Stop.Think.Connect. Campaign Blog

The Stop.Think.Connect. Campaign Blog contains the latest cybersecurity news and tips to help you and your family stay safe online.

Our Critical Infrastructure Runs on Cyber

We depend on critical infrastructure every day. Our ability to travel, to communicate with friends and family, to conduct business, to handle our finances, and even our ability to access clean, safe food and water are all reliant upon our Nation’s critical infrastructure networks and systems.
 
These essential services that underlie daily life in American society are increasingly being run on digital networks. Every day, people connect to the national grid without even realizing it from their smart phones, computers, and tablets. As a result, these critical systems are prime targets for cyber attacks from those seeking to cause our country harm. Seventy percent of companies responsible for the world’s power, water, and other critical functions reported at least one security breach, throughout a 12-month period, that led to disruption of service or loss of confidential information, according to the Ponemon Institute in 2014.  Resilience of essential systems and assets, from power grids to banking systems, is vital to our national security, economy as well as our public health and safety.

As the Department of Homeland Security transitions from October’s National Cyber Security Awareness Month (NCSAM) into November’s Critical Infrastructure Security and Resilience Month (CISR), we focus on the critical mission of defending our Nation’s critical infrastructure from cyber threats. Each November, DHS highlights the efforts between federal, state, local, territorial, and tribal governments and private sector partners to protect and secure the infrastructure Americans rely on every day to communicate, power, transport, and otherwise support our way of life.

Every day, DHS works with critical infrastructure owners and operators to better secure our systems from cyber threats. The Department’s C3 Voluntary Program supports industry in increasing cyber resilience, promotes awareness and use of the Cybersecurity Framework, and encourages organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management. For more information, please visit https://www.us-cert.gov/ccubedvp.

Just as we all rely on critical infrastructure, we all play a role in keeping it strong, secure, and resilient. We can do our part at home, at work, and in our community by being vigilant, incorporating basic cyber safety practices into our daily routines, and making sure that if we see something, we say something by reporting suspicious activities to local law enforcement. The Stop.Think.Connect.™ encourages all Americans to take the following steps to play their part in securing our critical infrastructure.

• Keep a clean machine. Having the latest security software, web browser, and operating system are the best defenses against online threats. Keeping the software on your device up-to-date will prevent attackers from being able to take advantage of known vulnerabilities.
• Turn on stronger authentication. Stronger authentication requires that you use your password in conjunction with an additional piece of information (commonly a one-time PIN sent to your mobile device). Even if cybercriminals have your password, they won’t be able to access the account without the second component if stronger authentication has been used. Visit www.LockDownYourLogin.com for more information on stronger authentication.
• When in doubt, throw it out. Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

Consumers play an important role in helping to secure critical infrastructure by practicing good cyber hygiene themselves and by becoming well-informed about whether the companies and organizations they do business with adhere to high cybersecurity standards. For instance, individuals should read the privacy policy of a company or vendor before purchasing a product or service from them. Also, when individuals or companies look to set up a domain name, they should take advantage of free DNS security features that are offered by domain name registration companies.

Recognizing and Combating Cybercrime

Starting from a young age, our teachers and parents teach us about crime. We learn to lock the doors at night, to say no to drugs, and to avoid talking to strangers. As we get older, we take safety measures to protect our money, our valuables, and our physical safety. However, when it comes to our online lives, many of us frequently put these same things at risk. This October marks National Cyber Security Awareness Month 2016, an opportunity to focus our attention on the importance of protecting ourselves online.

Recognizing and combating cybercrime presents a unique challenge. In a world filled with technical jargon and complicated concepts, the average person may feel overwhelmed with the idea of protecting themselves from cybercrime. However, there are quick, easy steps everyone can take – no matter their level of technical expertise – to protect themselves online. The first step in protecting yourself against cybercrime is knowing how to recognize it. Below are two common types of cybercrime and how to spot them:

• Phishing attacks. Cybercriminals use legitimate-looking emails that encourage people to click on a link or open an attachment. The email they send can look like it is from an authentic financial institution, e-commerce site, government agency, or any other service or business. The email may also request personal information like account numbers, passwords, or Social Security numbers. Once you click on the link or open the attachment, the cybercriminal has access to your personal information, including your Social Security number, bank account information, and credit card number.
• Identity Theft. The illegal use of someone else's personal information in order to obtain money or credit. As we all move towards online banking and shopping, we share a startling amount of personal information online. Cybercriminals are constantly looking to steal this information online. How will you know if you’ve been a victim of identity theft? You might get bills for products or services you did not purchase. Your bank account might have withdrawals you didn’t expect. You may see unauthorized charges on your credit cards. You may be unexpectedly denied for a credit application (when you believe you should qualify).

Protecting yourself from cybercrime may seem like a daunting task, but in reality it’s not. The Department of Homeland Security’s (DHS) “Identity Theft and Internet Scams Tip Card” and “Phishing Tip Card” provides easy steps you can take to protect yourself online. You can find these tip cards, along with other online safety resources, in the Stop.Think.Connect.TM  Campaign’s Toolkit at www.dhs.gov/StopThinkConnect-Toolkit.

All individuals have a responsibility to protect against cybercrime, but no one can do it alone. DHS is committed to building partnerships and providing the right resources needed to fight against cybercrime through the following components.

• The Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI), Cyber Crimes Center (C3) provides technical services and training to help federal, state, and local law enforcement agencies across the country, and international partners, in their cyber and technical investigations. The C3 includes the Cyber Crimes Unit, the Computer Forensics Unit, and the Child Exploitations Investigations Unit.
• The United States Secret Service (USSS) Electronic Crimes Task Force (ECTF) works to identify and locate international cyber criminals, and leverages partnerships with academia and the private sector to prevent, detect, and investigate electronic crimes, including potential terrorist attacks against critical infrastructure and financial payment systems.
• The Transportation Security Administration (TSA) Office of Security Policy and Industry Engagement (OSPIE) Surface Division, in partnership with both their public and private sector stakeholders, manages cybersecurity risk through maintaining and enhancing continuous awareness and promoting voluntary, collaborative, and sustainable community action to critical infrastructure operations within the Nation’s surface transportation systems.
• The United States Coast Guard (USCG) works with private sector and government partners to address cyber risk and improve cybersecurity resiliency for the Nation’s ports, terminals, ships, refineries and their supporting systems.
• The Federal Emergency Management Agency (FEMA) National Continuity Programs (NCP) works to ensure that the federal government can continue to operate during a wide range of potential threats and emergencies, including cyber events.  FEMA and the DHS Office of Cybersecurity and Communications (CS&C) facilitate the Resilient Accord Workshop, an inter-organizational cyber security workshop designed to increase awareness and execution of continuity of operations during and after a cyber incident.

Cybersecurity from the Break Room to the Board Room

October 17, 2016

If a cybercriminal tried to penetrate your office network, would you be able to recognize the hack?

As companies move more of their business operations online, cybercriminals are following them and looking to take advantage of unsuspecting employees to gain access to valuable company information.

Often, the weakest link in network cybersecurity is the human using a computer for work.

You have a very important role to play in cybersecurity. As seen in our “Months to Milliseconds” video, the responsibility for cybersecurity does not fall solely on the IT department. Everyone – from the entry-level employee to the CEO – has a responsibility to implement basic best practices.

As part of National Cyber Security Awareness Month 2016, we are focused on promoting a culture of cybersecurity at work. The first step: Educate and raise awareness for all employees. Here are simple actions you can take to protect information at home, on the go and at work:

• Make your passwords complex. Create long, complex passwords that adhere to company/agency policy and that include a combination of upper and lowercase letters, numbers, and symbols.
• Beware of phishing emails. Do not open emails, links, or attachments from strangers. Phishing attacks use email or malicious websites to infect your machine with malware in order to collect personal and financial information.
• Report all suspicious activity. If you notice something seems off or unusual with your computer, report it immediately to your IT department.

DHS has a number of resources to help businesses and organizations improve their cybersecurity. The C³ Voluntary Program supports industry in increasing cyber resilience, promotes awareness and use of the Cybersecurity Framework, and encourages organizations to manage cybersecurity as part of an all hazards approach. The Enhanced Cybersecurity Services (ECS) provides an intrusion prevention capability that helps U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. Our Automated Indicator Sharing (AIS) is a free capability that enables the exchange of cyber threat indicators between the federal government and the private sector at machine speed.

Cybercriminals often prey on human error – such as employees clicking on a link in a phishing email or using a weak password – to gain access to an organization’s computer networks and information. I encourage you to take advantage of our tools and tips and help promote a culture of cybersecurity in your workplace.

Everyday Steps Towards Online Safety with Stop.Think.Connect.™

October 5, 2016

October is National Cyber Security Awareness Month, which provides an opportunity to have a national conversation about the growing importance of cybersecurity and staying safe online.

There is no doubt that we are all leading increasingly digital lives. Almost everything we do now touches the Internet – from shopping and banking online, to connecting with friends and loved ones, to finding our way around a new town or city. However, there may be uncertainty among many Americans over how to best protect themselves online. Advances in technology have dramatically changed the way Americans lead their lives for the better but also pose a new set of security risks. Identity theft, phishing attempts, and cyberbullying are just a few examples of cyber incidents we now face. It is critical that all individuals make choices every day to be safer online.

Protecting yourself online may seem like a daunting task, but in reality it is not. There are simple, every day steps you can take to secure your online life. You don’t have to be a computer expert to take measures to stay safe online.

The Department of Homeland Security encourages you to follow these three simple steps below.

• Enable stronger authentication. Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account. For more information about authentication, visit the new Lock Down Your Login Campaign at https://www.lockdownyourlogin.com.
• Keep a clean machine. Install updates for apps and update the security software on all of your Internet-connected devices as soon as updates are available. Keeping the software up to date will prevent cybercriminals from being able to take advantage of known vulnerabilities.
• Use long and strong passwords. Create strong passwords with eight or more characters and a combination of upper and lowercase letters, numbers, and symbols.

Join us in recognizing National Cyber Security Awareness Month throughout the month of October. Please visit www.dhs.gov/national-cyber-security-awareness-month or www.dhs.gov/StopThinkConnect for more information.

Get Ready for National Cyber Security Awareness Month

September 27, 2016

October is National Cyber Security Awareness Month (NCSAM). Now just days away, NCSAM is a good opportunity to recognize how much our daily lives depend upon the Internet and spread the word about steps we can all take to be safer online.

We all have a responsibility to be safe online. You don’t have to be in IT or be a technical expert to help create a safer and more secure Internet. By taking simple steps when you are online, like enabling a stronger authentication on your sensitive online accounts, being thoughtful about what emails you open and links you click, and setting strong passwords, you can play your role in creating a safer and more secure Internet.

Thousands of people will participate in this year’s NCSAM events and efforts. October may be just around the corner, but there is still plenty of time for you to get involved as well. Here are three ways you can get involved in NCSAM today:

1. Spread the #CyberAware message on social media.
   • Use the NCSAM 2016 hashtag #CyberAware in your social media messages before and during the month. Start by sharing this sample post on Twitter: “October is National #CyberAware Month! Find out how to get involved at www.dhs.gov/national-cyber-security-awareness-month”
2. Organize a #CyberAware event.
   • Raise awareness for cyber within your company or community by hosting a cyber event during October. Download and print cyber materials from the Stop.Think.Connect.™ Toolkit (including prepared presentations and tip cards) to start an online safety discussion.
3. Join the Campaign.
   • Sign up to receive the Stop.Think.Connect.™ Monthly Friends Newsletter and receive the latest cyber news and tips directly to your inbox here.
   • Government agencies, academic institutions, and non-profit organizations can become official partners of the Department of Homeland Security’s Cybersecurity Awareness Program, the Stop.Think.Connect.™ Campaign. To learn more about the benefits of joining, email stopthinkconnect@dhs.gov.

To learn more about NCSAM and the Stop.Think.Connect. Campaign, please visit www.dhs.gov/StopThinkConnect and www.dhs.gov/National-Cyber-Security-Awareness-Month.

A Cyber Checklist for College Students

August 22, 2016

Encouragement to study hard, get good grades, and look to the future. Warnings against drugs and alcohol. Lessons on how to do laundry. These are the conversations college students are having with their parents before returning to school. But discussions about safe online behavior may not be as common. College students are leading more digital lives than ever before. Their mobile devices are never far from their hands, and there seems to be an app to help them with anything and everything. Students use the Internet for almost everything they do – from ordering food to their dorm, finding their next roommate, tracking their health and fitness routines, calling a taxicab to pick them up, and even to help them find their next date or social activity. Today’s students are constantly connected to the online world.

As they return to campus for the new school year, it’s important to remember to take steps to be cyber secure. Cybersecurity may not be something that is on the traditional “back-to-school checklist,” but given the digital lifestyle of today’s students, it needs to be. Increasingly digital lives bring many benefits, but also pose an entirely new set of risks. Students and all Americans can stay safe online by following the tips in the cyber checklist below. The Department of Homeland Security’s Stop.Think.Connect.™ Campaign encourages you to share this checklist with your family and friends.

Stop.Think.Connect. Campaign’s Back-to-School Cyber Checklist

• Secure your devices and accounts.
  • Enable multi-factor authentication on all sensitive accounts, such as ones that hold financial or health information. Multi-factor authentication (e.g. a one-time code texted to a mobile device) helps verify a user has authorized access to an online account, providing an added layer of security beyond the password.
  • To prevent theft and unauthorized access or loss of your mobile devices, never leave them unattended in a public place, like a classroom or cafeteria.
  • Always update the security software on your mobile devices. Keeping the software on your devices up to date will prevent attackers from taking advantage of known vulnerabilities.
• Protect yourself against online scams.
  • Links in email, tweets, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete it.
  • Be wary of emails or texts that offer something that sounds too good to be true, implores you to act immediately, or asks for personal information. As newly independent young adults, students are prime targets for cybercriminals who are looking to take advantage of their inexperience and desire to support themselves financially.
  • Guard your personal information carefully from cyber criminals. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, class schedules/locations, campus address, and birthday.
• Preventing and responding to cyberbullying.
  • With this increased connectivity, bullying or harassment that previously only occurred in-person now occurs online. Though the conversation about cyberbullying typically surrounds younger students, it can happen to anyone, at any age.
  • If you do experience cyberbullying, it is best to not respond to the bully. Instead, tell a trusted adult, and block them on social media.
  • Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.

For more information and tips for staying safe year-round, please visit DHS.gov/StopThinkConnect.

Beware of Olympic Cyber Scams

July 25, 2016

As the 2016 Summer Olympic Games quickly approach, athletes across the globe are preparing to compete and hopefully bring a medal back to their home country.

However, athletes aren’t the only ones gearing up for the Olympics – cybercriminals are busy looking to exploit excitement around the Olympics to take advantage of unsuspecting consumers and steal their money and personal information.

These ‘cyber pickpockets’ will use a variety of tactics to try and trick people into handing their money over online, making it critical to stay extremely vigilant. Hackers and identity thieves have been known to exploit high profile events like the Olympics through use of phishing emails and websites to target people looking to purchase tickets, merchandise, or stream video online. The Better Business Bureau found that during the 2014 Winter Olympics in Sochi, a search on eBay for “Sochi 2014” found 5,693 results, some of which were fraudulent, even including a fake “Olympic Torch Sochi 2014” for $7,000.

The Stop.Think.Connect.™ Campaign encourages you to be on the lookout for the following common scams during the Olympics season and throughout the year:

• Phishing emails: Scammers use emails to collect personal and financial information or infect your machine with malware and viruses. Cybercriminals use legitimate-looking emails that encourage people to click on a link or open an attachment. The email they send can look like it is from an authentic, Olympics-related organization or legitimate retailer.
  • How to protect yourself: When in doubt, throw it out. Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious – even if you know the source – it’s best to delete or, if appropriate, mark it as “junk email.” Contact the company directly (via phone) to check the email’s legitimacy.
• Counterfeit merchandise: Regardless of if you are physically at the Olympic Games in Rio de Janeiro or not, scammers will try to take advantage and sell you fake merchandise and tickets online.
  • How to protect yourself: Shop only at reputable online retailers, ideally only the official Olympics website. Look for the padlock symbol or for URLs that start with “https” or “shttp.” For auction websites, be sure to check the sellers’ reviews. Also, be sure to always pay for online purchases with a credit card, which offers greater protection than a debit card.
• “You’ve Won” scams: If you unexpectedly receive an email telling you that you have won a prize, lottery, or sweepstakes (for example, free tickets to the Olympics games), it may be an online scam. Though the person seems excited for you to collect your winnings, if they then tell you there is a fee or tax to claim the prize and request your credit card or bank account information, it’s likely a trick.
  • How to protect yourself: Think before you act. Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.

To report suspected phishing attempts, consumers have three resources to use. Consumers can visit the Anti-Phishing Working Group (APWG) at www.apwg.org. In addition, the United States Computer Emergency Readiness Team (US-CERT) also collects phishing email messages and website locations to help people avoid becoming victims of phishing scams. To report suspected phishing attempts to DHS, visit www.us-cert.gov/report-phishing. Finally, consumers can visit the National Cyber Security Alliance’s Spam and Phishing page for more information on how to protect yourself against these attacks.

For more information and tips for staying safe year-round, please visit DHS.gov/StopThinkConnect.

The Real Cost of Free Wi-Fi

June 17, 2016

As warmer weather approaches, millions of Americans will be traveling on summer getaways. Regardless of where you are heading on your vacation, chances are that you will pack connected mobile devices like smartphones and tablets. Once on vacation, most travelers will connect to Wi-Fi to find local hotspots, navigate new cities and countries, and share photos of their trips with family and friends back home.

Public Wi-Fi networks can now be found almost everywhere and make it easy for anyone to connect to the Internet no matter where they are. These networks can be very convenient and offer many benefits for travelers, however, they do come with risks. Many public Wi-Fi networks are not secure, exposing you to online risks and presenting an opportunity for attackers to steal sensitive information.

The Stop.Think.Connect. Campaign recommends following these simple tips, when you are using public Wi-Fi networks:

• Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, or café – be sure to confirm the name of the network and login procedures with appropriate staff to ensure that the network is legitimate. Cyber criminals can easily create a similarly-named network hoping that users will overlook which network is the legitimate one. Additionally, most hotspots are not secure and do not encrypt the information you send over the Internet, leaving it vulnerable to online criminals.
• Avoid conducting sensitive activities. Avoid online shopping, banking, and sensitive work that requires passwords or credit card information while using public Wi-Fi. In addition, enable two-factor authentication on all sensitive accounts to add a second layer of security beyond just the password.
• Use your mobile network connection. Your own mobile network connection, also known as your wireless hotspot, is generally more secure than using a public wireless network. Use this feature if you have it included in your mobile plan.
• Keep software up to date. Install updates for apps and your device’s operating system as soon as they are available. Updates include patches and other fixes to strengthen the security of the apps and devices you own. Keeping the software on your mobile device up to date will prevent criminals from being able to take advantage of known vulnerabilities.

For more tips on how to stay safe while on the go, visit the Stop.Think.Connect. Toolkit to find resources including the Cybersecurity While Traveling Tip Card and the Mobile Security Tip Card.

Three Ways to Celebrate Internet Safety Month

June 10, 2016

June is Internet Safety Month. As we all know, kids are spending more and more time online as well as on their mobile devices. Children have been able to embrace technology in numerous ways, from being able to more effectively complete homework assignments to playing games online with friends. Though this increased connectivity has improved our lives in many ways, it also brings increased risks. For children and teenagers these risks include cyberbullying, online predators, and other online threats. Just like we teach our children not to talk to strangers and to look both ways before crossing the streets, it is critical we teach them about online safety and how to behave properly online.

The Stop.Think.Connect.™ Campaign, the Department of Homeland Security’s national cybersecurity awareness campaign, encourages parents to talk with their children and those in their community about the importance of online safety. Here are three ways to celebrate Internet Safety Month with your family and community:

• Initiate the conversation. Kids look to their parents to guide them. Start conversations with your children early and regularly about practicing online safety. Find materials to help you start the discussion with your kids or students in the Stop.Think.Connect. Toolkit.
• Create an open and honest environment. Be supportive and positive when talking to children about online safety. Create an environment with kids where they can feel comfortable coming to you, or a trusted adult, if they see something online that makes them feel uncomfortable.
• Get your school involved. Reach out to your children’s school to see if they incorporate online safety into their curriculum. Encourage them to host an Internet Safety Month event, using ready-made resources from the Stop.Think.Connect. Toolkit.

As we all spend more and more time connected to the Internet, it is important to think about how practicing safer online habits is a year-round effort, not something to work on solely in June. Please visit the Stop.Think.Connect. Campaign at dhs.gov/stopthinkconnect for more online safety resources, tips, and information on how to get involved with the Campaign.

Owning Your Online Presence: Online Tips for Recent Graduates

May 12, 2016

In the coming weeks, millions of students across the country prepare to wrap up their studies and walk across the graduation stage. After investing a tremendous amount of time, money, and hard work in their education, most college graduates are now focused on finding a good job and starting their career.

Technology has transformed the way Americans do business, including the job search process. In the past, hard copy resumes and in-person interviews primarily drove the decision making process. In today’s world, graduates can apply for jobs online or even on their mobile device, have interviews with potential employers via video conference, and even connect with their dream company on social media websites. Recent graduates are likely accustomed to using the Internet in their everyday life, but the risks that come with that use could greatly impact their career. Making smart online decisions now can help you personally and professionally throughout your life.

Managing your online presence and owning your digital identity are key. It’s important to determine how you will portray yourself—your personal brand—online as you look for a new job or as you grow in your current one. The Department of Homeland Security’s (DHS) Stop.Think.Connect.™ Campaign offers suggestions for enhancing your online presence and avoiding potential embarrassing mistakes and security pitfalls to ensure you can have a smarter, safer online experience.

• Manage your Online Brand. Have you checked yourself out recently online? Performing a quick search of yourself online is important to see what is being posted about you by others on the Internet. Consider setting up email alerts for searches on different variations of your name with your school(s), place(s) of employment, and other distinguishing details. For your social media accounts, regularly scan to see what pictures and content others are posting about you. Make sure to untag yourself from any questionable photos, even if it’s from college or high school, or hide them from your profile, if possible.

• Set Up Privacy Restrictions. Your online social media network has likely expanded to include managers and colleagues who, depending on your privacy settings, may have access to your photos, comments, check-ins, and status updates. Take the time to set up the appropriate settings for the various members of your network—keep your personal and professional worlds separate by customizing what your best friends see versus what your work and peripheral friends see.

• Think Twice Before Posting. Your former and future employers are likely on the web to find out more about you. What you say and do is visible to others, and cannot be permanently deleted. With newer digital applications, even your music preferences are visible to others. Make smart choices and think about how those online decisions might influence others’ opinions of you.

It’s important to note that these lessons apply to people of all ages – even high school students who may be applying to college, joining the military, or seeking a job. College admissions officers are likely checking an applicant’s social media accounts, making it even more important to start managing and improving your online reputation.

If you are a parent, you have an important role in protecting your child’s online reputation. Talk with your kids about the importance of thinking about what they post online. You can start the conversation by sharing this blog post with them.

Visit the Stop.Think.Connect. Campaign to find resources for how to manage your online identity and stay safe online at www.dhs.gov/stopthinkconnect.

Protect Yourself from Online Fraud this Tax Season

April 19, 2016

Tax season is prime time for cyber crime. As millions of Americans file their taxes online, cyber criminals may look to steal your personal information and cash in on your tax refund. The Internal Revenue Service (IRS) is warning Americans that they have already seen a 400% surge in tax-related phishing and malware incidents this season.

Unfortunately, filing a fraudulent tax return online is easier than you might think. Cyber criminals only need a name, date of birth, and a Social Security number. Online thieves will find creative ways to steal this information from you and find ways to break into your devices or accounts to steal your online life, including phishing scams.

This entry was originally posted on the Blog @ DHS. Read the rest of the April 19, 2016 blog.

Avoiding Online Fraud Takes More than Luck

March 15, 2016

Online fraud, and specifically “phishing,” is a growing problem for Americans and American businesses. Every day, over 80,000 people fall victim to phishing attacks. Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cyber criminals use this stolen information to steal your identity, money, and personal information. Preventing yourself and your company from phishing attacks takes more than just luck. By having an understanding of a few security basics and ongoing vigilance, you can be aware of and defend yourself against these attacks.

Phishing occurs when criminals use a seemingly legitimate email to trick users into providing their sensitive personal information such as social security numbers, passwords, or credit card numbers. When users respond with the information, attackers use it to access their accounts. Cyber criminals may also attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Once the malware is installed, phishers can access your information to hack into your private accounts.

OnGuardOnline.gov, a partner of the Stop.Think.Connect.™ Campaign, has provided the following examples of what verbiage a phishing email may include so you can be better prepared to identify these scam emails:

• "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
• "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
• “Our records indicate that your account was overcharged. You must send us your account information within 7 days to receive your refund.”

Delete email and text messages that ask you to confirm or provide personal information (credit card and bank account numbers, Social Security numbers, passwords, etc.). Legitimate companies don't ask for this information via email or text. Also look for poorly-worded emails. If an email “sounds” off when you read it, this could be a sign that it was not written by a legitimate source. You can also call the company’s customer service number and verify that this email is truly from them.

The Stop.Think.Connect. Campaign encourages all Americans to take the following steps to protect yourself against online scams:

• When in doubt, throw it out: Links in email and online posts are often the way cyber criminals compromise your computer. If it looks suspicious – even if you know the source – it’s best to delete or, if appropriate, mark it as ‘junk email.’
• Be wary of email attachments: Be cautious of email attachments from unknown sources. Many viruses can fake sender addresses, so even if a message looks like it’s from someone you know, think twice about opening any attachments – as they may be infected with malware.
• Install and update anti-virus software: Make sure all of your computers are equipped with antivirus software, firewalls, email filters, and anti-spyware. Last year, 99.9% of data breaches reported by Verizon were a result of hackers exploiting bugs on user’s devices that had fixable patches, but just hadn’t been installed yet.
• Think before you act: Be wary of communications that implore you to act immediately, offers something that sounds too good to be true, or asks for personal information.

How to Report Phishing Attempts

To report suspected phishing attempts, visit the Anti-Phishing Working Group (APWG) at www.apwg.org. The United States Computer Emergency Readiness Team (US-CERT) collects phishing email messages and website locations to help people avoid becoming victims of phishing scams. To report suspected phishing attempts, visit www.us-cert.gov/report-phishing.

Visit the National Cyber Security Alliance’s Spam and Phishing page for more information on how to protect yourself against these attacks.

Take Part in Safer Internet Day 2016

February 9, 2016

Today is Safer Internet Day 2016 – a worldwide effort to make the Internet a safer and better place for all. ConnectSafely.org, a DHS Stop.Think.Connect. Campaign partner, leads the Safer Internet Day effort to spread the word and engage a broad community in the day’s activities.

In our inter-connected world where we can be online anytime from almost anywhere, Americans are spending more and more time connected to the Internet. As our lives become increasingly networked, the safety and security of the Internet becomes even more important. This year’s Safer Internet Day theme – “Play your part for a better Internet” – reminds us that we all have a role to play in making the Internet safer and more secure.

"I encourage you to visit the official Safer Internet Day website for information on how to get involved, from becoming a partner to participating in events." Andy Ozment, Assistant Secretary, Office of Cybersecurity and Communications

The Stop.Think.Connect. Campaign encourages you to use Safer Internet Day as an opportunity to take stock of your personal cybersecurity habits and prioritize online safety. You don’t need to be a computer expert to protect yourself online. Start with these simple tips while using the Internet at home or on the go:

• Set strong passwords. Use complex passwords with a combination of numbers, symbols, and letters (upper and lower case) = and use a different password for each account.
• Be wary of public Wi-Fi. Although convenient, most public Wi-Fi networks are not secure. Don’t conduct any sensitive activities, such as online banking or shopping, while connected to public Wi-Fi.
• Keep software updated. Running the most recent versions of your mobile operating system, security software, apps and Web browsers is among the best defenses against online threats.

To learn more about how you can participate in Safer Internet Day, please visit saferinternetday.us/get-involved-2016. For more online safety resources, please visit www.dhs.gov/stopthinkconnect.

Data Privacy Day 2016: Value Your Personal Information

February 3, 2016

Data Privacy Day is an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information.

In today’s connected world, we’re sharing more personal information online than ever before. And it’s not only when we’re sitting at our computers: we use our mobile devices to shop, bank, conduct business, and connect with loved ones. These activities often require us to provide personal information such as our name, email address, credit card information, and other sensitive details online. But when this information falls into the wrong hands, it can be exploited and used to steal your identity and your money. As sharing personal information online becomes commonplace, it is increasingly critical to take steps to protect your personal data and privacy.

This entry was originally posted on the Blog @ DHS. Read the rest of the February 3, 2016 blog.

Are Toys Putting Your Child at Risk of Identity Theft?

December 18, 2015

This holiday season, many parents will be buying new toys and gadgets for themselves and their children. Whether parents realize it or not, more and more toys are becoming connected to the Internet and storing sensitive data about children online – potentially exposing their information to hackers and other criminals. Beyond smart phones and laptops for older children, even Internet-connected toys for toddlers and young children can carry potential risks. Recent data breaches have put a spotlight on these vulnerabilities, making it increasingly important to understand the technology you and your children are using to avoid having sensitive information stolen.

According to the Federal Trade Commission, child identity theft happens when someone uses a minor’s personal information to commit fraud. A child's personal information, such as their Social Security number or date of birth, can be used by identity thieves to apply for government benefits, open bank and credit card accounts, or apply for a loan. This could ruin a child’s credit before they even turn 18 years old.

Parents already take steps to protect their children from physical harm, such as teaching them to look both ways before crossing a street. Protecting their personal information is just as important. The Stop.Think.Connect. Campaign encourages you to take the following steps to keep your family safe online during the holidays and throughout the year:

• Keep your child’s personal information private. Avoid sharing their name, address, telephone number, or the name of their school when using the Internet, apps, or any online devices. Remember that there is no “delete” button online: once something is posted about your child on the Internet, it remains online forever. When sharing photos or information about your children, it’s important to think about how the posts might negatively affect them years from now when they’re older.
• Use parental controls. Take advantage of basic security settings available on the devices or apps your family uses. Limit who you’re sharing information with by reviewing the privacy settings on all accounts. Know the passwords for all of your children’s accounts, especially for social media.
• Secure your connection. Before you share personal information on the Internet, ensure you have a secure connection. A secure websites has a lock icon in the address bar and a URL that begins with “https.”
• Keep a clean machine. Just like your smartphone or laptop, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the mobile applications you use to control the device.

If you suspect your child is a victim of the identity theft, the Federal Trade Commission has a resource to help.

For more tips on how to keep your family safe online, visit the Stop.Think.Connect. Toolkit to find resources including the Parents Tip Card, the Social Media Guide, and the Chatting with Kids about Being Online Booklet.

Holiday Travel Tips: How to Stay Cyber Safe While On-The-Go

December 15, 2015

Millions of Americans will travel near and far this holiday season to visit family, friends, and loved ones across the country. Many of these travelers will take their smartphones, laptops, tablets, and other smart devices with them. These devices offer a range of conveniences, including the ability to order gifts on-the-go, navigate unfamiliar places, and download boarding passes and other documents to travel in a paperless fashion. However, these added conveniences often come with potential threats and vulnerabilities.

Travel smart with your mobile devices by following these cybersecurity tips from DHS’s national cybersecurity awareness campaign, Stop.Think.Connect.:

• Secure your devices. Never leave your mobile device unattended in a public place, and lock your device – with a strong passcode or password – when it is not in use.
• Connect with caution. Although convenient during this busy holiday season, most public Wi-Fi networks are not secure. Do not conduct sensitive activities – like online shopping or banking – on public Wi-Fi. Disable automatic Wi-Fi and Bluetooth connections on your devices.
• Think before you click. Do not click on links or email attachments unless you know the source. Cyber criminals use holiday shopping and travel scams to gain access to your information or computer systems.
• Consider what you post. Wait to post pictures from trips and events until you return home. Posting your location also indicates that your house is empty, making it a prime target for break-ins this time of year.

Learn more about mobile security with the Stop.Think.Connect. Campaign’s Cybersecurity While Traveling tip card.

Buyers Beware: Three Steps to Avoid Cyber Monday Scams

November 25, 2015

Too full from turkey to go shopping on Black Friday? Cyber Monday allows shoppers to avoid the crowds and take advantage of great deals online from the convenience of their computer or mobile device. According to the National Retail Federation, nearly half of all holiday shopping will be done online this year. But online shoppers will find more than just big sales and deep discounts: they’ll also see an increase in cybercrime as online criminals try to get a share of the more than $630 billion expected to be spent during the holiday season.

This entry was originally posted on the Blog @ DHS. Read the rest of the November 25, 2016 blog.

Cyber Professionals Wanted: The Need for a Strong Cyber Workforce

October 30, 2015

Cyber attacks are a major threat to the United States’ national security: our networks are facing an unprecedented level of attacks from individual hackers, organized criminals, and nation state actors. To combat this rising threat, our nation needs a strong workforce of cybersecurity professionals to secure and protect our nation’s networks.

Throughout National Cyber Security Awareness Month, the Department of Homeland Security (DHS) is bringing attention to our nation’s critical need for cyber professionals. Government, academia, and industry must all work together on this endeavor, prioritizing recruiting, training, and employing cybersecurity professionals. Below are a few examples of how DHS is working towards this goal:

• CyberCorps® Scholarship for Service Program: Provides scholarships for college students in cyber-related fields, in exchange for a commitment to for the government in a cybersecurity role.
• National Initiative for Cybersecurity Careers and Studies (NICCS): A “one stop shop for cybersecurity careers and studies” which includes a training catalog of cybersecurity courses and promotes cyber education.
• The National Cybersecurity Workforce Framework: Provides a common definition of cybersecurity; a comprehensive list of cybersecurity tasks; an overview of the knowledge, skills, and abilities required to perform those tasks; and tools and resources for organizations to learn how to assess their own cybersecurity workforce needs. The Framework serves as a foundation for increasing the size and capability of the U.S. cybersecurity workforce.
• The Cybersecurity Workforce Development Toolkit: Helps employers understand an organization’s cybersecurity staffing needs. The Toolkit includes items such as templates to create cybersecurity career paths and resources to recruit and retain top cybersecurity talent.
• The Federal Virtual Training Environment (FedVTE): Provides free, on-demand access to cybersecurity training for federal, state, local, tribal, and territorial government employees and veterans to help the workforce maintain expertise and foster operational readiness.
• Middle and High school cybersecurity curricula: Provides free cybersecurity curricula and workshops for middle and high school teachers across the country, encouraging greater interest in Science, Technology, Engineering, and Math (STEM) fields at all ages, enabling students to learn the necessary fundamentals in high school that will give them the ability to pursue cybersecurity studies or careers.

A career in cybersecurity offers highly competitive salaries, terrific job opportunities, and a rewarding role in protecting our national security. To learn more about cybersecurity education and career development, visit www.dhs.gov/topic/cybersecurity-education-career-development. To learn more about cybersecurity careers at DHS, visit www.dhs.gov/homeland-security-careers/dhs-cybersecurity.

We also encourage you to get involved with National Cyber Security Awareness Month. Here are three simple ways for you to get help us spread the word:

• Share cyber tips. Use the National Cyber Security Awareness Month hashtag – #CyberAware – in your social media messages throughout October. Find sample language here.
• Become a Champion. Champions represent those dedicated to promoting a safer, more secure and more trusted Internet. Being a Champion is easy and does not require any financial support. Find more information here.
• Join the Campaign. Find more information about how to join the Stop.Think.Connect. Campaign here.

For more information on National Cyber Security Awareness Month, visit www.dhs.gov/national-cyber-security-awareness-month.

Our Increasingly Digital Life

October 28, 2015

We are constantly connected. Even while we’re “offline” on vacation, or away from our computer or mobile devices, chances are we’re still connected in one way or another. More and more, the Internet touches almost all aspects of our daily lives.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 28, 2015 blog.

Staying Protected While Always Connected

October 13, 2015

Most of us have developed a very close relationship with our mobile devices: we carry them with us throughout the day, check them frequently, and even sleep with them nearby at night. Although mobile devices allow us to instantly connect with friends and family, to access the internet, get directions, and make purchases, this increased convenience also comes at an increased risk.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 13, 2015 blog.

DHS Kicks Off National Cyber Security Awareness Month 2015

October 1, 2015

The Department of Homeland Security (DHS) today announced the kick-off of National Cyber Security Awareness Month 2015. During this month, outreach efforts will aim to increase Americans’ understanding of basic cybersecurity practices to stay safe online and the role each of us plays in keeping cyberspace safe and secure.

“Cybersecurity is a top priority for DHS. Cyber threats are increasing in their frequency, scale, and sophistication,” said Deputy Secretary of Homeland Security Alejandro Mayorkas. “Each American is a key part of our Nation’s first line of defense and in minimizing the impact of cyber attacks. I encourage all Americans to take advantage of National Cyber Security Awareness Month as an opportunity to recognize the role they play in making the Internet safer and more secure by practicing good cyber habits at home, work, school, and on the go.”

Every day, tens of millions of Americans shop, bank, and stay in touch with friends and family online. Our Nation’s critical infrastructure systems – power grids, financial systems, and transportation systems – all rely on the Internet. This increased connectivity brings many conveniences and advantages; however, it also creates increased threats and risks to our security.

Throughout National Cyber Security Awareness Month 2015, the Department is highlighting ways cybersecurity impacts Americans in all aspects of their lives, including in their use of personal technologies and in their workplaces. Everyone has a role to play in cybersecurity, whether it’s protecting their families from identity theft, protecting their workplaces from cyber attacks, or protecting their communities from cyber predators. Here are some tips to stay safe online:

• Set strong passwords and don’t share them with anyone;
• Keep your operating system, browser, and other critical software optimized by installing updates;
• Maintain an open dialogue with your family, friends, and community about Internet safety;
• Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely;
• Be cautious about what you receive or read online—if it sounds too good to be true, it probably is; and
• Visit www.DHS.gov/StopThinkConnect to learn more about how you can help strengthen America’s cybersecurity.

For more information about National Cyber Security Awareness Month 2015, visit www.dhs.gov/national-cyber-security-awareness-month-2015. For more information on DHS’s cybersecurity efforts, visit www.dhs.gov/cyber.

How to be Cyber Savvy in a “Smart World”

August 24, 2015

We now live in a “smart world,” where the Internet touches all aspects of our daily lives. We have wearables that track our eating, sleeping, and exercise habits. We utilize devices that provide us with a quicker route on a summer road trip. We own mechanisms that allow us to preheat our oven or adjust our thermostat on our way home from work before we even walk through the door. These types of devices are all part of our new, more connected world – commonly referred to as the Internet of Things.

The Internet of Things includes objects or devices that send or receive data automatically via the Internet. As more devices and objects become connected to the Internet – from phones and tablets to homes, vehicles, and medical devices – it is important to realize that the security of these devices is not always guaranteed.

Why Should You Care?

• 1.8 billion: the number of smartphone users*
• 50 billion: the number of connected devices expected by 2020 (that’s 1 person to every 7 devices)*
• $5 trillion: the amount the IoT market is expected to grow over the next 6 years*

Though this technology brings many conveniences to our lives, it also requires that we share more information than ever. Here are three simple steps to take to secure the devices that hold your valuable personal information.

• Keep a clean machine. Just like your smartphone or laptop, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the mobile applications you use to control the device.
• Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
• Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.

For more information on the Internet of Things, please visit www.dhs.gov/stopthinkconnect.

*National Cyber Security Alliance Internet of Things Infographic

Back to School: What You & Your Kids Need to Know About Cyberbullying

August 17, 2015

We are all leading increasingly digital lives, spending more and more time online. With this increased connectivity, bullying or harassment that previously only occurred in-person now occurs online. Although the Internet brings many advantages to our everyday way of life, it also provides bullies with an additional outlet to say or do damaging things outside of face-to-face interactions. As summer comes to an end and children head back to the classroom, it is important to talk to your kids about cyberbullying. Cyberbullying includes a wide range of hurtful behavior that occurs through digital channels such as social media, text messages, emails, blogs, or instant messaging.

The Cyberbullying Research Center, a Stop.Think.Connect. National Network member, has provided a few warning signs that your child may be experiencing cyberbullying:

• Unexpectedly avoids or stops using their device
• Appears nervous or jumpy while on the computer or using their device
• Seems angry, frustrated, or depressed after spending time online
• Becomes abnormally withdrawn from usual friends and family members

The Stop.Think.Connect. Campaign encourages all parents and educators to take the following steps to help students be aware of cyberbullying and to know what to do if they come across bullying online.

• Start conversations regularly about practicing online safety.
• Create an open and honest environment with kids so they can feel comfortable coming to you, or a trusted adult, if they see something online that makes them feel uncomfortable.
• Emphasize the concept of credibility to teens: not everything they see on the Internet is true, and people on the Internet may not be who they appear to be.
• Keep your personal information private, including the names of your family members, your school, your telephone number, and your address.
• Think twice before you post or say anything online. Once it is in cyberspace, it is out there forever.

Though the conversation around cyberbullying is typically focused on children, online bullying can actually occur to people of all ages. The Cyberbullying Research Center shared these tips for adults who are victims of cyberbullying:

• Do not respond. Cyberbullies want you to react. If you respond angrily, the bully may feed off of that response and continue (and even escalate the severity of) the cyberbullying.
• Record everything. Keep evidence of all content (pictures, texts, emails, tweets, status updates, etc.) that the cyberbully has sent or posted about you.
• Talk about it. Speaking with trustworthy friends about what you are going through could be cathartic. They might have gone through similar situations might be able to give you advice.
• Block the bully. Block the cyberbullying at its source. If you are getting incessant communications from a cyberbully, use your email, phone, or social media options to prevent that person from contacting you

For more information and resources, please visit dhs.gov/stopthinkconnect or the Cyberbullying Research Center at cyberbullying.us.

Stop.Think.Connect. Campaign Adds AARP, VA, USPS, SBA to Partner Ranks; Reaches New Milestone of 180 Partners

July 31, 2015

Today the Stop.Think.Connect. campaign announced the addition of several new members to its partner program. Over the last several months, the AARP, the Department of Veterans Affairs (VA), the United States Postal Service (USPS), and the Small Business Administration (SBA) have joined the campaign. This has enabled the Department of Homeland Security (DHS) and Stop.Think.Connect. to directly convey their online safety messages to AARP’s nearly 38 million members as well as millions more people through the campaign’s 180 partners.

This entry was originally posted on the Blog @ DHS. Read the rest of the July 31, 2015 blog.

Internet Safety Month: Top Tips to Stay Safe Online

June 17, 2015

With summer right around the corner, Americans will be spending time on their mobile devices while traveling and on vacation. According to the Pew Research Center, nearly two-thirds of Americans are now smartphone owners, and for many these devices are their main entry point to the online world. This new technology has eliminated many of the stresses that come with traveling.

Mobile applications and free Wi-Fi at hotels and restaurants allow you to find great deals on flights and hotels, avoid traffic on road trips, check email, or video chat while on vacation from almost anywhere. However, with this increased convenience and connectedness comes a responsibility to stay safe while online and on your mobile device.

This June, in honor of Internet Safety Month, the Stop.Think.Connect. Campaign encourages you to make online safety a priority. You don’t need to be an IT professional to protect yourself online: start with these simple tips to protecting yourself and your family while using the Internet at home or on the go:

• Set strong passwords. Make your passwords complex by using a combination of numbers, symbols, and letters (upper and lower case). Click here for tips on how to choose a good password.
• Think before you connect. Before you connect to any public wireless hotspot – like in an airport, hotel, train/bus station or café – be sure to confirm the name of the network and login procedures with appropriate staff to ensure that the network is legitimate. Anyone can set up a network and give it any name they want: even if a network is named after your hotel, it may have been set up by a hacker, so check with hotel staff to be sure. Don’t conduct sensitive activities, such as online shopping or banking, using a public wireless network.
• Keep software updated. Running the most recent versions of your mobile operating system, security software, apps and Web browsers is among the best defenses against online threats.
• Lock your device when you’re not using it. Even if you only step away for a few minutes, it’s enough time for someone else to steal, copy, or destroy your information.
• Disconnect your device from the Internet when you aren't using it. The likelihood that attackers or viruses scanning the network for available devices will target you becomes much higher if your device is always connected.

Check out the Stop.Think.Connect. Campaign’s Cybersecurity While Traveling Tip Card and the Mobile Security Tip Card for more cyber tips.

Get Involved

Here are some ways to get involved with Internet Safety Month this June:

• Summer means kids are at home and are often spending more time online. Take a few minutes to talk with your children about online safety. Find materials to help you start the conversation on DHS’s Parents and Educators Resource page.
• Visit Stop.Think.Connect. and STCGuide.com for more resources and tips to help you stay safe online.
• Become a Friend of the Stop.Think.Connect. Campaign by signing up for our monthly newsletter to receive the latest cyber news and tips right to your Inbox. Sign up here.

Protect Yourself Against Tax Refund Fraud

April 6, 2015

With the April 15 deadline approaching, millions of Americans are finalizing the preparation and filing of their taxes. Unfortunately, tax season is a busy time for cyber criminals and scammers as well.

This entry was originally posted on the Blog @ DHS. Read the rest of the April 6, 2015 blog.

Data Privacy Day: Keep Your Information Safe No Matter How You Get Online

January 28, 2015

Data Privacy Day, recognized each year on January 28, is an international effort focused on protecting privacy, safeguarding data, and enabling trust. Since 2008, Data Privacy Day has encouraged everyone to weigh the benefits and risks of sharing information, understand what their information can be used for, and take steps to protect themselves and their identities.

This entry was originally posted on the Blog @ DHS. Read the rest of the January 28, 2015 blog.

Be Cyber Safe this Super Bowl

January 27, 2015

The Super Bowl is the most-watched television program in America, with more than 100 million people tuning in annually. Cyber criminals, hackers, and other malicious actors may take advantage of people’s enthusiasm for the game to gain access to information or commit fraud. While fans of opposing teams may not agree on much, everyone can agree that practicing safe online behavior is a smart play. Follow these tips to protect yourself and your family:

• Use only reputable online retailers. Looking for a ticket to the game or official Super Bowl merchandise? Make sure the retailer is legitimate and that their website provides protection for online purchases. Look for the padlock symbol near the website address or for URLs that start with "https" or "shttp."
• Stream carefully. For those watching the game online, make sure to use a legitimate website. Questionable websites may expose your computer to malware or other security risks to your privacy or personal information.
• Be wary of public Wi-Fi. If you’re following the game online and in a public space, be careful about public Wi-Fi networks. Don’t conduct any sensitive activities, such as online banking or shopping, while connected to public Wi-Fi.
• Think before you act. Be wary of "too good to be true" deals. Free tickets, cheap team merchandise, cheap collectibles – if a deal sounds too good to be true, it probably is. Slow down and think twice before clicking on such deals. It’s always important to read the fine print and see if these advertisements are a genuine touchdown rather than a malicious fumble.

The Stop.Think.Connect. Campaign encourages everyone to be cyber safe every day. For more tips and resources, visit www.dhs.gov/stopthinkconnect.

Protect Yourself from Identity Theft While Traveling

December 22, 2014

With the holiday season in full swing, many Americans are doing last minute shopping or heading to see family and friends. At the same time, the holiday travel season is a peak period for hackers and thieves to prey on unsuspecting travelers. Vigilance is the key to protecting yourself from identity theft when shopping and traveling.

This entry was originally posted on the Blog @ DHS. Read the rest of the December 22, 2014 blog.

Give Yourself the Gift of Online Security

November 26, 2014

According to the National Retail Federation, 141 million people spent $57.4 billion dollars during Thanksgiving weekend last year, and consumers spent nearly $600 billion during the 2013 holiday season. The biggest shopping season of the year comes with great deals and benefits to shoppers, but it also comes with certain risks.

This entry was originally posted on the Blog @ DHS. Read the rest of the November 26, 2014 blog.

Law Enforcement Embraces New Technologies to “Fight Fire with Fire”

November 7, 2014

While most people associate the U.S. Secret Service as the elite protective agency in the world, a lesser known fact is that we are at the forefront of combating cyber crime.

This entry was originally posted on the Blog @ DHS. Read the rest of the November 7, 2014 blog.

Cybersecurity Strength in Numbers

October 28, 2014

More than 150 government, nonprofit, and academic institutions are now working together to make the Internet safer and more secure through the Department of Homeland Security’s Stop.Think.Connect. Campaign. Cybersecurity is a shared responsibility, and the Campaign’s partner program is one of the most powerful ways DHS connects with diverse audiences to share cybersecurity risks and best practices.

From large and small government organizations to national and international nonprofits to colleges and universities, the Campaign partners reach individuals of all ages, businesses of all sizes, and law enforcement professionals at all levels. Partners create a personal connection to engage their members in cybersecurity education and awareness and provide insight into their specific cyber needs.

Stop.Think.Connect. partners are not only reaching their members, but also engaging their collegial organizations. Thirteen new partners joined the Campaign in the first three weeks of October. These are BeReadyUtah, Colorado Department of Homeland Security and Emergency Management, East Central University, E-C Council Foundation, the National Association of Women Business Owners, Northern Caribbean University, the Sheriff’s Department of Sacramento County, Telecommunications Regulatory Authority Kingdom of Bahrain, Town of Queen Creek, Arizona, University Federal Credit Union, University of Texas at Arlington, the U.S. Chamber of Commerce, and the U.S. Department of Defense. Check our National Network (non-profit organizations), Cyber Awareness Coalition (government agencies), and Academic Alliance (colleges and universities) for information on these and other partners.

October is National Cyber Security Awareness Month, a coordinated opportunity for all Campaign partners to highlight the issue through cybersecurity initiatives and events. This year, Campaign partners have reached millions of individuals through their outreach efforts including social media posts, events, articles, and many other cyber activities.

We each have a role to play in building a safe and resilient cyberspace. Stop.Think.Connect. Campaign partners are pivotal in helping accomplish this goal.

Join the cybersecurity movement and help make the Internet safer for everyone. Email stopthinkconnect@dhs.gov to learn more about the Stop.Think.Connect. Campaign and how your organization can get involved.

Improving Cybersecurity for Small and Medium-Sized Businesses

October 24, 2014

One of the Department of Homeland Security’s priorities in cybersecurity is supporting small and medium-sized businesses. Like their larger counterparts, small and medium businesses frequently house sensitive personal data, and proprietary and financial information. And they are increasingly becoming targets for cyber criminals who recognize that smaller businesses may be easier to penetrate as they may lack the institutional knowledge and resources that larger companies have to protect their information.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 24, 2014 blog.

Keeping Our Critical Infrastructure Cyber-Secure

October 20, 2014

We all are increasingly reliant on the Internet. Not just when we’re on a laptop or smart phone. The underlying critical infrastructure that provides essential services to all of us also is becoming more dependent on the internet.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 20, 2014 blog.

Secure Development of IT Products

October 10, 2014

Information technology (IT) exists in almost all of the products that we use. IT products help us run our homes, businesses, and cities and help us to stay in touch with loved ones around the world.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 10, 2014 blog

National Cyber Security Awareness Month 2014: Engaging All Americans in Online Safety

October 3, 2014

This week marks the start of National Cyber Security Awareness Month 2014, a time to reflect on our cybersecurity practices and promote greater online safety for all Americans.

This entry was originally posted on the Blog @ DHS. Read the rest of the October 3, 2014 blog

Back to School Resources for Teachers and Parents

August 20, 2014

It’s back to school season! While you scramble to get all the right school supplies for the classroom, be sure to equip your students with the tools they need for cyber safety, too. The Stop.Think.Connect. Campaign offers various resources for parents, educators, and students, including:

• Student tip sheets
• Presentations for families
• Resource guides for parents and educators

According to a recent survey, seven in 10 young people have been a victim of cyberbullying. To help protect children offline and online this school year, find ways to incorporate cyber safety into your lesson plans. The Campaign makes it easy for you to print out materials to teach about cyber safety inside and outside the classroom. To jumpstart your cyber safety efforts, follow these simple tips:

• Create an open and honest environment with kids.
• Start conversations regularly about practicing online safety.
• Emphasize the concept of credibility to teens: not everything they see on the Internet is true, and people on the Internet may not be who they appear to be.
• Keep your personal information private, including the names of your family members, your school, your telephone number, and your address.
• Think twice before you post or say anything online. Once it is in cyberspace, it is out there forever.

Following and sharing these simple cybersecurity tips can help to create a better, safer atmosphere for your students this school year.

Be Cyber Safe While On the Go This Summer

August 1, 2014

It’s the last month of vacation for most families this summer. With end of summer in sight, many will be travelling to the beach, to theme parks, and even across the county or overseas. While you enjoy your last month of fun with the family, don’t forget to encourage and practice cyber safety, especially as you use your mobile devices while traveling.

Many people – kids and adults alike – access the Internet through mobile devices, such as cellphones, tablets, etc. Cybersecurity for mobile devices involves the same principles and tips around safely using home and work computers, including being cautious online and maintaining the security of your device.

The Stop.Think.Connect. Campaign recommends following these simple tips, whether you’re traveling or at home, when using digital devices and the Internet:

• Keep software updated. Running the most recent versions of your mobile operating system, security software, apps and Web browsers is among the best defenses against malware, viruses and other online threats.
• Keep your device secure by using a strong password to lock your smartphone or tablet.
• Change any pre-configured default passwords on your mobile device to ones that would be difficult to guess.
• Use your mobile device carefully; emails that can harm your computer can also harm your mobile device.
• Use disk encryption features whenever available.
• Enable two-step authentication when offered, and change passwords to any accounts you accessed while connected to an unfamiliar network.
• When using a public or unsecured wireless connection (i.e. at a café or hotel), avoid using sites and apps that require personal information like log-ins.
• Switch off your Wi-Fi and Bluetooth connections when not in use. Automatically connecting to networks can create vulnerabilities exploitable by hackers and others.
• When banking or shopping online, use only trusted apps or websites that begin with https://.

Cybersecurity is a shared responsibility. When you take simple steps to protect yourself on the Internet, you create a safer Internet for everyone.

Stay Safe Online While Cheering on Team USA

June 26, 2014

As millions of Americans tune in to watch the World Cup and cheer on the U.S. men’s national soccer team, it’s important to stay vigilant against cyber criminals and hackers who may to try to take advantage of people’s enthusiasm to gain access to their information online.

This entry was originally posted on the Blog @ DHS. Read the rest of the June 26, 2014 blog.

This Summer, Keep Your Employees Cyber Safe

June 16, 2014

As a small business, keeping up with the latest competition also involves being sure that you and your employees are cyber-ready. Not only do small businesses rely on technology to perform daily functions, but the Internet provides easy ways for businesses to stay connected and informed. However, with these increased conveniences comes increased risk. According to Symantec, nearly one-third of all cyber-attacks targeted businesses with fewer than 250 employees, the largest growth area for targeted cyber-attacks in 2012. Follow these simple tips from the Department of Homeland Security’s Stop.Think.Connect. Campaign to help keep your workplace cyber safe:

• Use and regularly update anti-virus and anti-spyware software on all computers; automate patch deployments across your organization to protect against vulnerabilities.
• Secure your Internet connection by using a firewall, encrypting information and hiding your Wi-Fi network.
• Establish security practices and policies to protect sensitive information; educate employees about cyber threats and how to protect your organization’s data and hold them accountable to the Internet security policies and procedures.
• Require that employees use strong passwords and regularly change them.
• Invest in data loss protection software for your network and use encryption technologies to protect data in transit.
• Protect all pages on your public-facing websites, not just the checkout and sign-up pages.

Consumers are taking notice of how businesses secure their data and are more willing to trust and reward businesses for good security practices. With cyber criminals now targeting small businesses more than ever before, it’s important to remind consumers that your business is cyber safe by following the above tips.

Keeping Kids Safe Online

May 15, 2014

Summer fun has begun! While the kids are home and enjoying the sun, don’t forget that June is Internet Safety Month. This summer, the Stop.Think.Connect. Campaign is encouraging parents to take a few minutes to talk with their children about Internet safety. While increased connectivity has led to significant transformations and advances across our country – and around the world – it also has increased our shared risk. For children, this includes cyber bullying, cyber predators, and other threats. Parents, teachers, and guardians can take steps to protect children online by creating an open environment where children feel comfortable reporting abuses over the Internet. The Stop.Think.Connect. Campaign encourages adults to:

• Be aware of what social networks your kids and teens use and how much information they share. They should never share addresses, birthdays, schools, and last names with strangers;
• Teach your kids how to conduct searches safely by using specific and narrow search terms on commonly-used search engines to prevent unwanted and malicious results;
• Install filters and firewalls to manage what sites your kids can access;
• Set strong passwords that are different on every site; and
• Remind your children not to say anything online about someone else that they would not want said about them.

At the end of the day, cybersecurity is ultimately about people and is a shared responsibility. We are all called on to ACT: Achieve Cybersecurity Together.

Ensure Your Cyber Safety this Tax Season

March 31, 2014

Not only is April tax season, but it’s also prime time for cyber criminals to try to trick unsuspecting people into sharing personal or financial information. So in addition to filing your taxes, be sure to properly safeguard your data.

This entry was originally posted on the Blog @ DHS. Read the rest of the March 31, 2014 blog.

Flat Stanley Now Helping Kids Stay Safe Online

December 23, 2013

The Department of Homeland Security’s Stop.Think.Connect. campaign is joining the Flat Stanley Project to help kids learn about the importance of cybersecurity.

This entry was originally posted on the Blog @ DHS. Read the rest of the December 23, 2013 blog.

During the Season of Giving, Don’t Give Out Your Personal Information

December 2, 2013

From smartphones and tablets to gaming systems and e-readers, this year’s holiday wish lists are more wired than ever. Many of us will immediately load photos, user accounts, and other personal data onto our new gadgets, eager to enjoy them.

However, if you are giving or receiving the newest tech toys this holiday season, don’t forget to secure new devices from cybercriminals on the hunt for personal information. Smartphones, tablets, and other electronics are now as powerful and functional as many computers. Therefore is important to protect those devices just like you protect your computer or laptop. The United States Computer Emergency Readiness Team (US-CERT) provides the following tips to safeguard your data:

• Lock your device when you are not using it. Even if you only step away for a few minutes, it's enough time for someone else to steal or destroy your information.
• Disconnect your device from the Internet when you aren't using it. The likelihood that attackers or viruses scanning the network for available devices will target you becomes much higher if your device is always connected.
• Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates.
• Consider creating separate user accounts. If there are multiple people using the device, someone else may accidentally access, modify, or delete your information. If you have the option, create different user accounts for each user and set the access and privileges for each account.
• Establish guidelines for usage. If there are multiple people using your device, especially children, make sure they understand how to use the device safely. Setting boundaries and guidelines will help protect your data.
• Back up your data. Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. Regularly backing up your data reduces the stress and consequences that result from losing important information.

For specific information on securing gaming systems, visit the Federal Trade Commission’s OnGuard Online. For smartphone security tips, visit the Federal Communication Commission’s Smartphone Security Checker, a new resource that demonstrates how you can be safer when using a mobile device.

Stop.Think.Connect.: Lookout for Cyber Monday Scams

November 23, 2013

Turkey, pumpkin pie, and football aren’t the only things that are part of many Americans’ Thanksgiving traditions. Deals and bargain prices have also become a part of the holiday season, and more people are going online to find them.

Cyber Monday—the Monday after Thanksgiving—is one of the biggest online shopping days of the year, providing a golden opportunity for scammers and spammers looking to take advantage of unsuspecting online shoppers. On Cyber Monday, hackers may use tactics like preying on popular keyword searches to lure shoppers to malicious websites, with the goal of collecting financial and personal information.

These simple tips can help protect your personal information and transactions on Cyber Monday and throughout the holiday season:

• Keep your computer, browser, anti-virus and other critical software up to date.
• Only buy from reputable sites and pay attention to URLs. Malicious websites may look similar to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Also look in the address box for the "s" in https:// before any transaction. That “s” tells you that the site is taking extra measures to help secure your information.
• Beware of deals that sound too good to be true. Use caution when opening email attachments and do not follow unsolicited web links in email messages and pay special attention to extremely low prices on hard-to-get items.
• Check privacy policies. Before providing personal or financial information, check the website's privacy policy to ensure your safety.
• Use a credit card instead of a debit card. There are laws to limit your liability for fraudulent credit card charges, and you may not have the same level of protection when using your debit card.
• Keep a record of your order. Retain all documentation from the order in the event your purchase does not ship or if there are unauthorized charges on your bill.
• Check your statements. Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.

DHS Announces Stop.Think.Connect. Campaign Partnership with the National Crime Prevention Council

The Department of Homeland Security’s Stop.Think.Connect. Campaign announced a new partnership with the National Crime Prevention Council (NCPC), which seeks to reduce crime by helping citizens work with law enforcement to promote cybersecurity awareness and online safety. The campaign will provide NCPC with tools and resources to educate teens, young adults and parents about how youth can protect themselves from the risk of theft, fraud and abuse online.

Pictured in the photo from left to right, the iconic McGruff the Crime Dog, Ann M. Harkins, President and CEO of NCPC, Michael Kortan, Assistant Director of the FBI Office of Public Affairs, and Suzanne Spaulding, Department of Homeland Security Deputy Under Secretary, National Protection and Programs Directorate, were keynotes and special guests at the event.

“Cybersecurity is a shared responsibility, and everyone must play their part,” said Department of Homeland Security Secretary Napolitano. “Through partnerships like this one, and initiatives like National Cybersecurity Awareness Month, the Department is reaching out to audiences of all ages on the role each of us plays in securing cyberspace.”

“In today’s technology-driven world we share so much personal information about our lives in 140 characters or less that we often fail to see how it can put us at risk,” said NCPC President and CEO Ann M. Harkins. “Partnering with the Department of Homeland Security on cybersecurity awareness is the perfect complement to National Crime Prevention Month, which NCPC celebrates every October, asking every citizen to renew or join the commitment to help Take A Bite Out Of Crime.”

Stop.Think.Connect. is a national public awareness effort to guide the nation to a higher level of Internet safety and security by educating and empowering the American public to be more vigilant about practicing safe online habits. The campaign encourages Americans to view Internet safety and security as a shared responsibility at home, in the workplace, and in our communities.

NCPC was founded in 1982 with the goal of reducing crime by helping citizens work with law enforcement. Using a train-the-trainer model, NCPC has trained thousands of crime prevention practitioners and allies, including law enforcement personnel, educators, parents, youth, local and state government officials, and community leaders, to help them help their communities reduce crime.

This new partnership continues the Stop.Think.Connect. Campaign’s ongoing outreach to the nation’s youth and organizations that serve them. Recently, the Department of Homeland Security announced partnerships with Drug Abuse Resistance Education (D.A.R.E.) America and Boys & Girls Clubs of America.

Find additional information on NCPC. Read more about the event.

Stop.Think.Connect. Encourages You to ACT for National Cyber Security Awareness Month this October

Every day, we are more and more interconnected. We rely on the Internet for all of our day-to-day needs as it allows us to stay connected, informed, and involved. However, this increased connectivity brings increased risk of theft, fraud, and abuse - making cybersecurity one of our country’s most important national security priorities.

In recognition of the importance of cybersecurity awareness, President Obama designated October 2012 as National Cyber Security Awareness Month as a reminder that being safer and more secure online is a shared responsibility. In other words, we should always ensure that our information and critical infrastructures remain secure and reliable for everyone.

Throughout National Cyber Security Awareness Month and beyond, you’re invited to join the Department of Homeland Security's Stop.Think.Connect. Campaign to take part and ACT - Achieve Cybersecurity Together - to ensure everyone understands their role in safeguarding and securing cyberspace, recognizes how to protect themselves and their online interests, and knows who to contact if compromised online.

Here are a few simple things businesses, schools, and home users can do to practice cybersecurity during National Cyber Security Awareness Month and throughout the year:

• Find or register a local National Cyber Security Awareness Month event.
• Show your organization's commitment to cybersecurity by signing the online endorsement form and becoming a National Cyber Security Awareness Month Champion.
• Download tip sheets on how to stay safer in a variety of online settings: on social networking sites, on gaming sites, on your mobile device, and distribute them within your community.
• Participate in the NCSA's Cyber Security Awareness Volunteer Education (C-SAVE) Program and help educate elementary, middle, and high school students about Internet safety and security.
• Add a signature block to your e-mail: "October is National Cyber Security Awareness Month. Stay Safe Online! Visit www.staysafeonline.org for the latest cybersecurity tips."

Find more information on National Cyber Security Awareness Month.

Are You Cyber Ready? Stop.Think.Connect. Commemorates National Preparedness Month

Think about this - what would you do if you received a suspicious email from a friend that only included a link? Would you click on it? What would your spouse, children, friends, or colleagues do? Phishing attacks are only one of the many complex cyber threats we face every time we go online regardless of whether we are at home, at work, or on the go. As technology advances, so do the techniques cybercriminals use to gain access to our computer networks.

To commemorate National Preparedness Month, Americans all over the country are preparing for the unexpected fire, hurricane, tornado or man-made disasters. While the devastating effects on individuals, families, and communities caused from a natural or man-made disaster are easy to see, it is much more difficult to understand the impact of a sluggish computer infected with malware or viruses.

Unlike physical threats that prompt immediate action – like stop, drop, and roll in the event of a fire – cyber threats are often difficult to identify and comprehend. However, they can be just as dangerous. Cyber preparedness can be as simple as setting up the proper controls such as the ones listed below to increase your chances of avoiding cyber risks:

• Only connect to the Internet over secure, password- protected networks.
• Do not respond to online requests for personal information; most organizations – banks, universities, companies, etc. – do not ask for your personal information over the Internet.
• Limit who you are sharing information with by reviewing the privacy settings on your social media accounts.
• Trust your gut; if you think an offer is too good to be true, then it probably is.
• Do not use the same password twice; choose a password that means something to you and you only; change your passwords on a regular basis.

Here are more tips and guidance from www.Ready.gov on how to prepare in the event of a cyber-attack. If you feel you’ve been a victim of a malware attack, phishing scheme, or another cybercrime, contact your local law enforcement or the Federal Trade Commission at www.ftc.gov/complaint.

Stop.Think.Connect. Partners with the Girl Scouts of USA

The Department of Homeland Security announced on August 22, 2012 during the Atlanta Cyber Tour that the Girl Scouts of the USA organization has joined the Stop.Think.Connect. Campaign’s National Network, forming a new partnership which will promote cybersecurity awareness to over 3.2 million youth across the country.

The Campaign will provide the Girl Scouts with tools and resources to help raise awareness among kids, teens, and young adults about emerging online threats and the importance of cybersecurity. This partnership builds on the Campaign’s efforts to highlight curriculum resources available to communities, as well as to promote cyber awareness and educate America’s youth about safer online practices.

“Cyber education is crucial for preparing future generations for the ever-changing cyber world,” said Department of Homeland Security Secretary Napolitano. “With the help of Girl Scouts of the USA, the Campaign has an opportunity to broaden cybersecurity awareness to millions of American youth engaged with the Girl Scouts program.”

"This collaboration between Girl Scouts and the Department of Homeland Security will empower girls to become leaders and advocates for the safe and responsible use of technology," explained Anna Maria Chávez, Chief Executive Officer of the Girl Scouts of the USA. "We know that girls are online. As adults, it is our responsibility to create an environment that encourages girls to establish healthy online habits."

Girl Scouts of the USA was founded in 1912 with the goal of bringing girls out of isolated home environments and into community service. Through enriching experiences, such as field trips, sports skill-building clinics, community service projects, cultural exchanges, and environmental stewardships, Girl Scouts seeks to grow courageous and strong young women.

Find additional information on Girl Scouts of the USA.