Farmers and Cybersecurity

Cyber attacks are in the news everyday, and it only seems to get worse.

Attacks like botnets, malware, ransomware, phishing, and sniffing are against pipelines, hospitals, water plants. Now, there are attacks against meat processors and cooperatives.

Security experts advise several mitigation tactics, while spraying information everywhere. All of the hype and waves of endless information tend to confuse—and overwhelm—people about what is safe and what they should do to protect themselves.

A farmer is likely sitting in rural America wondering what cybersecurity has to do with them and what—if anything—they can do to protect themselves.

So, where do we go from here? Read more: https://www.extension.iastate.edu/smallfarms/farmers-and-cybersecurity

🎼 “It’s the Least Secure Time of the Year!”

With the holiday season quickly approaching, it’s important to keep cybersecurity and safety at the forefront of our minds while checking off our holiday shopping lists.

Based on a Statista study, it’s estimated that 230.5 million Americans shop online, making online shopping a large opportunity for cyber attackers to gain your information or make other false promises.

So, while you shop this holiday season, keep these things in mind.

In-store shopping is generally more secure than online shopping

Paying with your credit card’s chip or tapping your credit card to pay is more secure than swiping your credit card. The chip on a debit or credit card encrypts the transaction traffic, making the transaction information unidentifiable to attackers.

Additionally, if you pay for your merchandise using your smartphone’s wireless payment method, make sure that your phone is secured with a passcode, password, or facial recognition. This ensures that if someone steals your smartphone, they are unable to access your wireless payment method.

Beware scams

Scams, too-good-to-be-true offers, knockoff products and cheap goods are rapidly becoming popular. The goals of these scams are to make money off of buyers’ naivety. A common example of one of these scams is with high-end cosmetics products. An unsafe website will claim they sell a high-end cosmetic product for extremely low prices, but in reality, the product they sell is a knock off—oftentimes with harmful ingredients. It is important to buy products from trusted realtors and sellers.

Be careful who you give your card information to

Do you know what companies do with your card information after you make your purchase? It’s assumed that retailers only use card information for the intended purchase, but scammers may use customers’ information for other purposes—access to bank accounts or other purchases. This is another reason to shop from trusted retailers and sellers.

Another tip is to use a low-value credit card for online purchases, rather than a debit card. Credit cards are not linked to your bank account like debit cards are, so using a credit card for online purchases will prevent potential thieves from accessing your bank information. Also, think twice about storing your credit card on the shopping website. If you do, make sure you use strong passwords to protect your account.

Remain cautious on unfamiliar websites

You can’t be too safe on a website you haven’t visited before, especially if you intend to make a purchase. Look for the padlock or the word “secure” in the upper left corner of your browser window. The padlock or the word “secure” means that any information sent between your browser and the website is secure and cannot be read by someone else. You can also use a link checker like this one to see if a website contains unsafe content.

With the rapid increase in online shopping, there are several cyber threats like scams, knock off products and unauthorized card use. Keeping these things in mind can ensure a safe shopping experience and holiday season.

Key takeaways

  • Buy from trusted retailers and sellers
  • Use a credit card for online purchases
  • Shopping in-store is generally more secure than online shopping
  • Monitor your bank statements and transaction history
  • If it looks too true to be good, think twice before buying

Greater Des Moines Partnership: Careers in Tech and IT in 2021

Career Launch DSM: IT/Tech, hosted by the Greater Des Moines Partnership and powered by Tallo, will kick off a new career exploration series. On Thursday, Oct. 14, the Greater Des Moines Partnership and Tallo hosted an education pathway panel covering IT degree options and company spotlights, to showcase Iowa’s in-demand tech opportunities and share how you can build a career in these exciting IT and tech fields.

Full event recording: https://www.youtube.com/watch?v=v-ztZ43BppE

New Cybersecurity Educational Pathways in Iowa

Iowa State University (ISU) partnered with Des Moines Area Community College (DMACC) and The Iowa Cyber Hub to review educational pathways into cybersecurity. The organizations hosted a workshop in June, inviting businesses and educators across the state. The purpose of the workshop was to determine if there is a gap between cybersecurity needs and those who know of basic or advanced cybersecurity concepts. To begin the process of creating these new pathways, the three organizations surveyed several educational institutions and businesses around the state of Iowa to see what types of cybersecurity experts each group needed or produced.

Read and download the full report: https://iastate.box.com/s/pzwb7hb8a4brvefoug0l52bjqdtofcgo

Back-To-School Season is a Great Time to Think About Security

As school starts, there is an increase in the number of attacks that target students, teachers and staff. Attackers use basic knowledge of how several schools function, to help trick users into downloading malware, providing login information, or providing personal and financial information. Many of these attacks are through email and phone.

For example, at Iowa State, there has been an increase in the number of phishing emails that refer to the most popular classroom management tool. Faculty use this tool to post notes and assignments, and students use it to take quizzes and submit homework. The phishing emails often mention urgently needing access the system, or students’ work will be lost. A goal of phishing emails is to steal a username and password, so the emails will include a link to a site that keeps record of usernames and passwords as they are entered. Another example could say that a person’s school email account is close to full, and the user needs to login and fix it. They will, again, provide a false link that steals your username and password.

What to do if you receive a phishing email

The best thing to do is to just delete the email. However, if there is reason to believe the email is not a phishing email, never click on the link. Instead, go directly to the site and login.

Attackers use timely information as opportunities to steal information

Emails regarding financial aid are often sent this time of year, so attackers use this as another opportunity to getting your social security number or other highly sensitive information. Another set of emails that come out this time of year focus on financial aid like FAFSA, or student loans. Again, never click on the link. Go directly to the website of your financial aid and see if there are any issues.

College students may start receiving many phishing emails about their bank account having problems, and, again, include a link in the email. It is not hard for an attacker to know what banks are close to schools, so they will pretend to be those specific banks. The same situation happens with credit cards, where attackers pretend to be the credit card company, saying that there is a problem with a person’s account.

Do not share passwords—even with those you may trust

Another issue is that people will still share their password with people—even those they trust. Students may enter a relationship and share their passwords with their significant other, only to have the relationship end and one the two people use that information to get back at the other. A good rule of thumb is that if you change your Facebook relationship status, change your password.

If you have students in college, educators should talk to them about these issues. These attacks are especially effective on college freshmen, who are just trying to figure out how to live on their own. It is sometimes hard to get students to be suspicious of emails and to teach them how to decide what is malicious. Educating our students about these issues saves us and them the headaches that would come if falling for a phishing email.

Do you know who has your data? Do you know what they’ll do with it?

By Dr. Doug Jacobson

There is a new cybersecurity event nearly every day. Terms like ransomware, data breach, and threat actors become common to hear, leaving more people wondering what they can do to avoid them.

There is a lot of advice on keeping data in your possession safe, but what about the data you have entrusted to someone else? How can you protect that data, and what happens when they lose your data?

An attacker’s goal is to make money, and your data has value. Attackers target companies that possess customer data, because if they are successful, they can get thousands—if not millions—of records, which increases their potential payout. To acquire customer data, attackers steal it, which is referred to as a data breach. Additionally, attackers can hold customer data for ransom. This event is referred to ransomware—where attackers threaten companies that if they do not pay the ransom, attackers will not return the customer data and, perhaps, sell it to someone else.

So how can we make sure that the data we provide to companies is still safe? Well, we rely heavily on the company to keep our information safe, but we still have some control over where and how we share our data. Here, we will introduce common types of data, how their loss affects us, and how we can prepare for the possible loss of data by a third party you entrusted with your data.

Three Types of Data                                                                                    

Think of the information you have provided to third parties—passwords, credit card information, and personal information. To boil it down, data categorizes into three types:

  1. Money
  2. Data that unlocks something
  3. Data that represents you

Money

Data that can convert into money is the easiest threat to understand. Credit card numbers and banking information pose great risks if not handled with care.

Credit card companies limit monetary loss; however, it takes time, stress, and effort to change your credit card information that has been used for automatic payments. Plus, if forgotten to be updated, late fees and penalties can arise. Attackers that acquire bank account information can drain money from the account, and financial institutions may not cover the loss.

While there is no way to stop an attacker from using your credit card information if stolen, you can make it easier to recover.

  1. Use a dedicated credit card for online purchases and automatic payments. It is easier to identify any misuse when checking your statements, and you can set the limit on the card to a lower value to limit the damage.
  2. Use a third-party payment system. Third-party payment systems, like PayPal, reduce the number of websites that have your credit card number. Instead of typing your credit card number on each website, websites can use whatever credit card is tied to the third-party payment system.

Data That Unlocks Something

This data type provides access to other data. Examples of this data type are usernames and passwords. They are meant to protect access to other valuable data. Attackers often steal files containing usernames and passwords. While this file contains an encrypted version of your password, attackers can still figure out simple passwords. Then, they will either sell the username and password, or they will use it themselves on another website. The loss of usernames and passwords can lead to the loss of other data or information.

Luckily, it is easy to make it strengthen passwords.

  1. Use long and complex passwords. They are difficult for an attacker to guess or figure out, even with a stolen password file.
  2. Do not reuse passwords. Unique passwords limit attackers’ access if they happen to get a password. In other words, a Facebook password may not be the same password to the same user’s online bank account, which means the attacker would not have the correct password for another website. Fortunately, there are safe password-keeping programs—LastPass, 1Password, or Bitwarden—to help remember our passwords.

Data That Represents You

Data that identifies you is often called personally identifiable information (PII). Attackers use this data to convince others that they are you. The loss of this data can lead to identity theft, false accounts, loans, or anything that requires this highly sensitive information. PII comes in two categories:

  1. Private, unique identifiers—social security numbers, medical records, etc. These records are the best ways for attackers to create a fake identity.
  2. Shared, unique identifiers—contact information, social media, etc. Attackers use this information to create fake messages such as phishing emails.

The most effective way to avoid the loss of this information is to not give it out. There are instances in life where you will need to provide this information but be aware of where and who you give it to. Make sure that you only provide this information to companies that you trust and not to those you do not know.

The loss of any type of data can be substantial, but it is easy and worth it to take precaution and do what we can to keep any of our information safe—whether it is in our possession or in others’ possession. If it is your information, it is still possible to avoid and mitigate issues.

Be Proactive

Here are common things that everyone should do to minimize the effect of data loss.

  1. Use Multifactor Authentication (MFA). Enabling MFA on websites that have highly-sensitive information—such as your banking information—makes it nearly impossible for attackers to access your account. Attackers would need your cell phone or email account information in addition to the correct username and password to the site. Check with each website that has your sensitive information—such as your banks, credit cards, loans—to see if they support MFA.
  2. Set up credit monitoring. Check your credit and set up credit monitoring. Credit monitoring will alert when someone is trying to use your identity—like your social security number—or when new credit cards are establishing in your name.
  3. Consider freezing your credit. If you implement a credit freeze, your social security number cannot be used to open new lines of credit—loans, credit cards, etc. Therefore, attackers would not be able to use your social security number to do so. Remember that you will need to unfreeze your credit if you need to open credit. To freeze your credit, you will need to create accounts with the following credit bureaus:
    1. Experian: https://www.experian.com/help/login.html
    1. Transunion: https://service.transunion.com/
    1. Equifax: https://my.equifax.com/membercenter/#/login
  4. Move accounts online. Everything has moved online, but that does not mean your accounts—social security, pensions, investments accounts, etc.—have yet. Make an account for yourself before an attacker creates one on your behalf. Here is where to make your My Social Security account to protect your personal information: https://www.ssa.gov/myaccount/
  5. Watch your statements. Regularly monitoring your statements every month makes it easy to spot an abnormality or an action that wasn’t you. Additionally, you will catch it before there the time to file a claim is up.

Original work “Do you know who has your data? Do you know what they’ll do with it?” by Dr. Doug Jacobson and the Iowa Cyber Hub. Used under a Creative Commons License.

Do you know who has your data? Do you know what they’ll do with it?

There is a new cybersecurity event nearly every day. Terms like ransomware, data breach, and threat actors become common to hear, leaving more people wondering what they can do to avoid them.

There is a lot of advice on keeping data in your possession safe, but what about the data you have entrusted to someone else? How can you protect that data, and what happens when they lose your data?

An attacker’s goal is to make money, and your data has value. Attackers target companies that possess customer data, because if they are successful, they can get thousands—if not millions—of records, which increases their potential payout. To acquire customer data, attackers steal it, which is referred to as a data breach. Additionally, attackers can hold customer data for ransom. This event is referred to ransomware—where attackers threaten companies that if they do not pay the ransom, attackers will not return the customer data and, perhaps, sell it to someone else.

So how can we make sure that the data we provide to companies is still safe? Well, we rely heavily on the company to keep our information safe, but we still have some control over where and how we share our data. Here, we will introduce common types of data, how their loss affects us, and how we can prepare for the possible loss of data by a third party you entrusted with your data.

Three Types of Data

Think of the information you have provided to third parties—passwords, credit card information, and personal information. To boil it down, data categorizes into three types:

  1. Money
  2. Data that unlocks something
  3. Data that represents you

Money

Data that can convert into money is the easiest threat to understand. Credit card numbers and banking information pose great risks if not handled with care.

Credit card companies limit monetary loss; however, it takes time, stress, and effort to change your credit card information that has been used for automatic payments. Plus, if forgotten to be updated, late fees and penalties can arise. Attackers that acquire bank account information can drain money from the account, and financial institutions may not cover the loss.

While there is no way to stop an attacker from using your credit card information if stolen, you can make it easier to recover.

  1. Use a dedicated credit card for online purchases and automatic payments. It is easier to identify any misuse when checking your statements, and you can set the limit on the card to a lower value to limit the damage.
  2. Use a third-party payment system. Third-party payment systems, like PayPal, reduce the number of websites that have your credit card number. Instead of typing your credit card number on each website, websites can use whatever credit card is tied to the third-party payment system.

Data That Unlocks Something

This data type provides access to other data. Examples of this data type are usernames and passwords. They are meant to protect access to other valuable data. Attackers often steal files containing usernames and passwords. While this file contains an encrypted version of your password, attackers can still figure out simple passwords. Then, they will either sell the username and password, or they will use it themselves on another website. The loss of usernames and passwords can lead to the loss of other data or information.

Luckily, it is easy to make it strengthen passwords.

  1. Use long and complex passwords. They are difficult for an attacker to guess or figure out, even with a stolen password file.
  2. Do not reuse passwords. Unique passwords limit attackers’ access if they happen to get a password. In other words, a Facebook password may not be the same password to the same user’s online bank account, which means the attacker would not have the correct password for another website. Fortunately, there are safe password-keeping programs—LastPass, 1Password, or Bitwarden—to help remember our passwords.

Data That Represents You

Data that identifies you is often called personally identifiable information (PII). Attackers use this data to convince others that they are you. The loss of this data can lead to identity theft, false accounts, loans, or anything that requires this highly sensitive information. PII comes in two categories:

  1. Private, unique identifiers—social security numbers, medical records, etc. These records are the best ways for attackers to create a fake identity.
  2. Shared, unique identifiers—contact information, social media, etc. Attackers use this information to create fake messages such as phishing emails.

The most effective way to avoid the loss of this information is to not give it out. There are instances in life where you will need to provide this information but be aware of where and who you give it to. Make sure that you only provide this information to companies that you trust and not to those you do not know.

The loss of any type of data can be substantial, but it is easy and worth it to take precaution and do what we can to keep any of our information safe—whether it is in our possession or in others’ possession. If it is your information, it is still possible to avoid and mitigate issues.

Be Proactive

Here are common things that everyone should do to minimize the effect of data loss.

  1. Use Multifactor Authentication (MFA). Enabling MFA on websites that have highly-sensitive information—such as your banking information—makes it nearly impossible for attackers to access your account. Attackers would need your cell phone or email account information in addition to the correct username and password to the site. Check with each website that has your sensitive information—such as your banks, credit cards, loans—to see if they support MFA.
  2. Set up credit monitoring. Check your credit and set up credit monitoring. Credit monitoring will alert when someone is trying to use your identity—like your social security number—or when new credit cards are establishing in your name.
  3. Consider freezing your credit. If you implement a credit freeze, your social security number cannot be used to open new lines of credit—loans, credit cards, etc. Therefore, attackers would not be able to use your social security number to do so. Remember that you will need to unfreeze your credit if you need to open credit. To freeze your credit, you will need to create accounts with the following credit bureaus:
    1. Experian: https://www.experian.com/help/login.html
    1. Transunion: https://service.transunion.com/
    1. Equifax: https://my.equifax.com/membercenter/#/login
  4. Move accounts online. Everything has moved online, but that does not mean your accounts—social security, pensions, investments accounts, etc.—have yet. Make an account for yourself before an attacker creates one on your behalf. Here is where to make your My Social Security account to protect your personal information: https://www.ssa.gov/myaccount/
  5. Watch your statements. Regularly monitoring your statements every month makes it easy to spot an abnormality or an action that wasn’t you. Additionally, you will catch it before there the time to file a claim is up.

Original work “Do you know who has your data? Do you know what they’ll do with it?” by Dr. Doug Jacobson and the Iowa Cyber Hub. Used under a Creative Commons License.

Iowa Cyber Hub featured in Iowa Economic Development Manufacturing Strategic Plan

The Iowa Cyber Hub was featured in the Manufacturing Strategic Plan from Iowa Economic Development on page 41.

“The Iowa Cyber Hub: A Partnership of ISU and Des Moines Area Community
College (DMACC) to Protect the Nation through Cyber Education & Training


“The Cyber Hub, which started as a pilot project between ISU and DMACC, is dedicated to improving
the cybersecurity posture of Iowa’s citizens and its engines of economic growth and development
for the state and broader region. Aligned with the goals laid out in the State of Iowa’s Cybersecurity
Plan, the Hub works to accomplish its goals through a comprehensive set of literacy, training,
outreach, and educational programs.


“The Iowa Cyber Hub is designed to be the focal point for cybersecurity education, outreach, training,
and foster additional interaction between companies and the partner schools through internships,
training opportunities, and focused projects. The Hub will facilitate government, industry, and
academia working together to increase the cyber workforce.

“DMACC is further pursuing a CAE2Y designation (Center for Academic Excellence 2-Year) for the
National Cyberwatch Center to promote higher education in cyber defense to prepare a growing
number of cybersecurity professionals, and to reduce vulnerabilities in the nation’s networks.”

Governor Reynolds Encourages Iowa High School and College Students to Join Innovative Cybersecurity Competition

“DES MOINES – Governor Kim Reynolds is pleased to announce that Iowa is partnering with SANS to offer the Girls Go CyberStart competition again this year.  Iowa first participated in CyberStart in 2017 and Girls Go CyberStart just one year later.  As a result, several Iowa students received scholarships for advanced education in cybersecurity and other prizes.”

Read the full article: https://governor.iowa.gov/2019/02/governor-reynolds-encourages-iowa-high-school-and-college-students-to-join-innovative