Although you can usually remove bloatware after the fact, why not just say no before it's installed? Bloatware promoters often disguise optional installation through "custom" installation techiques or fake download links. Some give you the choice to install extras, usually with a convincing pitch and the default selection to install. Just say, "No."
Cybersecurity Awareness Tip 29: Remove Unused and Review Permissions for Mobile Apps
Mobile apps change frequently, and many users simply accept the changes and install the updates. After all, it's important to keep apps updated, right? Users of the Android Barcode Scanner app found on the hard way: app owners change and some app updates are malicious.
Reduces bandwidth usage due to updates and update checks
Reduces opportunities for malicious updates due to ownership changes, hacks or accidental or intentional changes that compromise your privacy and / or security
For Android, SwampGeek recommends the Files by Google app. This app offers multiple options to clean your phone, and will periodically prompt you to delete unused apps.
iOS offers the ability to automatically offload unused apps, which addresses the benefits of removing with the option of restoring unused apps at a later time.
Posted by: kguske on Saturday, October 30, 2021 @ 21:15:37 CDT
Cybersecurity Awareness Tip 28: Catchy Slogans Communicate Cybersecurity Concepts
In the age of memes, catchy slogans increase awareness. Fortunately, there are many great slogans for cybersecurity. They can be used on social media, posters in common areas and email signatures (e.g. during Cybersecurity Awareness Month).
SwampGeek's Favorites
Here are some SwampGeek favorite cybersecurity slogans (in no particular order):
You are the at the center of secURity.
Security never sleeps
Think before you click
Control - Alt - Delete when you leave your seat.
If you use the same password for everything, your life is probably about to change
A password is like a toothbrush. You shouldn't share it with anyone
Don't be quick to click
If you suspect deceit, hit delete
The most important part of a secret password is the secret
If it blinks, it stinks. (Look out for malicious plug-ins and fake updates)
A long password is a strong password
Passwords are like underwear. Change them regularly
Don’t let your trash become someone else’s treasure. Shred often.
Before you leave the scene, clear your desk and screen
Protect personal information. The identity saved could be your own.
Just delete the spam texts.
Anti-virus protects you and me.
Posted by: kguske on Friday, October 29, 2021 @ 08:49:59 CDT
Cybersecurity Awareness Tip 27: Update software and firmware often
According to cybersecurity market rating company BitSight, more than 67 percent of the computer systems targeted by the WannaCry ransomware were those that had delayed updating to Windows 7 at the time, and were still using what is considered an outdated system at the time of the attacks.
Mobile device users generally receive prompts to update mobile apps and operating systems, but desktops require proactive reviews. It's good to include an update check in your monthly cybersecurity status check and your annual cybersecurity preparedness check. But you can automate checks on your Windows and MacOS systems, too.
Desktop Options
Windows
SUMo (Software Update Monitor) - NO LONGER AVAILABLE
Cybersecurity Awareness Tip 26: Increase Your Cybersecurity Awareness
Awareness is Key to Prevention
In an era of lockdowns, online activity has increased significantly on all devices and platforms. If you need proof that cybersecurity awareness is key to prevention, check out the results of this year's Gone Phishing Tournament. Or check out CISO Portal's Reasons Why Cybersecurity Awareness is Important.
Yes, Virginia, There's an App for That
The Safe Me app (Android, iOS) is a "comprehensive Cyber Risk Quantification platform for learning, assessing and improving Cybersecurity Awareness of people." The app contains a series of video-based micro learning courses and question-based assessments that provide a SAFE score on a scale of 0-5 for your cybersecurity awareness level. The can also evaluate and view recommended settings for the security features on your smartphone.
Cybersecurity Awareness Tip 25: Backup all devices continuously
Pay A Ransom or Restore Your Backup
It's (possibly) your worst nightmare. The ransomware screen of death: pay up if you want to decrypt your hard drive and all your precious pictures.
Use Your Backup Plan
Then you wake up and laugh, remembering that your pictures are automatically backed up from your phone to your private cloud moments after being taken. And the rest of the data on your Mac desktop (or Windows or Linux) are also backed up on your personal cloud nightly. You have a local backup of your system from a week back, so you can get the system back online within a few hours and, after a day or two, have everything restored and your malware tools updated.
SwampGeek Recommends...
Years ago, SwampGeek recommended a backup plan that included a combination of offsite ("cloud" and onsite ("personal cloud") backup using a plug computer. Pictures from your phone could be uploaded automatically and without limits to your free Google account. Then cloud provider stopped supporting personal accounts. And the plug computer stopped working. And Google forced its suppliers (i.e. users) to pay to be the product by ending unlimited, free photo storage. And the Internet speeds increased significantly. And the cloud backup solutions multiplied.
SwampGeek recommends (without affiliate or any other compensation):
Cybersecurity Awareness Tip 24: Check Your Cybersecurity Status. Often.
The More Things Change, The More Cybersecurity Risks Remain
It would be great, you know, if things could just stay the same. No new viruses, operating systems upgrades or app ownership changes to mess things up and introduce new cybersecurity risks. It would be great...but highly unlikely. So, from time to time, say once a quarter, check things out to make sure, you know, you're, like, still practicing safe computing.
Safe Me Device Settings Check
It’s Not the Tool Itself, But How You Use It
Fortunately, there are some great tools to do just that. The annual security preparedness review checks for big picture risks and strategic changes (e.g. should I replace my antivirus or backup approach?). A cyberscecurity status check is a more focused, tool-based approach for quickly checking your computing devices for issues.
Check for and install operating system updates, if they aren't installed automatically.
Safe Me for Android and iOS checks your device settings, helps build cybersecurity awareness through education (this could help identify long-term changes for the annual preparedness review) and scans the dark web for leaked personal information. To be clear, Safe Me is not an antivirus tool.
Antivirus scanners and software (Windows includes built-in tools for security)
Cybersecurity Awareness Tip 23: Use Digital Payments Instead of Swiping Your Credit Card
Most credit card fraud occurs, or at least originates, offline, but you can use online tools to help there, too. Specifically, digital payments via a mobile wallet that offers tokenization to secure credit card transactions by providing secure tokens to retailers, instead of the credit card information. These secure tokens can be limited to the specific transaction or vendor, eliminating the possibility of fraudulent use. As the credit card industry moves away from magnetic stripes, many retailers are beginning to accept digital payments. Gas stations - the last holdouts for magnetic stripe credit cards - are accepting digital payments via mobile wallets or their own branded mobile apps.
Use the Digital Wallet Available on Your Phone
The major digital wallets and many retailer mobile apps use tokenization, so from a security perspective, they are virtually identical. But digital wallets can't be used on all phones, at least not yet. South Korea recently enacted legislation to require Apple and Google to allow other payment systems (like South Korea's Samsung Pay). Samsung initially offered rewards for using Samsung Pay, but terminated this unique feature on December 31, 2020. For now, use the digital wallet available on your phone:
Apple Pay only works on iPhones and Apple watches.
Google Pay only works on Android phones and smartwatches.
Samsung Pay only works on Samsung phones and Samsung smart watches, both of which can also use Google Pay.
Both are instant, and senders generally expect instant responses
Both are intrusive (messages pop up over other content) and used for informal communications
To Text...
Text messages are ubiquitous - nearly everyone can send and receive 1-to-1 text messages, and most can receive MMS (multimedia messenging service) message with multimedia content and multiple recipients. But SMS messages aren't secure. The How-To Geek identifies several reasons why SMS text messages aren't private or secure, including:
Your Cellular Carrier Can See Your SMS Messages
SMS Messages Can Be Intercepted by Criminals
SMS Messages Can Be Monitored by Authorities
Your Phone Number Is Surprisingly Easy to Hijack
Or Not to Text
A recent survey found over 90s of Americans actively used instant messengers (aka Chat Apps) in the 3rd quarter of 2020, beating social network apps like Facebook, MeWe and Minds. Twitter CEO Jack Dorsey recommended George Floyd protesters, who caused $1-2 billion in private property damages, move communications from Twitter to Signal, possibly to avoid a similar shutdown suffered by microblogging competitor Parler.
Secure Instant Messages offer advantages over SMS Text messages, including:
Many (but not all) IM options provide end-to-end encryption
Some also provide video chat, groups, and offer the ability to manage SMS text messages, too
SwampGeek Recommends...
SwampGeek recommends (without affiliate or any other compensation):
Cybersecurity Awareness Tip 21: Treat Password Reset Security Questions Like Passwords
Many banks, credit card providers and other financial institutions use modern methods like multi-factor authentication for resetting passwords. But some accounts still require users to provide answers to security questions to reset passwords, and others, like Apple ID, are transitioning from security questions to multi-factor authentication.
Assume Your Personal Information Has Been Compromised
Choose open-ended questions / avoid questions with limited choices (i.e. avoid "favorite" or similar questions, surveys, etc. that are easy to find online or to guess)
