The FBI came to visit us last week. No it wasn't an investigation. It was for CSI's 3rd annual Security Event. I have talked about the topic of Cyber Threats in person and on-line, but our Supervisory Special Agent had a few interesting things to say beyond the topics Bob and I have been discussing with you:
- If you have a cyber security incident whether an attempt, or phishing, or actual intrusion, or theft of financial or personally identifiable information, the FBI would like you to report the event to the Internet Crimes and Complaints Center - https://www.ic3.gov . What they said is that even if it isn't something that they would investigate directly, their analytics will aggregate similar reports and raise the visibility of the event on the FBI's radar for investigation. If enough people are complaining about the same thing, it may raise it to the level of a formal investigation.
- It was stressed that you should urge your users to use their privacy settings on their social media. You don't want the cyber criminals knowing anything about you or your users to piece together where all of you work, and other personal information to use against all of you..
- Implement multi-factor authentication on all your personal email.
- Don't click on unknown links or attachments without independent verification.
- Confirm money transfer requests.
- Never click on a link or call a phone number listed in an email to verify you are talking to real people. Find the phone number and links yourself.
- Never provide personal information after clicking on a link.
- Do not re-use passwords.
- Block similar email names to your organization that people might confuse as you.
- Block ports for devices that have been retired.
- Turn off and remove zombie servers.
- Make sure your legal agreements with your users allow you to provide access to their data if an actual law enforcement investigation is deemed necessary.
- Have security logs going back at least 1 year.
- Segment your network for finance and payroll and student records.
There's more, but those are some of the high spots. This brings up a couple of topics you may want to immediately pursue:
- Is an audit of your firewall in order to make sure that only the ports and access rules in place for valid reasons vs. something you were doing years ago? We should probably schedule to take a look.
- We have presentations for your district office and business office staff that we can do for you to raise awareness of what is going on and the steps they should take to be as safe as possible..
Let's talk what your next steps are.