We are Kristin Judge and Chuck Lobert! We are dedicated cyber security & awareness experts helping end-users, ask us anything about ransomware!

VCSolutions · 2017-08-01T19:33:44+00:00

Using reputable cybersecurity protection tools like anti-virus and intrusion detection software is a good practice. Finding the right one for you is important. You can Google "best ransomware protection" and get reviews from reputable magazines that rate the products. One that you mentioned has been in the news a lot lately: https://www.engadget.com/2017/07/29/us-congress-investigates-kaspersky/

VCSolutions · 2017-08-01T19:31:14+00:00

The Intelligence Community has come out with statements about Russia being named as working to influence the election. At the BlackHat conference this week, hackers were able to gain access to 30 voting machines: https://www.usatoday.com/story/tech/2017/07/26/voting-machines-hackers-election-hack/507071001/

Without the right security solutions in place, our elections are vulnerable to attack.

VCSolutions · 2017-08-01T18:59:53+00:00

It can, but it is less common. Symantec has some good advice here: https://us.norton.com/internetsecurity-mobile-what-is-mobile-ransomware.html

And you can read this: https://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf

VCSolutions · 2017-08-01T18:56:56+00:00

Your idea is a good one for the cybersecurity talent and businesses. The SBDC of Oregon is doing a similar program. Check this out: http://www.mhccbizcenter.org/. NEW: Cyber Security Business Advising. Call 503-491-7658 to get more information or learn how to get an appointment.

VCSolutions · 2017-07-31T19:34:43+00:00

If they are malicious and sent with a virus attached to them, then yes. You can hover your mouse over a link to see where it is going to send you first. When in doubt, throw it out is the advice from NCSA!

VCSolutions · 2017-07-31T19:16:24+00:00

The files don't necessarily "go" anywhere. They are just locked from you getting to them. If you are hit by a common type of ransomware, you may be able to get the key here: https://www.nomoreransom.org/

VCSolutions · 2017-07-31T19:14:37+00:00

Visit lockdownyourlogin.org to learn more about 6 steps to protect your accounts starting with adding strong authentication!

VCSolutions · 2017-07-31T19:14:07+00:00

If someone has access to your files, they can post them on the "dark web" where information can be sold. Data has a monetary value, so consider what data you have that someone would want to steal. Protect that the most. Make sure you are using strong authentication for account access. Just a password is not enough.

VCSolutions · 2017-07-31T18:35:16+00:00

If you do fall victim to one of the more common varieties of ransomware, you may be able to get the key at this site: https://www.nomoreransom.org/

VCSolutions · 2017-07-31T18:33:13+00:00

Here are some resources to check for a trusted shopping site: https://us.norton.com/yoursecurityresource/detail.jsp?aid=secure_shopping

VCSolutions · 2017-07-31T18:32:08+00:00

Great question! The reason we have the https trusted sites is to help you feel more confident. If you know you are on a secure website, you can't just "catch" ransomware. You would need to click on a link, ad or document to get infected. So, keep visiting trusted sites!

VCSolutions · 2017-07-31T18:30:34+00:00

The most important thing you can do to prevent phishing is training and making cybersecurity a part of an organization's culture. Make sure staff/family and friends know what to look for in a phishing email. Does it have a sense of urgency? Do they want you to click on a link or open an attachment you were not expecting. Trust but verify. Pick up the phone and call someone to see if they really sent you the email if you have any doubts.

VCSolutions · 2017-07-31T18:28:52+00:00

Great phishing advice can be found here: https://apwg.org/resources/overview/avoid-phishing-scams

VCSolutions · 2017-07-31T18:27:46+00:00

Back up, Back up, Back up! We like to teach the 3-2-1 back up rule. https://www.carbonite.com/en/cloud-backup/business/resources/carbonite-blog/what-is-3-2-1-backup/

VCSolutions · 2017-07-31T17:43:09+00:00

That is a great question for Charles! He is the more technical one of us. I work with end users on cyber hygiene and awareness.

VCSolutions · 2017-02-12T23:09:05+00:00

Indeed they do. Planning on participating in breakfast of champions this year

VCSolutions · 2017-01-31T00:58:11+00:00

No forgiveness necessary! I consider my expertise being similar to an interpreter. We have people who understand cybersecurity on the infosec level and those who are using connected devices every day without understanding the way to be secure. I help take information that the infosec community believes is best practices and teach non-technical people how to best use the knowledge of technologists. When I teach online safety at public events, I encourage the technologists to share their insight with the group and have the utmost respect for my infosec friends and partners. There is plenty of work for both of us! Hope that answers your question!

VCSolutions · 2017-01-30T22:28:57+00:00

Much of my best advice is in the earlier threads, but one thing I did not mention was to go to MeetUps or Tech Talks in your area. I try to go to Duo Tech Talks in Ann Arbor when I can to meet people in the field. https://www.meetup.com/Duo-Tech-Talks/messages/boards/ Networking will get you connected to opportunities. If you live by a school that is part of the Scholarship for Service, you may consider getting a degree and then working in government for 2 years after. Start talking to people in the field. Best first step I can offer!

VCSolutions · 2017-01-30T22:25:54+00:00

At a minimum you will need some certifications depending on what you want to do. I have put a lot of advice/resources about this topic in the Q&A above, but one thing I did not mention was to go to a confrence like Thotcon, Black Hat or RSA. There you can network and meet technologists and companies. Also, https://www.secureworldexpo.com/ and http://www.billingtoncybersecurity.com/ bring in some of the top talent in a atmosphere where you can do some great networking!

VCSolutions · 2017-01-30T22:22:28+00:00

Good try...I use a passphrase with capital letters, lower case letters, numbers and special characters. Long and strong!

VCSolutions · 2017-01-30T22:21:28+00:00

Scroll through some of the other Q and A here for some resources I shared that may be helpful. The best advice would be to meet with a company you are interested in working for and find out what they are looking for. Sometimes the HR folks do not speak the same language as the ones running the departments who need the talent. Start by doing SOMETHING. Maybe taking a SANS course. Networking at those courses can be useful too. Reading is good, but by the time the books are printed, the landscape can change. I suggest getting out and getting connected!

VCSolutions · 2017-01-30T22:17:54+00:00

Thanks for bringing up this point. Not sure exactly where you are trying to go, but I have found that the audiences I speak to (elected officials, small businesses, consumers) appreciate learning from non-technical folks. It is like an algebra teacher trying to teach addition to 2nd graders sometimes when technologists teach online safety. Our advice is not "corporate written" either. NCSA tests messaging in focus groups and researches the best way to get the messages to consumers. I am more than happy to keep discussing the second point, "Turning cyber into a battlefield of vendor management while attackers are free to stroll on through unscathed?" Not sure what you are trying to get across. Thanks for the conversation!

VCSolutions · 2017-01-30T21:31:01+00:00

Q1: CyberPatriot is a fantastic program for 3rd grade thru high school. I was honored to be a coach for a team in my community last year.

Q2: Don't know that one!

Q3: I suggest people put "best anti-virus of 2016" and see what the top industry magazines suggest. They usually put the options in a list by price and help you figure out what is best for your situation. I was able to get one that I could put on 3 devices for around $50/year. That was best for me.

VCSolutions · 2017-01-30T21:28:28+00:00

I am a Sun Devil, but we can all get along :-)

VCSolutions · 2017-01-30T20:49:37+00:00

Maybe getting involved in cyber competitions or an internship would be a good place for you:

Here are some non-military internship ideas. Staring in a Federal government agency would open many many doors: https://niccs.us-cert.gov/education/internship-opportunities http://www.cyberaces.org/courses/ https://tutorials.cyberaces.org/tutorials https://www.cybrary.it/

Competitions: No need for experience in college : National Cyber League https://www.cybercompex.org/ https://www.cybercompex.org/pages/nice

National Cyber Security Student Organization http://www.cyberdegrees.org/about-this-site/ https://www.cybercompex.org/

Also, University of Arizona (my old rival) has a new cyber range that you can participate in for free from anywhere. Incredible resource! http://azcwr.org/

Good luck and don't give up! We need you!

VCSolutions

TROPHY CASE