Morgan Grevey

About Morgan Grevey

As Marketing Manager at CSID, Morgan has her finger on the pulse of happenings at the company and in the cyber security and identity protection industries. Morgan writes about general industry news, industry events and company updates.

How Consumers Can Respond to the Yahoo Breach

By | December 16th, 2016|Industry News|

CSIDYahoo recently disclosed that it has discovered a breach of more than one billion user accounts that occurred in August 2013. This is believed to be a separate attack from the breach Yahoo reported in September.

Bob Lord, chief information security officer at Yahoo, said the stolen user account information may include names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Whether or not you have a Yahoo account, this is a great reminder to make sure you’re following best practices when it comes to your online security.

Create Strong Passwords
Take a look at the most common passwords from last year and it’s a canvas of simplicity. “123456” and “password” are the two most common, with other easy-to-guess passwords like “football” and “abc123” high up on the list.

While these are easy to remember, they’re also quite easy to guess. Refrain from using your name, birthday, or pet’s name in your passwords; instead, use long, strong, unique passwords with a mix of numbers, letters, and special characters. Don’t reuse passwords across multiple apps and sites and also be sure to update your passwords regularly – it’ll help further protect your information from being accessed.

Stay Updated
When your computer or an app asks if you’d like to update to the latest version, do you typically ignore it, or click “Remind Me Later?” Get out of that habit – those updates are there for a reason. Developers are constantly fixing bugs and adding security adjustments and patches to make your devices safer.

Keep an Eye out for Phishing Scams
Phishing scams often come in the form of a fraudulent email message. Though they can occur at any time, they’re even more prevalent during the holidays, with cyber criminals sending what appears to be a legitimate offer. Avoid clicking on links or downloading attachments from suspicious emails, especially if you don’t know the sender. Be wary of emails that ask for personal information or refer you to a website to input your information, even if it appears to come from a retailer you do business with. The best way to confirm if the retailer really sent the email, is to call the legitimate entity directly to confirm the email is legitimate.

Monitor Your Payments
Keep records of online transactions and monitor bank and credit card statements to ensure there aren’t any fraudulent charges. Contact your bank or credit card company immediately to report suspicious activity or charges – even small ones. Oftentimes, cyber criminals test small amounts to ensure the account is active. Take the time to set up monitoring services to help you keep an eye on all your financial accounts.

This latest breach is another reminder that no company is safe from cyber attack. However, by taking a proactive approach to online security, you’re doing your part in safeguarding your information and minimizing your vulnerability to attack.

Do you have any other best practices for ensuring online security? Share your tips with us on LinkedIn, Facebook and Twitter.

Safe Shopping Tips During the Holidays

By | December 9th, 2016|Identity Protection, Online Safety|

CSIDThe holiday season is a whirlwind of wintry weather, family and friends, and shopping – a lot of shopping. The National Retail Federation predicts retail sales in November and December will increase 3.6 percent, reaching $655.8 billion. Online shopping is expected to increase between seven and ten percent from last year to a staggering $117 billion.

Whether you’re battling the crowds or shopping from your smartphone, it’s important to protect your information.

When Shopping In Stores:

  • Before you leave for an afternoon of shopping, edit the contents of your purse and wallet. Only carry the cards and information you absolutely need. Not writing checks? Leave your checkbook at home. It’s important to note that you should avoid carrying your Social Security number with you year-round.
  • Protect your PIN when shopping by keeping a watchful eye on other shoppers, and covering the key pad.
  • Be aware of the information being collected (email, address, zip code, etc.) by retailers. Only share what is required, and feel comfortable asking how your information will be stored and used during future purchases.
  • Avoid sharing and accessing sensitive information over public Wi-Fi, including banking apps, social media, and online shopping. If there is no secured Wi-Fi network available, consider using a Virtual Private Network (VPN) while you shop.
  • Stay alert to your surroundings, and keep a close eye on your belongings. Never leave your purse and wallet in a car unattended.

When Shopping Online:

  • Be familiar with your merchant and ensure you’re using reputable online sites. First and foremost, always look for the HTTPS and green padlock icon in the address bar. You should avoid entering your credit card number or financial information if you don’t see this.
  • Create unique, cryptic passwords for each online customer account. Avoid using the same password across multiple websites and apps.
  • Take the time to logout of all online shopping accounts when your transaction is complete.
  • Make sure your devices are up-to-date, and that the latest security software and operating systems are being used for your phones, tablets, and computers.
  • Keep an eye out for phishing scams, as these fraudulent email messages are intended to look like legitimate offers during the holiday season. Never click on links in emails from unknown senders, and be wary of “too good to be true” deals. When in doubt, visit the retailer’s website directly or call their customer service to ensure the deal or email is legitimate.

Whether you are shopping at home or in-person, it’s important to keep track of your payments. Save records of your online purchases and check your bank account daily during this high-activity time. If you notice an unauthorized purchase, contact your bank or credit card company immediately.

We hope your holiday shopping is a breeze this season! What are your safe shopping tips? Share your advice with us on LinkedIn, Facebook and Twitter.

Educating Family on Security Best Practices

By | November 22nd, 2016|Online Safety|

CSIDThe winter holiday season is a special time of year. We see more festive lights, hear more cheerful music, and spend more time with family.

Unfortunately, it’s also one of the most lucrative seasons for cybercriminals. Forty-percent of all yearly cybercrime occurs during October, November, and December. While you may consider yourself cyber-aware, others in your family may not be. Here are a few things to look for during this holiday season, and how you can educate your family around staying secure:

Be Wary of Downloads
While many advertisements this holiday season are perfectly legitimate, there are also malware-infected advertisements designed to bring harm to your computer. Make sure you know exactly what you’re getting when you’re downloading a product, and only click on links from websites you trust. Teach your family members to do the same. Clicking on a malware-infected ad could not only bring up inappropriate images or videos, but could also install a virus or spyware on your computer, allowing a cybercriminal to access your files or personal information. Encourage children to ask before downloading anything from the Internet and help oversee their activity to prevent potential damage.

Be Proactive
Some of your relatives might not realize that two-factor authentication (2FA) exists, or how to set up monitoring services. These are layers of security that aren’t difficult to set up, and your family members will feel safer knowing they are taking additional steps to help secure their personal information and online accounts.

Additionally, most people tend to shop more around the holidays, which give scammers a better chance to steal their information. Keep a close eye on your billing statements. If you do not recognize a charge, report the suspicious activity to your bank or credit card issuer immediately. Talk to your relatives about setting up credit card alerts. Most credit card companies can give daily, weekly, or monthly updates on account balance, or can send a text message for transactions over a certain, pre-determined amount.

When in Doubt, Ask
During the holiday season, it’s no surprise to see a company offering a deal on their products or services. You probably have a family member that considers himself or herself a real bargain hunter, and perhaps they even take pride in seeing how much they can discount their purchase. This holiday season, tell them to take a moment to consider the deal – if it’s too good to be true, it probably is. If they receive an offer through email or find one on a site they don’t normally visit, a quick search online, even just the retailer’s name plus “scam,” is a good way to ensure validity.

Another imposter scam typically targets the elderly, but can affect anyone. A scammer will claim to be a grandchild or another family member who needs money to get out of an accident or another fabricated incident. Tell your grandparents, aunts, and uncles to be on the lookout for this kind of scam – and to contact the supposed person directly. They could also check in with someone who knows the person, and they should never send money unless they’re positive the person calling is indeed who they say they are.

Do you have any other advice for the holidays? Has one of your relatives fallen for a scam before? Join the conversation on FacebookTwitter or LinkedIn.

A Recap of NCSAM 2016

By | November 4th, 2016|Industry News|

CSIDEach October, we band together with other businesses, nonprofits, and agencies to observe National Cyber Security Awareness Month. Now in its 13th year, NCSAM is a collaborative effort between the U.S. Department of Homeland Security and the National Cyber Security Alliance to educate consumers, corporations, and institutions about cybersecurity awareness.

The past four weeks we have been sharing our tips and insights in weekly themed #ChatSTC Twitter chats, hosted by our friends at STOP. THINK. CONNECT. Below, learn more about the topics we explored and key takeaways on important issues discussed.

Every Day Steps Towards Online Safety:
Creating new cybersecurity habits does not need to be daunting. There are simple steps and easily adoptable actions that can help keep your private information safe online.

  • We recommend getting started by creating a conversation at home. Late last year, it was reported that teens spend nearly nine hours every day in front of some form of media channel. Talk to your children and your partner about the types of information that should remain private and the importance of safeguarding this information.
  • Create strong, cryptic passwords that are a complex combination of letters, numbers, and special characters. Take care to avoid your name, birthday, or pet’s name, and don’t reuse passwords across multiple sites and apps. We also recommend using two-factor authentication whenever possible.
  • Check your privacy settings on your devices and apps. Certain apps may have default settings that may share your sensitive information. Disable or permanently delete programs and apps you no longer use.

Cyber from the Break Room to the Board Room:
Businesses of all sizes need to implement cybersecurity practices and understand the threats facing their organization, like phishing scams and malware. Every person in an organization plays a role in keeping a business secure and creating a culture of security.

Our Continuously Connected Lives:
Lastly, we explored the Internet of Things. According to Cisco, there are already 10 billion things that can connect to the Internet. This number is expected to grow substantially within the next few years. Cisco predicts that by 2020, the number of devices connected to the Internet will exceed 50 billion. However, the cybersecurity standards within these devices remains somewhat unchartered territory.

  • Whether a wearable, smart fridge, or connected car, it is important for users to understand what data is being collected and stored.
  • Always password protect new devices and use biometric authentication whenever possible.

You can learn more about all of these topics in our Firewall Chats podcast series, and by searching the hashtag #ChatSTC on Twitter. CSID is proud to be a champion of National Cyber Security Awareness Month. Let us know your top cybersecurity tips on FacebookTwitter or LinkedIn.

Cats, Geotags, and the Risks of Oversharing

By | November 1st, 2016|Online Safety|

CSIDIt’s important to remember that when we’re sharing selfies, back to school photos, and pictures of our kittens on social media, we’re also sharing much more.

I Know Where Your Cat Lives” is a project created by an associate professor at Florida State University, featuring one million Instagram, Twitpic, and Flickr pictures of cats (found through the hashtag #cat) from around the world. The online visualization is possible thanks to geotags, which are provided by photo sharing websites and publicly available APIs. After the initial cuteness of the cats wears off, it’s alarming to realize that these photos reveal the homes and locations of many individuals.

Geotags can be added to many different forms of media, including pictures and video, websites, and SMS messages. These meta tags can include latitude and longitude coordinates, altitude, bearing, distance, place names, and even time stamps. It is this data that makes aggregated sites like IKWYCL possible.

Sharing geotags can pose a risk to your safety and security. Whether you’re tagging animals in your home or your feet in the sand on an exotic vacation, you are alerting friends and strangers to your exact location. It’s important to note that some social platforms by default, like Instagram, do not reveal a user’s location coordinates. However, many users elect to add their location. This may put yourself or your belongings in danger, alerting criminals to your whereabouts.

If you hang around the cat site long enough, you are sure to see a gray box stating “Photo removed by user.” Users unsettled by the location of their cats can change the privacy setting in their apps to remove the data and their images from the site.

Regardless of your favorite social platform, it’s important to be cognizant about the information you’re sharing. Always opt for the strictest security settings to help keep your information safe.

Are you concerned about over sharing on social? Weigh in with us on FacebookTwitter or LinkedIn.

 

The Next Frontier: Cybersecurity in Space

By | October 20th, 2016|Industry News|

CSIDResearch organization Chatham House made headlines earlier this month with a new report that calls for a “radical review of cybersecurity in space” and points to the rarely discussed, but increasing threat of satellite attacks. As so much of our world’s infrastructure – including GPS navigation, financial transactions, weather and environmental monitoring – relies on satellite data, it’s important to recognize that satellites and other space assets, just as any piece of technology on Earth, are vulnerable to cyber-attack.

According to the report, such attacks might include jamming, spoofing and hacking attacks on communication networks; target control systems or mission packages; and attacks on ground infrastructure like satellite control centers. There are a few reasons why satellites and space systems may be more vulnerable to attack. Here are some of those key factors listed in the report:

  • The first GPS systems were introduced more than three decades ago and technology is evolving at a rapid pace, making it hard to execute a timely response to space cyber threats. Younger individuals are using space-based and cyber communications in ways that older generations – often times the key decision makers – may not understand the range of threats.
  • Backdoor holes in encryption and otherwise secure control systems.
  • Increasing number of individual satellites and constellations providing an ever-increasing number of entry points.
  • Speed to market compromising important security controls.

The researchers leading this project insist that it will take a concerted and collaborative international effort, made up of “able states and stakeholders within the international space supply chain and insurance industry” to combat these growing threats.

But what can we do as consumers? Just as our day-to-day actions impact our security in the Internet of Things, these actions may also impact our security in space. It’s imperative that we take action to secure our personal data (check out some tips on how to help secure your data in five minutes), business owners educate employees on cyber security best practices, and that manufacturers and developers keep security top-of-mind when bringing new products to market.

Where do you think the future of cyber security in space is headed? Share your thoughts with us on FacebookTwitter or LinkedIn.

All Eyes on Encryption: Facebook Steps Up Its Game

By | October 13th, 2016|Industry News|

CSIDMore than 900 million people around the world use Facebook’s Messenger app to communicate with friends and family while on the go. The mobile messenger app is a way for users to communicate privately, but until recently, there hasn’t been much public information available around how Facebook is ensuring these messages are kept private and secure.

Recently, Facebook announced that the company is offering encrypted messaging technology to mobile users worldwide in a feature it’s calling “Secret Conversations.” Facebook’s users can opt in to send messages that no one – including Facebook, the government, or intelligence agencies – will be able to read, using Signal Protocol for end-to-end encryption.

This is a big move for Facebook and for social media overall. While other apps like WhatsApp provide encrypted messages, many major social platforms do not. There is the possibility of identity theft via social media, particularly for users who aren’t selective with what they post. Having an additional layer of privacy in messaging could potentially reduce the risk of an attack.

However, in America, as more messaging services offer the ability to encrypt messages, the mindset could shift from whether encryption should be an option to whether it should be the default setting. On Facebook’s Secret Conversations, it’s currently not the default setting. Unless users opt in to the service, their messages will remain unencrypted, and each messaging chain must be selected. In other words, users must actively select which messages they wish to remain private. It’s a similar strategy to Google’s messaging app Allo, which also offers opt-in messaging encryption.

While Facebook Messenger’s new encryption feature is welcome news to privacy advocates in the United States, people in other countries may find themselves in a precarious position. Facebook is a global company, reaching nations across the world. Some of those countries have strict privacy laws, which would interfere with what Facebook is trying to do in offering encryption for all of its global users. Facebook has seen this controversy before when its WhatsApp property made international headlines.

For now, it’ll be interesting to see how many users utilize Secret Conversations. Infrequent or non-technical users may never even be aware of its existence, while others may worry that activating encryption could drive unwanted attention their way. While the messages themselves will be encrypted, the metadata won’t be, so those outside the conversation can see who is messaging each other, and how often they’re doing so.

Will you take advantage of this new encryption feature on Facebook Messenger? Do you use any other apps that offer encryption? Join the conversation and stay up to date on the latest cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

We’re Gearing Up for National Cyber Security Awareness Month

By | September 30th, 2016|Online Safety|

CSIDCyber security is a shared responsibility. That’s why every October, businesses, government agencies, universities, associations, nonprofit organizations and individuals come together to participate in National Cyber Security Awareness Month (NCSAM) to promote online safety awareness. NCSAM was created as a collaborative effort between government and industry to ensure all digital citizens have the resources they need to stay safer and more secure online, while also protecting their personal information.

We’ve participated the last several years and are proud to once again be registered as an official NCSAM Champion, where we’ll join the conversation on how to stay safe online and build a culture of cyber security awareness nationwide. Here are some ways you and your organization can take part in all of the activities throughout the month:

Become a Champion: Whether you’re an individual interested in getting involved or representing your organization, find out more about how to become a NCSAM Champion. You’ll be joining a large community from around the country dedicated to promoting a safer and more secure Internet.

Get Involved with Events – Onsite or Online: Browse Stay Safe Online’s list of events and mark your calendar for conferences and panel discussions in your area. There are also a number of virtual events, like webinars and Twitter chats, taking place throughout the month. Here are a few we’re looking forward to in particular:

  • October 6: #ChatSTC Twitter Chat – The Basics of Online Safety
  • October 13: #ChatSTC Twitter Chat – Creating a Culture of Cybersecurity from the Break Room to the Boardroom
  • October 20: #ChatSTC Twitter Chat – Recognizing and Combatting Cybercrime

Stay Informed: Stay up to date with all NCSAM news by following our friends at Stay Safe Online on Twitter and check out their resources for helpful tips and tricks around online security.

We’ll be actively involved in many of the NCSAM activities across all our social channels, so be sure to follow us on FacebookTwitter and LinkedIn.

There’s an App for That: Keeping Your Phone Secure

By | August 18th, 2016|Online Safety|

CSIDThis summer, with the explosion of Pokemon Go, we’ve seen how a mobile app can take the world by storm. The mobile world continues to grow, and as it does, we must remember to take the necessary steps to ensure our devices remain secure. As we approach the end of summer, here’s a little back-to-school refresher on accessing the apps on your phone safely.

Check Privacy Settings
Think about the accounts you use most frequently – do you know what your privacy settings are for each of them? Whether it’s a banking app, an online retailer, or an email account, if you’re interacting with it often, you should monitor your privacy settings. Certain apps will have default settings that may share information you’re not comfortable giving out. Taking a thorough look at your settings is well worth it to maximize your privacy.

Not sure where to look for privacy settings? The National Cyber Security Alliance has created a guide with links to the security settings of several commonly used apps like Spotify and Amazon. Once your settings are up to date, your next purchase or song session will be that much more secure.

Updates Are Your Friend
Privacy settings aren’t the only thing you should update – the apps themselves need to be refreshed, too. Once an app is released into the world, developers don’t stop working on it. They’re constantly monitoring for bugs and ways to improve their product’s security, and updates pass those improvements along to users. Updates may change an app’s interface, but they also frequently provide benefits under the surface, such as eliminating glitches and offering better overall security.

If your phone isn’t already set to automatically update, turn that function on for the peace of mind that you have the most secure version of the app available.

Delete Apps You Don’t Use
Most people have at least one app on their phone that they never touch. Not only is that forgotten app taking up space on your phone, it may also be a security threat. As we mentioned earlier, there will likely be security updates for your abandoned apps that you may not be aware of, making your phone an easier target.

Depending on your device, you can either disable or permanently delete an app. If you’re an iOS user, you’ll also want to delete the apps from your iTunes account, or they will reinstall anytime you sync your phone.

Keep Your Family Secure, Too
There are several apps whose sole purpose is to hide other apps on someone’s phone. Your child may be using these types of apps to divert attention away from other apps you might not want them using. New messaging apps are constantly being developed which allow users to chat anonymously. By posing as fellow teenagers, hackers have the opportunity to mine your child’s personally identifiable information and put their identity at risk.

It’s worth taking the time to review what your kids have downloaded onto their phone, and talk to them about the potential risks of certain apps. Encourage them to mirror your privacy settings, as well.

What other tips do you have for keeping your phone secure? Join the conversation and stay up to date on the latest tips and cybersecurity news by following CSID on FacebookTwitter or LinkedIn.

Head to the Polls: SXSW 2017 PanelPicker Voting is Now Open

By | August 8th, 2016|Industry News|

CSIDIt’s that time of year again, South by Southwest’s 2017 PanelPicker voting platform is now live! Every year, people around the world vote through PanelPicker to help bring their favorite sessions to SXSW Interactive, the internationally recognized event that draws thousands of tech enthusiasts to Austin, TX every March.

We’ve participated in SXSW Interactive for the last few years and we’re once again hoping to bring our cyber security expertise to the stage, but we need your help to get us there. SXSW’s PanelPicker is a simple, two-step online process that allows the SXSW community to have a significant voice in shaping the programming. Your vote shows the organizers that our panels are a good fit for 2017’s event.

Check out our submissions below. If you want to see the panel at SXSW next March, follow the PanelPicker link and give it a “thumbs up.” All you need is an email address to vote.

The Creation Of A Hacker
Younger, less technical individuals are the new face of cyber crime. Through a live demonstration, this session will dive into the relatively unexplored world of gaming and showcase the growing role it is playing in luring younger individuals to get involved in cyber crime as a service. We’ll explore the emerging business models within the dark web and the consequences for the misrepresentation of hackers in mainstream media. Recent case studies will shine light on the evolving cyber criminal identity and participants will walk away from the session with new, critical insights to mitigate risk at the individual and organizational levels.

Vote here: http://panelpicker.sxsw.com/vote/60437

Target on Their Back: Small Businesses Under Attack
Cyber criminals have their eyes on small businesses more than ever before. In fact, more than half of phishing attacks were targeted towards small businesses last year. Why? They have fewer resources to defend themselves than large enterprises but still store data criminals consider valuable and attractive for commerce across the dark web. The consequences of a breach can be critical – sometimes even forcing a small business to close up shop. With attacks on small businesses showing no sign of slowing, how can this group stay one step ahead of cyber threats? Join this dual session for a conversation around the latest threats and walk away with proactive steps to defend against attacks.

Vote here: http://panelpicker.sxsw.com/vote/65846

The Domino Effect of Flawed Breach Response
The unthinkable happens – your company has been breached. How has this happened? What are the first steps you take? Are you prepared? In this interactive session you’ll gain insight into the breach response process, uncover best and worst practices, and experience the long-term domino effects inherent with each. Attendees will form small groups to role-play the wide variety of responses at each stage, and uncover the potential long-term effects of actions. By learning best practices through seeing the effect of worst practices, you’ll walk away with unique insight into the breach response process that will help you prepare your company.

Vote here: http://panelpicker.sxsw.com/vote/61885

You have until September 2 to cast your vote and leave any comments or questions for our panelists.  We appreciate your support! Keep up with our SXSW involvement and other company happenings on Facebook, Twitter, and LinkedIn.

Load More Posts