Online Safety Awareness

As technology becomes the backbone of modern business, understanding cybersecurity fundamentals has shifted from a specialized skill to a critical competency for all IT professionals. Here’s an overview of the critical areas IT professionals need to master:  Phishing Attacks   - What it is: Deceptive emails designed to trick users into sharing sensitive information or downloading malicious files.   - Why it matters: Phishing accounts for over 90% of cyberattacks globally.   - How to prevent it: Implement email filtering, educate users, and enforce multi-factor authentication (MFA).  Ransomware   - What it is: Malware that encrypts data and demands payment for its release.   - Why it matters: The average ransomware attack costs organizations millions in downtime and recovery.   - How to prevent it: Regular backups, endpoint protection, and a robust incident response plan.  Denial-of-Service (DoS) Attacks   - What it is: Overwhelming systems with traffic to disrupt service availability.   - Why it matters: DoS attacks can cripple mission-critical systems.   - How to prevent it: Use load balancers, rate limiting, and cloud-based mitigation solutions.  Man-in-the-Middle (MitM) Attacks   - What it is: Interception and manipulation of data between two parties.   - Why it matters: These attacks compromise data confidentiality and integrity.   - How to prevent it: Use end-to-end encryption and secure protocols like HTTPS.  SQL Injection   - What it is: Exploitation of database vulnerabilities to gain unauthorized access or manipulate data.   - Why it matters: It’s one of the most common web application vulnerabilities.   - How to prevent it: Validate input and use parameterized queries.  Cross-Site Scripting (XSS)   - What it is: Injection of malicious scripts into web applications to execute on users’ browsers.   - Why it matters: XSS compromises user sessions and data.   - How to prevent it: Sanitize user inputs and use content security policies (CSP).  Zero-Day Exploits   - What it is: Attacks that exploit unknown or unpatched vulnerabilities.   - Why it matters: These attacks are highly targeted and difficult to detect.   - How to prevent it: Regular patching and leveraging threat intelligence tools.  DNS Spoofing   - What it is: Manipulating DNS records to redirect users to malicious sites.   - Why it matters: It compromises user trust and security.   - How to prevent it: Use DNSSEC (Domain Name System Security Extensions) and monitor DNS traffic.  Why Mastering Cybersecurity Matters   - Risk Mitigation: Proactive knowledge minimizes exposure to threats.   - Organizational Resilience: Strong security measures ensure business continuity.   - Stakeholder Trust: Protecting digital assets fosters confidence among customers and partners.  The cybersecurity landscape evolves rapidly. Staying ahead requires regular training, and keeping pace with the latest trends and technologies.  

There ya have it... I may be splitting hairs but it stands to reason that when designing, design with safety in mind. Designing with safety in mind involves proactively identifying and mitigating potential hazards during the design process to create safer products, processes, or environments. This proactive approach, often called Prevention Through Design (PtD) or Safety by Design, aims to eliminate or minimize risks before they become problems, ultimately leading to a more secure experience for users. 1. Identify Potential Hazards: Early Risk Assessment: Start by identifying potential hazards early in the design process, considering the context, environment, and user behavior. Consider All Hazards: Think about various types of hazards, including physical, chemical, biological, ergonomic, and psychological risks. Involve Stakeholders: Engage with various stakeholders, including engineers, safety professionals, and end-users, to gather diverse perspectives and insights. 2. Implement Safety Measures: Prioritize Safety: Make safety a core consideration throughout the design process, ensuring it's not an afterthought. Apply Safety Standards: Adhere to relevant safety standards and regulations, ensuring compliance and best practices. Eliminate or Minimize Hazards: Implement measures to eliminate hazards completely or minimize their impact through safe design choices and controls. 3. Continuous Improvement: Regular Monitoring: Continuously monitor and evaluate the safety of the design and its implementation. Feedback and Iteration: Solicit feedback from users and stakeholders, and use it to iterate and improve the design for safety. Stay Updated: Keep abreast of new safety standards, regulations, and technologies to ensure designs remain safe and effective. Examples of Safety in Design: Architecture: Designing clear exit paths, incorporating fire-resistant materials, and ensuring accessibility for all users. Product Design: Using durable materials, providing clear instructions, and incorporating safety features to minimize potential hazards. Process Design: Optimizing workflows, using safe materials and equipment, and implementing safety protocols to reduce risks. By incorporating safety into the design process from the outset, designers can create safer and more reliable products, processes, and environments. This proactive approach not only reduces the risk of accidents but also enhances the overall user experience and promotes a culture of safety.

The FBI has released PSA warning about all the ways that cybercriminals are using AI to commit fraud on a larger scale and to increase the success of their scams. The advisory warns about deepfaked videos and voice calls, as well as AI generated profile images to impersonate people. Among their recommendations: -Create a secret word or phrase with your family to verify their identity. -Look for subtle imperfections in images and videos, such as distorted hands or feet, unrealistic teeth or eyes, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, lag time, voice matching, and unrealistic movements. -Listen closely to the tone and word choice to distinguish between a legitimate phone call from a loved one and an AI-generated vocal cloning. -If possible, limit online content of your image or voice, make social media accounts private, and limit followers to people you know to minimize fraudsters' capabilities to use generative AI software to create fraudulent identities for social engineering. -Verify the identity of the person calling you by hanging up the phone, researching the contact of the bank or organization purporting to call you, and call the phone number directly. -Never share sensitive information with people you have met only online or over the phone. -Do not send money, gift cards, cryptocurrency, or other assets to people you do not know or have met only online or over the phone. To this list, I would add something I have tried to do with those in my immediate orbit who need a little more help against scams and spams: Set their phone so that incoming calls are limited to people on their contacts list; all the rest go to voicemail. At this point, we are way beyond expecting everyone to be experts at spotting fake this or that. https://lnkd.in/gS9NRmdX

Regulators are coming after your tracking pixels. In the US, we are currently handling numerous pixel lawsuits and working with clients on compliance with both wiretapping, State laws and HIPAA in connection with pixel deployment. Now, Tobias Judin 🏳️🌈 and Datatilsynet in Norway, are going after these with investigation uncovering that websites often share sensitive information through the pixels unknowingly. 6 points that apply in the US as well: 🔹 Identify which tracking pixels, cookies, and other tracking tools your service uses; especially ones that use the info for their own purpose (this could be a "sale" or completely prohibited in the US if sensitive) 🔹 Browsing data can be sensitive. Consider the types of people who use your service and what inferences can be drawn about them, directly or indirectly, based on their browsing history. 🔹 Trackers on websites that target children as especially difficult because they require parental consent for deployment. In the US this has been enforced under COPPA 🔹 You need to give people a choice about the trackers. In the EU - this is pure consent; in the US this can be an opt out unless the data is sensitive. 🔹 You must provide accurate and understandable information about what the tracking tools do, and how they affect the individual and their privacy, as publicly as possible. This should be just-in-time but also in your privacy disclosures. 🔹 You are responsible for the trackers on your website, even if your particular use of them is innocent. You will generally be the one facing enforcement. https://lnkd.in/ef83G5XR pic by ChatGPT

Stay Safe on Social Media with These Essential Tips 👇 Social media is a great way to connect, but it’s important to protect your privacy and security. Use these tips to enjoy social platforms safely and responsibly! 🔒 Tip 1: Adjust Your Privacy Settings Make your profiles private and control who can see your posts, tag you in photos, or send you messages. Use privacy tools to limit access to your personal information. 🔒 Tip 2: Think Before You Post Remember: once something is online, it’s hard to take back. Avoid sharing sensitive details like your address, phone number, or travel plans. Also, consider how your posts might be perceived by employers or others in the future. 🔒 Tip 3: Use Strong Passwords Create unique passwords for each account using a mix of letters, numbers, and symbols. Enable two-factor authentication (2FA) for an extra layer of security. Never reuse passwords across multiple platforms. 🔒 Tip 4: Be Cautious with Friend Requests Only accept requests from people you know personally. Fake accounts are often used for phishing or gathering personal information. 🔒 Tip 5: Limit Location Sharing Turn off geotagging and avoid posting your real-time location. Sharing your whereabouts can make you vulnerable to stalking or theft. Save vacation photos and check-ins for after you return home. 🔒 Tip 6: Watch Out for Suspicious Links Be wary of links sent via messages or emails, even if they appear to come from friends. Verify with the sender before clicking to avoid phishing scams or malware. 🔒 Tip 7: Monitor Your Digital Footprint Regularly review what’s publicly visible on your profiles. Remove old posts that might reveal too much personal information or no longer align with how you want to be perceived. 🔒 Tip 8: Communicate Boundaries with Friends Ask friends not to share photos or tag you without permission. Set up approval settings so you can review tags before they appear on your profile. 🔒 Tip 9: Avoid Public Wi-Fi Refrain from accessing social media accounts on public Wi-Fi networks without a VPN. Public connections can expose your data to hackers. 🔒 Tip 10: Report and Block Harassment If someone is harassing you online, block them immediately and report their behavior to the platform’s administrators. Most social networks have tools in place to handle abuse. 🔄 Share this post to help others protect their privacy and security on social media! 👉 Follow me for more tips on staying safe online! Want more great AI tips and news? Join my free weekly newsletter at https://rodman.ai/news/

🎓✨ Sending My Kids Off to College: What Would You Tell Your College-Age Kids to Stay Safe? ✨🎓 Recently, I said goodbye to my two sons as they headed off to college, officially making me an empty-nester. As a retired Federal Bureau of Investigation (FBI) agent, I’ve made it my mission to equip them with the tools they need to stay safe online. Before the tears (Mine 😀 ) and the final hugs, we went over the essential CyberSecure Mindset principles to ensure they’re prepared for the digital world: 🔐 Strong Passwords & Passcodes: A simple four-digit code is not enough. Ensure your iPhone and all critical accounts have strong, unique passcodes. 🔒 Two-Factor Authentication: Enable 2FA on all mission-critical accounts including email, banking, social media, and iCloud. 📞 Beware of Social Engineering: Be cautious of phishing emails, texts, calls, and social media scams. Always verify the source. 💳 Credit Over Debit: Use credit cards instead of debit cards and check for card skimmers at checkout. 🔑 Family Safe Word: Develop a safe word for family communications to combat potential AI-driven scams. If unsure, use the code. 📸 Think Before Sharing: Remember that anything you post or send online can never be fully retracted. Think twice before sharing. 🔍 Think before you click or download, and ensure you have a reputable antivirus product on your computer. What else would you tell your college-age kids before they left for school? Building a community around the #CyberSecureMindset means sharing these crucial tips and best practices. Let’s ensure our kids are prepared for the digital world! For more information on keeping your family safe online, visit www.CyberSecureMindset.com. #CyberSecureMindset #DigitalSafety #CollegeBound #SocialEngineering #Cybersecurity #FamilyFirst #ProtectYourData #thesecrettocybersecurity Marc E. Darren Mott, FBI Special Agent (Ret.), "The CyBUr Guy" Corey Munson Jason Smolanoff Ashley Barton Laqwacia Simpkins Anna Cox John Caruthers Art Gross

Cybersecurity isn't just IT's responsibility—it's everyone's lifeline to protecting what matters. Here's why building a security-conscious culture is critical for your business's survival: → 95% of breaches start with human error. This isn't just a statistic—it represents real people, jobs, and livelihoods at risk when employees aren't prepared to spot threats. → With cybercrime costs projected to hit $10 trillion by 2025, the impact goes beyond just business losses—it affects employees' job security, customer trust, and families who depend on the business's success. → Security awareness must flow through every department. When everyone understands their role in protection, we create multiple layers of defense against threats. → Trust is earned through action. Customers choose businesses that demonstrate a commitment to protecting their data and privacy. Building this culture requires: ✔️ Leaders who champion security daily ✔️ Regular, engaging training that connects with real-world scenarios ✔️ Clear channels for reporting concerns without fear ✔️ Recognition for team members who strengthen our security posture Remember: In today's digital world, cybersecurity isn't an IT problem—it's a survival skill that protects jobs, families, and futures. Every employee plays a crucial role in safeguarding not just data, but livelihoods. What steps are you taking to make security awareness part of your company's DNA? 🔒

One of the ways people are taking advantage of jobseekers excitement in this tough job market is through scams that appear to be legitimate jobs - we've seen this happen quite a bit at Zapier, and have had folks contact us about this issue again this week. Often, they will go to great lengths to impersonate the real company, using real employee names and a similar domain. So here are some ⛳️ to look out for - please remember them, and share with your friends if you think they may be falling for a scam! 1. The domain the email comes from does not match the company's actual domain. For example, instead of zapier dot com, the email comes from zapier dot mobi or zappier dot com or something like that. 2. You are contacted about an interview for a job you didn't apply for. If you didn't apply and they claim you did, it's a scam. 3. You are contacted about a job that's a stretch or seems to good to be true. When recruiters source, they are generally looking for people that meet all the many qualifications a hiring manager has so it's unlikely they will contact someone without really relevant experience. Companies are not paying $70 an hour for someone to do data entry work from home. If it sounds too good to be true, it is. 4. The interview process takes place via skype, whatsapp, telegram, etc. and you never actually talk to anyone live before receiving an offer. Companies are not hiring people to do important work and have access to their systems without meeting them live and thoroughly vetting their qualifications. 5. Communication is coming at odd times. The person is supposedly based in the US, but is responding to your messages at midnight as an example. I've seen these scammers go to significant lengths to appear legitimate: - create LinkedIn accounts and connect with current employees so they appear to be real employees - use the names of actual employees in their communications - create websites to increase the appearance of legitimacy I think in most cases, jobseekers who fall for these scams know something is off. But they want to believe it because they are so hungry for an opportunity. My suggestion however is to take a few minutes to do some research. When in doubt, email the company (for most companies, this will be something like "jobs" or "recruiting" at company domain), or submit a concern to the company's support page so they can look into it. And if you do end up the victim of one of these scams: 1. If you set up some sort of account or gave them a password, change all your passwords. 2. If you provided any bank account or identity information, contact your bank, freeze your credit, and consider identity theft protection. 3. Contact the company being impersonated - we can at least take steps to get the fraudulent domain shut down and remove the impersonator. I really hate that this is even something jobseekers are dealing but hopefully these tips help you avoid falling victim to these scams!

In light of recent data breaches, attackers and cybercriminals have access to more personal information than ever before. A common question I’m asked is, "What do they do with this data?" One disturbing example is using it to target individuals for extortion, specifically through a method called "sextortion," which I was recently subjected to. For those unfamiliar, sextortion is a tactic where criminals use stolen personal information to try and manipulate individuals into paying money. This often involves threats related to personal or embarrassing behavior, such as claims of inappropriate online activity. In this case, it was related to pornographic content. In a previous role, I worked with financial advisors who, despite knowing the claims were false, paid out of fear and the desire to protect their reputation. Unfortunately, I know which breach this data originated from, and the attackers even included a Google Maps street image to make their threat seem more credible. And no, they never contacted me again. This experience highlights the growing importance of data protection and cybersecurity awareness. If you find yourself in a similar situation, stay calm, verify the claims, and seek professional guidance before taking any action.

I had planned to pen an article applauding U.S. Department of Health and Human Services (HHS)'s move to appeal a recent ruling that struck down HHS's data tracking rule... but before I could put the finishing touches on the article, I assume someone had a horse's bloody head laid in their bed. Just days after they filed their notice of appeal, HHS reversed course and withdrew its appeal to the 5th Circuit. What I wouldn't give to have listened in on those calls between the American Hospital Association and administration officials that prompted this about face. As a refresher, the case centered on the invasive use of tracking technologies by hospitals, which, without most patients’ knowledge, collect and share highly sensitive health information with marketing giants like Facebook and Google. Hospitals successfully argued that these tracking tools are essential for patient safety and continuity of care, claiming they help enhance patient experiences by providing better analytics and personalized services. (*Pardon me while I spit out my coffee.) But its worse than my cynicism... these tools are not the benign, HIPAA-compliant tools hospitals would have us believe...they are sophisticated marketing surveillance systems, designed to exploit patient information for financial gain, not to protect it. When a patient visits a hospital’s website, they might browse pages about specific health conditions, book appointments, or log into their patient portal. Unbeknownst to them, embedded tracking technologies are quietly collecting data about every click, scroll, and keystroke. This includes URLs of the pages they visit (e.g., information on fertility treatments), their IP addresses, device details, and even unique identifiers like cookies that persist across multiple devices. This data is then transmitted in real-time to third-party companies like Google and Facebook, who are masters at linking this information with their vast existing databases. The result? These companies can create a highly detailed profile of the patient, connecting their web activity on the hospital site with other online behavior, including social media activity and search history. These tracking technologies can even link data across different devices... if a patient checks their fertility treatment plan on their smartphone during a lunch break, that information could then be connected to their work computer, leading to targeted ads appearing while they’re at work. This not only breaches the patient’s privacy but also risks exposing deeply personal information in highly inappropriate settings. While the consequences of this ruling are profound and set a dangerous precedent that further erodes trust and compromises the privacy of millions of patients; HHS's about face is an even bigger slap in the face. Patient Rights Advocate Marilyn BartlettDave Chase, Health Rosetta-discovering archaeologistJake PerryPreston AlexanderAnn LewandowskiLee LewisHannah Anderson