Alert! Are you being Watched?

ALERT: YOU ARE BEING WATCHED!

/0 Comments/in /by

Almost every day, we go online so we can keep in touch with the world and based on our interests, we either watch news, stock market, or spend time on social media and look at what is new and who is doing what? What is happening around us, what is the latest & the greatest, what are the new inventions, ideas and trends? Professionals go online to stay updated on the professional front.

Sharing posts about where we are and what we are doing keeps our near and dear ones excited and updated. Of course, it keeps us motivated.

Reports indicate that just few years ago, almost 80% smart phone users were using phones with location services enabled, the trend has now changed in the western world but in developing countries, still a very large number of users are not aware about the location services and privacy. Those in the IT world have known for a long time that every time we go online, we are leaving our digital footprint out there.

Some of us also think what all is secure and what is not so secure? When people innocently share their kid’s birthday photos, school graduation pics with other details, they do so thinking there is nothing to worry about! They think who is looking at these details?

But, little they know while staying online is a need but then staying secure while online is also a need. It is like driving on the road, while there is a need to be on the road to travel from one place to another but there is also a need to take all precautions to stay safe on the road.

Let us talk about Cyber Security – this is something that needs attention of everyone because in today’s day and age, Cyber Security must fall into everyone’s “need to understand and comply” scope.

Today all across the world, businesses have their presence online – directly or indirectly. Majority of business have some presence online When all our clients are online, where else would we promote our business? So, many of the marketing campaigns are happening online.

All these businesses also need to understand, and follow cyber security norms and stay safe. What all are we sharing online in our marketing campaign?  For example, If we are sharing our IT/Network structure, hackers will know how to crack it.

Simply put, all the information put out online is “publicly available information”. In the world of cyber security, this is called open source intelligence (OSINT). Here, open source means that the sources that provide information are open/public. OSINT is an important part of Recon (Reconnaissance).

Different stages in Cyber Security are,

  1. Pre Security
  2. Offensive Pen testing
  3. Cyber Defense

For Cyber Security professionals, working at any of the above stages, Recon is the very first step taken whenever they get ready to perform Vulnerability Assessment or Penetration Testing. While Active Recon includes direct interaction with the target, Passive Recon includes finding and using the information available on the web.

For Passive Recon, there are some very powerful tools available that will check the target’s online presence, from various different domains, social media platforms, what all has been shared, when it was shared, patterns are set and noted, Pictures and Videos are retrieved and these tools help Cyber Security professionals put very important, and sometimes, private and sensitive information together. These professionals are then able to join the dots and infer the underlying secrets/information.

OSINT or Recon tools are not magical. They only pull out publicly available information and put it together for these professionals to join the dots. Many a times, to start the Recon, all the professionals have with them is a name, or if they are lucky, an email address, or a domain. They start digging with it and in very little time they have a great amount of intel with them.

Once they know something like a website they can use, they will try and find out weaknesses, if any, that they can exploit. This is the process of Vulnerability Assessment. A part of the website might be weak/vulnerable or using some outdated technology, and becomes vulnerable.

Once a vulnerability is found, the next process of Penetration testing begins. Here, those vulnerabilities are targeted and exploited. The experts try and get into the target’s network, system, database, based on the type of vulnerability. Once they are in, they will try and exploit it, causing damage to the target’s  assets. Many a times, cookies from a device give away access to sensitive data.

To stay safe, it is important to clear your browsing history from time to time. Delete all cookies from your device from time to time. When you are using your browser to look at confidential, private or sensitive information, it is not a bad idea to use Incognito mode. Today we have the options available for using encrypted emails.

Firewalls will protect you when you are approached from an unknown website. Antivirus software are available for your further protection and there are range of protective software available. These are the most common, easily available and easy to implement security measures that we should follow.

As a common practice, companies pay the ethical hackers to find vulnerabilities in their system and some companies even pay them to penetrate into the company’s internal assets and see what kind of exploitations are they vulnerable to. If hacker is able to find vulnerabilities on the target’s request, the proof is shared with the target to enhance the security and eliminate the vulnerabilities.

To summarize, we agree that staying online is a need and that staying secure while online is a need too. Cyber Security, I think, should have a place in everybody’s “need to understand and comply” scope.

Stay Online, Stay Safe!

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

No Privacy!

THERE IS NO PRIVACY OUT THERE

/0 Comments/in /by

 

What are the dangers kids face when they go online?
Online predators steal peoples’ identities, post inappropriate photos, pretend to be someone they are not, do cyberbullying activities, etc., etc. If this happens to a kid, imagine the kind of overwhelming negative impact it can have on the kid’s emotional and physical well-being.

Read More

Cyber Security

CYBERSECURITY: THE ONLY SOLUTION TO INCREASING PERILS OF CYBERCRIME

/0 Comments/in /by

Our world is becoming more and more dependent on digital technologies. In my previous blog, Alert:You are being watched!, we looked at how vulnerable we are and hence the need to stay alert while we are online . While digital technology is creating lot many opportunities, it also brings the perils of cybercrime, which is affecting organizations and governments all across the globe.

The most challenging part with cybercrime is that the risk landscape is constantly changing. As technology advances, this challenge keeps intensifying. As existing hacking tools enhance and new tools come in to play, securing networks becomes more challenging.

Cybersecurity is the only solution to protect your digital data and resources by mitigating security threats and vulnerabilities originating from cybercrime.

So, what are we dealing with?

Some of the most common cyber security threats are ransomware, malware, phishing and theft of personal and confidential data etc. Data breaches tops the list.

 Phishing and Trojan Horse attacks: Attacker sends malicious emails that appear to be originating from credible sources such as banks or similar credible organizations. When the recipient opens such emails, and/or attachments and/or clicks on a link in it, the malware enter target’s network and steals or damage personal, sensitive and confidential information, customer details, intellectual property and more. Hackers might steal, delete, or corrupt data. Stolen data is either used for by hackers for their intended purpose or it might even get posted on the DarkNet for sale, or just get posted online for anyone to see.

  • DOS – Denial of Service attacks: In a DOS attack, hackers penetrate into target’s network and they send so many messages that overwhelms the target’s network system, this prevents the authorized users from getting an access to the system and can create server outages and monetary loss and undue excessive pressure on the IT staff.
  • Ransomware: As the name indicates, the purpose of this type of attack is to hold the target to ransom. Hackers penetrate into target’s network and they encrypt data files on the target’s network. A ransom in terms of monetary payment is demanded in exchange for access to data files.

    So, what all can be done to protect ourselves?

Many insurance companies offer cybersecurity policies that provide coverage from activities such as identity theft, unauthorized transactions, and more. Two types of coverage is generally available.

(1) Vendor Indemnity Insurance for cybersecurity vendors and
(2) Third-Party Cybersecurity Insurance for businesses with a risk profile higher than average.

The cost on these policies can be extremely high because of the frequency of attacks.

Below are some very simple and easy to follow recommendations that can go a long way.

  1. Restricted Access Policy- Employees  should have access to only the part of data they need to work with. Access to data and resources should be on need-to-know-basis.
  2. Keep operating systems and other software up to date. An outdated software can become an easy entry point for hackers.
  3. Strong Password. It is a good idea to to have 12 characters password that has upper case letter(s), lower case letter(s), number(s) and special character(s).
  4. Network administrators to ensure safety of the network by frequently changing network passwords.
  5. Install firewall and protective software like antivirus, antimalware, antispyware.
  6. Regularly scan devices for malware
  7. Train all employees on cyber security.

    If you rely on the internet for communication and for carrying out daily operations, you must use cybersecurity measures to safe guard your data and resources.

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

Protecting yourself from PHISHING attacks

BEWARE OF PHISHING SCAMS

/1 Comment/in /by

Phishing emails are one of the most used types of malicious emails. A phishing fraud happens when the fraudster tries to trick someone to steal sensitive data. This type of cybercrime usually happens by email, and generally has doubtful, dubious, and urgent requests.

According to the United States Federal Bureau of Investigation (FBI), phishing is the most common cyberattack in the world, with the largest number of victims.

 Following are some of the ways to spot a malicious email:

  • Sender’s Address is Wrong or Suspicious
    Verify correctness of sender’s address. Cyber criminals cheat through little things, so you must pay attention to minute details. Most of the times, it is just one letter that makes all the difference. For example, the correct email should be example@microsoft.com but you may get mail from example@microsoift.com (pay attention to extra i).

    This tactic’s name is spoofing. It is widely used in malicious emails. According to the FBI, spoofing frauds caused more than USD 300 million in losses in 2019.

  • Dangerous Links and Call-to-Action Buttons
    Fraudsters use malicious links as one of the main ways to commit fraud. So, do not click on a link or call to action button immediately, unless you have verified the genuineness of the link.

    One of the easiest way to check the genuineness of the link is to hover over the link(s) without clicking. Pay attention and examine the address that appears on hovering over the link. Make sure this address is authentic. If something looks suspicious, do not click. Fraudsters impersonate famous brands, like NetflixAppleAmazon, and Microsoft, for example.

    The header image of this blog shows a notice from NETFLIX asking to update the payment method. For those who are not aware, it may seem a genuine email from NETFLIX, but hovering on the link Login to Netflix would show this is NOT from NETFLIX and uninformed & innocent people may end up entering their NETFLIX information and bank details thinking they are paying to NETFLIX and may lose all their money in the Bank.

  • Stay Away from Attachments from Unknown Sources
    To stay safe, make it a practice to NEVER IMMEDIATELY OPEN an attachment that you were not expecting. If it is from someone unknown to you, you may want to delete the email. Even when the mail appears to be from someone you know, please still check the email before opening the file. If in doubt, it will be wise to contact the sender to confirm that the email is legitimate.
  • Look for Spelling and Grammar errors
    Be suspicious of emails that have misspellings or grammar errors. Typing errors are generally an indication of a malicious email.
  • If It Sounds Too Good To Be True It Probably Is/Isn’t”
    If you receive an email with promises of big profits and little or no investment, then the law of the average says that it is not true. Cyberspace is full of spam, phishing, and other types of malicious emails that promise inheritance, lottery prizes, and great giveaways. Beware!
  • Be Guarded when you see Urgent Emails and Requests for Sensitive Information
    It is common sense that if an issue is very urgent, the person will call or will try to meet in person, if possible.

    Be suspicious of emails you receive from unknown people with the subject As Soon As Possible (ASAP) or URGENT or if that requires you to share sensitive information. Those are a sign of fraud or malicious email.

Protecting yourself from PHISHING attacks

PROTECTING YOURSELF AGAINST PHISHING ATTACKS

/0 Comments/in /by

You can protect yourself against a large number of Phishing Attacks by adopting following behaviors/practices:

  • Always hover over the link in an email to see the destination URL before you click on it. Many times the email link would show legitimate name but on hovering, it would show the real name/ real destination
  • Before taking suggested action, always scrutinize the content of the email. If unsure, do not take immediate action, talk to someone who knows better
  • Ask your elders/ teachers if you are unsure about the legitimacy of an email on which you want to act
  • Scan all hyperlinks in incoming email messages to determine if they’re malicious
  • Don’t depend browser’s Block or Allow lists, especially since attackers can exploit legitimate sites and services to evade these lists
  • Implement advanced email security that can analyze the nature of an email message and ascertain its true intent.
Digital Literacy

Digital Literacy- A Mission-Critical Priority!

/0 Comments/in /by

This article aims to serve as a call to action.

The above quote speaks volumes about our role as parents & educators and there is no doubt that parents, educators and Schools are doing a great deal of work in that direction. 

However, with this article, I wish to draw your attention to a very forceful threat that is looming large on our kids and the intensity of which has increased multifold because of COVID-19.

I am referring to the dangers that our kids are exposed to on daily basis because of not being digitally literate. We tend to believe that today’s kids are digitally literate because they are digital natives, i.e., born in the digital age but research has proven that when it comes to being safe in the cyber space, they simply lack the skills that would keep them safe. Kids who are not digitally literate are exposed to dangers of cyber space. Like if we are not proficient drivers on a high-way, we are carrying a significant risk and same is the case with information highway.

Here is some data from the western world, the world which is much ahead of us in terms of technology adoption and its ability to teach and use technology.

“Two-thirds of teachers are aware of pupils sharing inappropriate content, with as many as one in six of these children of primary school age.” NASUWT teaching union “More Than 75 percent of Fifth and Eighth Graders are Non-Proficient in 21st Century Skills” – Learning.com study

“A majority of U.S. adults can answer fewer than half the questions correctly on a digital knowledge quiz, and many struggle with certain cybersecurity and privacy questions” – Pew Center for Internet and Technology- October 2019 report

Digital literacy is not just knowing how to post messages/photos on Facebook or snapchat or Instagram, it is lot more than that.

Staying online and that too in isolation like it is happening because of COVID-19, has made our kids very vulnerable to criminals and bullies. Criminals can negatively influence and hack our kids’ minds which at times can lead to real physical and psychological issues. There is ton of data that criminals are exposing vulnerable and impressionable kids to misinformation, manipulation, and fake news, which causes all kinds of issues in their lives. Who doesn’t know about the horror of Nth Room Case?

The unpredictable changes and the speed of the changes in technology and the cosmic and ubiquitous internet has made it mandatory for everyone to be digitally literate, especially young kids. Digital Literacy is already an essential skill for lots of jobs and this will only go up in the coming years.

The above clearly conveys that teaching digital literacy to our kids is mission-critical. We educators have a great responsibility and we must help our kids by motivating them to acquire digital literacy.

Stay tuned for my next article later this week with some more insight on this problem and some easy and very feasible solution(s).

About the Author:

For over a decade, Pankaj has been a noteworthy leader in the entry level global certifications space. You may know him as the Founder & Managing Director of CyberLearning and Pankaj can also be credited with introducing several global certifications into India including the Microsoft Office Specialist Certification, Microsoft Technology Associate Certification, HP-ATA Certification, Critical Thinking Certification from ETS, Adobe Certified Associate Certification and few others.

Pankaj is the Past President of Rotary Club of Capital City New Delhi and has won numerous awards including at the international level. The COMPUDON Champions (www.compudon.in)championship on MS office Skills was launched by CyberLearning in 2011) sponsored by CyberLearning have won all top 3 titles including title of World Champion at the Microsoft Office Specialist World Championship (USA) and the World Skills championship (Germany). CyberLearning also launched www.compudonjunior.com a championship on Digital Literacy based on Microsoft Digital Literacy Standard in 2019.

Today’s Kids Are At The Center Of Exciting Changes & Uncertainty- Both At The Same Time

/0 Comments/in /by

A generation ago, IT and digital media were niche skills. Today, they are a core competency necessary to succeed in almost all fields.

Let’s face it, Technology is impacting all areas of our lives and this impact is accelerating every day. So much so that Experts are predicting that 90% of the entire population will be connected to the internet within next 10 years. Experts are also predicting that almost 90% jobs of future don’t exist today. With the internet of things, the digital and physical worlds will soon be merged. While these changes announce new & exciting possibilities but at the same time, they are also creating uncertainty & insecurity.

Excitement– because these changes are creating huge opportunities and Insecurity– because our kids are exposed to huge risks at the same time. Risks that are very real, such as, cyberbullying, undesirable, obscene and violent content, radicalization, hacking, identity theft, scams etc. The problem becomes critical because the digital world is changing too much and too fast. And practical issues in updating the school curricula, the slow pace of internet governance and policies for protection of kids is adding to the problem.

We must also be equally concerned about the digital age gap. The usage of technology by kids and by adults is very different which makes it difficult for parents and educators to fully understand & appreciate the risks and threats that kids are exposed to online. As a result, adults are not able to advise children on the safe and responsible use of digital technologies.

So how can we, as parents, educators and leaders, prepare our children for the digital age? Without a doubt, it is critical for us to equip them with skills of the 21st century. As Parents, educators & leaders, we must use encourage our kids to acquire the digital skills and skills of the 21st century. And championships such as COMPUDON JUNIOR solve part of the puzzle by giving kids the needed digital literacy skills.

Credits: World Economic Forum Report July 2019

Digital Literacy- Critical Skill For 21st Century

/0 Comments/in /by

The American Library Association’s digital-literacy task force offers this definition: “Digital literacy is the ability to use information and communication technologies to find, evaluate, create, and communicate information, requiring both cognitive and technical skills.”


Today’s children are digital natives. They are born in an era of Technology. As a result, they learn digital skills just like learning a language, without even realizing they are learning it. Today it is not uncommon for a 3-4-year-old to have some basic knowledge regarding how to get on to the computer and load a game or play a video.

Acquiring digital literacy skills will also help participating students acquire the following skills that they would need in order to function effectively in digital environments.

GRAPHIC LITERACY
Tasks include working with graphic user interfaces that help them to “read” naturally and freely and to understand the instructions and messages represented visually. Students will develop good visual memory and strong thinking, which will help them understand visual messages easily and fluently.

INFORMATION LITERACY
The effort they will put in to identify, locate, evaluate, and effectively use the information to solve the problem / tasks of the COMPUDON Junior exam will help them develop this literacy.

SOCIO-EMOTIONAL LITERACY
A championship for school students from junior classes is based on Microsoft’s Digital Literacy Standard version 4 and while going through the course, students will develop knowledge to avoid “traps” as well as derive benefits from the advantages of digital communication.

Some experts prefer the term “digital literacies,” to convey the many facets of what reading and writing in the modern era entails.

CyberLearning Educational Society (CES) is a NGO arm of India CyberLearning Pvt Ltd., which is a Global Training Partner of Microsoft and is a group of committed individuals who are problem-solvers & leaders, who want to create a lasting change and want to empower & secure every child through digital literacy for success in 21st century global economy.

For more than 15 years, CES has contributed to the cause of digital literacy through partnerships with National and Global NGOs and Foundations.

Featured Links

Information

COMPUDON Flickr Photos