Cyber Security: Growing Trends and How-To Protection

Blog_HeaderIn this day and age, technology is accelerating faster than most of us can keep up. For businesses, knowing how to not only how to utilize technology to its fullest extent, but to also protect yourself from cyber predators is a highly necessary tool to prevent attacks that compromise your system, and the loss that follows. Once a system is compromised, attackers can access and harvest data such as user credentials, and steal your data, emails, credentials, credit card information, and more. The clean-up that these issues would entail is difficult to estimate, but with responsibility and effort, it is preventable.

One of the new issues emerging now involves smart phones and tablets as a target for cyber attacks.

The latest: “New capabilities, such as Near Field Communication (NFC), will be on the rise in 2013 and will increase the opportunities for cyber criminals to exploit weaknesses. NFC allows smartphones to communicate with each other by simply touching another smart phone or being in close proximity to another smart phone with NFC capabilities or an NFC device. This technology is (also) being used for credit card purchases… Risks associated with using NFC include ‘eavesdropping’—through which the cyber criminal can intercept data transmission, such as credit card numbers—and transferring viruses or other malware from one NFC-enabled device to another.”

We want to not only be unafraid of technology threats, but embrace technology to the fullest, which is easy to do by following these Tips for 2013, from the Chief Information Security Officer, State of Texas:

•Enable encryption and password features on your smart phones and other mobile devices.

•Use strong passwords that combine upper and lower case letters, numbers, and special characters, and do not share them with anyone. Use a separate password for every account. In particular, do not use the same password for your work account on any other system.

•Disable wireless, Bluetooth, and NFC when not in use.

•Properly configure and patch operating systems, browsers, and other software programs. Do this not only on workstations and servers but mobile devices as well.

•Use and regularly update firewalls, anti-virus, and anti-spyware programs.

•Do not use your work email address as a User Name on non-work related sites or systems.

•Be cautious regarding all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know. Do not open email or related attachments from untrusted sources.

•Don’t reveal too much information about yourself online. Depending on the information you reveal, you could become the target of identity or property theft.

•Be careful who you communicate with or provide information to on social media sites. Those friends or games might be looking to steal your information.

Have you been affected by cyber attackers? Tell us your story! Krapp@rem4.net

Higher Education and Emergencies: A Few Challenges of a Diverse System and the Importance of Participation

Image

We want to not only describe methods that will improve your emergency preparedness planning operations, but also provide the leading information for best practices and applications. Recently, the Department of Education’s Readiness for Emergency Management in Schools published a Guide to Developing High Quality Emergency Operations Plans: http://rems.ed.gov/docs/REMS_IHE_Guide_508.pdf. Here, we will explore the benefits of integrating participation in the first steps to creating an Emergency Operations Plan.

Higher Education Institutions produce complex systems of diverse people and locations within a given campus or inner-city campus that therefore provides a challenge to emergency management. What is the best way for higher education institutions to manage all four phases of emergencies and ensure safety?

  1. Colleges occupy multiple buildings over a sizeable geographic area
  2. Working with complex enterprises such as administrative and classroom buildings, residences, hospitals, research and development facilities, sports arenas, and more
  3. Are occupied by differing amounts of diverse people who physically migrate throughout different buildings over the course of the day (faculty, staff, students, tour groups, etc.)
  4. Building materials and infrastructure within a building is most likely different for each structure on campus
  5. Multi-purpose facilities: i.e. Laboratories house sensitive chemical materials in research facilities that may also share classroom and administrative space
  6. Governance is often decentralized and operated individually within each department
  7. Events may bring in an additional tens of thousands more people for a few hours at a time, multiple times per month

These multi-variable complex situations automatically increase an institution’s vulnerability to risks because it makes evaluating risk an all-the-more difficult task to perform when the patterns of use and systems change depending on the semester. Yet these don’t have to be insurmountable and each unit within the institution must be tasked with evaluating its own independent risks and hazards. The importance of creating an Emergency Operating Plan (EOP) must be mandated from the top of the institution and implemented campus-wide in order to adequately reach the total population. Many schools are beginning to require departmental audits for completion of emergency planning, drills and exercises, and consistent crisis team meetings. Huzzah!

In order to create the EOP based on these complex risks and hazards, participation should be utilized to produce a representative sample of the population who would be affected in an emergency.  First, you should know the college’s overall demographics, keeping in mind groups including restricted mobility and mentally challenged persons. Students, parents, staff and faculty should all be represented on the team, “as well as those from diverse racial, ethnic, linguistic, and religious backgrounds, including international student populations, so that specific concerns will be included from the early stages of planning,” (p. 7).

Image

How do you to recruit volunteers for a planning team that addresses concerns and needs for their population? You can advertise for volunteers, describe the importance of school security, and make announcements about upcoming meetings. Have first responders and local emergency managers present to encourage discussion about the risks and hazards, incident command systems, protocol and safety.

Emergency 101 Tip: Hold meetings regularly and start by creating goals for each area extracted from guided discussion within the group. These select people are informing your crisis team. The crisis team is who will set up your incident command system and serve as the contacts for the EOP, and should be paid staff. The participatory group should serve as your Checks and Balances feedback agents. They will make sure that the systems implemented are covering each base at every level, and should review all EOP documents.