This recent SANS Newsletter provides some simple, but impactful tips to give loved ones to help keep them safe online:

• Use strong passwords. Long passphrases are a safe way to protect online accounts and can be easiest for loved ones to remember. Password managers are also useful if remembering passwords is difficult. Family members will only have to remember one password to access the rest. If a password manager isn’t an option, keeping them written down in a secure place is a good alternative. For critical accounts, like financial accounts or others with sensitive information, suggest a two-step verification to add an extra layer of security in case a password is compromised.
• Be aware of social engineering. Scammers and con-artists often pretend to be tech support, the government, debt collectors, or even potential romantic partners online or over the phone. Make sure loved ones understand that their passwords, credit card information, or other personal information should never be shared with anyone. Give examples of these phishing calls and emails so they are better equipped to recognize them, and let them know that if they have questions or if a message looks suspicious, they should contact you before responding.
• Use the right tools. Home Wi-Fi networks should be password protected and with a customized password that has been updated from the default. Using a secure DNS with the Wi-Fi network can help avoid infected websites and can give control over what websites users have access to, which is especially helpful for households with visiting children. Along with secure Wi-Fi, all systems and software should have all updates installed. Keeping software updated makes it harder for hackers to access personal information. If loved ones are using an outdated device, replace it with a new device that can receive the updates. Opting for automatic updates ensures they get updates installed, even if family members forget.

Have a backup as a last resort. Using the Cloud is a great way to make sure all information is kept somewhere safe.

Still curious about social engineering, updates, and passwords? Share this SANS Newsletter for more tips.

For more information on online safety, check out the other cybersecurity blogs.

See our webinar on Current Cyber Security Trends here.

The post Use the Generation Gap to Your Advantage! Help Keep Your Loved Ones Safe appeared first on Fort Pitt Capital Group.

When we think of cyberattacks, we think of highly advanced or elaborate hacking techniques on our computers and accounts. On the contrary, a common technique cyber attackers use is tricking their target into giving them the information they want. This is called social engineering, a psychological attack that tricks you into doing something you shouldn’t, like making payments or giving up sensitive information.

The most recent SANS Newsletter lists common, recognizable clues of a social engineering attack.

• Inconsistency. Attackers might craft messages and emails to mimic a friend, family member, or coworker. These fake emails are called phishing emails. The language or tone of these messages might be different from how the sender normally sounds. Pay close attention to the signature to confirm the email is legitimate. Check that the email address is consistent with other emails you may have received from this friend or family member. If it appears to come from a coworker or a company, make sure the email address is their work email, not personal. These emails can be generic and easy to recognize, but emails can also be highly personalized to their targets and harder to identify if a cyber attacker does their research.
• Urgency, crisis, or curiosity. Attackers want to rush people into making a mistake. Scammers have been known to impersonate government officials or debt collectors claiming that their target owes money and will pressure them to pay over the phone via credit card, gift card, or wire transfer. It is also common to receive emails or phone calls that use a delayed package delivery or winning a prize from a contest to get you to respond with sensitive information. Whether it’s a debt collection or an incentive, take time to make sure there is either proof of debt, or that you were expecting a package or contest results before taking action.
• Pressure. One way to avoid falling victim to phishing emails at work is making sure to follow all security policies or procedures that would typically be expected, even if the person on the other end urges you not to. The attacker might also make requests for sensitive information, like account numbers or Social Security numbers, which should never be shared online. If you receive an email from someone you don’t know, do not share personal information, click on links, or open attachments that may be infected or malicious.

Social engineering attacks are not limited to phone calls and emails. To learn about other forms of these attacks, be sure to check out this SANS Newsletter.

See our webinar on Current Cyber Security Trends here.

About the Author:

Todd Douds, CFA®
Managing Partner & Chief Operating Officer
Fort Pitt Capital Group, LLC
680 Andersen Drive, Pittsburgh, PA 15220
(412) 921-1822 | tdouds@orchid-ibex-388317.hostingersite.com

The post How to Recognize Social Engineering Attacks appeared first on Fort Pitt Capital Group.

This SANS Newsletter highlights areas to cover when preparing kids for the online world. Here are three ways you can prepare your kids for navigating the internet securely.

• Communicate expectations.

Make sure kids know how to behave online. This is just as important as enforcing real-world behaviors, like treating people the way they want to be treated just as they would with their peers.

Set ground rules, like the times they are allowed to access the internet and the types of websites they are allowed to visit. Having these boundaries is crucial for developing good safety habits.

Kids should also be made aware of who they can report problems to, whether it’s a technical issue or they witness cyberbullying or other inappropriate behaviors.

• Use parental controls.

Parents can use tools to monitor online activity, limit usage, or protect younger children from certain content. If you have older children who use devices you cannot monitor, you can help them navigate education and communication safely.

• Lead by example.

Practice the behaviors that you want your kids to practice. Don’t use electronics while driving, having dinner, or talking to them. Keeping an open line of communication while your children traverse the web can be more effective than turning to disciplinary action if they make mistakes or break the rules you’ve put in place.

If you’d like more cybersecurity tips to support your kids, check out the SANS Newsletter.

The post Are Your Kids Staying Safe Online? appeared first on Fort Pitt Capital Group.

Virtual conferences have become necessary for many people this year and they aren’t likely to go away anytime soon. The technology that allows us to do this will likely be a big part of our futures as people continue to use remote video for working, collaborating, and communicating with others. But to keep you and your family safe, you’ll want to do more than just sign on. 

This SANS newsletter details safety steps to take for attending and hosting a virtual conference. Here are five key steps to take if you’ll be attending a virtual conference:

• Update the software

Using the latest version of the conferencing software makes you more secure. Check your version to be sure it’s updated. You can enable automatic updating so the program will always check for new updates when you restart it.

• Configure your audio and video settings

If your camera is on, everyone can see what you’re doing. You can turn off your video when joining a meeting and mute your microphone if you won’t be using them. You can enable these features only when you want. To ensure privacy when you’re not broadcasting, place a piece of tape over your computer’s camera or whatever camera you are using.

• Look behind you

If your camera is going to be on, make sure there is no personal or sensitive information visible behind you. You may be able to use a virtual background to ensure no one can see what is behind you.

• Never share your invite

Co-worker can’t find their invite to the conference? Even if you trust them, it’s best for them to ask the conference organizer for the link. Your invite link is your personal ticket to the meeting.

• Do not record 

Get permission before you record the conference or take any screenshots! You don’t want to be the person who accidentally shares sensitive information by publicizing the video or screenshots.

If you are hosting a virtual conference there are some more safety steps you should take. For those four tips be sure to check out this SANS newsletter.

The post Make the Most of Virtual Conferences With These Safety Tips appeared first on Fort Pitt Capital Group.

With so many people using computers and cell phones to complete daily tasks, it’s important to understand what digital threats you should be on the lookout for. Ransomware attacks, in particular, have become a common threat that holds computer files hostage until a payment is made. This malicious software is often hidden in attachments and links and can encrypt personal files or entire hard drives.

A recent SANS Institute newsletter provides key steps users can take to protect themselves from a ransomware attack:

• Update your systems and software: Cyber criminals often infect computers or devices by taking advantage of unfixed bugs (known as vulnerabilities) in your software. The more current your software is, the fewer known vulnerabilities it has, and the harder it is for cyber criminals to infect them. Therefore, make sure your operating systems, applications, and devices have automatic updating enabled.
• Enable anti-virus: Use up-to-date anti-virus software from a trusted vendor. Such tools are designed to detect and stop malware. However, anti-virus cannot block or remove all malicious programs, and usually it cannot recover your files after a ransomware infection. Cyber criminals are constantly innovating and developing new and more sophisticated infection tactics that can evade detection. In turn, anti-virus vendors are constantly updating their products with new capabilities to detect malware. In many ways, it has become an arms race, with both sides attempting to outwit the other.
• Be vigilant: Cyber criminals often trick people into installing ransomware and other forms of malicious software through phishing email attacks. For example, a cybercriminal might send you an email that looks legitimate and contains an attachment or a link. Perhaps the email appears to come from your bank or a friend. However, if you open the attached file or click the link, you could activate malicious code that infects your computer. If a message creates a strong sense of urgency or seems too good to be true, it could be an attack. Be vigilant – cyber attackers play on your emotions. — Common sense is often your best defense.

Want to know another great defense against ransomware? Be sure to read this SANS Institute Newsletter.

Ransomware attacks are just one of the many ways hackers try to target private information and files. For more tips on how you can protect yourself digitally, check out our other SANS blog posts.

The post Protect Your Computer Against Ransomware appeared first on Fort Pitt Capital Group.

A good first step is to take inventory and document your online accounts. Then have a conversation with your family or close friends about your desires for these digital assets when you die. You’ll also need to make sure that someone has the passwords to these accounts so they can access them and carry out your wishes. A password manager is one easy way to do this. This type of program securely stores the log-in information for all of your online accounts in one place and many of them give you the option to share passwords with a trusted family member.

Some online accounts will let you choose in advance what will happen to them when you pass away. For example, Facebook lets you decide if you want your page deleted or memorialized after you die.

And what if you inherit digital assets from a deceased friend or family member? You may want to contact a lawyer. Read the full SANS Institute newsletter to learn why.

If you want to learn more about keeping your digital assets, check out our other SANS cybersecurity blog posts.

The post What Happens to Your Digital Assets When You Die? appeared first on Fort Pitt Capital Group.

You need to be wary of fake online stores, scammers on legitimate websites and suspicious charges on your credit card. Cybercriminals often create fake online stores that mimic the look of real sites. If you purchase from a fake website, your items may never be delivered. But even trusted websites aren’t 100 percent safe. Large online stores will often sell products by individuals who may have fraudulent intentions. It’s important to know that just because an online store has a professional-looking site does not mean it’s legitimate. Be sure to use well-known sites that you can trust and have safely used in the past. It may mean giving up a great deal, but it also means giving up the possibility of being scammed.

Here are some quick tips for figuring out if a website is legitimate or not:

• Watch out for prices that seem too good to be true — they probably are.
• Check to make sure the domain name of the website isn’t slightly different from what it should be. For example, scammers may set up a www.amaz0n.com — see how the ‘o’ is replaced with ‘0’ there? Be vigilant for those types of subtle changes.
• Type the web address of an online store into a search engine to see what others have said about it. Look for terms like “fraud” and “scam.”

And you can get all the tips in the newest SANS Institute newsletter!

The post Tips for Safely & Securely Shopping Online appeared first on Fort Pitt Capital Group.

The new SANS Institute newsletter explains three ways to simplify your passwords while still protecting your information. Read the full newsletter here.

Passphrases are a great way to create a strong password that’s also easy for you to remember. They don’t require numbers or symbols, they just need to be long. A passphrase uses a short sentence or random words. For example, “timeforstrongcoffee!” (time for strong coffee!). It’s 20 characters long, which makes it harder for hackers to crack, and because it’s a sentence it’s easy to remember.

Password managers are another great tool to keep your accounts secure, and you sane. While it may be tedious, you should have different passwords for every account. Reusing the same passwords can put you in a lot of danger because all a hacker has to do is get into one of your accounts and suddenly they have access to all of them. A password manager securely stores all of your passwords in one encrypted vault. Then you just need to remember one password – the one to get into the password manager. It will automatically retrieve your passwords when you need them and log you into websites.

Finally, two-step verification can keep your information safe. It adds an additional layer of security to your personal information.

Be sure to read the full newsletter to learn more about that and all of the tips!

See our webinar on Current Cyber Security Trends here.

The post Your Password May Make You a Victim of Hacking appeared first on Fort Pitt Capital Group.

The newest SANS Institute newsletter explains how to securely erase all the data that’s on your mobile device. You can read the full newsletter here.

The easiest way to erase the data is to reset the device. And an even better way to do this is to make sure you have encryption enabled on your phone, smartwatch or tablet before resetting it. In addition it’s critical to consider what to do with your SIM card. Even when you wipe the device your SIM card keeps information about you. The best case scenario is to just transfer the SIM card to your new device. If that is not an option then consider physically destroying your SIM card to prevent anyone else from using it and accessing your accounts.

To protect your information it’s crucial to take these steps before getting rid of a mobile device. And that’s the case no matter how you plan on getting rid of your phone, smartwatch or tablet – even if you’re just giving it to a family member or friend.

The post Wiping Personal Data From Smart Devices: It’s More Complicated Than Hitting Delete appeared first on Fort Pitt Capital Group.

The new SANS newsletter dives into personalized scams, how to spot them and what to do if the scam is recognized. Read the full newsletter here.

These scams have a recognizable pattern that cyber criminals typically follow. After finding your information, the cyber criminal will likely use tactics like fear or extortion to obtain payment, such as sending an email that your password for a certain website has been hacked by them and you must pay them an extortion fee. In almost every situation, the cyber criminal did not hack your system and just uses details to scare users into believing them.

Personalized scams are the scams of the future since there is an abundance of information that is available for purchase online. Some clues to look for in these scams are urgent emails, messages or phone calls that attempt to invoke fear or urgency, and demanding payment through untraceable methods. After receiving these, a simple Google search can help determine if others have received these suspicious calls or emails, and if it is indeed a scam. Using a long password for online accounts and enabling a two-step verification whenever possible can also help curb cyber attacks.

The post Trending in the Cyber Criminal World: Personalized Scams appeared first on Fort Pitt Capital Group.