Internet Safety Tips for Parent and Kids [Video]

In a recent interview on the BNC network, I provided a few tips to keep kids safe while online on the Internet.  We feel having a set of rules that guides both a child and parent on online usage and expectations makes a lot of sense.  It also allows an opportunity for both the parent and child to talk about the components that are in the contract as a way to dialog about the importance of being in the digital world.

You can view a copy of our online agreement here.

Supply Chain Risk Management (SCRM) Explained

Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of IT products and service supply chain.

Supply chain risks may include insertions of counterfeits, unauthorized production, tampering, theft insertion of malicious software and hardware, as well as poor manufacturing and development practices in the supply chain.

These may lead to loss of sensitive information or cause unsafe situations that could compromise an organization’s mission, personnel or reputation.

The Supply Chain Risk Management Life Cycle

Risk Identification

The only way to address risk is to make sure you’re identifying it in the first place. The first phase of the risk management lifecycle is to establish a risk profile and then enact active monitoring to keep it up to date.

Risk Assessment

Understand what impact a risk event could have on your business. Be aware of those partners who have a significant impact on sales, margins or profit.

Risk Mitigation

Define both preventive action plans and reactive action plans. These are what provide the basis for addressing risk using appropriate measures to secure supply and protect brand.

Types of Supply Chain Risk Management

Cyber Risk

The possibility that your business is harmed by your suppliers’ use of technology.

Financial Risk

The possibility that suppliers will encounter a business scenario that threatens their financial health.

Reputational Risk

The possibility that a supplier will engage in activity that negatively affects your brand perception.

Natural Disaster Risk

The possibility that your supply chain is disrupted by a hurricane, earthquake or other natural hazard.

Man-Made Risk

Man-made risk is the possibility that your supply chain is disrupted by events like fires or explosions.

While there are many SCRM sources of best practices, the NIST makes many publications freely available.

Non-sensitive PII + Sensitive PII = Sensitive PII

Non-sensitive PII refers to any information that is publicly available.  If any of the information is combined with sensitive PII, then it would become sensitive PII.  Some Examples of Non-sensitive PII are:

  • Work phone #
  • Work fax #
  • Work email address
  • Work location

Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.  A person’s name in combination with any one of the following:

  • Email Address
  • Home telephone number
  • Place of birth
  • Date of birth
  • Driver’s license number
  • Mother’s maiden name
  • Passport number
  • Financial, medical, or criminal records
  • Biometrics (such as DNA, iris scan, fingerprints)
  • Financial/bank account numbers
  • Personal or government account credit or debit card number
  • Employment information to include ratings, disciplinary actions, performance elements and standards.

Non-Sensitive PII together combined with Sensitive PII = Sensitive PII

Tips for handling PII:

Protect:

Everyone has the responsibility to protect “PII in any form (physical or electronic, sensitive or non-sensitive) from unauthorized disclosure, modification, or destruction in order to ensure its confidentiality, integrity, and availability.”

Destroy:

PII that is no longer needed should be destroyed in order to reduce risk to your organization (follow record retention schedules).

Disclosure:

You should only share sensitive personal information to authorized individuals. If you have doubts about sharing sensitive data, consult with your supervisor or Privacy Manager.

The Civilian Cybersecurity Reserve: A National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government

The SolarWinds cyberattack as well as other recent cyber breaches targeted at the United States has demonstrate the risks of the cyber workforce shortage.  Researchers at Cybersecurity Ventures a trusted source for cybersecurity facts, figures, and statistics stated there is currently 3.5 million unfilled cybersecurity jobs globally, which is enough to fill 50 NFL stadiums.  In the US alone according to cybersecurity research groups, there are an estimated 315,000 unfilled cybersecurity positions.

As cybersecurity threats and attacks continue to grow in scale, occurrence, and complexity, it’s critical that a solution to address the deficiency is put in place.  Unfortunately, the pipeline of security talent isn’t where it needs to be to help curb the widespread of cyber-crimes we are facing.  Until we can rectify the quality of education and training of new cyber practitioners and pursue inclusion using STEM programs to include underrepresented groups, the problem will persist.

In fact, in the past few years there has been a zero-percent unemployment rate in cybersecurity and the opportunities in this field are vast.

To help combat this problem, lawmakers want to create a National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government.  This would be like a Civilian Cybersecurity Reserve and it would be voluntary and by invitation only.  This would allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs.

What are your thoughts in this program?  Do you think it is a good idea and it can help with the overall issue?  Please share your opinion.

Parent/Child Agreement Contract

Nowadays having an online agreement or a set of rules that guides both a child and parent on online usage and expectations makes a lot of sense.  It also allows an opportunity for both the parent and child to talk about the components that are in the contract as a way to dialog about the importance of being in the digital world.

Once the agreement is signed, it is still important for parents to stay engaged in the child’s usage.

Below is a parent/child agreement you can use.  Feel free to add or remove items as needed.

SecurityOrb – Parent Child Online Agreement

Internet Safety Tips for Seniors and Scams to Watch Out for

According to a Pew Research Center survey, about 66% of Americans over the age of 65 are online.  They are keeping up to date with the latest news stories, staying in touch with family, getting medical information, managing appointments, renewing prescriptions, and accessing medical records.  In addition, seniors are using the Internet as a way to stay in the workforce and even launch a new career or business as well as a way to make new friends and to find romantic partners through online dating.

All of these attributes are great, but there are always dangers to be aware of from malicious individuals and fraudsters.  They use the Internet to scam unsuspecting users.  A rule of thumb is if an offer, email, or message sound too good to be true or just seems suspicious, it probably is.

In conjunction with the normal found here, seniors should be aware of:

  1. Personal emergency scam: Scammers email or post social media messages that appear to be from someone you know saying they are in distress, such as having their wallet stolen or having been arrested. If you get such a message, find another way to verify if it’s true, such as reaching out directly to the person. If you get such a message from a friend, there is a good chance that their account was hacked and that it’s a criminal who is out to steal your money.
  2. You owe money scam: Be wary of emails that claim you owe money. If you hear from a bill collector or a government agency about money “owed” by you or a family member, don’t respond unless you are certain it’s legitimate. It’s pretty common for scammers to send “bills” to people who don’t actually owe them money.
  3. Online dating scam: Many people have found love via dating websites, but others have been scammed out of money by online con artists. For tips on safe online dating and a list of red flags, see “Meeting new friends and romantic partners.”
  4. Infected computer scam: You might get a call from “Microsoft,” saying your computer is infected or vulnerable to hacking, with an offer to fix it for you. Hang up. Microsoft and other reputable companies never make these calls. These are criminals trying to steal your money and plant viruses on your machine. Also be suspicious of any messages in email or that pop-up on your computer, in your Web browser, or on a mobile app warning you of a virus or a security risk. If you have reason to suspect that your device is at risk, consult a trusted expert but never download software or apps that you aren’t certain to come from legitimate sources.

The bottom line is to speak out and don’t be ashamed if you do get scammed and become a victim of fraudulent activities.  Criminals are very good at what they do and there have been lots of very smart people who have been victimized online. If it happens to you, report it to a trusted person and, if appropriate, law enforcement. Even if you let your guard down, it’s not your fault if something bad happened to you.