March 25, 2022 SAU 70 Cybersecurity Notification
Based on a recent presentation by NHOCC (https://www.nhocc.com) please be aware that we are seeing an increase in cybersecurity concerns globally and we want our organization and community to be informed and safe. I will highlight some of the most common concerns below along with resources to learn more about them.
In the last 30 days, there have been at least seven new variants of ransomware. Ransomware can be used to encrypt data and interfere with business operations. Ransomware and extortion enable a significant funding source. What’s worse is that some of the new variants called wipers are designed to irrevocably destroy data.
We have also seen an uptick in phishing emails and texts. Phishing emails and text messages may look like they’re from a person or company you know or trust. They often tell a story to trick you into clicking on a link or opening an attachment, sharing credentials, or sharing confidential information.
Our Google accounts are Two Factor Authentication capable. Though it is not required it is highly recommended to enable 2FA on any accounts that you can, including your personal accounts. Never share a code received by text or email with another person; especially, if they claim to have triggered it on your behalf.
Use a different password for each of your important accounts, like your email and online banking. The current best practice is to use a trusted password manager. Long passwords are stronger, so make your password at least 12 characters long. Try to use: A lyric from a song or poem; A meaningful quote from a movie or speech; A passage from a book; A series of words that are meaningful to you; An abbreviation: Make a password from the first letter of each word in a sentence. [Don’t use personal info; Avoid creating passwords from info that others might know or could easily find out. Examples: Your nickname or initials, The name of your child or pet, Important birthdays or years, The name of your street, Numbers from your address, Don’t use common words & patterns. Examples: Obvious words and phrases like "password" or "letmein"; Sequences like "abcd" or "1234"; Keyboard patterns like "qwerty" or "qazwsx".] Do not share your passwords with anyone.
Please be aware that social media algorithms are increasingly being exploited to manipulate people. Misinformation, disinformation, and malinformation make up what CISA defines as “information activities”. When this type of content is released by foreign actors, it can be referred to as foreign influence. Definitions for each are below.
- Misinformation is false, but not created or shared with the intention of causing harm.
- Disinformation is deliberately created to mislead, harm, or manipulate a person, social group, organization, or country.
- Malinformation is based on fact, but used out of context to mislead, harm, or manipulate.