Category Archives: spam

Cyberbullying – Monitoring Children’s Social Media Usage Is Important, but So Is Allowing Their Mistakes

AscentiveCyber safety tips from the Ascentive team

Facebook has provided millions of people worldwide with an unmatched outlet for sharing information about their lives. Through the social network giant, establishing community with old friends and new has never been easier.

But Facebook also presents an assortment of issues — especially for parents, according to a Kansas State University parenting expert.

 

Chuck Smith, professor of emeritus of family studies and human services at the university’s College of Human Ecology, says increased usage of Facebook by children has sparked questions of how to prevent cyberbullying and protect their personal privacy. Simultaneously, some parents have been forced to consider how much information they should share about their children on Facebook.

 

But despite the risks, Smith says using Facebook is worthwhile for children if parents remain aware.

“Facebook is a tool that could be used for good or bad,” Smith said. “It’s up to parents to help their children understand how to use it well and be vigilant about misuse.”

 

Online bullying is Smith’s primary concern among young Facebook users. Preventing online bullying should involve parents retaining essential control of a child’s Facebook account, he said. This allows parents to read all posts and ensure the highest levels of security settings are in place. Appropriate security settings are beneficial in a variety of contexts, including Smith’s other primary concern with young Facebook users: online predators.

To counteract possible negative influences, Smith advises parents of children under 16 years old to have the family use the computer in a common area — something that may not sit well with some children.

“The impact on relationships could be with children regarding parents as too intrusive in their personal lives,” Smith said. “Though as long as the children are living in the home, parents have every right to be vigilant.

“For parents, vigilance changes with the child’s age, but you still have to be responsible.”

Parents should instruct their children on responsible sharing of information early, but parents also should allow a reasonable amount of freedom for children to make their own mistakes, Smith said. Failure to allow a meaningful amount of freedom could be detrimental to the parental-child relationship.

“The younger generation is very much an online generation,” Smith said. “We have to be realistic and teach them about the danger and responsibility of posting online and considering what they might say and how they might react. Parents who are overly restrictive might lose their opportunity.

Standards of responsibility also exist for parental social media usage — especially when it concerns their children. Smith advises parents consider their own security settings before sharing certain information about their children. The same principle applies for any sort of related information, including when the family will be on vacation.

“You have to be aware of who you have given permission to view the page,” Smith said.

Photo Credit

Advertisements

NQ Mobile and NCSA Consumer Survey Shows That Many Parents Lack Awareness of Cyber Bully Threats

AscentiveCyberbullying news from the Ascentive team

NQ Mobile Inc., a leading provider of consumer-centric mobile security and productivity applications, and the National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens, today released findings from a recent consumer survey(1) that shed light on how parents think and act in order to protect the mobile privacy and security of their children.

The newly released findings show that a majority of parents have not talked to their children about protecting their privacy when using a mobile phone (56%), or talked to their children about security measures for their phones (63%).

The survey also found that while the majority of parents (71%) are aware of parental controls that can help protect their kids by monitoring usage, establishing time limits and blocking websites, apps, GPS location, and access to personal data, 60% have never used them. Of those surveyed, moms were more comfortable and more likely to have actually used parental controls.

“Too few parents are talking with their children about malware, hacking and other threats to mobile security and privacy,” said NQ Mobile co-Chief Executive Officer Omar Khan. “That is no surprise, when many adults don’t feel they know enough to protect themselves. Talking to your kids about how to protect the personal information on their phones, however, is every bit as necessary as having ‘The Talk’ about ‘the birds and the bees.’ Smartphones can provide a young person with independence and information. Used carelessly, they can also provide hackers, bullies and thieves with access to your child’s personal information, expose them to theft, and even track their location. Parents need to learn more about threats like this, and the very real steps they can take to protect their whole family.”

Parents whose kids own smartphones tend to be less aware of security threats and mobile security solutions that combat those threats than parents whose kids don’t own smartphones. This surprising result may suggest that parents who are highly aware of mobile threats are so concerned they decide not to give their children phones at all.

Overall, parents who are more aware of and concerned about security threats and privacy issues are more willing to talk to their children about them.

“As smartphone use increases, more and more parents are going to be buying mobile devices for their children at earlier ages, and we want to make sure they are armed with enough information to make safe, sensible decisions,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “A young person who is responsible enough to own a smartphone, can also take responsibility for protecting their phone and the information on it. Some security measures are simple and straightforward: create strong passwords and don’t share them with friends or anyone but your parents, exercise caution in sharing personal information online, don’t lose or misplace your phone. We always encourage digital citizens — especially young ones — to take an active role in learning safe practices and behaviors, and follow three simple steps: STOP. THINK. CONNECT.”

Photo Credit


US Dept of Homeland Security Nation Cyber Security Division & Idaho National Laboratory Win National Cybersecurity Innovation Award

AscentiveCyber Security News from the Ascentive Team

The SANS Institute announced today that Department of Homeland Security National Cyber Security Division and Idaho National Laboratory have won the 2011 U.S. National Cybersecurity Innovation Award for building Cybersecurity skills needed to defend the power grid and other control systems.

The Controls Systems Security Program (CSSP) at the Department of Homeland Security and Idaho National Laboratory have created a series of training programs for managerial and technical people in the industries using control systems (power, oil and gas, electrical, water, and several others) that are packed with up-to-date information on cyber threats and mitigations for vulnerabilities.

The goal is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber-attack against critical infrastructure control systems through risk-mitigation activities.

One innovative course provides intensive hands-on training on protecting and securing industrial control systems from cyber-attacks, including a Red Team/Blue Team exercise that is conducted within an actual control systems environment.  This training has been transformational for technologists and managers who previously underappreciated the power of cyber-attacks or the ease at which they can be executed.

The Department of Energy – Office of Electricity Delivery and Energy Reliability has partnered with DHS to provide the Red Team/Blue Team training specifically to the energy sector asset owners and create lessons learned from the energy sector.

U.S. Department of Homeland Security and Idaho National Laboratory wins the 2011 National Cybersecurity Innovation Award for developing a long-term, common vision where effective risk management of control systems secturity can be realized through successful coordination efforts.

The National Cybersecurity Innovation Awards recognize developments undertaken by companies and government agencies who have developed and deployed innovative processes or technologies which are innovative in that it has not been deployed effectively before, can show a significant impact on reducing cyber risk, can be scaled quickly to serve large numbers of people, and should be adopted quickly by many other organizations. Nominations included most senior government officials involved with Cybersecurity as well as those from major Cybersecurity Information Sharing and Analysis Centers (ISACs).  Corporations and individuals, including SANS instructors also nominated innovations and each nomination was tested by the SANS Institute research department. More than 50 nominations were received and 14 were selected.

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and by far the largest source for information security training and security certification in the world.  In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet’s early warning system – the Internet Storm Center.  At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

Photo Credit


New Survey Shows Gap Between Americans’ Online Security Perceptions and Actual Practices

AscentiveInternet Safety News from the Ascentive team

More than nine in ten Americans (92%) believe that a safe and secure Internet is crucial to our nation’s economic security and 81% of Americans want to learn more about being safe and secure online, but there still exists a visible disconnect between Americans’ perceptions of their online safety practices versus the reality of their actual safety practices. These insights were revealed in the 2011 National Cyber Security Alliance (NCSA)-McAfee Online Safety Study, released today by the NCSA and McAfee.

While the study found progress in a number of areas regarding online safety awareness, perception versus reality gaps continue to exist in critical areas:

70% of Americans say that they represent their child/children’s primary source of information for online safety, yet 48% of parents are not completely confident that their children can use the Internet safely.

32% of consumers either back up data only once a year—or never (20%).

15% of Americans have never checked their social networking privacy and security account settings.

According to the survey, only 7% of U.S. parents are worried about cyberbullying even though 33% of teenagers have been victims of cyberbullying, according to the Pew Internet and American Life Survey.

“This new study shows that vast majorities of Americans believe that cyber security is important for our personal safety and our nation’s economic security,” said NCSA Executive Director Michael Kaiser. “Yet this survey also shows that we can do a better job of protecting ourselves and those around us and really focus on the notion that a safe and secure Internet and digital experience represents a shared responsibility.”

“As our digital usage grows exponentially each year with a multitude of different devices connected to the Internet, cyber threats have grown more sophisticated and widespread than ever before,” said Todd Gebhart, co-president, McAfee. “This new survey demonstrates the fundamental importance of better online safety and security awareness for ourselves, our communities, our schools and our businesses.  Consumers need to think beyond just PCs, and also protect their web experiences, their data, and very importantly, their children on all the devices they use.”

Key Findings:


Security Perceptions

Less than half of the population (46%) reports that they feel safe from viruses, malware and hackers while on the Internet.

When it comes to the issue most Americans are concerned about regarding online safety and security, 43% of respondents reported they were most worried about identity theft; 13% were concerned with loss of privacy; and 12% reported their biggest concern was someone monitoring or recording their online activity.

When asked how people would like to learn about staying safe online, 37% of Americans are willing to receive regular information from an organization about safety best practices; 15% are willing to educate others; 13% would attend an in-person education session; 20% are not willing to do any of these and 15% are not sure.

Crime and Law Enforcement

When asked what puts Americans most at risk of a cybercrime or a loss of personal information the largest number of respondents, one-third (33%) said they believe connecting to an unsecured wireless network puts them most at risk yet more than half (53%) of Americans said they have logged onto a wireless network without entering a security password.

One in 5 (18%) Americans have been the victim of a cybercrime and 38% know someone who has been victimized, and 65% of all respondents do not think their local police department is equipped to handle reports and investigate Internet crimes.

Of the 17% who were victims of cybercrime but did not report them, 34% were either unsure what exactly happened or were not sure who to report it to.

More than half (53%) of Americans indicated they have received fake anti-virus warnings but 87% said they did not believe the warning was legitimate. From 2008 to 2010, fake anti-virus scams have grown by 600% and are estimated to victimize one million Internet users per day, according to McAfee research.

Safe Computing Practices

54% of Americans don’t back up their data regularly; with 21% backing up just monthly; 12% backing up only once a year and 20% of consumers never backing up.

21% say they don’t think it’s necessary to change account passwords regularly even though experts believe this is a basic online safety practice.  More than a million password-stealing malware samples were discovered from January 2011 –June 2011, according to McAfee Labs.

25% say they never change their passwords unless prompted.

Social Networks

26% say they are sharing more information on social networks today than one year ago.

Nearly half (47%) of Americans are confident in their ability to use privacy and security account settings in their social networks, but another 47% are only somewhat confident with 24% saying they are not confident at all.

15% of respondents have never checked their social networking privacy and security account settings and only 18% said the last time they checked their settings was in the last year.

Meanwhile, one out of ten (11%) Americans reported that their social network has been hacked in the last year, while 81% did not.

Children and Online Safety

70% of Americans say that they represent their child/children’s primary source of information for online safety, yet 48% of parents are not completely confident that their children can use the Internet safely.

According to the survey, parents worry most about contact with strangers (38%) online, 7% worried about bullying and harassment and 9% were worried about identity theft even though 140,000 minors are the victims of ID fraud each year according to ID Analytics.

The concern that ranked second according to parents was exposure to adult content yet 44% of parents admit they have not discussed Internet pornography with their children and 44% don’t have content-filtering software on their computers.

48% of the parents surveyed say they know their child/children have seen pornography online and of the parents who aren’t sure if their kids have seen adult content, 68% think it unlikely that they have.

Of those parents who don’t have content-filtering software, 34% say they trust their kids.

Workplace Cyber Security Practices

The survey also polled a sub-sample of Americans cyber security practices and attitudes in their workplace.  The survey found that a majority say their employer has a formal work Internet usage policy (59%) while 26% do not.

But respondents are split as to whether or not they have had training on keeping their work computers safe and secure (43% to 43%).

Seven in ten (69%) say that a safe and secure Internet is dependent to their job, 45% of which say it is very dependent. Six in ten (61%) say that losing Internet access at their job for 48 consecutive hours during a regular business week would be disruptive, 43% say it would be extremely disruptive.

A 2011 NCSA/Symantec study of small businesses finds that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations, two fifths of which (38%) would characterize it as very dependent.  Two thirds (67%) of small business owners describe their businesses as more dependent on the Internet than it was 12 months ago.

Age Disparities

Respondents ages 18-54 feel that individual users are most responsible for keeping the Internet safe and secure, whereas users 55 and older believe that it is the Internet service provider who is most responsible.

As the age of the user increases, so does their concern over identity theft, with 40% of 18-29 year olds, 39% of 30-49 year olds, 47% of 50-64 year olds, and 50% of those 65+ citing this as their largest concern.

As respondents’ age increases, a smaller percentage feels safe using smartphones with 23% of 18-29 year olds, 11% of 30-49 year olds, and 2.5% of 50-64 year olds feeling safe accessing the Internet using their smartphones.

Gender Attitudes Towards Cyber Security

If a computer were infected by a virus or malware, and the user was provided step-by-step instructions to fix it, only 31% of females feel very confident in fixing the computer on their own versus 53% of males who feel very confident about pursuing this task.

Nearly one in every five males (or 19%) backup their data and digital information on a daily basis while a less amount of females – only 12% – do so each day.

Thirty-eight percent of females have undergone training to keep their computer safe and secure at work, while 48% of males received training about safe and secure cyber security practices in the workplace.

Photo Credit


Anti-Bullying Curriculum presented at NJEA Convention

AscentiveInternet safety news from the Ascentive team

Each day as many as 160,000 U.S. children miss school because of bullying. Students in the Know Foundation, a non-profit group, has launched the Bullying Academy (www.bullyingacademy.org) a web-based interactive program designed to help 4th-8th grade students recognize the dangers associated with bullying and cyber-bullying. The Bullying Academy is already being used successfully in scores of schools throughout New Jersey and across the country and is quickly becoming the leading online educational source for schools to teach kids about bullying and cyber bullying.

Tens of thousands of NJEA (New Jersey Education Association) members from across the state are expected to attend the 157th annual NJEA Convention November 10-11, 2011 in Atlantic City. Recognized as the largest educational gathering of its kind anywhere in the world, the NJEA Convention draws teachers and educational support professionals who participate in over 300 seminars, workshops, and programs. Program founder Tommy Walser and his staff will be available throughout the convention at the Bullying Academy booth 1907.

According to Mr. Walser, “Cyber cruelty is rapidly increasing in volume and complexity because teens are never taught how to act responsibly and appropriately while communicating online or via other electronic devices,” who is also the executive director of Students in the Know. “The Bullying Academy is a simple and free solution to a pressing dilemma: How to teach students that bullying should not be tolerated as merely part of growing up, and that all students have the right to a safe learning environment.”

According to American Justice Department statistics, school bullying statistics and cyber-bullying studies show that on any given month 1 out of every 4 kids are abused by another youth. Thirty-five percent of students report hate-related words being used against them. Bullying has become epidemic as observed in the media through alarming cases of violence and desperation that, in extreme cases, have led to deaths.

“As technology continues to leap ahead schools are falling behind,” adds Walser. “Many school curriculums don’t address bullying prevention, especially cyber-bullying, one of the most common forms of abuse that involves instant messaging and text messaging. Both can occur at any time during the day and are often suffered in silence.”

http://www.bullyingacademy.org requires no additional software or extensive training for teachers. Schools simply register with the program’s website and students immediately have the curriculum available to them. It can be implemented during any class period or extracurricular activity.

Students learn:

Characteristics and risk factors common to bullies

What bullies look for in victims

How to recognize the short- and long-term effects of bullying on victims and bullies

How to properly respond and report bullying

How to avoid violence while standing up for each other

All materials are grade appropriate. A pre- and post-quiz component measures how much students learn after completing the program. Students receive a certificate/diploma which varies depending on their score, and are provided with data reports of how well they performed in certain categories of questioning such as recognizing consequences of bullying or developing effective communication.

Picture Credit


National Cyber Security Alliance Announces New Agreement to Promote Cyber Security Education Programs Nationwide

AscentiveInternet Safety information from the Ascentive team

The National Cyber Security Alliance (NCSA) – a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens – has announced that on behalf of the National Cybersecurity Education Council (NCEC) it has signed a memorandum of understanding (MOU) with the U.S. Department of Education (ED) and the National Institute of Standards and Technology (NIST) to formally institute and promote cyber security education programs in K-12 schools, higher education, and career and technical education environments nationwide.

The new agreement paves the way for the continuation of the recently established public private partnership known as the National Cybersecurity Education Council to build a consensus on the future of cyber education in the United States. The multi-stakeholder effort will bring together government, industry, nonprofit, academia and other educational organizations to make recommendations and suggest guidelines on cyber education.  The collaboration will also include all parties participating in a working group to identify the cyber education needs of all young people and the foundational knowledge, skills and competencies needed by government and industry to build a workforce that can protect America’s vital digital assets.

The MOU’s partnership supports many of the educational efforts responding to President Obama’s 2009 Cyberspace Policy Review, which called for the nation to “build an education system that will enhance understanding of cyber security and allow the United States to retain and expand upon its scientific, engineering, and market leadership in information technology.” Toward this end, in the spring of 2010, the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce led a team involving many departments and agencies across the government in launching the National Initiative for Cybersecurity Education (NICE). The goal of NICE is to establish an operational, sustainable and continually improving cyber security education program for the nation to use sound cyber practices that will enhance the nation’s security. NICE includes four focus areas, or tracks:  cyber security awareness, formal cyber security education, cyber security workforce structure, and cyber security workforce training and professional development. The public/private partnership, which the MOU fosters, will advance efforts of the formal education track, particularly responding to the needs identified in the Cyberspace Policy Review for a K-12 cyber security education program for digital safety, ethics, and security and for expanded university curricula.

NCEC members are also cognizant of the inherent demand for improved cyber security education in bolstering America’s future workforce.

Today, the U.S. faces a deficit in the number of cyber security professionals in our country, and predictions of our future needs are worrisome. Estimates from a recent study by (ISC)2 and Frost and Sullivan reveal a need of more than 700,000 new information security professionals in the Americas by 2015. What’s more, the U.S. Bureau of Labor Statistics estimate that there will be 295,000 new IT jobs created in the U.S. between 2008 and 2018 – many of which will require cyber security expertise. This data points out a great responsibility within the U.S. education system and other industry groups to help produce cyber capable citizens.

“Our children live in an interconnected technology-based world with a growing need for digital skill sets,” said U.S. Secretary of Education Arne Duncan. “An education that incorporates tools to understand, navigate and operate technology will encourage students to exercise awareness when using digital platforms while helping better prepare them for the jobs of the future.”

“This important MOU will add another dimension to the public/private partnership that is key to cyber security awareness and formal cyber education,” said Special Assistant to the President and Cybersecurity Coordinator, Howard Schmidt.  “Through the partnership, we will continue to increase public awareness of safe cyber behavior, as well as expanding the availability of the cyber education so vital to the future of our workforce.”

“Our future depends on a digital citizenry that can use the Internet safely, securely, ethically and productively,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “Today, the United States faces a daunting challenge. We need to build a cyber security ready workforce trained to deal with a constantly changing digital infrastructure that is protected against a broad range of cyber threats. This broad effort is critical because cyber security and digital safety touches everyone.”

“With cyber threats on the rise, career opportunities in cyber security will continue to grow and students need to have the access to the necessary foundational STEM education and other prerequisites needed to pursue them,” said NICE National Lead, Dr.Ernest McDuffie. “Higher education and technical training must lead to skills and competencies that meet the hiring requirements of government and industry to fill the growing need for cyber security professionals. This working group will help pave the way to achieving this goal.”

“We are proud to convene and lead this new nationwide effort to help make cyber security education widely available and accessible,” said John Havermann, of EMC Corporation and president of the NCSA Board of Directors. “There is no organization or government agency that can tackle this problem alone. It’s going to take a diverse partnership between government, industry, academia and others to work together to develop shared priorities and a path forward.”

Cyber education is also critical to our nation’s economic growth as evidenced by a recent survey, conducted by Zogby International for NCSA and Symantec, of U.S. small business owners that shows a high portion of businesses need employees with cyber security skills. When employers were asked to rate skills necessary for new hires, U.S. small businesses report the following skills are very relevant or essential:

Understanding privacy (51%);

Importance of protecting intellectual property (49%);

Basic knowledge of using technology ethically (47%);

Basic knowledge of Internet security practices (passwords, identifying secure websites) (44%).

In addition, NCSA and Microsoft recently conducted research on the state of cyber security education and the results make clear better cyber education is needed in America’s K-12 classrooms.

 

More than one-third of U.S. K-12 teachers (36%) received zero hours of professional development training by their school districts in issues related to online safety, security and ethics in the past year. (86% received less than six hours of related training).

Only 51% of teachers agree their school districts do an adequate job of preparing students for online safety, security and ethics.

Few K-12 educators are teaching topics that would prepare students to be cyber-capable employees or cyber security-aware college students. In the past year, a mere 4% taught about careers in cyber security; 20% taught about knowing when it is safe to download files; 23% taught about using strong passwords; and just 7% taught about the role of the Internet in the U.S. economy.

 

Photo Credit


Cyberattacks on the Rise

AscentiveCybersecurity information from the Ascentive team

New cybercrime statistics published by HP reveal that the cost of cyber attacks has risen more than 50%* since last year, and IT security expert Stu Sjouwerman cautions that number is likely to grow. As the founder and CEO of Internet Security Awareness Training (ISAT) firm KnowBe4, Sjouwerman (pronounced “shower-man”) has made it his mission to learn the increasingly sophisticated tactics used by the latest generation of cybercriminals – and to educate small and medium enterprises (SMEs) on how to recognize and avoid them.

According to the Second Annual Cost of Cyber Crime Study, which was sponsored by ArcSight (an HP company) and conducted by the Ponemon Institute, survey respondents reported losses between $1.5 million and $36.5 million per year due to cyber attacks. Collectively, their median annualized cost was $5.9 million – a 56% increase over the $3.8 million figure reported in the July 2010 study. Other key findings announced by HP: the frequency of cyber attacks has increased nearly 45%, and the time and cost to resolve them has risen. The study’s findings indicate that a single attack now takes an average of 18 days and $416,000 to correct.

As many executives and entrepreneurs have learned the hard way, today’s cybercriminals are stepping up their efforts with stealthy tactics and sophisticated technology. This latest study shows that cyber attacks and their related costs are rapidly growing, so business need to be proactive in combating cybercrime if they want to avoid financial loss,” cautioned Sjouwerman.

To educate SMEs on the evolution of cybercrime – and help them better understand what they’re up against today – KnowBe4 provides an overview of the “Five Generations of Cybercrime” on its website. “While the first generation of hackers were more interested in notoriety than financial gain, today’s cybercriminals – Generation Five – are more likely to be operating within organized crime syndicates and profiting handsomely from their schemes,” Sjouwerman explained. “Coding skills are no longer required. Tools and malware are readily available through a thriving underground market, so even a relative novice could quickly get in on the action.”

Among the alarming developments Sjouwerman and his KnowBe4 colleagues are seeing today are:

  • · Licensed malware complete with technical support
  • · Cybercrime social networks with escrow services
  • · “Pay-for-play” malware infection services
  • · Botnet rentals for cybercrime sprees

Sjouwerman believes that the reason so many companies are falling victim to cybercrime is because they’re not taking proactive measures to prevent it. He attributes the growth of the criminal enterprise to a false sense of security among executives at SMEs and a lack of training among their employees. “Many people assume antivirus software and an IT team are sufficient protection against cyber attacks. But the fact is that cybercriminals can bypass corporate security measures simply by tricking one employee into clicking a link. With one click, malware can be instantly downloaded to a computer and quickly spread across an entire network. And in most cases, the employee is completely unaware he or she has just given cybercriminals open access to company systems.”

Photo Credit