Information Security
In case you have not heard, there was yet another significant data breach, this time with Capital One. Just a little overview of how this happened. There are many massive data centers around the globe. These data centers house incredibly large server farms (lots of servers) and these servers can be made to look like even more servers. Often, when you hear the term "cloud services", they are referring to a software product being ran from a server farm that the company rents space from. Amazon is one such company that has offerings to "lease" servers to companies. Based on what you're willing to pay, these servers duplicate themselves across multiple server farms around the globe...it's sort of an insurance program to prevent data loss and recovery efforts.
Servers that are leased are isolated away from each other, so the possibility of company A getting into company B's data is virtually impossible. Well, that is unless the person who committed the breach worked for the company that provided these services.
From the media coverage, it seems as though a software engineer who used to work for Amazon Web Services discovered a vulnerability in one of Capital One's databases and exploited it. The employee (who left Amazon before this was made public), apparently was able to harvest quite a bit of data before departing the company. The latest report announced over 100 million users personal data, which can be anything from your name and address to telephone numbers; 80,000 bank account numbers, and approximately 140,000 social security numbers.
Bottom line, it's probably a good time to invest in a credit monitoring company for you and your family.
QUEST Diagnostics Data Breach
On May 31, 2019, Quest Diagnostics announced a major security breach of their system which exposed up to 11.9 Million patient records. Protected Information included Social Security Numbers, Medical and Financial Information, and other sensitive data.
Please take the time to educate yourself on safeguarding your identity. While the Columbia County School District does not endorse one Identity Protection Group over another, it would benefit you to safeguard your identity using all methods possible.
Information on the MOMO Hoax...
The Information Technology Department of the Columbia County School District takes the safety and security of our students, faculty, and staff extremely serious. In the last week, an older "hoax" virus/malware has made it's way into the media once again. The "MOMO" hoax (as it has been labeled), depicts an Avatar of a bird like figure encouraging children to either harm themselves, or perform a series of tasks with the last task being that of committing suicide.
Our district utilizes several methods, both technical and through human interaction, to keep our children away from these types of online activities. Unfortunately, technology alone cannot safeguard our children from the plethora of online threats our children face daily while online. Kaspersky Security Solutions recommends parents pay special attention to changes in a children's behavior, such as:
- Begin neglecting homework;
- Lose interest in hobbies;
- Become prone to abrupt mood swings, depressed, or aggressive;
- Stay up and online all night;
- Suddenly added or deleted many friends in social networks;
- Have suddenly deleted their account or accounts;
- Have ceased speaking to you
Please take the time to discuss what your children may experience while online. Together we can build a safer online experience for our children.
SPAM, Social Engineering, and other methods to harvest your data
Is this email SPAM?
First some interesting information regarding the origins of the word. For us who are a little "long in the tooth", we know Spam as a faux meat product from the 70's. It was often referred to as "fake meat" and therefore became synonymous with "fake message". Of course, who could forget the 70's Monty Python Movie where a bunch of actors are singing "SPAM, SPAM, SPAM, SPAM, SPAM".... For more information on the origins of this word, visit:
So what to look for? Spammers often attempt to trick you into clicking on links in an effort to obtain your userid and password. The challenge for end-users is most of us live a very hectic life and often "click" without thinking. Here are some things to look for:
1. Look to see where the email came from. Look at the sender's email address.
Does this look like it is coming from someone you know? Look at the "FROM" address, do you know anyone in Canada (that's the country code for Canada "ca"). This is the first item you should look at. WARNING: If someone you know email has been compromised, they could be sending you SPAM from that account, so don't just go by this.
2. Look at the content of the message. Does it read properly?
Most foreign SPAMMERS do not use proper english? In this case, it's pretty good; however, it just doesn't read right.
3. If you hover your mouse over the link, you will see where the embedded link is taking you.
In this email, if you were to hover your mouse over the "Upgrade Account" link, you will see that the embedded link (where the link is really set to go to) is displayed. As you can see from the example below, this link is set to take you to a place called "moonfruit.com", which is a Internet website hosting provider (gandi.com) in London, England.
4. Finally, when in doubt, don't click the link
Instincts are something we all have. If you think it's not legitimate, it most likely is not. When in doubt, send your TSS an email asking them to verify the link.
We all have a responsibility to be good Digital Citizens. Working together we can combat spammers and safeguard our students data.