Security Awareness

"The Federal Trade Commission (FTC) has released an announcement on Privacy Awareness Week, celebrated this week in the U.S. The theme of this year’s initiative is “Share with Care,” and the FTC is offering privacy tips, including how to safeguard your information online, improve your computer security, and limit unwanted emails.” - US-CERT email

You are encouraged to visit the FTC’s posts on Privacy Awareness Week.  There are some good, fairly short, articles on the site.

https://www.consumer.ftc.gov/blog/privacy-awareness-week-time-learn

Be careful with email auto-complete.  This is an email feature that automatically completes a name for you when you begin typing it in the TO field.  However, your email client can easily complete the wrong name for you.  I you are emailing anything sensitive, always be sure to check the TO field a second time before hitting the send button.

 

Content provided by:
SANS.org Tip of the Day
http://www.sans.org/tip_of_the_day.php

Content provided by:
SANS.org Tip of the Day


Content provided by:
SANS.org Tip of the Day


Community First Bank & Trust does not provide, and is not responsible for, the product, service, or overall website content available at a third-party site.  Community First Bank & Trust’s privacy policies to not apply to the linked websites, therefore you should consult the privacy disclosures on the linked site for further information.

 

Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car.  Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system.

Content provided by:
SANS.org Tip of the Day
http://www.sans.org/tip_of_the_day.php

Community First Bank & Trust does not provide, and is not responsible for, the product, service, or overall website content available at a third-party site.  Community First Bank & Trust’s privacy policies to not apply to the linked websites, therefore you should consult the privacy disclosures on the linked site for further information.

In today’s business environment email has become common place.  In some locations it has taken over as the primary form of communication, instead of face-to-face or over the phone.  (Hopefully we don’t lose the art of human interaction.)  However, since it has become so common we need to make sure that we use it effectively.  So here are just a few tips to think about when utilizing email.

 

  • Pay attention to the recipients and use “Reply To All” when appropriate so everyone stays up-to-date on the conversation
  • Minimize the use of bold letters, ALL CAPS and many exclamation marks so that they don’t lose their effectiveness
  • Utilize the spelling and grammar check functions to check for errors
  • Compose your email then reread your email to make sure it accurately states what you intend
  • Be careful to send to the appropriate recipient(s)
   

David Baker

CISSP, CBCM, CBIH, Network+

VP/Information Security Officer

Community First Bank & Trust

Some of you have already filed your tax returns.  Hopefully you were happy with the results.  I thought it would be appropriate to pass along a reminder that the bad guys are out there and this time of year is almost like Christmas to them.  Last year it was estimated that tax fraud would be in the billions and will only continue to get worse each year.  With that, please be cautious.  If it sounds to good to be true...

 

I have included a link to the IRS web page on tax scams and consumer alerts.  Please take a few minutes to check it out.

 

http://www.irs.gov/uac/tax-scams-consumer-alerts

 

David Baker

CISSP, CBCM, CBIH, Network+

VP/Information Security Officer

Community First Bank & Trust

Never give your password to someone over the phone.  If someone calls you and asks for your password while saying they are from Help Desk or Tech Support team, it is [likely] an attacker attempting to gain access to your account.

 

Content provided by:

SANS.org Tip of the Day
http://www.sans.org/tip_of_the_day.php


Ok, so you don’t need to change the oil in your computer.  But your computer DOES need routine maintenance just like your vehicle.  This is not an extensive list, nor an endorsement of a specific product but it should suffice as a starter list of things you should have on your computer to improve your security posture.

 

  • Software firewall (and hardware if you can afford it)
  • Antivirus / antispyware software
  • HIPS (host-based intrusion prevention system) software
  • Web content filter

 

There are several suites of products on the market that are good products.  These will include most, if not all, of these functions wrapped up into a nice single application.

 

And always remember to keep your operating system (Windows, Mac or Linux) and other applications patched with the latest available security patches.

 

Personally, I use another couple of products to keep my internet browsers cleaned up.

  • Glary Utilities
  • CCleaner

 

Again, this is not a Community First Bank & Trust endorsement of any specific product or vendor.

 

David Baker

CISSP, CBCM, CBIH, MCP, Network+

VP / Information Security Officer

Community First Bank & Trust

501 S James Campbell Blvd.

Columbia, TN  38401

http://www.cfbk.com

Bad guys are targeting your social media accounts. One of the most effective ways you can protect them is with a unique, strong password called a passphrase. Enabling two-step verification (if your social media site offers it) is even better.

 

Content provided by:

SANS.org Tip of the Day

http://www.sans.org/tip_of_the_day.php

 

Ransomware is such a hot topic and more importantly a very current and real threat.  Many discussions are had related to preventing yourself or your organization from falling victim to this malicious scheme.  Without question, prevention is the best option.  But let’s be realistic, if the bad guys were not successful at least some of the time then they would not keep pursuing this as an avenue for income.  So, what should you do to have a successful response to a ransomware infection?  


Think of the simple motto, “Be Prepared.”  


Have a good backup solution and test it frequently.  This can significantly minimize the impact of a ransomware infection to your computer systems and reduce your downtime.


I would also suggest that if it is possible, keep one infected computer offline and unchanged so that you can work with the proper authorities on an investigation.


David Baker

CISSP, CBCM, CBIH, MCP, Network+

VP / Information Security Officer

Community First Bank & Trust

501 S James Campbell Blvd.

Columbia, TN  38401

http://www.cfbk.com


Pharming refers to the redirection of an individual to an illegitimate website through technical means. For example, an Internet banking customer, who routinely logs in to his online banking website, may be redirected to an illegitimate website instead of accessing his or her bank's website. We go to great lengths to make sure that our customers' information is always secure. If a Community First Bank & Trust customer ever suspects their Internet Banking session has been pharmed please contact Community First Bank & Trust immediately.
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA, also known as a bucket brigade attack, or sometimes Janus attack) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
"Spyware" is a commonly used term to describe software that collects data without the prior knowledge or informed consent of the data's owner. Community First Bank & Trust recommends that you install an AntiSpyware scanner program on your computer. As with most scanning programs you must make sure that you keep the definition files up-to-date and perform a full system scan routinely. Some popular tools used to clean your computer from spyware are: CCleaner (www.ccleaner.com) Glary Utilities (www.glarysoft.com) Ad-Aware (www.lavasoft.com) * These addresses are not links so you will need to copy and paste them in your browser address bar.
Phishing is a scam that encompasses fraudulently obtaining information by sending an e-mail that appears to originate from a trusted source, such as a financial institution, government agency or other entity. Community First Bank & Trust recommends that you use precaution any time you receive an email from someone requesting private/personal information. Most reputable organizations will not request this type of information via email.