Tag Archives: spam

Seasonal Phishing

Did you know that Phishing has a season, just like real fishing?

Statistics show that during the year-end holiday period, malicious users are more successful with phishing attacks about holiday giving or shopping because they tailor their message to fit the hustle and bustle and activities of the season.

Here is a short videowhich reminds all of us not to let our guard down just because we are too busy or distracted to carefully scrutinize an e-mail advertises a sale or touches our heart.

Have a good holiday season, and Safe Computing!

Beware Humans with Computers!

At a recent presentation to state risk managers in Olympia, representatives of the law firm BakerHostetler, which includes a number of attorney’s who specialize in resolving information security data breach issues, identified that cyber attacks using Phishing and Malware  was the cause of 31% of the more than 300 data security incidents the firm handled nationwide in 2015.  This is not much of a surprise given the recent increases in the number of these types of attacks.

The second highest category identified at 24% was Employee Action/Mistake, which includes failures of employees to follow organizational policies resulting in a data breach.

Interestingly, the next highest causes of data losses include other categories which also have significant ties to how authorized users interact with information technology and the data stored and manipulated with that technology.  These include: Loss or Theft of a Device (17%); Vendor/ Contractor Actions (14%); Internal Employee Theft (8%); and Lost or Improperly Disposed Data (6%).

These statistics show that the human component of data protection is significantly more important with regard to modern IT security issues than is the technology component.

The underlying source of ALL of these top kinds (92%) of data breaches can easily be attributed to the authorized users of the compromised data and either a deliberate disregard for organizational policies or a lack of information security awareness on their part.

Clearly, it is important for each of us to understand that we each need to constantly protect the college data we access during the course of our daily work, and to ask questions of our supervisors when we are not certain how best to do that.

The college has published a number of policies and procedures related to technology use by college employees and the protection of college data.  Here are links to a few of those current documents:

Take some time this week to update yourself on the information in these important documents and, as always:  Safe Computing!

Security Intelligence Report

Warning:  for serious information security buffs only!

Microsoft has recently published it most recent security intelligence report (152 pages!) on the current state of information security and exploitation trends in the world.  While it is not really intended for the casual computer user, it is fascinating reading if you are interested in diving a little deeper into the bigger information security picture.

There is a 21 page summary version and a 94 page worldwide threat assessment also posted on their Security Intelligence Report website, along with lots of links to other related information if you are bored and have an afternoon to kill…

Just think!  Some of us get to read this stuff every day!

ENJOY the beginning of summer this weekend.

Federal Trade Commission Scam Alerts site

Happy June!

Today’s information is short and sweet, and is about an important resource each computer user should have at their fingertips.

The Federal Trade Commission has a website intended to inform consumers about current scams, including computer spam scams (say that three times, real fast).  Of course, most things that may be identified as applying to consumers can be valuable in the workplace, as well.

So check out the information posted there, then bookmark the site both at home and here at work, and refer to it whenever you have questions or are just curious.  You can even sign up to get automatic alerts, if you wish.