Phishing remains one of today’s biggest cyber security threats. 90% of all recent data breaches begin with a phishing email. It is the method of choice by cyber criminals to deliver malware such as ransomware and all other forms cyber fraud. However, when individuals begin to SHIFT + DELETE, the phishing emails, cyber criminals begin attaching much better bait.

Social media apps and websites such as Facebook, Twitter, Instagram, and LinkedIn become the repositories for more insider information that makes the phishing email much more tempting to click.

Although these platforms are a great ways to stay connected with friends and others, consider the following social media security tips to safely enjoy social media for personal or business use.

• Delete or deactivate old, unused accounts: Check to ensure accounts that you no longer use have been deactivated. There have been cases in which old accounts were being used as social engineering methods.

• Become familiar with the privacy settings: Privacy settings exist for a reason and it is important to keep privacy top of mind when it comes to social media. Privacy settings can help you increase the control you have over how your personal information is handled online.

• Be cautious about sharing too much personal information: The more personal information you share, the easier it may be for a criminal or someone else to use that information to steal your identity.

• Use a strong password: Our lives exist almost completely online with our personal information guarded by password protection. The longer your password phrase is, the more secure your social media accounts will be.

• Use unique passwords for each social media account: Using the same password makes it easy for hackers to gain access to all your accounts. Therefore, it is absolutely crucial that you do not use the same password for Facebook as you do for Twitter, or other social media platforms.

• Regularly check your mailbox to see if there are suspicious login attempts: The suspicious login attempts appear when your social media accounts are accessed from an unverified new device. To help protect your account, the platform you are using will send you an email when the system notices unusual sign-in activity, so check your mailbox to see suspicious account activities, if any.

• Verify who you are connecting with: We advise you to be selective with friend requests and think twice before you accept the request. If you do not know the person, it is better not to accept their request as it could be a fake account. Simply put, when you accept a request, the information and photos on your account that were restricted from public view become viewable by your new friend. We believe that it is not a good idea if you let a total stranger see the information or images on your social media account.

Stay educated, stay secure

Now more than ever it is critical for nearly everybody to stay educated on cyber security and the digital future. It is becoming more apparent that social media is the best way to connect with people across the world.

-Brian Banks, Internal Information Security Officer

As some begin to transition back to office space, it is imperative that we continue with our standards for Cyber Security Awareness. At Lone Star Communications, we continue to value physical security. We recommend it to our customers and we constantly remind one another about the importance of security within our own offices. Locking your workstation is an easy, yet often overlooked, way to keep your information safe. Though locking your workstation each time you leave your desk or cubicle may feel inconvenient, even if just running to the printer or to fill up your water bottle, it is important to take the time to do so. When your workstation is unlocked and unattended, you are leaving your own and the company’s information open to any guest that may be visiting, external cyber security auditors, or simply anyone walking by with bad intentions.

Although most people who walk by your desk probably aren’t going to steal sensitive data, someone passing by could possibly download malware onto your workstation, get access to your online banking if you save passwords in your browser, or send emails as if they were coming from you. At the very least, coworkers may send embarrassing emails to others within the organization. Let’s continue to stay safe and share our standards with all new employees as we begin transitioning back to our office space.

How to Lock Your Computer/ PC:

• If you’re on a PC, you can easily lock your workstation by pressing the “Windows” key and “L” simultaneously.

• Another method is to press “Ctrl” + “Alt” + “Delete” keys simultaneously for a few seconds and then select “Lock” or “Lock Computer.”

-Brian Banks, Internal Information Security Officer

Cyber Security will always be a work in progress. Even the most skilled, large scale, resourced healthcare organizations must continually work every day to keep up with the fast-evolving cyber threats. Unfortunately however, very often cyber criminals are able to exploit human error. We will continue to train, test, and work promptly to eliminate or substantially reduce risks associated with human error.

What is Island Hopping in Cyber Security?

Island Hopping is a new method that cyber-criminals are utilizing to target small and large healthcare organizations that puts healthcare vendors directly in their line of fire. Island Hopping involves attackers exploiting the weaknesses of healthcare vendors in order to move laterally to target healthcare organizations. Infiltrating healthcare vendors allows cyber criminals to gain access in a connected network and then exploit the relationship between healthcare organizations and their vendors. This is done to gain access to the healthcare organizations’ patient health information.

This particular attack gets its name from a World War 2 strategy adopted by the US in its island campaign against Japan. Forces gradually and strategically seized control of smaller islands outside of the mainland of the axis power instead of tackling it head-on, a technique called 'leapfrogging' at the time.

As this type of attack becomes more frequent and more devastating, we know one of the first places to continue strengthening is employee Cyber Security Awareness Training. Many of our standard cyber security practices will continue to be effective as part of preventing island hopping.

• When it comes to your passwords, two-factor authentication is a must, as is avoiding default, generic, or predictable passwords.

• Back up your data to a location other than your computer, such as the cloud or on the network. This is Lone Star Communications' policy.

• Don't forget about endpoints other than desktops and laptops. Our smartphones, tablets, and other IoT devices like printers and network-connected devices are all at risk, too.

• Be aware of phishing schemes, and don't click on links from suspicious or unknown sources that may be trying to steal your personal information, like login credentials.

• Similarly, to protect your data from malware, keep your software up to date, including your antivirus software.

• Always be sure to have all your company assigned devices that connect to our customers network, scanned and checked on the scheduled days, by the Technology Department. This is also Lone Star Communications' policy.

-Brian Banks, Internal Information Security Officer