The warrior inside you: Protect yourself from knife attacks

This post takes a detour from virtual security to physical security. I raise this issue because here in America we are not well acquainted with small-scale terrorist attacks—the type of attacks that Israelis are well-versed in combating.

A couple years ago, I heard Dr. Robbie Friedmann speak about the types of terrorist attacks that we can expect to see more of. He specifically mentioned knife attacks, whereby an aggressor appears in a public location like a city sidewalk and suddenly wields a knife, stabbing at any human being within reach.

Because we've seen more of these lately, including this week's London Bridge attack, I reached out to women's self-defense and security expert Celia Cortes, founder and CEO of Seva 6 Security Consulting.

When I asked Celia how we can defend ourselves in a situation like this—one with no escape route—she advised that going on the offensive may the best way to save lives. Most importantly, the decision whether to act offensively or defensively must be made quickly:

"A knife is more dangerous than a gun. You have to decide if you want to attack offensively or protect yourself defensively. 

If the attacker is upon you, you have no choice but to burst in and attack offensively. That means going after the knife. Or at the very least the arm that is holding the knife and doing your all to control the weapon and/or disarm the guy. If you are with other people, one should go for the knife, the other should go for the legs. A group of people can easily overpower an attacker but they have to overcome the fear of being cut. Cut is better than killed. 

It happens so very fast, so there is no time to hesitate. 

Here's hoping you never have to deal with it but if you ever do, call on the warrior inside you and protect your life."

In other words, should an attack like this occur, act immediately. If others are present, work together against the attacker. There is power in numbers. For me, that means summoning up the courage of 9/11 hero Todd Beamer, who famously motivated other passengers on Flight 93 to take down their attackers when he said, "Let's roll!"

Some may disagree with how Celia or I would respond in this situation, and how you react will depend upon the totality of the circumstances and your presence of mind in the moment.

Do's and don'ts for securing your Android

Here is a list of tips and some resources to help you secure your Android phone. The list may seem long and you may not be able to do all of these, but that is OK. No device or app can ever be 100% secure. Every step you take to lock down your smart phone and reduce your online footprint improves your defenses against attackers.

Do:

• Enable screen lock (in Settings)
• Employ app locks where possible: (1) Password-protect your apps: http://www.pcadvisor.co.uk/how-to/google-android/how-password-protect-android-apps-3340783/, and/or (2) use AppLock from Google Play: https://play.google.com/store/apps/details?id=com.domobile.applock&hl=en_GB
• Use protected backup (http://www.pcadvisor.co.uk/how-to/google-android/how-back-up-android-back-up-phone-or-tablets-photos-video-more-image-meem-3606330/)
• Use device encryption (in Settings) - this may slow down operations a bit
• Enable parental controls (if applicable): : http://www.pcadvisor.co.uk/how-to/google-android/parental-control-on-android-image-3461359/
• Set up remote tracking and wiping (install the "Find my Device" Android Device Manager by Google: https://play.google.com/store/apps/details?id=com.google.android.apps.adm&hl=en_GB; see http://www.pcadvisor.co.uk/how-to/google-android/how-use-android-device-manager-3500315/)
• Use a secure messaging app (e.g., Signal Private Messenger and WhatsApp both employ end-to-end encryption)
• Know how to configure app permissions (in Settings: http://www.pcadvisor.co.uk/how-to/google-android/how-use-app-permissions-android-marshmallow-3629978/)

Don't:

• Download apps outside of Google Play
• Connect to unsecured Wi-Fi
• Allow application installations from unknown sources (this is the default configuration in Settings)
• Share too much on social media

Also, as with any computing device, be sure to keep your operating system updated (in Settings), as well as your apps 

(ensure your apps are set to auto-update over Wi-Fi in Google Play > Settings)

DocuSign users, beware email phishing attempts

If you are a user of an electronic document signature service called DocuSign, you may be the target of an email phishing attack. Be very careful and think before you act on any email that purports to be from or about DocuSign. Do not click attachments or links in DocuSign emails.

According to the company web site, email addresses of DocuSign users were exposed to hackers before May 9, 2017.

Brian Krebs (KrebsOnSecurity.com) posted this sample image of a malicious email with subject line Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature.

If you get an email like this, do not interact with it. On that note, any unexpected email about a "wire transfer" is suspicious. Don't fall for it! For more information, see the DocuSign online Trust Center at https://trust.docusign.com/en-us/personal-safeguards/.

USAA members beware phishing email about money transfer

This fake email from USAA is making the rounds to USAA members. Do not click links in the message! The links do not point to the legitimate USAA.com web site.

This is a way for bad guys to get you to input your USAA login credentials on their scam web page and capture all your login information. They can then log in as you on the real site and take over all of your USAA accounts.

If you get an email that looks like this, send it to your spam folder or delete it:

Remember to never click links in emails that appear to be from your financial institution. Instead, navigate to the trusted URL in your web browser, and log in from there.

Protecting your kids online

The Department of Homeland Security (DHS) provides a wealth of resources to help parents navigate the vast digital world that their kids interact with every day called the Internet.

DHS encourages all parents to follow these common sense steps to protect your children online.

• Create an open and honest environment with kids.
• Have regular conversations with kids about practicing online safety.
• Emphasize the concept of credibility to teens: not everything they see on the Internet is true and an people on the Internet may not be who they appear to be.
• Watch for changes in behavior — if your child suddenly avoids the computer, it may be a sign of being bullied online.
• Review security settings and privacy policies for the websites kids frequent. These settings are frequently updated so check back regularly.
• Make sure mobile devices are secure.
• Use PINs and strong passwords, only install apps from trusted sources, and understand the privacy settings and permissions for all apps.

For more information about protecting children online, visit the Stop.Think.Connect. Chatting with Kids about Being Online booklet. For additional resources, access the Stop.Think.Connect. Toolkit at www.dhs.gov/stopthinkconnect-toolkit.  

How much you do know about cyber security?

I challenge you to test your basic cyber security knowledge with this short 10-question quiz from the U.S. Department of Homeland Security. I did!

Pew Research Center’s study about what the public knows about cyber security sheds light on the fact that many Americans are unclear about key cyber security concepts. The majority of Internet users were able to answer less than half of the questions correctly. Though cyber security can be a complex topic, the quiz includes general concepts and basic building blocks that experts stress are important for users to protect themselves online. 

Test yourself and let your kids try it too! Take the Cyber Security Knowledge Quiz and see how your results compare with the 1,055 randomly sampled adults that took part in the national survey.

To help improve your general knowledge of basic security and best practices, see the Stop.Think.Connect. Campaign Toolkit at www.dhs.gov/stopthinkconnect. 

Three steps to secure messaging (by Teen Vogue)

Can an outsider eavesdrop on the SMS texts that you send from your phone? Of course they can. Can you take steps to thwart that type of activity? The answer is yes, and it is something that you and your kids should be proactive about doing.

I work for a progressive data privacy platform provider, which makes me a huge fan of Internet privacy. Recently, a friend of mine from my organization's security operations center shared this article with me: How to Keep Messages Secure, posted in March 2017.

It is enlightening to see a youth magazine educating its readers in the Internet security arena. We need more sharing like this, across the globe. Talk to your kids about the three steps described in Teen Vogue:

1. Keep your phone operating system (OS) updated—whether it be Android or iOS. For help, just google the phone OS name with the word "updating" or "patching" (i.e., updating Android).
2. Set a long PIN to unlock your phone, and don't use personal dates (like anniversaries) or years (such as your birth year) in your PIN. Better yet, use biometric authentication (like a fingerprint) or a passphrase (as opposed to a shorter password) where offered.
3. Use a secure messaging app instead of SMS for texting—for example, Facebook messenger, WhatsApp, or Signal. 

For details, see the entire article or go to this one from Business News Daily: 5 Best Secure Messaging Apps. Stay safe online!