment for health care.

Is it PHI? Here are a few examples of PHI. 
  • Social Security Number
  • Medical record number
  • Health plan beneficiary number
  • Biometric identifiers, including finger and voice prints
  • Full Face photographic images and any comparable images – and more

 

Employees who do not take care of sensitive information can lead their organizations into fines, increased operating costs, loss of customer confidence, and even more governmental regulation. Do your part to keep sensitive information safe at all times.

The tips included in this message are meant to remind you to keep sensitive information secure. Remember, your organization's privacy, security, and compliance policies for handling sensitive information should be followed first and foremost. 

Stop Look Think - Don't be fooled


Expand
titleKnowBe4 Security Tips - Malvertising

 KnowBe4 Security Tips - Malvertising

Visit any website these days and it’s very likely that you will be viewing ads as well.  Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click! 

Remember this: just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.

How adspace can become infected: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

So there can be a problem because of this. Cybercriminals can fool the ad network into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.

Tips to prevent the effect of harmful ads:

  • Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which can block the automatic infections.
  • Keep up-to-date with all the security patches and install them as soon as they come out.
  • Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.


Stop Look Think - Don't be fooled 


Expand
titleKnowBe4 Security Tips - Top 5 Facebook Scams

 KnowBe4 Security Tips - Facebook Tips

Facebook now has over a Billion users, that's a mind-boggling thousand million people who check their page regularly. The bad guys are irresistibly attracted to a population that large, and here are the Top 5 Scams they are trying to pull off every day of the year. 

1.     Who Viewed Your Facebook Profile lures you with messages from friends or sometimes malicious ads on your wall to check who has looked at your profile. But when you click, your profile will be exposed to the scammer and worse things happen afterward.

2.     The Facebook Color Changer App tries to trick you to personalize your Facebook page, but it also leads you to phishing sites, deceives you to share the app with friends, and infects your mobile devices with malware. Stay away from it. 

3.     Fake Naked Videos There are tons of fake naked videos being posted all the time using the names of celebrities like Rihanna or Taylor Swift that sometimes make it past the Facebook moderators. These scams are in the form of an ad or a post and have a link to bogus YouTube videos. That site then claims your Adobe Flash player is broken and you need to update it - but malware is installed instead!

4.     Facebook Videos With Come-On Titles The bad guys often try enticing titles like "Not Safe For Work" or "Scandalous" to lure you into clicking on these videos and get redirected to phishing sites that steal your personal information.

5.     Check my status update to get free Facebook T-shirt Messages from your Facebook friends to go to their page, and get a free Facebook t-shirt. It's a scam and remove any access to rogue applications if you have clicked on something like this.

Facebook is what it is. There simply is no way to change the colors of your profile or change the theme. Stay away from such messages if you want to avoid getting your PC infected with malware. 


Stop Look Think - Don't be fooled 


Expand
titleKnowBe4 Security Tips -Safe Email Attachments

 KnowBe4 Security Tips - "Safe" Email Attachments


You may already be aware that you should not open email attachments with an extension such as ".exe", but did you know that even PDFs or Word Documents can be rendered unsafe to open? Opening these attachments from senders with malicious intent can cause your computer (and any networks to which you are connected) to be compromised, hacked or even riddled with ransomware.

What are the unsafe file types to look out for?  This question is better answered by listing file types that are generally considered to be safe to open. The truth is that most file types are at risk of being “booby-trapped” to attack your computer or device. The general rule is to NEVER open any email attachment if you do not know who it came from or why you received it

You should always be on guard with any email attachments that are not .TXT files. 


How can I tell if an attachment is safe to open?


  • Ask yourself: Was I expecting to receive this attachment, and did it come from who I would expect it to come from? Check email addresses for any “red flags” that may indicate the email address has been spoofed or faked.
  • Never open an email attachment if you don’t recognize the sender that it came from.
  • If you recognize the person or email address sending you the file, but it was still unexpected, contact them first through a different form of communication (such as by phone) to ask them if they intended to send you the file.

Stop Look Think - Don't be fooled 


Expand
titleKnow Be4 Tip of the Week - Fiendishly Clever Gmail Phishing Scam You Need to Know About

Know Be4 Tip of the Week

 Fiendishly Clever Gmail Phishing Scam You Need to Know About

 

There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account. If you did not request a password reset, they tell you to respond with STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don't fall for it.

 

Remember, Gmail will never ask for confirmation to NOT make changes to your account. You didn’t ask for a password reset, so you shouldn’t be asked about one. Do not reply to the text (doing so will tell the scammers that they have reached a valid number). To prevent losing your account to bad guys, it's a very good idea to have 2-step verification set up on your Google account. For more information about Google 2-step verification, copy and paste the link below in to your browser:

 

Let's stay safe out there!

Stop Look Think - Don't be fooled



Expand
titleKnow Be4 Tip of the Week - Responsible Social Networking

Know Be4 Tip of the Week - Responsible Social Networking
 

Facebook, Twitter, LinkedIn
Chances are you are a member of one or more of these social networks.
Chances are you have posted something about work (positive and/or negative).
Chances are you have friends/followers/connections that are co-workers or your supervisor.

 

You have the right to remain silent . . .
Anything you post may be used against you, so be careful.
Consider that what you post online to social networks is a body of evidence. If a someone sees negative things being posted about work, it may trigger a meeting. Be mindful of what you post regarding the district. Do not post anything sensitive about your employer online.

- Attackers use social networking sites to gather information about you and your company and use it against you.

Interview over
Potential and current employers can research your posts and pictures. If you post pictures of you doing illegal things, or acting overly irresponsible, it could hurt you and your career. Be mindful of posting strongly opinionated views. This could cause coworkers to feel uncomfortable around you if they do not feel the same way.

- Think carefully about what you are posting and who can see it. It could come back to bite you.

Use what you are given
Most of the social networking sites allow you to only show specific groups of people specific information.
Use this feature. Make as little as possible 'public.' Consider separating work relationships from personal ones online.
Be careful what you post online. It could come back to hurt you, or the district. It is perfectly fine to make use of social networking, just make sure to be responsible about it.


Stop Look Think - Don't be fooled


Expand
titleKnowBe4 Security Tips - HTTPS The 'S' stands for Secure

KnowBe4 Security Tips - HTTPS The 'S' stands for Secure


If you have ever signed in to a website such as Facebook or Amazon, you will notice that on the login page, the URL will change from 'http' to 'https'.

What that little 's' stands for is secure. It means that your web browser and the website have both agreed to communicate securely so that no other individuals will be able to 'listen in' on our conversation.

If you needed to communicate some sensitive information such as a password to someone else, you would not shout out in the open 'HERE IS MY PASSWORD'.Typing sensitive information into a browser when the URL does not have https, is like shouting out that information for others to hear.

Just remember to look for that little important 's' when transmitting any sensitive information through a web browser.


Stop Look Think - Don't be fooled 



Expand
titleKnowBe4 Security Tips - Hovering Over Links


How can you tell if an email is safe? Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email?

An immediate step you can take is to watch out for one of the most critical tell-tale signs of a phishing email—a mismatched or fake URL.

Why is hovering important? What can it do for you?
Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they'll go.

When you hover, check for the following to ensure you're staying safe and secure: 

  • If the email appears to be coming from a company, does the hover link match the website of the sender?

  • Does link have a misspelling of a well-known website (Such as Micorsoft.com)?

  • Does the link redirect to a suspicious external domain appearing to look like the sender’s domain(i.e., micorsoft-support.com rather than microsoft.com)?

  • Does the hover link show a URL that does not match where the context of the email claims it will take you?

  • Do you recognize the link’s address or did you even expect to receive the link?

  • Did you receive a blank email with long hyperlinks and no further information or context?


If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you're still not sure–verify! Ask your IT team or leadership if the email is legitimate before proceeding.

Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.
 

Stop Look Think - Don't be fooled 


Expand
titleKnowBe4 Security Tips - Lock Your Screen

 KnowBe4 Security Tips - Lock Your Screen

Locking your screen when you get up from your desk is a security action that is often overlooked. District computers are setup to automatically black out your screen (issue a screen saver) after a certain amount of inactivity. That screen saver is a password protected one. This means you need to enter your password to get out of the screen saver.

Failing to lock your screen when leaving your desk can open you up to several different vulnerabilitites, some more serious than others. If you get up from your desk for 5 minutes, a lot can happen. Let's assume a student, coworker, or someone who sees an open laptop sits down at you desk as soon as you get up:
  • Files can be downloaded from the Internet and executed on your computer (malware, spyware, etc.)

  • Emails can be sent or read

  • If you save passwords in your browser (another no-no), they can now access your online banking, facebook, etc.

 

Locking your laptop or computer before you get up is very simple, and it can prevent you from ending up in a bad situtation. Here are a couple of easy ways to lock your screen:
 
  • Pressing the Windows Key + the L key at the same time on your keyboard

  • Pressing Ctrl+Alt+Del then choosing Lock This Computer


Method one is preferred since it's two easy keys to remember. Get in the habit of locking your screen.

Stop Look Think - Don't be fooled


Expand
titleKnowBe4 Security Tips - It's not your personal computer.

 KnowBe4 Security Tips - It's not your personal computer.

  • Should you be doing that on your work computer?
Personal pictures, social networking, online banking... These are the kind of things that you should try not to have/do on your work computer. Work computers are for work, visiting work-related web sites, researching, emailing, generating Powerpoint slideshows, etc. Much like posts to social networking sites... everything you say or do can be used against you.
 
  • Acceptable use policy
Visit our District's Acceptable Use Policy, (Board Policy 816), but basically, be aware that "Users have no privacy expectation in the contents of their personal files or any of their use of the School District’s CIS systems. The School District reserves the right to monitor, track, log, and access CIS systems use and to monitor and allocate fileserver space." Visited web sites, how much time is spent on Facebook, playing solitaire, instant messenger chat... technically all of this can be monitored.

- Think about what you are doing... and realize, that it can be logged. Anything you post on the internet is there forever.
 
  • Be safe online
Especially when it comes to visiting web sites or opening personal email... those actions that take place on your work computer can affect other work computers. If you happen to visit a site that has malware on your work computer, you may now have exposed the rest of the company to a malware infection.
It is difficult to explain why you were doing what you were doing when its against the policy to be performing non-work related activities on your work computer.

 

Try to be aware that you are using a computer that is not yours, things you do on that computer are not private. Lawyers say that anything that happens on the district network, the district owns and can monitor. The Tech department does not have the time and resources to monitor everything, but if you give them a reason to, administrators may ask them to.

 Stop Look Think - Don't be fooled




Panel
titleColor#FFFAFA
titleBGColor#00193d
titleVision of Connected Teaching and Learning


  


*Click images to enlarge










Panel
titleColor#FFFAFA
titleBGColor#4682B4
titleStay Kennett ConnectED

Visit Connect.kcsd.org to stay "Kennett ConnectED"

Bancroft Elementary School:  https://twitter.com/KCSDBancroft   

Greenwood Elementary School:  https://twitter.com/KCSDGreenwood   

New Garden Elementary School:  https://twitter.com/KCSDNewGarden

Mary D. Lang Kindergarten Center:  https://twitter.com/KCSDMaryDLang

Kennett Middle School:  https://twitter.com/KCSDKennettMS

Kennett High School:  https://twitter.com/KCSDKennettHS

Kennett High School Sports: https://twitter.com/KCSDKHS_Sports




Panel
titleColor#FFFAFA
titleBGColor#4682B4
titleContact Us

More more information please contact:

Dan Maguire, Supervisor of Technology Services dmaguire@kcsd.org or 610.444.4136