View the Security Awareness Compendium for Identity Theft Awareness Week on topics such as protecting digital lives, rethinking passwords, research on the cybercrime email infrastructure, and a business email compromise (BEC) investigation resource you NEED to have at your fingertips!
- This week is Identity Theft Awareness Week. The FTC has several resources to help protect against identity theft. This is a great resource to pass along to staff, family, and friends – along with some of these other selections.
- Just in case you think these selections won’t resonate with others, take a look at this post on how to motivate employees to take cybersecurity seriously. You may be doing all the right things, but chances are many of us could do somethings a little better.
- Protecting our digital lives goes a long way to protecting against identity theft. Many people still do not realize that what we do and share online can be used against us in a variety of ways. This post offers reminders on the most basic steps everyone can take to protect ourselves. This is another good post to pass along for awareness reminders. Read more at HelpNetSecurity.
- If you ever get tired of the "create strong passwords" speech, this is a great password hygiene post to provide as reminders to staff. The one downside of this post is a mention of a "time to crack" graphic, which isn't actually included. Time to crack statistics are so valuable when explaining why one password is better/stronger than another, even when adding just two characters. Read more at Security Intelligence.
- Given that phishing is king of social engineering based attacks and phishing (and social engineering) also leads to identity theft, this research from Microsoft is a valuable resource for anyone in charge of defending their organization from phishing. With Emotet out of commission, hopefully this cybercrime email infrastructure shrinks for the foreseeable future. This post includes indicators of compromise to use to detect relevant activity, but is an interesting overview to also share with anyone who may not believe how persistent email threats (still) are and why. Read more at Microsoft.
- Some of the best business email compromise (BEC) investigators in the world are applauding this work by PwC. It is a great resource for forensic investigators, or anyone else who responds to BEC attempts. In addition, everyone loves a checklist, and this resource from PwC fits the bill. This is a MUST see guide, along with a cheat sheet! The resources were originally posted on GitHub, but are also attached here for your convenience.