Login
This fall, many students are headed back-to-school full time. However, just as workplaces now accommodate for remote work, schools are accommodating hybrid learning environments. While this may signal the end of things like snow days, it’s also created a new, more flexible style of learning that relies on computers, online connectivity, and apps to connect students with teachers and learning resources. It’s also a trend that’s not without risk, as evidenced by the more than 900 cybersecurity incidents, including personal data breaches, since 2016, according to the K-12 Cybersecurity Resource Center. This new style of learning comes with many implications for cybersecurity that we’ll discuss below, along with ways to protect learners and students of all ages.
Cameras and video conferencing software have become an integral part of the online learning experience. In the early days of 2020, we saw growing pains in the form of Zoom bombing, unintended sharing, and, on the lighter side, people learning to use fake backgrounds with hilarious consequences. And while many of these wrinkles have been smoothed out, for online learners, the fact remains that privacy is at risk anytime they use a camera.
Younger students:
Older students:
The good news is that while we’re all navigating the new world of learning online, there are more tools than ever to help you do so safely. A comprehensive security suite, like one of McAfee’s products, contains many of these security tools in one package, including tools for:
Younger students:
Older students:
Your child or teen’s portal to their online classroom is an important investment. After all, you’ll want them to be able to connect securely, communicate easily, and be able to handle any kind of online work they may need to do. Depending on the age of your child, this device may also have to be bomb-proof. Don’t worry some experts have already done the thinking for you with this list of computers for online learners.
There are many apps being used to facilitate online learning. And chances are, students will have to register, log-in, and provide identification. Regardless of age, here’s what NOT to provide.
Younger students:
Older students:
When students are learning in-person, the concept of being a good citizen is one that’s reinforced in the classroom and on the playground. Online, as students use forums, chats, and even social media to communicate, the concept of digital citizenship is just as important.
There’s a reason elementary schools have recess and high schools have lunch breaks. It gives kids time to step away from the books, stretch their legs, and refresh their minds. The same concept applies with online learning.
Younger students:
Older students:
For more extensive information about any of the recommendations above, please visit these resources.
The post 7 Safety Tips to Schooling in a Digital World appeared first on McAfee Blogs.
As the new school year gets underway, many students will be returning to the classroom in-person, while others will opt to continue hybrid or remote learning indefinitely. Unfortunately, for families choosing the latter, remote learning could come at the expense of their online privacy.
According to the RAND Corporation’s 2020 research report, one in five U.S. school districts plan to offer online learning even after the pandemic ends. Many school districts are waiting to review the Centers for Disease Control (CDC) latest recommendations. Either way, there’s no better time for a data privacy refresh.
Protecting your child’s privacy while remote learning requires a three-part investment of parents, students, and schools. One of the first steps in that direction is to understand your district’s privacy practices. To do that, ask to take a closer look at its approach to data consent, secondary data use, as well as its data collection and retention practices.
According to The Center for Democracy and Technology, there are five areas where schools may put a child’s privacy at risk.
Using student data to assess needs and launch connectivity and device programs can pose a privacy risk.
Ask: To assess overall digital access, the school collected my child’s data. How will that data be used?
Sharing student data with third parties, such as broadband and device providers, is a common practice that can pose a privacy risk.
Ask: To connect my remote learner, the school shared my child’s data with the provider. Can the school ensure that data will be used by the third-party responsibly? May I view the data use policy?
Schools now have apps that allow teachers to monitor student progress.
Ask: With more teacher access to student devices and desktops, how can the school ensure that my child’s other data is secure?
Ongoing security and device management requirements should be established to avoid viruses and malicious activity.
Ask: What security measures are in place on school-owned devices to protect my child’s content or personal information? Will my child’s activity be tracked?
A lack of digital literacy and security knowledge on the part of students, families and even schools can put a child’s privacy at risk.
Ask: What digital literacy resources or training do you offer teachers, staff, students and families?
One sign your child’s privacy is in good hands is if your school has a solid Data Governance Policy (DGP) that staff, teachers, and students follow. A DGP establishes schools processes and structures for overseeing the school’s approach to management, usability, availability, quality and security of data and technology.
Going a step further, a privacy-aware school will engage students, families, teachers, and administrators (and even third-party providers) about the importance of data use and closing privacy gaps.
Rather than make assumptions, discuss what privacy is with your child. For example, with more time online, consider parental controls to filter risky content. Likewise, talk to your child about how to identify phishing scams and consider investing in security software that scans for malware and untrusted sites.
If your child uses video apps such as Zoom to connect remotely, be sure that personal information—such as birthdate, address, photographs, or a nickname—isn’t accidently visible in the background.
Whether your child uses Zoom, a chat app, website or another EdTech platform for learning, set privacy settings to provide maximum protection. Following the directions under “settings” of any new app are fast and easy.
Under FERPA, the Family Educational Rights and Privacy Act, schools must notify you of your right to opt out of Directory Information at the start of the school year. Don’t opt-out? Schools can share Directory Information about their child with third parties without parental or student consent.
If we could point to a positive consequence of the pandemic, it would be that with the sudden spike in connectivity during quarantine, data privacy concerns became more prevalent than ever—that shift deserves an A+. Moving forward, it’s critical for parents and schools to work together to create practices that protect online privacy for all students—on-site or remote.
The post Back-to-School: Privacy Worries in a Remote Learning World appeared first on McAfee Blog.
When Aussie school opened their doors this year, the lifespan of parents around the country drastically improved. The combination of homeschooling, working from home, and not going anywhere has completely drained many Aussie working parents, me included!! Many of us have been in survival mode – just focusing on the basics to get through!
Well, now we’re getting back to some sort of normal and we have a little more time to breathe, it’s time to focus on those overdue jobs and that includes doing an audit of your family’s online safety. Now, I know it might seem boring, but I promise you it’s worth the effort. So, I thought I’d share with you a checklist of what you need to do to ensure your family is as safe as possible when online. Let’s get started:
1. Passwords
Your first task is to ensure every family member has a different password for each of their online accounts. Yes, I know – that sounds completely overwhelming. But hear me out. If you have the same password for all your online accounts and you get hacked, then you could be in a world of pain – as the hacker now has access to all your online accounts!! So, this is very much worth sorting out.
Now, there are many ways of managing a long list of passwords. You could write them down in a special, secret book. You could call on your Mensa level memory and try to remember 50 plus passwords – unfortunately, that’s not me! So, let me give you the best solution – a password manager. Password Managers can both generate and remember super complex passwords that no human could even concoct. Check out McAfee’s True Key – it’s free and a complete no-brainer, my friends!
2. Software Updates
Before my life as Cybermum, I used to think software updates were a massive inconvenience. Something else to add to the never-ending list. But how wrong was I! A software update addresses security flaws or bugs in the current version of the app or program. Their goal is to protect the user. So, if you’re serious about protecting your family, these updates can’t be ignored. The easiest way to manage this is to set updates to be automatic, where possible. You can also do this with apps on your phone – for both Apple and Android devices.
3. Ensure Location Services Are Off
Most apps, networks, and devices have geotagging features which means your whereabouts can be widely communicated if your location’s services are turned on. And don’t forget that digital photos can also give away your location as they contain metadata which is information about the time, date, and GPS coordinates of where the pic was taken. So, your job here is simple – ensure all devices have geotagging turned off. And while you’re at it, ensure your kids understand why it’s critical to keep it that way! Nothing worse than pesky strangers knowing your whereabouts!
4. Security Software
Not having security software installed on your devices is no different from leaving your front door unlocked. It is essential. A top-shelf security software system will detect and shut down security attacks on your system. Many will also have a firewall that constantly filters the data that both enters and leaves your computer and will block and restrict your network from viruses and hackers. It will also keep an alert to malicious software and if detected will remove issues such as viruses, worms, and Trojans. It will also stay alert to spyware that you may unintentionally download onto your system and will block and delete it if found. See what I mean? It’s essential. Check out McAfee’s Total Protection which will give you peace of mind.
Unfortunately, there are no guarantees in life however there are definitely ways to minimize risk. Following the above 4 steps will have a significant positive impact on your family’s online safety and most importantly, means you can enjoy a little peace now the kids are back to school!
Till Next Time
Alex x
The post Kids Back To School – The Perfect Time to Audit Your Family’s Online Safety appeared first on McAfee Blog.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and countless snapshots of your furry companion. Next, open your laptop or desktop and check to see how many documents you have saved — perhaps all the research reports you have saved to defend your graduate thesis or an important slideshow you’re presenting to your boss on Monday. If you had to guess, would you say the total number of these various pieces of data is into the thousands? Now imagine if all this data was suddenly gone. What would you do?
You might be thinking, “That will never happen to me.” However, this situation is more common than you think. More than 60 million computers will fail worldwide this year, and over 200,000 smartphones are lost or stolen every year. That’s why we’re celebrating World Backup Day by sharing how you can properly back up your files and find peace of mind knowing that your data is safe and sound.
A backup is a separate copy of your important and sentimental digital files and information. Storing all that data in one place, like a personal computer or smartphone, can prove unsafe. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should your device get wiped or stolen.
It’s important to recognize that data loss isn’t something that only happens to huge corporations or unsuspecting victims in spy movies. Everyone is susceptible to data loss or theft and backing up that data is an easy step to protect all your information and prevent cybercriminals from taking what isn’t theirs.
Data is one of the most important assets in the modern world. As we illustrated earlier, people collect countless files that contain valuable information they want to keep safe. Luckily, there are two common and inexpensive ways that a user can store their data and their ever-important backups.
Although “the cloud” became a major buzzword years ago, its definition is still cloudy for some folks. The cloud exists in remote data centers that you can access via the internet. Any data you’ve uploaded to the cloud exists on dedicated servers and storage volumes housed in distant warehouses, often situated on campuses full of such warehouses. Data centers are owned by cloud service providers, who are responsible for keeping the servers up and running.
To keep your data physically safe from theft and destruction, and to make sure it’s available whenever you want to access it, data centers run extensive cooling systems to keep the electronics from overheating and have at least one backup generator in case of power outages. But how do they make sure that this data is secure in the cybersphere? Cloud systems use authentication processes like usernames and passwords to limit access, and data encryption to protect data that is stolen or intercepted. However, it’s important to remember that passwords can be hacked. Typically, the service provider holds the encryption keys to your data, meaning that rogue employees could, theoretically, access it. Likewise, your data could also potentially be searched and seized by government entities.
This begs the question: Trust or don’t trust? Because cloud storage companies live and die by their reputation, you can rest assured knowing that they go to great lengths to use the most advanced security techniques and provide the most reliable service possible. To help ensure the security of your data should you choose to store or back it up to the cloud, keep anything truly sensitive in a private cloud behind a firewall.
With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you can access anytime. These drives are a reliable way to achieve data redundancy. An external hard drive doesn’t rely on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach to backing up your data. It’s your responsibility to regularly perform backups yourself and store your hard drive in a safe location. While cloud solutions offer huge amounts of storage, storage space on hard drives are limited, so you may have to purchase more than one device. Look for an external drive with at least a terabyte of space to accommodate all your data, which tends to accumulate quickly.
As you’re cleaning out your garage and tidying up your home, take the same care to do some digital spring cleaning this World Backup Day. Give your devices, apps, and online accounts a good decluttering and gain more peace of mind knowing that all your valuable data is stored in a safe, secure place … and that you have a backup in case something goes awry. Remember, proactivity goes a long way toward shoring up your cybersecurity and protecting your information.
The post It’s World Backup Day! Here’s How You Can Preserve Your Files appeared first on McAfee Blog.
Few security career paths are linear. For Stephanie Frankel the journey to Cisco Secure was circuitous. The Ann Arbor, Michigan native studied journalism at the University of Michigan before managing communications for the Washington Capitals and NBC Sports. But after several stints at communications agencies, she charted a new path for herself in cybersecurity. Not only has her diverse background served as a strength in her current role as senior manager for strategy and operations, but it’s also informed her management philosophy.
After doing project management and account direction at consulting agencies, Frankel was interested in honing her skills and expertise on the client side. She had heard amazing things about Duo and wanted to stay in Ann Arbor and work for a company with local roots. After interviewing, Frankel realized that “working at Duo was a cool, exciting opportunity with a really awesome group of people.”
Frankel was on the ground running working as a technical project manager in research and development overseeing the Multi-Factor Authentication, applications and mobile engineering teams despite not having worked in information security before.
Duo’s security education allowed Frankel to understand the industry and is something she values for getting more people into the cybersecurity field. At Duo and Cisco Secure, employees come from a variety of backgrounds and some don’t have much (or any) experience with cybersecurity.
Robust educational programs build knowledge about security and specific products which empower new team members to grow and learn. Every team also has a learning and development budget for employees to quench their curiosity and enhance their knowledge through courses, books or other programs Manager of Global Employee Programs Anndrea Boris shared.
“People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are open and willing to listen to you.” – Stephanie Frankel
Something Frankel also appreciates most is that ideas are valued at Duo and Cisco Secure: “Even in my first job, I would have ideas and go to my boss or our head of engineering and say, ‘Hey, I think this could be a really cool opportunity, and I think it needs this.’ People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are willing to listen to you.”
After a year, Frankel moved from engineering to marketing to run operations for Duo’s in-house brand team, leading the team through a rebrand. “The team really rallied behind this new brand and it was amazing to see their pride and hard work when sharing it,” she said. With Frankel’s leadership, the team showcased not only the new look and feel of the brand but also the customer research that went into understanding the need for the change.
“Our amazing team knew that for it to catch on internally we needed to help people understand the why. The team put together an amazing training and went around the company to help people understand the security buyer, the industry overall and our differentiators and how we could do all of this within the umbrella of Cisco,” she said.
Recognizing that she most enjoys and feels best suited for a strategic operations role, she had open conversations with her manager. “I told my boss, ‘It’s just not a great fit.’” Her manager was very supportive, and they worked through potential options. “You’ll find a lot of that at Cisco,” she said.
Now as senior manager in the Strategy and Operations Group within Cisco’s Security and Collaboration division, Frankel runs key initiatives for business operations that drive business growth. She is empowered to creatively solve problems and collaborate “with all the stakeholders within each group to move these programs forward, to understand the problems we’re looking to solve, create objectives, a program plan, and continue to track metrics and progress towards those ultimate goals,” she said.
A self-described “over communicator,” Frankel believes that as a leader, “the more you communicate and the more transparent you are, the better.” Frankel loves leading people who are experts in their fields and letting them do what they do best.
On the brand team, for example, she trusted her team’s expertise in producing stories, videos and animations to demystify Cisco’s security products.
“All I needed to do was give them the objective and the goals and they were able to come up with the solutions,” Frankel said.
She fondly remembers the boss at one of her first jobs out of college. In that job Frankel wrote press releases and wanted her boss to fully approve the final versions before sending them to the media. Once her boss told her, “Stephanie, if you keep giving it back to me, I will keep finding things to change. I trust you to know when it is ready to go.” That confidence in her so early in her career “gave me so much confidence in myself,” she said.
Frankel emulates his approach to management by recognizing that each employee has different needs in their lives, in their careers, and in how they like to receive feedback. From that boss Frankel first learned that for every piece of negative feedback, you must give four pieces of positive feedback for “someone to actually hear it because that’s how you balance things out in your mind.”
Frankel believes feedback is crucial for growth. “I don’t see how you can improve or grow without it, no matter what level of your career you’re at. Feedback shouldn’t be taken as negative, as much as it is a way for you to improve,” she said.
One of the most helpful things Frankel learned in a Cisco class for managers was the importance of asking a person if they are in a good place to receive critical feedback. “You might not be in the mindset to accept the feedback and to do something constructive with it,” she said. ”If you’re having a bad day or struggling, you could say, ‘You know what, I’m not going to be able to take it today, but let’s talk tomorrow and I’ll be in a better place to receive it.’’’
Frankel has spent the last year thriving in a role she never anticipated in an industry her college training in journalism didn’t fully prepare her for. The secret, she says, is keeping an open mind to new possibilities and a willingness to take on new challenges, even if you don’t feel 100% ready.
“A lot of it is getting real world experience and learning your way through it and knowing that there’s a lot of opportunities and a lot of people that are willing to teach you,” she said.
To pivot professionally Frankel advises not feeling pigeonholed just because you studied a particular topic or have been in a certain industry for a long time. Take what you can from where you started such as storytelling and communications skills in the case of journalism for Frankel. While trying something new may require taking a different level or type of job “sometimes it’s worth it because you have that opportunity to grow and you might find you’re happier somewhere else,” she said.
When discerning professional steps Frankel recommends having open and honest conversations with yourself and others such as mentors.
“Cisco has so many mentorship programs and so many people that are knowledgeable about a lot of things,” she said. ”Just because your current role isn’t a great fit doesn’t mean that there’s not another good fit within the corporation, or it doesn’t mean that you can’t create your own good fit.”
Did you know that Cisco offers cybersecurity trainings and certifications? Start developing your cybersecurity skills today! And if you’re ready to jump into an exciting new career in security, check out the open roles at Cisco Secure and Duo Security.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too.
Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with some noteworthy variations between countries.
One of the top reasons parents give their child a phone is to stay in touch, so it likely follows that those phones will likely make their way into the classroom. Whether or not that’s the case for your child, back-to-school time is still a great time to help your child stay safer on their phone—and keep their phones safer too in the event of loss or theft.
Comprehensive online protection software can protect your phone in the same way that it protects your laptops and computers. Unfortunately, while many people use it on their laptops and computers, far fewer people use it on their phones—only about 42% of tweens and teens worldwide use it on their smartphones according to our most recent research.
Installing it can protect their privacy, keep them safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do. You can find our smartphone apps in both Google Play and the Apple App Store.
Updates do all kinds of great things for gaming, streaming, and chatting apps, such as adding more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.
Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.
Another finding from our latest global research is just how few people use a lock screen on their phones. Only 56% of parents said that they protect their smartphone with a password or passcode, and only 42% said they do the same for their child’s smartphone—a further 14% drop between parents and kids.
The issue here is clear. If an unlocked phone gets lost or stolen, all the information on it is an open book to a potential hacker, scammer, or thief. Enabling a lock screen if you haven’t already. It’s a simple feature found in both iOS and Android devices.
Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
One way that crooks can hack their way into your phone is via public Wi-Fi, such as at coffee shops, libraries, and other places on the go. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot. Note that our VPN can turn on automatically for public Wi-Fi, protecting account credentials, search habits, and other activities online.
The same advice applies for these devices as well—strong online protection software, password management, VPN usage, and so on. What’s good for a smartphone is good for laptops and desktops too.
For laptops in particular, you can track these devices as well, just like a smartphone. The process differs from smartphones, yet it’s still quite straightforward. Windows and Mac users can enable the following settings—and you can click the links below for complete instructions from the source:
Putting these same protections in place on your laptops and desktops will help make your child, and your whole family, safer than before.
Note that on school-issued devices, your school district will likely have technology teams who manage them. As part of that, they typically have policies and restrictions in place to help keep them running safe and sound. If you have any questions about what kind of protections are in place on these school-issued devices, contact your school district.
While we’ve largely focused on protecting the phone itself, there’s also the importance of protecting the person who’s using it. In this case, your child—what they see, do, and experience on the internet. Device security is only part of the equation there.
Parents of tweens and teens know the concerns that come along with smartphone usage, ranging anywhere from cyberbullying, too much screen time, and simply wanting to know what their child is up to on their phone.
As you can imagine, each of these topics deserves its own treatment. The “Family Safety” section of our blog offers parents and their kids alike plenty of resources, and the list below can get you started on a few of the most pressing issues:
Without a doubt, while a child may get their first smartphone to “keep in touch,” that ownership blossoms into something far greater. And quite quickly. As they dive into the world of apps, social media, messaging, and gaming, take an interest, take it as an opportunity to spend time talking about their day and what it was like online.
By asking if they grabbed any cool pictures, what their favorite games are, and how their friends are when your child is texting them, questions like these can open a look into a world that would otherwise remain closed. This way, talking about the phone and what they’re doing on it becomes part of normal, everyday conversation. This can reap benefits down the road when your child encounters the inevitable bumps along the way, whether they’re dealing with a technical issue or something as difficult as cyberbullying or harassment. Talking about their life online on a regular basis may make them more apt to come forward when there’s a problem than they otherwise might.
In all, think of the smartphone as a fast pass into adulthood, thanks to how it puts the entirety of the internet right in your child’s hand. Protecting the device and the kid who’s using it will help ensure they get the absolute best out of all that potential.
The post Getting Your Kids Ready for School—And Their Smartphones Too appeared first on McAfee Blog.
The first day of school is right around the corner. The whole family is gearing up for a return to the routine: waking up to alarm clocks at dawn, rushed mornings, learning all day, and after-school activities and homework all night.
Even though everyone is in a frenzied state, now is a great time to slow down and discuss important topics that may arise during the school year. Parents and guardians know their children are tech savvy, just by looking at their thumbs fly across keyboards; however, that doesn’t necessarily mean that they’re cyber-savvy.
To make sure we’re all on the same page, here are our definitions of tech savvy and cyber savvy:
According to McAfee research, children cited that their parents are best suited to teach them about being safe online when compared to their teachers and online resources. Here are common scenarios your child, tween, or teen will likely encounter during the school year, plus some tips and tools you can share to make sure they are safe online.
It’s now common practice for school systems to communicate with students and their guardians over email, whether that’s through a school-issued email address or a personal one. Your student should know that phishers often impersonate institutions with authority, such as the IRS, banks, and in their case, a school. Put your children on alert to the most common signs of a cybercriminal phishing for valuable personally identifiable information (PII). These signs include:
If your child ever receives a suspicious-looking or -sounding email, they should start an entirely new email chain with the supposed sender and confirm that they sent the message. Do not reply to the suspicious email and don’t click on any links within the message.
An excellent nugget of wisdom you can impart is the following: Never divulge your Social Security Number over online channels and never give out passwords. If someone needs your SSN for official purposes, they can follow up in a method other than email. And no one ever needs to know your password.
With a return to the school year routine comes a flood of back-to-school social media posts and catching up electronically with friends. If your child owns a social media profile (or several!), alert them to the various social media engineering tactics that are common to each platform. Similar to phishing schemes, social media scams are usually “time sensitive” and attempt to inspire strong emotions in readers, whether that’s excitement, fear, sadness, or anger.
Alert your child that not everything they read on social media is true. Photos can be doctored and stories can be fabricated in order to prompt people to click on links to “donate” or “sign a petition.” You don’t have to discourage your child from taking a stand for causes they believe in; rather, urge them to follow up through official channels. For instance, if they see a social media post about contributing to save the rainforest, instead of donating through the post, contact a well-known organization, such as the World Wildlife Fund and inquire how to make a difference.
More and more school systems are entrusting school-issued connected devices to students to use in the classroom and to bring home. Other districts have BYOD (or bring your own device) policies where students can use personal family devices for school activities. In either case, device security is key to keeping their information safe and maintaining the integrity of the school system’s network. Families don’t want to be the weakest link in the school system and are responsible for a town-wide education network breach.
Here are three ways to protect any device connected to the school network:
These conversations are great to start at the dinner table or on long, boring car rides where you’re most likely to get your child’s undivided attention. Don’t focus so much on the fearful consequences or punishment that could result from poor cyberhabits. Instead, emphasize how easy these steps and tools are to use, so it would be silly not to follow or use them.
The post Back to School: Tech Savvy vs. Cyber Savvy appeared first on McAfee Blog.
Wouldn’t it be nice if, along with grades for English, Science, and Algebra this year, our child’s report card included quarterly feedback on their mental health?
Recently, actor Tom Holland of Spider-Man fame reported on his mental health publicly by deleting several of his social media accounts. The actor stated that his social media accounts had become “detrimental” to his mental state and that he “spirals” when he reads things about himself online. He used words like “overstimulating” and “overwhelming.”
And parents were likely “overjoyed” giving cyber high fives all around with Holland’s transparency in talking so publicly about social media’s link to mental health. Because if you are a parent you know.
As we head into a new school year with high hopes in tow, Holland’s decision also challenges us to pay closer attention to how social media could potentially impact our kids’ mental health.
Every child’s maturity and cognitive ability to handle online challenges will differ, so a one-size-fits-all digital wellbeing plan isn’t likely to work. Here are a few insights and tips that may be helpful as you shape the method that works for your family.
Explore healthy social media limits.
Any way you slice it, many unknowns come with every new school year, especially if you have tweens or teens. Social media adds a layer of complexity to those unknowns. However, with some forethought and follow-through, you can navigate those risks one day at a time.
The post Back-to-School: Balancing Social Media & Mental Health appeared first on McAfee Blog.
Written by Martin Lee and Richard Archdeacon.
Lloyds of London have recently published a Market Bulletin1 addressing the wording of cyber insurance policies to exclude losses arising from:
“state backed cyber-attacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state.”
The concern raised is that this sort of attack will produce losses that the market cannot absorb. Most insurance policies already include provisions that exclude the consequences of armed conflict. Applying these to potential cyber warfare is a logical step.
The bulletin includes the tenet to:
“set out a robust basis by which the parties agree on how any state backed cyber- attack will be attributed to one or more states.”
What should the CISO be thinking of when reviewing such an exclusion clause, how can we clearly define this key term and what issues may arise?
Attribution is the science of identifying the perpetrator of a crime. In cyber attacks, this is arrived at by comparing the evidence gathered from an attack with evidence gathered from previous attacks that have been attributed to known perpetrators to identify similarities.
In practice, statements of attributions are carefully phrased. Rarely is evidence clear-cut. Frequently attribution is labelled as being ‘consistent with’ a threat actor, or wrapped in words of estimative probability such as ‘highly likely’, ‘probably’, ‘possibly’ etc.
The malicious actors who conduct cyber attacks are referred to as threat actors. The cyber research community identifies and keeps track of the actions of these threat actors, publishing compendia of known actors such as those made available by MITRE2 or Malpedia3.
Rarely do threat actors identify their true identities, they may actively try to confuse or frustrate attribution. Many of the named groups may be synonyms of other groups, equally many of the chains of evidence used to attribute groups may be incorrect. The compendia of threat actors should not be considered as reaching the evidence threshold of “beyond reasonable doubt”.
Some identified threat actor groups are assumed to be criminal gangs due to the nature of their activity. Others appear to be conducting attacks solely to further the geopolitical aims of a nation state and are assumed as being state sponsored or state backed. Some of these groups have been able to be associated with specific national intelligence agencies or state apparatus.
The following are four practical factors to consider when setting out a robust basis for attribution of attacks in a contractual basis.
Step 1 – Collect forensic evidence.
No attribution of an attack can be made without forensic evidence. CISOs should ensure that they are able to gather forensic evidence from attacks to identify as much information as possible regarding how an attack was carried out, and the infrastructure used by the attacker. This requires a basic level of security telemetry gathering with the ability to secure and query this data.
This forensic capability, how evidence will be gathered and preserved, should be agreed with the insurer. However, both parties must bear in mind that attackers may destroy or tamper with evidence, and in the urgency of halting an attack, forensic evidence may be compromised or omitted.
The CISO should be prepared to discuss internally with senior executives the possibly competing priorities of stopping an attack versus collecting good forensic evidence.
Step 2 – Define how attribution will be made.
The attribution of a specific attack must be made by comparing evidence gathered from the attack with that of previous attacks. CISOs should agree the process by which forensic artifacts are used to attribute attacks and the degree of certitude necessary to declare an attack as having been carried out by a specific group.
The set of organisations trusted to assert attribution should be agreed. Attribution made by national bodies such as NCSC, CISA or ENISA may be assumed to be reliable, as may those made by major security vendors (such as Cisco) with expertise and resources that a CISO will never have inhouse. However, anyone can suggest attribution. CISOs should be certain to insist on the exclusion of assertions that have not been confirmed by a trusted entity.
This raises the question as to whether a trusted organisation would be prepared to support their attribution in a scenario where they would have to expose their intelligence sources and methodologies to examination. Attribution may be based on classified intelligence, or made according to ‘fair efforts’ that fall below the legal threshold of “on the balance of probabilities.”
Step 3 – Consider the volatility of attribution.
The gathering of evidence and intelligence is a continuing process. Information previously assumed to be fact may be subsequently identified as incorrect or a purposeful red herring. New evidence may be identified months or years after an attack that changes the estimated attribution of prior attacks.
CISOs must determine a period after which the attribution of attack (if made) will not be changed even if subsequent evidence is uncovered.
Step 4 – Define the nature of state backing.
CISOs should agree what constitutes state backing. Ideally CISOs should agree with their insurers the set of threat actor groups (and their synonyms) which are considered to be ‘state backed’.
State involvement in cyber attacks is a spectrum of activity. Criminal threat actors may be under various degrees of state tolerance or encouragement without being fully backed by a nation state. Some criminal groups may be under partial state direction, acting in a manner akin to privateers. Some state backed actors may indulge in criminal style attacks to boost their coffers.
In any case, criminal and state sponsored actors can easily be confused. They may choose to use the same tools or apply the same techniques to conduct their activities. Non-state threat actors may come into possession of state developed tools which may have been stolen or traded without permission.
Some threat actors may actively resort to influence attribution, either through choice of tooling, or through sock puppet accounts attesting attribution, to increase pressure on CISOs to pay ransoms by influencing if insurance is paid out or not.
The decision line where an attack can be referred to a ‘state backed’ is a fine one that requires consideration and agreement.
Changes bring opportunities, the need for this robust process may cause complications for CISOs. But it is an opportunity for CISOs to review the details of cyber insurance contracts and to hammer out the details of how issues of attribution will be determined.
Lloyd’s Market Association provide sample clauses for insurers4, we intend to consider these in a subsequent blog.
One thing is certain, there will be many opportunities for the legal profession.
The information provided here does not, and is not intended to, constitute legal advice. When negotiating a specific matter, readers should confer with their own legal adviser to obtain advice appropriate for a specific insurance contract issue.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Giving back is part of the ethos at Cisco. Part of how that happens is through employees volunteering as part of Cisco’s Time2Give benefit in which employees can use paid time to contribute to their communities and support the causes they’re passionate about. During the pandemic, Cisco increased this benefit from five paid volunteering days to 10 and encourages virtual volunteering, too.
Elizabeth Chang, a software engineer on the Duo Security platform services team, considers Time2Give a great opportunity to “invest in people around you. It is amazing that Cisco supports what we are passionate about and that we can use this time to grow ourselves in other areas of life,” she said.
Cisconians care deeply about many causes, and this post celebrates how teammates spend their time supporting children, youth and teens in and out of school and those preparing for college. Stay tuned for future posts highlighting how other employees give their time. You may even be inspired to find out how you can develop your skills while contributing to organizations that matter to you!
Pierpaolo Panarotto, an account executive on Duo’s EMEAR continental team, volunteers at Sport senza frontiere onlus, a summer sports camp in Italy for refugee children. This summer Panarotto tutored and taught badminton. The program also welcomed children from Ukraine this year.
For Panarotto, the best part, hands down, was seeing the children’s smiles. He advised, “Give back to your community. Sometimes we forget how lucky we are.”
Chang also volunteered at a summer camp, supporting middle and high school students in Boston. The program she supported, Area Youth Ministry Leadership Camp and Summer Boost, fosters leadership skills and college readiness while promoting mentorship.
By helping lead a coding workshop, Chang was able to share what she does professionally. “I was glad that I got to help inspire youth to pursue computer science,” she said. The camp was such a hit that many participants “didn’t want to go home because they had such a fun time,” Chang shared.
“Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!” – Sarah Moon-Musser
Now that school has started, Engineering Program Manager in Platform Engineering Sarah Moon-Musser helps teach the Belleville High School Marching Band’s color guard choreography for their halftime show. She loves spending time with the students. To those considering utilizing Time2Give Moon-Musser says, “Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!”
College readiness is also a passion for Justin Fan and Seema Kathuria who both volunteer with Code2College. They’re able to volunteer virtually by reviewing resumes and college entrance essays and providing constructive feedback through shared documents.
Senior Product Marketing Manager, Kathuria appreciates “learning about the experiences of high school students and how they approach writing about their accomplishments,” she said.
For Fan, a senior customer success manager in security customer success, “the best part is supporting younger generations as they move into college and career. They’re so much more focused and mature than I was at their age,” he said. Fan also participates in virtual career workshops with high school and college students with Students Rising Above.
For others wanting to use Time2Give, Fan suggests finding opportunities you’re passionate about and utilizing light meeting days to volunteer. Kathuria says, “Take advantage of the 10 Time2Give days per year that Cisco gives us. It is very generous, and it feels so good to give back to the community in whatever way makes you happy and fulfilled.”
If you’re looking to feel fulfilled by your work and the impact you can make, please check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisconians delight in contributing to their communities in a variety of ways including at the local theatre, farm and library. Cisco’s paid Time2Give benefit encourages team members to volunteer at the places where their passions thrive.
How should you decide where to get involved? Customer Success Program Manager Kate Pydyn advises: “Find something that speaks to your passion while giving back. There are so many opportunities that involve being outdoors, crafting, teaching skills you’ve developed, telling stories or providing comfort.”
With ten paid days a year to give, these Cisconians demonstrate that building relationships with people, the arts and the earth can increase fulfillment, connection and community.
Urban farming is an issue very close to the heart of Petra Hammerl, a senior enterprise customer success manager who works on Duo Security. Hammerl frequently volunteers at Farm City Detroit, part of Detroit Blight Busters. Using Time2Give, Hammerl has shared the experience by “bringing a crew of awesome co-workers which has been amazing and a lot of fun,” she said.
“It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors.” – Kate Pydyn
Pydyn and Emily Gennrich, a manager of operations for security customer success at Cisco Secure, joined in on the fun by contributing to multiple facets of gardening from weeding to harvesting food. “It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors,” Pydyn said.
Senior Communications Manager, Brand Strategy & Design at Cisco Secure Chrysta Cherrie spent her Time2Give as a sighted assistant at the VISIONS vendor fair, hosted at the Ann Arbor District Library Downtown. “I was really happy to take some time to volunteer at the VISIONS vendor fair for people who are blind, visually impaired or physically disabled,” Cherrie said.
Learning how to be a sighted assistant was “a reminder that we can do more when we can rely on each other. Taking the time to better understand how someone makes their way through life gives you a chance to build empathy,” Cherrie said. She escorted attendees around the event where exhibitors offered products and services like electronic readers, leader dogs and transportation. There were also talks throughout the day and Cherrie helped attendees navigate between the presentation and vendor areas.
Meeting attendees of the VISIONS vendor fair and experiencing how meaningful the event is also moved Cherrie. The fair “brings out folks throughout southeast Michigan, so there’s a good chance that the person you’re assisting will run into some friends, and getting to see people connect like that can’t help but make you feel good,” Cherrie said.
Jenny Callans, a senior design researcher who works on Duo Security, serves as the chair of the Friends of the Detroit Film Theatre’s Auxiliary, a part of the Detroit Institute of Arts. “We support the mission of the Friends of the Detroit Film Theatre to make great niche films accessible to audiences,” she said. To do that, the organization is responsible for building a community of film fans and overseeing how donations are spent.
For Callans, the most meaningful part of using Time2Give to support the FDFT and the DIA is sharing her love of film with others. Time2Give supports her duties as FDFT chair, and gives her a sense of connection when she’s visiting the DFT to take in a movie. “Sitting in a theatre next to my young adult son, but surrounded by strangers watching a film that is unusual or unexpected but which moves me and challenges me to think is the best part hands-down,” Callans said.
From supporting youth to volunteering at community hubs, Time2Give “is a fantastic opportunity to have a long-lasting, meaningful relationship with your community by volunteering as a board or committee member! Having a long-term presence with an org is amazingly impactful, for you and for the organization,” Callans said.
Time2Give is one of Cherrie’s favorite things about working at Cisco. She says, “Take advantage of the opportunity! Time2Give is a great way to give back to your community and the people and causes that you care about.”
Stay tuned for more posts celebrating the community engagement Time2Give fosters and check out our open roles to join in on giving back.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
bs-1200
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
For these Cisconians, hands-on is the way to go when it comes to giving back. Using Cisco’s Time2Give benefit that provides 10 paid days to volunteer each year, team members rolled up their sleeves to build homes, cuddle and care for animals, distribute food and more. If you also value giving back, check out our open roles.
Marketing Specialist, Global Events Julie Kramer used Time2Give to build a shed with Habitat for Humanity of Huron Valley. Kramer especially appreciated learning about the organization’s purpose in addition to learning how to build.
John Hindman, an account executive, used Time2Give to spend a week in Nicaragua with SuNica, an organization centered on clean water and fellowship. Hindman cleared out downed trees, picked coffee and built treehouses to allow the organization to host more children from surrounding communities.
In the community Hindman visited, repurposing recycled materials is critical to the economy, and one way that happens is through “mining” the local landfill. Hindman’s team encouraged local employees and led games and activities for local children.
For those considering Time2Give, Hindman says, “Do it. Unplug, find something you’re passionate about, set up your out-of-office, and ignore everything work-related for the time you’re serving.”
Animal lover Carrie Cordeiro, a Cisco Secure digital strategist/manager on the Brand Marketing team, volunteers with Hopalong and Muttville as a kitten cuddler and dog walker. Most of her time is spent transporting kittens, puppies, cats and dogs around the Bay Area to vet appointments, adoption centers and foster locations.
The best part for Cordeiro is “getting to interact with so many adorable animals,” she said. As for leadership support around utilizing Time2Give? “I love doing it and my management team absolutely supports it, especially when I share photos.”
Customer Success Manager Kristen Gehrke reminds us that, “You don’t always have to look far to utilize Time2Give.” She sewed a baby blanket for Bluebonnet Trails Community Services. “The best part of the experience was giving back to mothers and their babies, as I am an expecting mother myself,” she said.
Engineering Manager Blake Ellingham organized food pantry shelves and packed bags for food distributions with HTB Food Bank. “I love getting to do work with my hands that helps others,” he said.
Ellingham recommends scheduling something routine for Time2Give. “Consistency matters! By going in every week for a half day of volunteering, I was able to make great friends with the staff,” he said.
From empowering youth globally and remotely to volunteering across community hubs, Cisconians deeply value innovative ways to contribute their time and talents.
If you are interested in increasing the impact of your skills and passions at work and beyond, check out our open positions.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 