Thursday, October 5, 2017

Protecting yourself from cyber crime: Phishing

October is Cybersecurity Awareness Month!  Here, from QuickBooks Online is information that will better help you understand what phishing is all about


Not everyone who asks for your information has your best interests at heart. An unsavoury character might pose as someone you know and trust – like QuickBooks – and gather your sensitive information for their own purposes. This is called phishing.

There are some email phishing scams circulating that ask recipients to confirm account changes with QuickBooks by clicking on a link. If clicked, the link will automatically begin downloading malware to your device, giving scammers access to passwords and other sensitive data stored there. Do not click on these links. QuickBooks will never ask you to confirm or update account information by email.

How to spot a phishing email
Here are some questions to ask yourself if you get an email that doesn’t seem quite right:
  1. Do you know the sender of the email? If yes, continue to be cautious before clicking a link. If no, do not click any links.
  2. Are there any attachments in the email? If so, do not click on the attachment before contacting the sender to verify its contents.
  3. Does the email request personal information? If so, do not reply.
  4. Does the email contain grammatical errors? If so, be suspicious.
  5. If you have a relationship with the company, are they addressing you by name?
  6. Have you checked the link? Mouse over the link and check the URL. Does it look legitimate or does it look like it will take you to a different Website?
If you get an email claiming to be from Quickbooks or Intuit and you suspect phishing, please forward it directly to Spoof@Intuit.com.

For more information on phishing, security and other online privacy issues, visit https://security.intuit.com/index.php/protect-your-information/phishing-pharming-vishing-and-smishing
Source: https://community.intuit.com/announcements/1489940

Wednesday, October 4, 2017

Cloud Storage Models

At one time or another each of us has experienced the “I wish I had backed that file up” moment.  Backing up digital assets, whatever they might be, is an activity that anyone using a computing device of any sort, will at one time have to come to terms with.   While backing up files to a USB or other local device are always legitimate solutions, the management and physical security of these items present issues that may either be onerous or otherwise inconvenient to undertake (as may be the case if you’re wanting to back up a mobile device such as a tablet or cell phone).   Today’s topic looks at a few of the top cloud storage providers, their offerings and how to make best use of them.

Cloud Storage Models

The easiest way to evaluate cloud storage providers is to first understand how they work in light of what your requirements may be.  Here are three cloud storage models to wrap your head around:
  • Cloud storage services centered on having access to the content of your files.  This model is one adopted by providers like Google, Microsoft, Dropbox and such who offer good security of your data from others, but who also admittedly will access your data as a condition of you using their services.  While these these providers are unlikely to parse through your data for nefarious purposes, that all remains subject to credibility of their employees (the corrupt ones being bad), the nature of their contractual relationships with third party vendors and lawful requests for access  by law enforcement agencies.  Providers  using this model make money not only by charging you for their services, but also by parsing through what you have stored online and offering advertisers the opportunity to target you given what your data says about you.
  • Cloud storage services centered on providing information security.  This model is a response to the apparent shortcomings of the model above. Here providers such as Tresorit, Sync, SpiderOak, Mozy and such offer storage solutions centered on a business model that makes no more money from its clients than what the client pays for.  Within this model data is encrypted on the user’s device via an application provided by the cloud storage provider and stored in its encrypted format on the provider’s servers.  The primary assertion here is that the cloud storage provider has nothing to offer either advertiser or law enforcement as they themselves are unable to read the content of what is being stored.
  • User managed information management and security.  This is a user managed model that makes use of one (or more) of the first two models for their online storage services, but does not defer the responsibility for encryption to the cloud storage provider. Users in this category utilize applications like VeraCrypt or CryptSync and such to manage the security of their data before it is uploaded to the cloud.  The strength of this model is that it is user managed, but can depending on the cloud storage provider used, come at a cost of convenience.

Tuesday, October 3, 2017

Basics – Your user account

CyberSafe.ca’s Basics series are brief articles that discuss the fundamentals of what safe online activity and behaviours are all about.  Here we'll examine user accounts and how to best make use of them.

User accounts are what allows you to sign into a computer, regardless if it run Windows, Mac, Linux or other flavor of operating system (OS).  Some user accounts have administrative privileges, some are for standards users, and yet others present a variation of permissions depending on the task at hand or intention.  For the purposes of this conversation we’ll be discussing the administrative and the standard user accounts.

If you’re running a Windows or a Mac OS at home, chances are that the user account you’re using is an administrative one.  This is admittedly convenient, yet presents a level of risk that is easily prevented by a change in our own behaviours.  Malicious software if run by an administrator account, may achieve its intended results. The same software if run by standard account would likely encounter less success in its attempts.  The issue is permission levels and using only those required to accomplish any given task.

Regardless of the setting (home vs office), best practice is to set up your OS with an administrative account and then to create a standard user for ongoing use.  The standard user account would be for your daily activities such as email, office activities, web surfing etc., with the administrative account only being used when new installations, updates to software or other configuration changes to the system are required.

Today’s action item:  If you haven’t already done so, create a separate user account for yourself on your computer and utilize the administrative account only when required.

Sunday, October 1, 2017

Welcome to the CyberSafe.ca blog – Informed use of the Internet

Firstly, a few comments about how CyberSafe.ca differs from other blogs, tutorials and guides you may have been using.

This blog is not trying to be all things to be all people or to put forward anything so lofty as to make this difficult for the average Joe or Jane to understand.  This is a blog about cyber safety, cyber security and a discussion about how to reduce your risk of being compromised by cyber crime at a practical level.  You won’t find any dissertations here.  You also won’t find articles so broad in their approach that you’re left appreciating only that “cyber crimes” are bad, but with no sense of how to avoid being a victim.

Here you’ll find insights and “how to” that will assist you in simply becoming a better Internet user and one that is more sensitive to privacy and security issues as they relates to your real world and online activities.  Here you’ll find casual dialog from a few of us with backgrounds in cyber crime investigations, child exploitation investigations, fraud investigations, and digital forensics who desires nothing more than to see individuals better educated and prepared to stand against the myriad of attempts made everyday to compromise the personal information and in some cases, security.

This will be our first attempt at maintaining a blog. If you see a review of a product or service, it will be unbiased. If on the chance, we should choose to become an affiliate of any one provider, we’ll let you know so that you can make your own assessment of what is being conveyed.  Not being exactly sure of what everything around maintaining a blog entails, you’ll like notice us hit a few bumps on the road to blogging, but encourage you to bear with us.  We’re committed to making this a meaningful place to visit and further encourage you to sign up to our feed to keep up to date with our latest articles.

Have something to share? Feel free to comment… we’d love to hear from you.  All we ask that all comments remain on topic.

Welcome to CyberSafe.ca.

Protecting yourself from cyber crime: Phishing

October is Cybersecurity Awareness Month!  Here, from QuickBooks Online is information that will better help you understand what phishing ...