Cyber Security & Universities: Where’s the Disconnect?

A few years ago my university’s security was compromised by a student burglar who stole several computers, including some used by the faculty. Immediately, the campus police launched an offline and cyber security investigation, found and charged the culprit who is now serving his jail sentence.

cyber securityA spokesperson said that the burglar’s motives might have been academic, meaning he wanted to cheat on a test. Most of us may have daydreamed about doing something similarly ignoble to change our GPA to something more ennobling if we ever had access to do so.

But the university burglary motivated me think about the security of such delicate and personal information. Because of the troves of personal and financial information, universities are prime targets for online hackers – even those without access to the school’s computers.

Despite full-frontal attacks on information, an article by Alfred Ng for CNET.com shared this method of hacking that students should be aware of: malware or hacking platforms disguised as apps.

“Though most of the blacklisted apps are poorly made games [such as the ransomware programs impersonating Pokemon Go at the app’s apogee], others pretend to help you be a better student,” Ng wrote.

Risk IQ, a cybersecurity company, has been on the lookout for university connected vulnerabilities. In Ng’s article, the company gives suggestions on how students can avoid these costly tricks:

“Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts, Risk IQ said. For any educational apps, like Blackboard Learn, you should always check the sources and look for the official versions.”

With my another semester starting soon, the last thing I want to worry about, or any student to worry about, is cybersecurity. Be smart and be safe. Check to see if your school is protecting its website from online hackers with vulnerability scanning software – like that offered through Trust Guard. Otherwise, you might want to consider not sharing your personal information on the school’s website.

Major Cyber Attacks Blamed on North Korea

According to PC Pit Stop, North Korea is responsible for two major cyber attacks.  Cyber security analysts believe that North Korea has been stealing crypto-currency, bitcoins, and other digital currency by executing advanced persistent threats (APTs). Since the beginning of the internet, hackers have been gaining unauthorized access to networks to steal identities, perform credit card fraud, and cause havoc for e-commerce businesses and individuals. Only by hacking a site and server from an honest third-party vendor, otherwise known as vulnerability scanning, have business owners been able to limit the number and extent of cyber crime. Even at that, more than 30,000 websites get hacked into every single day.

Considering the value and international popularity of bitcoins have almost doubled over the last couple weeks, it’s not shocking to learn that cyber criminals are now targeting digital wallets.  However, North Korea is taking this to a new level by targeting bitcoin exchange sites and financial institutions.

North Korea Cyber Crime
Beyond stealing digital currencies, the U.S. also released a statement on December 18th claiming North Korea was responsible for the first global ransom ware attack, WannaCry.  WannaCry was a ransom ware campaign that impacted approximately 150 countries around the globe.  Collectively the attack created millions, if not billions, of dollars’ worth of damage.  When cyber crime happens, online business owners have to account for costs associated with downtime, third-party investigations, loss of productivity, design, marketing dollars, data, and reputation damage.

The U.S. government plans to establish a plan to mitigate the risk of future attacks taking place.

MSN reported,

“…the Trump administration will be calling on “all responsible states” to counter North Korea’s ability to conduct cyberattacks and to implement all “relevant” United Nations Security Council sanctions, according to a U.S. official familiar with the matter.” No definitive plans, beyond the above statement, have been disclosed to legitimately address the issue.  Therefore, it is unclear what measures the U.S. plans to take to counter North Korea’s ability to execute these cyber attacks.  For now, no serious online business owner should be without security scanning to catch their websites’ vulnerabilities before hackers do.


 

View original article here: https://techtalk.pcpitstop.com/2017/12/19/north-korea-blamed-major-cyber-attacks/?northkorea=&ad_id=505347&share-ad-id=1

Cyber Security: Good, Better, Best

With some products you buy, the brand name really doesn’t matter. Socks, for example. Does anyone really care what brand of socks you wear? The answer is no – especially if you’re wearing jeans and no one can even see them. The same is true with pillow cases, in most cases, and pencils. You get the idea.

Cyber SecurityBut when you’re talking about cyber security—that’s a different story. You don’t want to experience first-hand the chaos that hackers can unleash if they’re given half a chance. If they can bring “the most technologically advanced system of government in the world” to its knees, like Russian hackers did to Estonia ten years ago, what chance does your online business have if hackers decide to target it? Only one: Trust Guard.

With such crazy cyber security threats floating around out there, might I suggest that you consider a trusted partner to do the dirty work of protecting your business while increasing your trustworthiness to online shoppers. Perhaps it would help to see an example of how Trust Guard’s Security Scanned outdoes the equivalent service of a competitor, Security Metrics.

Both of these services scan for vulnerabilities, but Trust Guard scans for more vulnerabilities and security holes and is more user-friendly than Security Metrics. Trust Guard also provides a proven security seal for your website—a small image that makes it clear to the online customer that your site has passed its security scan.

This in turn engenders trust among shoppers, which leads to more conversions. Because of the innovative methods of Trust Guard Security Scanned trust seals and scanning service, you get to enjoy an average of 15% more sales than you would without them.

Plus, Trust Guard has the best satisfaction guarantee in the industry: a 60-day double-your-money-back guarantee. How can you go wrong? So buy whatever socks or pencils float your boat. Just remember that the company that you choose to protect the your online assets needs to be not good, not better, but the best; it needs to be Trust Guard.

 

CNBC: Hackers Are Targeting School Websites

According to an article from CNBC, hackers are now targeting school websites – including elementary and high schools. Universities like Harvard and the University of Louisville have been hacked. As have state departments of education, like Indiana’s. Even elementary, junior and high schools have been attacked by cyber criminals.

I guess it just took CNBC to talk about it before people realized the dangers for students, parents, teachers and admin when accessing their schools’ websites.

The article mentions that a hacking group named “The Dark Overlord,” known for hacking Netflix, has recently been linked to a series of attacks on school districts in three different states.  CNN mentioned that in a Montana school district, for example, more than 30 schools shutdown for three days. The Wall Street Journal reports that cyber-thieves have attacked more than three dozen schools. But there have been more than that.

“Schools have long been targets for cyber-thieves and criminals,” writes the Department of Education. “We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.”

'These grades won't do at all! Go to your room, hack into your school's computer and change these!'The Department of Education says the hackers are probably targeting districts “with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” It advises districts to conduct security audits and patch vulnerable systems, train staff on data security best practices, and review sensitive data to make sure no outside actors can access it.

According to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, school environments often don’t have a lot of technology resources dedicated to security, but they could have some of the most sought after personal information on people, including social security numbers, birth dates, and medical and financial information.

The Department of Education’s letter confirmed that threats like these have now been observed multiple times, stating, “In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.”

“These attacks are being actively investigated by the FBI, and it is important to note that none of the threats of violence have thus far been judged to be credible,” explains the department. In order to protect private information that can be stolen and used for extortion, the Department of Education suggests that schools conduct security audits like those offered by Trust Guard and that they train staff and students on data security best practices like secure passwords.

Cyber crime has been happening since the creation of the internet. With more than 30,000 WordPress sites being hacked on a daily basis, schools, districts, and state education departments need to start monitoring their sites for vulnerabilities on a daily basis. If you are a student, parent or teacher, visit TrustGuard.com for more information on how to keep your private information safe.


Special thanks to these two articles for much of the content in this article:
http://money.cnn.com/2017/10/18/technology/business/hackers-schools-montana/index.html
https://www.cnbc.com/2017/10/24/department-of-education-warns-that-hackers-are-now-targeting-schools.html

 

You’ve Been Hacked!

You’re asleep, dreaming about all of the money effortlessly flowing into your bank account because of your years of hard work and determination to succeed as an e-commerce business owner.

Suddenly your eyes jerk open to the sound of your partner’s ringtone. He’s the only person that you let call you after hours.

You turn over to reach for your phone. Your alarm clock shows you that it’s 3:30 in the morning. You begin to get nervous, asking yourself what could possibly be so important.

You answer the phone searching for explanations when your partner, with almost palpable stress in his voice exclaims: “We’ve been hacked!”
You've Been Hacked!
Not really knowing what that means, you get him to calm down and tell you what happened. He explains that he found out earlier that night that one of your longstanding customers had her credit card information stolen and linked the theft back to your site.

He was just going to talk to you about it the next day, but then he received another notification of identity theft linked to your website, then another, and then another. This started to really scare him. Then, right before he called you, your programmer called to tell him that a hacker had taken control of your website.

That’s a lot of bad, life-changing, gut-wrenching information to take in – especially at 3:30 in the morning.

You take a minute to try to make sense of it all. Finally you respond to your partner. “So, what you’re saying is that we no longer have access to our website and that we are probably responsible for the identity and credit card theft of all of our customers.”

You hear your partner take a long, deep, concerned breath before answering with a lump in his throat “Yep.”

And to think that all of this could have been avoided by using Trust Guard’s security monitoring services.

What Victims of Identity Theft Can Do

If you haven’t heard, Equifax, one of the three big credit reporting agencies in the United States, announced that it suffered a massive data breach. More than 143,000,000 records were compromised, including email addresses, names, social security cards and credit card numbers.

If you believe you were the victim of identity theft, here’s what you can do:

  1. Close the accounts that you believe may have been tampered with or opened fraudulently. Use the government’s Identity Theft Report, which can be found at www.identitytheft.govIdentity Theft
  2. File a police report and get a copy to submit to your creditors and others who may require proof of the crime. If you have proof of identity theft, be sure to take that proof with you when you go to file your police report.
  3. File your complaint with the FTC at www.consumer.ftc.gov. The FTC maintains an identity theft database that law enforcement agencies use for investigations. Filing a complaint also helps the FTC better assist you, as the commission learns more about online theft of identities and the problems it creates.

If you are a business owner with an SSL certificate but without protection from hackers, contact Trust Guard, the leader in website security to protect you and your online visitors from hackers.

What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

Website Security Threats and Solutions

What is website security? Is it really important? Well, if you are a business owner and you have a website or you are responsible for managing or maintaining your company’s websites, then it is definitely important that you know website security threats and solutions.

Not all IT people know everything about securing a website. Just like not all doctors know how to cure every sickness. Believe it or not, when you go to school to study programming, computer engineering, or web development, you’ll find that there’s not much in the curriculum that would tell you how to create secure codes. You are simply taught to create a code that will run a software and later in life, as you experience failures in your newly developed software, you begin to think of a solution. You then create another software or a code to combat the weak link in your existing software.

Website Security Threats and Solutions
In other words, no one is truly secure online until someone finds a 
security tool or creates a new code better than the previous one.

For beginners, learning about web security may look like an intimidating feat because of the technical verbiage and profound coding involved. But once you get an understanding of its importance and why you need to know at least the basics, you’ll love every jargon!

So what are the problems of ignoring website security threats?

  • It can put your business or personal information at risk.
  • It can jeopardize your customers’ computers if you are running an e-commerce website or your readers’ if you are running a blog. This is because viruses and malware follow loopholes in the system. They see one, they get in, then move to the next, and so forth, infecting every computer they get into until someone finally figures out something is wrong and finds a solution for it.

Where do you start?

  1.   Always make sure your website’s software is up to date.
  2.   As much as possible, do not allow uploading of files to your website as this can be a total security risk.
  3.   Use an HTTPS protocol instead of just HTTP (SSL certificates).
  4.   Use web security tools like Trust Guard’s security scanning services to check for holes used by hackers.

 

Jonna LindawanArticle written by Jonna Lindawan
Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.