Go
Cyber Security HomeSecurity AwarenessCyber Security For KidsPA-ISAC
Cyber Security
Security Awareness
Resources and Tips
Security Assessment Framework
Glossary
Cyber Security for Kids
Anti Virus
Best Practices
Events
Commonwealth Employees
Local Government
PA-CSIRT
Information Technology
 
Log In
Unsure who to contact? Have a question or issue?

Security Awareness
  • E-Card and E-Mail Safety Tips

    E-cards:
    E-cards (the shortened version of electronic greeting cards) are a popular way for people to send birthday, Thinking of You, Thank You, holiday, and other wishes. Because it's the festive time of year, you may be tempted to open these types of messages. But beware. E-card scams look like legitimate e-cards, but  once they are opened, you are taken you to an actual legitimate looking site where you are either asked to download your e-card as an attachment or click OK on what you think is the sites user agreement. In doing so, you may have unknowingly downloaded a virus or spyware, or something much worse. More serious E-card scams contain links to extremely malicious files which can compromise your hard drive or significantly impact Commonwealth network resources.

    E-Card Safety Tips:
    There are many ways you can tell if an e-card is spam or a virus or not. The following are some tips to keep you safe from viruses and other computer threats from e-cards:

    Don't open or launch any attachments or links on e-cards. Legitimate e-cards don't come in the form of attachments. These attachments you see will most likely be a virus, so make sure you don't open or download these attachments to your computer.

    Don't open anything from someone you don't know. If you don't recognize the sender's name, or if it is a name like "Your Secret Admirer" or "A Friend", don't open it. Always remember to not click on links or attachments contained in emails from un-trusted or unknown sources.
    Remember that it always pays to be careful. Keep your anti-virus software updated, and make sure you don't open any unknown attachments. Remember, if it looks suspicious or if you doubt it's legitimacy in any way, it is best to just delete the E-Card message and not take the chance.

    Best Practices:

    Always remember the following cyber security tips when dealing with content and links in suspicious e-mails:

    NEVER open a link or attachment when you don't know the sender.
    NEVER click on an e-mail link that only has an IP address. 
    NEVER run a program or allow a plug-in when you can't absolutely trust where it came from.

  • "Don't Be Maxed Out by Identity Theft!"

    Identity TheftAre you exposing information and increasing your vulnerability to identity theft? Do you put paycheck stubs or old forms containing confidential information in the garbage at work? Do you enter personal information in online registration forms? Do you infrequently (or never) scan your computer for spyware? If you answered "yes" to any or all of these questions, you should take immediate steps to protect your most valuable asset - your identity! Incidents of identity theft have steadily increased since 2001, according to the Federal Trade Commission (FTC), which cites identity theft as the number one concern of consumers contacting it for information or to file complaints.

    How Is Identity Stolen?
    Identity thieves employ a variety of means to steal private information for their own use. They may hack into large computer databases that contain confidential information, use spyware to intercept communications from individual computers, physically steal personal or financial documents from garbage cans, or trick unsuspecting individuals into disclosing private information over the telephone or online.

    Do's and Don't for Preventing Identity Theft

    • DO protect your computer from hackers and spyware. Use an active firewall and current antivirus and anti-spyware programs to protect yourself and your computer when you're online.
    • DO have a security mindset! Always be skeptical of unfamiliar sites and links, and of suspicious e-mail and IM messages.
    • DO dispose of confidential information properly. Shred paper documents and use a disk cleaning program on computers and portable devices before you dispose of them.
    • DO check your credit reports regularly for signs of suspicious activity.
    • DON'T post personal information on Web sites or in chat rooms.
    • DON'T enter more information than is absolutely necessary in online registration forms or give unnecessary information, such as your Social Security number, to businesses or retailers.
    • DON'T visit Web sites using third party links. Open a new browser and type the address yourself if you want to visit a site.
    • DON'T fall for phishing scams! Never reply to phone calls, e-mail, or pop-up messages asking for personal or financial information.
    • DON'T share passwords or account PINs with anyone.

    If you suspect you are a victim of Identity Theft or if you suspect you fell for a phishing scam hook, line, and sinker, you should act quickly. Phishers can ruin your credit - and worse - faster than you'll be able to fix it.

    • Contact the three major credit reporting agencies - Equifax, TransUnion, Experian - and ask that they each 1) place a fraud alert on your records, and 2) send you a free credit report so that you can check for unauthorized accounts.
    • Have your bank accounts and credit card accounts flagged.
    • Notify the Department of Motor Vehicles and passport office about the potential ID theft so that scammers cannot order a license or passport in your name.
    • Warn the Social Security Administration's Fraud Hotline about possible unauthorized use of your personal ID information.
    • File a criminal report with the local police.
    • File a complaint with the FTC and IFCC
    • Document the names and contact information of all the people you contacted regarding
      the incident and note the dates.

    To help citizens prevent, detect and respond to identity theft and fraud, the Rendell Administration has created a website, IdentityTheftActionPlan.com, that includes helpful information on how identity theft occurs, prevention tips, what to do if you're a victim, statistics about the crime, and information for law enforcement agencies that investigate these crimes.

    If you want to learn more about phishing and ID theft, check these other useful sites:

    www.consumer.gov/idtheft
    www.identity-theft-help.us
    www.identitytheft.org
    http://www.justice.gov/criminal/fraud/websites/idtheft.html
    http://www.usa-people-search.com/content-what-is-identity-theft.aspx

  • "Even Brand New Computers Can Have Security Flaws"

    Even brand new computers can have security flaws in their operating systems and software. When discovered, these flaws are exploited by hackers to gain access to your computer. Fortunately, software companies regularly release small programs to update your system and eliminate the dangerous flaws, which are easy to download and install.

    Install Updates Automatically
    In many cases, software programs will do the work for you - with automatic updates, your programs stay more secure without constant monitoring. Make sure the automatic update feature is enabled on all software Operating systems such as Microsoft XP and Mac OS X Antivirus software such as Symantec AntiVirus Web browsers such as Internet Explorer and Mozilla Firefox Productivity software such as Microsoft Office Design software such as Photoshop and InDesign For more information about enabling automatic updates, go to the program's Help menu and search for "automatic update." For those software programs that do not update automatically, visit the manufacturer's Web site for available versions and patches.  

    Update Software when Prompted
    The 
    automatic update tool will prompt you that updates are available for that software program. When you see this prompt, make sure to follow the directions provided and download and install the updates. This will keep your computer up to date, secure, and running smoothly.

     

    Stay Informed of Security Risks
    Even
    though your computer can update automatically, it is best to be aware of new security holes and system flaws. Make it a habit to visit the Web site of your operating system manufacturer or other reputable sources for the latest news about security risks and what you can do to combat them.

     

     

  • "How to Protect Yourself from Phishing Attacks"

    Identity TheftThe latest Identity Theft scam to hit the Internet is called Phishing, which is pronounced like fishing. This scam works in a way in which the attacker sends users a simple e-mail that looks like it came from a real genuine website, financial institution such as Citibank, or company such as eBay, Paypal, Best Buy or Circuit City. These types of e-mail generally state that there is a problem with your account or it advises you of a "Fraud Alert".

    The e-mail will go on to say that in order to correct the problem they need you click on a certain link provided in the e-mail. The link they provide will take you to a web site that asks you to provide information such as Social Security and credit card numbers. But make no mistake because the web site is a fake. If you fill out the information on that page, you are giving your personal information to people that are going use it for "no good".

    You should be wary of any e-mail that you receive that asks you to provide information such as Social Security Number, Credit Card Number or Passwords. Any legitimate financial institution or company will never ask you for your Security Number, Credit Card Number or Passwords via e-mail.

    There are a few simple things you can do to help protect yourself from Identity Theft:

    Don't fill in personal information via a link in and e-mail.
    An e-mail link can be faked. You should always go to the company's main web site. If it is truly a serious problem, the web site will have information posted on the main page of the web site.

    Always check your credit card statements for strange transactions or transactions you don't recall.

    For more information on Identity Theft visit either of these two sites:

    http://www.consumer.gov/idtheft/
    http://www.idtheftcenter.org

     

  • "Six Tips for Staying Safer Online"

    Identity Theft1. Take extra steps to help keep kids safe online.
    Pay attention to what kids do and whom they meet online. Consider a rule that no child reveals personal information (including photos) without permission. Warn kids never to meet Internet "friends" in person. For more information on how to keep kids safe online, including a multitude of links for kids and Parents, click here.

    2. Beef up your computer's defenses and keep them up to date.
    Use a firewall. Keep Microsoft Windows and Microsoft Office programs up to date with security updates. Install anti-virus software. Detect, remove, and block spyware with a legitimate Spyware removal utility.

    3. Use strong passwords, protect them, and change them regularly.
    Strong passwords have at least eight characters. Include letters, numbers, and symbols that are easy for you to remember but tough for others to guess.

    4. Think first. Click later.
    Even if you know the sender, consider carefully whether you really want to an open e-mail or instant message attachment. Be wary of clicking links in e-mail, instant messages, or pop-ups.

    5. Be protective of your personal information.
    Never provide sensitive personal information in an e-mail, instant message, or pop-up window. Treat your Social Security number with special care. Only share your primary e-mail address with those you know.

    6. Make sure Web sites protect your personal information.
    Read the privacy statement before you give out any personal information or download software. Check for signs that the Web site protects sensitive data. Look for https in the Web address and for a padlock or an unbroken key in the lower right corner of the Web page. Double-click the padlock or key to ensure that the "Issued by" name on the security certificate matches the name in the address bar.

    For details on these and other security tips, visit our Best Practices section.

     

  • "i-Safe Online"

    Identity TheftIts that time again, school is back in session and instructors are planning out lesson plans. But before you plan yours, make sure you have the most up to date materials from i-SAFE, the leader in internet safety education! For the 2007 year we've added new lessons on emerging topics, revised existing lessons to update content, and incorporated teacher suggestions across the board.

    At the elementary level we have added more songs for the lower division grades as they learn about Internet Safety. We~ve also added new lessons for students in grades 3-5 on topics such as Spam Scams and Citizenship and Safety. In addition to newly released lesson plans on topics such as Social Networking, Legal Trends, and Spyware. Middle School curriculum offers a new format in its Personal Safety Lessons. Knowing that this lesson is the key to safety online, i-SAFE has created a unit with four mini-lessons to ensure that all critical information is covered in this core lesson.

    The high school level has also benefited from new lesson plans. These lessons are in a non-webcast based format to allow for ease of implementation in any classroom. Topics include: Online Relationships, Online Freedoms, Social Networking, Legal Trends and more!

    We have also made it even easier for students to get involved as mentors at any grade level! Each lesson includes an easily implemented enrichment activity that coordinates with the lesson. Worksheets detail step by step instructions for students to complete each project making it that much easier for learning to become about empowerment!

    If you are an i-SAFE trained educator, get your new materials right away by logging in at www.isafe.org. Select the Quick link: Implementation Plan on the Home page. Submit this simple form online and receive your new materials on CD and/or DVD free of charge. Print curriculum is available for a fee to cover the cost of printing and shipping. If you haven~t been trained yet and face time constraints to attend a PDP.

    i-Learn online professional development program is for you! Go to http://ilearn.isafe.org. You can complete the training at your own pace and download your curriculum materials immediately after completion of each module.

    To take action! Join the i-SAFE Student Bumper Sticker Contest. Get the details here.

    For more information please visit: www.isafe.org or call (760) 603-7911 ext 21.

 CYBER SECURITY BROCHURES
Document  Cyber Fun Packet for Kids.ppt
Web Link  Cyber Tips for Businesses
Web Link  Cyber Tips for Citizens
Web Link  Cyber Tips for CoPA Employees
Web Link  Cyber Tips for Parents