ezrhino
how to build a site

Securely Working from Home

Tips for reducing risk while Working from Home

Home Router & Switch Security:
Please ensure that your Home Router and any Network Switches and/or Similar Connected Devices like IoT solutions including Smart Thermostats, Video Doorbells, Cameras, etc that you use at Home have the latest official vendor released updates installed and that default password(s) is(are) changed and known only to you. Typically patch updates are easily addressed by going to the administration page(s) of your device and checking the main page for notifications of vendor updates. Most solutions give you the ability to update right from the administration page! Passwords can be updated through the same administration interface. Contact your equipment vendor(s) if required to get assistance with your device or visit their official website to access their documentation.

Relaxed Data Volume Caps:
Many Internet Service Providers have temporally expanded or eliminated data caps so you should not incur additional charges from increased usage due to working from home. Please check with your Internet Service Provider for details.
Watch out for Short URLs: While convenient, short URLs are often used for nefarious shenanigans. You can use a short URL expander to be certain the link provided in a shortened URL goes to the site that you actually wish to visit. URL expanders are available at Urlex (https://urlex.org/) and ExpandURL (https://www.expandurl.net/).
Lock Screens: Continue to lock your screen(s) whenever you move away from your computer(s).

Avoid or Carefully Limit / Supervise Work Computer Usage by Others:
Whenever possible, please do not allow other people including friends or family members to use your work computer. If the need is critical and you must allow others to use your work computer, be sure to logout of work systems first.

Use VPN or other Secure Access: Use VPN and sites secured with https.

Beware of Digital Certificate Error Messages:
If you visit a site and receive a Certificate Warning Message, ensure that you have entered the name correctly and be certain the site your are visiting is the site intended to help counter cybersquatting and/or Man-in-the-Middle Attacks.

Patching:
Ensure that your Home / Remote Location computer(s) are running the latest security updates / patches. OS patching is the most obvious, but application patching including browser updates are also critical to reduce risk.

Anti-Virus & Anti-Malware:
Please be certain Anti-Virus & Anti-Malware are running & updating.

Avoid Free / Open WiFi:
Whenever possible Do Not Use Free / Open WiFi for connectivity. If you must utilize it, ensure that you use VPN, https or similar encrypted connectivity to reduce risk.
 
Keep Work Data on centralized Work Systems: Please minimize work data, code, contracts, documentation, etc stored on systems in your Home or Remote Location computer(s) and/or removable media like USBs. Instead use your corporate operated file shares, repositories, etc as these solutions are typically located in Data Centers protected by Rigid Physical Security, NextGen Firewalls, Intrusion Defense, Anomaly Detection, Logging, Security Event Management, etc.


Lost or Stolen Assets:

If the need arises, please be sure to alert your company if you suffer a lost or stolen device or see other signs of potentially compromised asset(s).

Beware Phishing, Suspect Emails & Malware: Beware of phake emails appearing to come from your CEO, CSO, CFO, your HR Department, your IT Department, etc.
The typical indicators of phishing emails are:

• Sender’s Name Does Not Match Sender’s Email Address. 
• Urgent Action or Reply Required.
• Demands to purchase gift cards.
• Notifications that you must apply via a link or call a provided dial-in number to get emergency benefits.
• Pandemic, disaster or similar ‘virus tracking applications’ (which may contain password theft routines or other malware) or related items.
• Solicitations for money in the form of Bitcoin, Money Orders, Wire Transfers, etc.
• Your password / account is being / has been shut down for a myriad of false reasons.
• A new or updated resource (virtual machine, service, site, application, etc) is now ready for your use.
• Threats to release negative albeit false information about you unless Bitcoin or similar payment is sent.
• Requests for Tax Forms, Insurance Information or similar sensitive data with W2 Form requests being most common.
• Other Vague / Unusual Requests like Managers or Executives asking you for your cell/mobile number.
• Atypical Formatting, Diction, Grammar, Style, etc.

It may be difficult to see the Sender’s address on mobile devices.

Also, fake CallerID is being used for fooling folks. CallerID is trivial to fake so please do not rely on CallerID to authenticate callers. In many instances, the CallerIDs being phaked are spoofing actual telephone numbers. If you call the number back, you get somebody that may have no idea that their number is being used so please do not return calls to unknown or suspicious looking telephone numbers.
Keep in mind that text/sms messages are being phaked too.

Networks, Public IP Addresses & Geolocation...

All networked computers have addresses. In just about all cases, Internet Protocol addresses or "IP addresses" are used. Without IP addresses, computers could not communicate. IP addresses can be obtained, traced to locations and even at times show your company name and other details.

See the info box for some of the information that you provide to every site that you visit. Such addresses are called public IP addresses since they are visible and traceable. 

 

InfoSec Links

Helpful Links to investigate cybersecurity issues, breaches and offical sites about the Corvid 19 Pandemic

IP Address Lookups

Handy Link to lookup IP addresses.

Look Up an IP Address

Hex to ASCII 

This link lets you convert hex to ascii or convert pretty much anything. 

Convert Hex to ASCII

Digital Cert Tester

Visit this link to test Digital Certs.

Check Cert

Blacklist Check

Use this link to see if a host or an IP has been blacklisted. 

BlackList Check

Threat Map

Get a global looks at current threats.

Threat Map

CVEs

Visit this link for CVEs.

CVEs

US CERT

United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD). Visit their current hot list for latest updates.

US CERT

Threat Encyclopedia

Virus, Malware, Scams, Phisihing and more are covered by Trend Mirco.

Threat

 Encyclopedia

CDC

Access CDC about COVID-19 and other medical topics. 

CDC

WHO

Access WHO about COVID-19 and other medical topics.

WHO

Security Breach
Checklist

How to prepare and respond to security breaches.

Dealing with a Security Breach

Before a Data Breach

Prepare early and often. Preparation is not just a document. Prepratation is a living program that needs to be built, tested, and refined and then tested and refined again and again. 

Build an effective team. Make it a priority to continually develop and grow the security team by assessing their skills, identifying gaps, and training them in realistic scenarios. The security plan is nothing without a solid team behind it.
Integrate global threat intelligence. Adversaries are constantly changing tactics. Organizations need to create a defined threat intelligence program that continually monitors global adversary trends and campaigns.


During a Data Breach

Contact your Information Security Team! Most firms provide Security Awarness Training, Policies and related information on how to contact your InfoSec Team. Contact your Manager if you need to know how to contact your InfoSec Team.

Quarantine the agressor!

Stop exfiltration of data. Get your defenses back in place to stop sensitive data from leaving your organizations.

Detect and respond quickly. The faster an incident is detected and prioritized as critical, the faster resources can respond.

Apply threat intelligence. Armed with the right level of global threat intelligence, you can go on the offensive and proactively hunt for threat indicators within your own environment.  Check out the news feed below.  


After a Data Breach

Contain and remediate. Your response team must contain and remediate as fast as possible so an incident does not result in a breach.

Conduct a post attack incident analysis. Have a final executive briefing to review lessons learned and assess your cyber security program.

Train and test. Incident response teams need constant training, development, and testing to build incident readiness.

- Adapted from Roger Park's Blog at https://www.symantec.com/connect/blogs/data-breach-checklist.

InfoSec Happenings

Cybersecurity Alerts & News 

Contact EZrhino

 Please learn more by contacting us.
EU Citizens may prefer to call to allow for establishment of GDPR compliant communications, processes and agreements before providing contact information.
Please see our Privacy Notice for further information.

 

Address:

56 Main St. (State & Main)
Fifty-Six, AR 72533
USA



Email:
info@ezrhino.com


 

 

 

Privacy Notice
Effective Date: April 9, 2020
This privacy notice discloses the privacy practices for TeraType and our website https://www.ezrhino.com. This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
    What information we collect;
    With whom it is shared;
    How it can be corrected;
    How it is secured;
    How policy changes will be communicated; and
    How to address concerns over misuse of personal data.
 
Cookies
We use cookies on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you may not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track the interests of our users to enhance their experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.


Information Collection, Use & Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.
Your Access to & Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number provided on our website:
    See what data we have about you, if any.
    Change/correct any data we have about you.
    Have us delete any data we have about you.
    Express any concern you have about our use of your data
 
Orders
We request information from you on our contact form and/or order form. To buy from us, you must provide contact information (like name and shipping address) and financial information. This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we'll use this information to contact you.
Sharing
We share aggregated demographic information with our partners. This is not linked to any personal information that can identify any individual person.
and/or:
We use an outside shipping company to ship orders, and financial services firms like banks to charge users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.
and/or:
We may partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.
Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g. billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.

Links
This web site may contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Surveys
From time-to-time our site may request information via surveys. Participation in these surveys is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as postal codes, zip code, etc). Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site.
Notification of Changes
If material changes are made to our Privacy Notice this Notice will be updated.
Other Provisions as Required by Law
Numerous other provisions and/or practices may be required as a result of laws, international treaties, or industry practices. It is up to you to determine what additional practices must be followed and/or what additional disclosures are required. Please take special notice of the California Online Privacy Protection Act (CalOPPA), which is frequently amended and now includes a disclosure requirement for Do Not Track signals  as well as GDPR for EU citizens. 
If you feel that we are not abiding by this Privacy Notice, you should contact us immediately via telephone at the number listed on our site or via email at info@ezrhino.com

© Copyright 2020 EZrhino All Right Reserved