World Backup Day: March 31st

Happy World Backup Day!

Protect yourself against data loss by making electronic copies of important files, commonly referred to as a backup.

Our computers contain vast amounts of data, from family photos and music collections to financial records and personal contacts. In fact, a recent National Cyber Security Alliance/Symantec study found that more than 68% of Americans store 25% or more of their photos digitally. For most people, the loss of that information could be devastating.

Data can be lost in several ways: computer malfunctions, theft, viruses, spyware, accidental deletion, and natural disasters.

Data backup is a simple, three step process:

• Make copies of your data
• Select the hardware or method to store your data
• Safely store the backup device that holds your copied files

Make Copies of Your Data

Many computers come with a backup software program installed, so check to see if you have one. Most backup software programs will allow you to make copies of every file and program on your computer, or just the files you’ve changed since your last backup.

Select Hardware to Store Your Data
When you conduct a backup, the files will have to be stored on a physical device - such as CDs, DVDs, or USB flash drives, an external hard drive, or on the web using cloud-based online storage.

• CDs, DVDs and flash drives: These are best for storing a small amount of pictures, music, and videos.
• External hard drive: If your computer serves as the family photo album and music library, it’s best to get an external hard drive that plugs into your computer (preferably via a USB port).  This way, you can assure more adequate storage space for all your files. Copying information will also be faster with these devices.
• Online backup services: If you don’t want to hassle with new hardware, there are many online backup services available, usually for a monthly fee. Some security software includes this service with your subscription, so be sure to check that you don’t already have this service available. You simply backup your files to a secure server over the Internet. These services have the added advantage of safely storing your files in a remote location and the files can be accessed anywhere you have a connection to the Internet. This can be valuable for people who travel a lot and may need to recover files or if you live in area prone to natural disasters that might require an evacuation.

Safely Store the Backup Device that Holds Your Data

After setting up the software and copying your files on a regular basis, make sure you keep your backup device somewhere safe.  Some ideas include a trusted neighbor’s house, your workplace, a safe, or a secure place at home that would likely survive a natural disaster. Keep your backup device close enough so that you can retrieve it easily when you do your regular backup.

Other software programs are available for purchase if your system does not have a backup program or if you’re seeking other features. Ideally, you should backup your files at least once a week.

For more information on how to back up your data, check out the official World Backup Day site here.



Source STOP. THINK. CONNECT.

Malicious email - please delete!

You may have recently received an email from a CCIS staff member with a subject URGENT.  This email is spam and should be DELETED immediately.  

If you clicked on the link and/or provided any personal information through this email or website (upon clicking the link), please let us know immediately. Many malicious emails are sent daily. Below are some best practices to avoid falling prey to malicious attacks:

If you didn't expect a message, link, or attachment from someone, ask yourself why you should trust that it really came from the apparent sender, and that it's safe. When in doubt, it's a good idea to call and verify that they sent you the message.

If you question the authenticity of a hyperlink, hover over it and see if the hyperlink matches the URL displayed or the sender.

Technology Services will never ask you for your password in an email or during a phone call. You should never share your password with anyone including a Technology Services representative.

Never respond to an email asking for account information, credit card numbers, PINs, or other personally identifying information. 

Immediately report any suspicious email to the Technology Solutions Center at help.ccis.edu or at 573-875-HELP (4357) or 800-231-2391 ext 4357.

Our goal is to protect users from unsolicited messages and social engineering attempts to gain sensitive information like user names or passwords. Occasionally, despite all precautions, unsolicited email can make it through the best security systems. Please keep in mind the above guidelines when viewing email to help keep our information systems secure. 

Tech Tip Tuesday: Backing Up Your Computer

This week's tech tip is dedicated to World Backup Day this Thursday March 31!

Click this link or  the photo below for a PDF on how to backup your brand of computer and keep your data safe.

For more information visit http://www.worldbackupday.com/en/

Identity thief creates profile to scam Facebook users

POSTED: 06:30 PM CDT Mar 24, 2016

COLUMBIA, Mo - An identity thief has targeted a Facebook user in Columbia. Columbia police said the unknown person made a duplicate account with the victims information. Authorities investigated the incident last Friday.

"Facebook actually makes it pretty easy to create a fake profile for somebody. I could take your picture off of Facebook and create a profile for you in a bout a minute," said Sean Spence," Better Business Bureau regional director.

The victim told police that someone used her photo and profile information to contact people on her "friends" list to solicit money from them.

"Guard your personal and financial information as closely as you would your valuables because you Social Security number, your date of birth, your bank account numbers -- those are hot commodities for criminals," said Det. Tom O'Sullivan with Boone County Sheriff's Department.

Experts warn if a friend ever sends a Facebook message, a text or an email asking for personal information or money to not respond and follow it up with a phone call.

"Most of the time, when these kinds of scams happen, it's going to seem a little bit weird. This is most likely going to be a friend who never asks you for money before.  It's going to be somebody that you're surprised is asking you for money," said Spence.

Experts said the most important precaution for Facebook users is to filter who can access their pages.  Facebook has several privacy and security settings that can limit who can access a user's page.

Original article here.

Dan Messineo, Reporter

Copyright © 2016 KMIZ - The Networks of Mid-Missouri

How to Password Protect Notes in iOS 9.3

Update your iPhone or iPad to the new iOS 9.3 and keep your notes safe with this new security feature!

Although more prominent features like Night Shift and a few new Quick Actions are getting the spotlight with the launch of iOS 9.3, one new lesser-known update is definitely worth checking out. In iOS 9.3, Apple has improved the functionality of its first-party Notes app with the ability to add password or Touch ID security for individual notes.

The feature allows users to prevent access to sensitive information on a case-by-case basis (some notes, like a shopping list, might not be as high risk), just in case someone gets past the lock screen security of the iPhone itself. With some people even using Notes to store passwords for various sites and services, Apple's security-enhanced update is well worth checking out.

Creating a Password in Notes on iOS

The steps needed to set up a password or Touch ID for your Notes are straight-forward and should only take a few moments to complete.

1. Navigate to the Settings app on your iPhone or iPad.
2. Scroll down to "Notes" and tap on it.
3. Midway down the screen will be a "Password" option. Tap on it.
4. If this is your first time setting it up, a menu will immediately appear asking to set up the new password.
5. Fill out the fields requiring the Notes password (remember that something other than your iPhone passcode will be preferable), and then verify the password in the next field.
6. Provide a hint to the password you entered to ensure that if you ever forget it you can be guided back through guessing.
7. In the same menu, toggle on "Use Touch ID."
8. Tap "Done" in the top right corner to confirm your selections.

To test out the new password and Touch ID features of Notes, head over to the Notes app on your iPhone or iPad. There are just a few more steps to go through to fully protect a note of your choice from prying eyes.

1. Once inside Notes, if you've already got a particular note in mind to protect, skip to the next step. Otherwise, tap on the bottom right of the app to create a new Note, and enter any private information you wish to hide.
2. Inside the note, tap on the top right of the screen to bring up the share menu. Tap the "Lock Note" option in the bottom row.
3. If you haven't entered the Notes password recently, the app will ask for the password or Touch ID fingerprint you created in the Settings menu. Comply by providing either measure of security. If no password or fingerprint is required, the lock will be added automatically.
4. This adds a lock to the note, but doesn't actually lock it yet. To do that, click on the new unlocked button on the top right of the screen.
5. The note should now be hidden with a simple "This note is locked" message.
6. To view the locked note again, simply tap "View Note" and place your finger on the Home Button to use Touch ID, or enter your password.

Original article from Mac Rumors here.

Ways to regain your hacked account

An article from our partner in cyber security:

If your account has been compromised or hacked, here are ways to regain control.

How do I know if my email or social network account has been hacked?

There are posts you never made on your social network page.
These posts often encourage your friends to click on a link or download an App.

A friend, family member or colleague reports getting email from you that you never sent.

Your information was lost via a data breach, malware infection or lost/stolen device.

If you believe an account has been compromised, take the following steps:

• Notify all of your contacts that they may receive spam messages that appear to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
• If you  believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
• Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.
• If you cannot access your account because a password has been changed, contact the web service immediately and follow any steps they have for recovering an account.

Protect Yourself with these STOP. THINK. CONNECT. Tips:

Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.

Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.

When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

View a list of resources here, on the STOP. THINK. CONNECT. site.

Later This Month: World Backup Day

World Backup Day - March 31st

Stay tuned for more information on ways to backup your data later this month!

5 ways your WiFi can be hacked

You're probably like most WiFi users, your WiFi is set up, you put a password on your network and don't think twice about it again. This is not the best practice for keeping yourself and your data safe from hackers. Personal WiFi is extremely under-protected. There are many consequences of a WiFi hack, including identity theft! Your WiFi is probably vulnerable, and here is a few ways your WiFi can be hacked.

1. Many routers, in spite of having multiple security options, are set by default to WEP protection. This method of security sends out patterns through your network that make it easy as pie for anyone to snatch your WiFi password literally out of thin air.
2. You can set your router to only recognize certain devices (this is called whitelisting or MAC address filtering), but savvy neighbors can detect and mirror that network address with an application called Wireshark.
3. Your password is too easy. Even with the most advanced connectivity options, free “brute hacking” software can guess your password in a matter of hours by running thousands of varying number and dictionary combinations against the computer database until it guesses the right code. And if you used the default WiFi password that was on your router when you bought it? Yeah…those are totally published on Google.
4. People are gullible. All it takes is one visitor in your home to click a suspicious link and they’ve opened a virtual back door to your home WiFi.
5. You’re forgetful. Ever sell an old phone on eBay or ditch an outdated router at a garage sale? If you didn’t do a hard wipe of all the system’s data, you’ve exposed your family’s personal information to random people on the street.

So what’s to be done? Obviously, using a secure password is key, but additional layers of protection will help guard you in case your network does become compromised. Use a free VPN service like Hotspot Shield to secure your data over WiFi connections. This will prevent hackers from accessing personal information like credit cards, birth dates and other data entered into your web browser.

Source: Someday I'll Learn

First ever OS X ransomware encrypts your data and asks for money

Ransomware is a particularly nasty piece of malware: After your computer is infected, it encrypts your data and refuses to give you the key unless you pay its makers a sum of money. Save for any glaring mistakes in the malware's implementation, paying up is usually the only feasible way to get your data back, especially if you don't have a backup.

Now, according to security company Palo Alto Networks, the first functional ransomware that operates on Apple's OS X has been discovered.

Dubbed KeRanger, the malware was embedded with version 2.90 of the Transmission software, normally a legitimate BitTorrent app. It waits three days before encrypting certain types of data on an infected system, and then it asks for one bitcoin (around $405) in ransom.

The infected versions of the Transmission installer were detected on March 4, and anyone who downloaded Transmission 2.90 around that date may have infected their OS X machine with the KeRanger malware.

Soon after the infection was discovered, Transmission released a new version of its client, Transmission 2.92, which should be malware-free.

"Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer," says a message on the official Transmission website.

Tips to get rid of the malware

Palo Alto Networks offers some tips for users who think their system might have been infected. First, in Finder, check for the existence of a "/Applications/Transmission.app/Contents/Resources/ General.rtf" or "/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf" file. If the file exists, your Transmission app is infected and you should delete it.

Users should also check, using Activity Monitor, whether there's a process called "kernel_service" running. If it is, users should double check the process, select "Open Files and Ports" and check for a file name like "/Users/<username>/Library/kernel_service". The "kernel_service" process should be terminated with Quit - Force Quit.

Those who find an infection on their computer should check their  ~/Library directory for files named “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service.” Those files should also be deleted. 

How did this happen?

As Transmission is a legitimate OS X app, and it requires an Apple-signed certificate to be installed, how could the infection happen in the first place?

According to Palo Alto Networks, two KeRanger-infected Transmission installers were signed with an Apple-issued certificate. It's not clear how the malware-infested installers ended up on Transmission's website — the website could have been hacked, for example, but there's no proof at this point that this is what happened.

The certificate was later revoked by Apple, so trying to start an infected version of Transmission should result in a warning dialog, saying that the app will damage your computer or that it can't be opened.

An Apple spokesperson refused to give any details, besides reiterating that the company revoked the digital certificate that enabled the malware to install on Mac computers.

Similar ransom-demanding malware was previously seen on Windows machines and other operating systems, but not on OS X. In February, hackers demanded millions of dollars in ransom to decrypt the data belonging to a Hollywood hospital, though in the end the hospital got out by paying $17,000. 

View original article from Mashable here.

Beware of spring break scams

Spring break is just around the corner, which means now is the time to prepare your vacation plans. Planning your trip may require making reservations with multiple businesses whether online or over the phone. A travel agency can make the process of booking your spring vacation quick and easy, but using the wrong one could turn your vacation into a nightmare. The Better Business Bureau serving Wisconsin (BBB) is advising consumers to do their research before booking their next vacation.

In 2014, BBB received nearly 8,000 complaints nationally against travel agencies and bureaus. Most complaints alleged consumers felt misled by travel offers that failed to deliver on promises. In some cases, consumers paid money for travel arrangements that were never made.

"Many people are planning to escape the brutal winter and head to warmer climates and spring break is the perfect opportunity,” said Ran Hoth, CEO and president. "When you begin planning your vacation, it could be tempting to accept that too-good-to-be-true offer. BBB recommends doing your research and finding a business you can trust.”

To ensure your trip will be worry free, follow these tips from your BBB:

• Be alert for travel scams. Unsolicited mail, email and websites offering deeply discounted travel packages could leave you out of a vacation and your money if you’re not careful. Watch out for scams saying that you’ve “won a trip” or too good to be true prices. Generally if you’ve truly won something, it will be given to you as a gift. Be especially leery if an offer is unsolicited.
• Do your homework. Ask family and friends to recommend a business they’ve used and check with bbb.org to see free Business Reviews. You can also utilize BBB’s Accredited Business directory to find an accredited business.
• Get everything in writing. Get all the details of your vacation in writing, including travel itineraries, booking confirmations and vouchers. Also review and keep a copy of the business’s cancellation and refund policies.
• Verify reservations. Get the contact information for the airline, rental car company and hotel. Call prior to departure to confirm all arrangements.
• Consider travel insurance. Travel insurance is designed to cover such things as trip cancellations or medical emergencies. Certain businesses and policies have different levels of coverage based on what plan you purchase. Ask a lot of questions, and always read the fine print to see what's covered.
• Pay with a credit card. Paying with a credit card gives you additional protection if something should go wrong with the travel reservation.

Likewise, be wary of the “grandparent scam” which is typically higher this time of year when scammers see the popularity of spring break trips to carry out their scheme. Relatives of travelers, especially seniors, should be skeptical of calls claiming to be from students stranded in distant locations. These scams usually begin with a call from someone claiming to be a person you know (often a child or grandchild) who preys upon the relative by stating they need money to get out of jail or pay for a medical emergency.

If you receive such a call, remember that a request for you to send money by wire transfer or prepaid MoneyPak cards to someone you have not verified is often not legitimate and nearly impossible to reverse. One easy way to confirm a family member’s identity is to ask a simple question such as the name of the family pet or where they attend school.

Original article from Better Business Bureau, view article here.

Snapchat Employee Data Leaks Out Following Phishing Attack

Snapchat is famous for its disappearing messages, but unfortunately not everything in this world is ephemeral when you need it to be. The LA-based company disclosed today that a number of its current and former employees had their identities compromised by a cyber attack this month.

“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”

Snapchat has had hacking problems in the past. The service leaked some 200,000 photos from users back in 2014 when unofficial third party apps were compromised, but on this occasion the circumstances and outcome are different. For one thing, Snapchat said that no user data was affected, while the company is shouldering the blame for the issue. (Last time it said users who lost data were at fault for using unofficial accounts — it then subsequently nixed all third party access to its platform in the name of security.)

So what was accessed this time around? Snapchat isn’t being too specific — this is sensitive — but payroll information could include salary data, social security numbers, bank details, addresses, emails and other personal ID which, in the hands of the wrong people, could create headaches for those affected.

Snapchat said it reported the crime to the FBI, while it sorted through the people affected and is offering them all two years of identity theft insurance and monitoring for free.

Corporate hacking and information theft has occupied the limelight regularly in recent years. The scale of the hack on Sony, which also took place in 2014, was unprecedented and, beyond putting confidential company information (including, ironically, details about Snapchat’s business) into the public forum, it also exposed the personal information and data belonging to thousands upon thousands of Sony staff.

Snapchat said it is “impossibly sorry” for this breach. It vowed to “redouble our already rigorous training programs around privacy and security” in the hope of preventing future incidents like this happening again.

View original article from Tech Crunch here.

Article Update 3-3-16 Here