Tuesday, November 29, 2011

FCC Small Biz Cyber Planner

English: A candidate icon for Portal:Computer ...
Image via Wikipedia

The FCC has launched a Small Biz Cyber Planner, an online resource to help small businesses create customized cybersecurity plans in conjunction with DHS, NCSA, NIST, The U.S. Chamber of Commerce, The Chertoff Group, Symantec, Sophos, Visa, Microsoft, HP, McAfee, The Identity Theft Council, ADP and others. The complete set of guidance can be downloaded as a PDF at fcc.gov/cyber/cyberplanner.pdf while the interactive online tool is available at FCC.gov/cyberplanner.
"The Small Biz Cyber Planner will be of particular value for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyber-threats. Even a business with one computer or one credit card terminal can benefit from this important guidance.  The tool will walk users through a series of questions to determine what cybersecurity strategies should be included in the planning guide. Then a customized PDF is created that will serve as a cybersecurity strategy template for a small business. 
This effort is part of an ongoing program to raise awareness about the cybersecurity risks to small businesses and to help these businesses become cyber-secure. Earlier this year, the FCC and a coalition of public and private-sector partners developed a cybersecurity tip sheet, which includes tips to educate business owners about basic steps they can take immediately to protect their companies. The tip sheet is available at FCC.gov/cyberforsmallbiz."
Sections in the complete set of guidance are:
  • Privacy and Data Security
  • Scams and Fraud
  • Network Security
  • Website Security
  • Email
  • Mobile Devices
  • Employees
  • Facility Security
  • Operational Security
  • Payment Cards
  • Incident Response and Reporting
  • Policy Development, Management
  • Cyber Security Glossary
  • Cyber Security Links

Enhanced by Zemanta

Friday, November 25, 2011

Protecting Kids Online

Texting on a keyboard phoneImage via Wikipedia


One of the issues I’ve been struggling with over the past ten or so years is how to protect kids online. The Internet offers a world of opportunities. People of all ages share photos and videos, build online profiles, text each other and create alter egos in the form of online avatars. These ways of socializing and communicating can be fulfilling, and yet, they come with risks:

  • Inappropriate Conduct: The online world can convey a false sense of anonymity and kids sometimes forget that their online actions have real-world consequences. 
  • Inappropriate Contact: There are people out there that have bad intentions; predators, bullies and scammers.
  • Inappropriate Content: Kids can easily come across pornography, violence or hate speech online.

Some questions to ask yourself as an adult:

  1. Do you think your child knows more about the Internet and technology than you do?
  2. Do you think you know more about communicating respectfully off-line than your child does (parents don’t have to be tech-savvy to know a lot that’s relevant to this topic)?
  3. How much time do you think your kid spends online each day? Each week? That includes time on their phones!
  4. What are your kids’ favorite websites or online games?
  5. Do your kids have their own computers? Do they have cell phones?
  6. Do you supervise what your kids do while online and offer guidance, or are they allowed free rein?
  7. What are your main concerns about online safety?
  8. Do you text? Do you text with your children?

It’s also a good idea to talk with your kids about online safety. To kick things off, here are some questions you can ask your kids:

  1. How much time do you spend online?
  2. What do you like to do online?
  3. Do you sleep with your cell phone in reach?
  4. Do you post pictures online? 
  5. Have you every posted or sent anything you later regretted?
  6. Have you or one of your friends ever received a text message that was hurtful or mean-spirited?
  7. Have you ever talked to your parents about something that bothered you online?
  8. Have you ever talked to another adult bout something that bothered you online?

Make your conversation interactive. Ask your kids how they might have handled an incident that involved sharing too much information, cyberbullying, posting embarrassing photos or sexting.

For more information, the US Government has created OnGuardOnline.gov, a site that provides practical tips from the federal government and the technology community to help you guard against internet fraud, secure your computers and protect your privacy. The project is managed by the Federal Trade Commission, the nation’s consumer protection agency, and includes more than a dozen federal agencies.

Additional Resources

  • OnGuardOnline.gov - Practical tips from the federal government and the technology community to help people be on guard against Internet fraud, secure their computers and protect their privacy.
  • FTC.gov/idtheft - The Federal Trade Commission's website has information to help people deter, detect and defend against identity theft.
  • StaySafeOnline.org - The National Cyber Security Alliance seeks to create a culture of cyber security and safety awareness by providing knowledge and tools to prevent cyber crime and attacks.
  • CommonSenseMedia.org - Common Sense Media is dedicated to improving the lives of kids and families by providing trustworthy information, education and voice they need to thrive in a world of media and technology.
  • GetNetWise.org -  A project of the Internet Education Foundation, the GetNetWise coalition provides Internet users the resources to make informed decisions about their and their family's use of the Internet.
  • CyberBully411.org - CyberBully411 is an effort to provide resources for youth who have questions about or have been targeted by online harassment.
  • ConnectSafely.org - ConnectSafely is for parents, teens, educators and advocates for learning about safe, civil use of Web 2.0 together.
  • iKeepSafe.org - iKeepSafe educational resources teach children of all ages, in a fun, age-appropriate way, the basic rules of Internet safety, ethics and the healthy use of connected technologies.
  • NetFamilyNews.org - A nonprofit news service for parents, educators, and policymakers who want to keep up on the latest technology news and commentary about online youth, in the form of a daily blog or weekly email newsletter.
  • NetSmartz.org - The NetSmartz Workshop is an interactive, educational safety resource from the National Center for Missing & Exploited Children.
  • WiredSafety.org - WiredSafety provides help, information and education to Internet and mobile device users of all ages.


Enhanced by Zemanta

Thursday, November 24, 2011

Schedule Emails to be Sent Later in Gmail


Image via Boomerang for Gmail
I have happily been a Gmail and Google Apps account holder for several years. A feature that I felt had been lacking was the ability to schedule emails to be sent at a later date. I've searched for various solutions ... all of them disappointing ... until recently when I came across Boomerang for Gmail which does just that; it lets you write an email now and schedule it to be sent automatically at a scheduled time. There are both Google Chrome and Firefox plugins for Boomerang. The plugin adds a “Send Later” button in Gmail. It doesn’t get much easier than that to schedule emails for sending at a later date.

If you're interested in using Boomerang for free, here's the link: Boomerang for Gmail

Monday, November 21, 2011

Water System Attack on City Water Station Destroys Pump

Clean drinking water...not self-evident for ev...Image via Wikipedia

Last week a disclosure was made about a public water district SCADA system hack. There have been several reports in the press concerning the attack on control system of the city water utility in Springfield, Illinois and the resulting burn-out of a pump. Law enforcement is investigating.

[UPDATE] 11/29/2011 - Department of Homeland Security officials are now saying that the water-pump failure in Illinois wasn't cyberattack after all. READ MORE

ICS-CERT Report - (ICSB-11-327-01—ILLINOIS WATER PUMP FAILURE REPORT)

Enhanced by Zemanta

Friday, November 18, 2011

Operation Ghost Click

The FBI is seeking victims in a DNS Malware Investigation for the case of UNITED STATES v. VLADIMIR TSASTSIN, ET AL. Specifically, the FBI is seeking information from individuals, corporate entities and Internet Services Providers who believe that they have been victimized by malicious software related to the defendants. As you know form the news blurbs that I've been sending out, this malware modifies a computer’s Domain Name Service settings, and thereby directs the computers to receive potentially improper results from rogue DNS servers hosted by the defendants. 

On your own systems, and the systems you manage, it's recommend you check the DNS settings and register as a victim of the DNSChanger malware if the DNS entries have been modified to point to the defendants' DNS servers. Complaints can be filed here: https://forms.fbi.gov/dnsmalware

For more information, including steps on how to check your DNS settings, go to http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf.


Enhanced by Zemanta

Wednesday, November 16, 2011

Department of Defense Cyberspace Policy Report

The Pentagon, looking northeast with the Potom...Image via Wikipedia
The Pentagon published their most explicit cyberwarfare policy to date. The report states that, if directed by the president, the DoD will launch "offensive cyber operations" in response to hostile acts. Hostile acts may include "significant cyber attacks directed against the U.S. economy, government or military,".

Here's a link to the report:
http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf

Enhanced by Zemanta