Cybersecurity Guides
Instructional Guides
Passwords, Passwords, Passwords
The first Thursday in May is World Password Day, which was originally created by Intel in 2013 as a global effort to address the critical need for strong, unique passwords and emphasize the importance of this first line of defense. This day also serves as a reminder to update and organize all recent passwords.
Sender Policy Framework - SPF Guide
What is Sender Policy Framework? Sender Policy Framework (SPF) is an email authentication protocol that enables solely authorized mail servers to send emails for a specific domain while rejecting those sent from an unauthorized server. When an email is inbound, the mail server checks to ensure the domain is from ...
Guide to Accessing TikTok’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
Guide to Accessing Facebook’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
Guide to Accessing Twitter’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
Guide to Accessing Instagram’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
Guide to Accessing Google’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change their privacy and security settings, as well as instructions on how to ...
Cyber Safe Travel Tips
Many people travel for business or leisure purposes year-round to local destinations or around the globe. As people travel and access various public networks, they are exposed to various cyber risks. The NJCCIC reminds users to be aware of the cyber risks associated with traveling and to employ best practices ...
Data Breach Prevention, Response, and Resources
Threat actors target valuable data, such as personally identifiable information (PII), protected health information (PHI), criminal justice information, student educational records, intellectual property, and financial and payment card information. If valuable data is insecure and accessible, it is a matter of when, not if, it is located and exposed. Cyber ...
Guide to Accessing Your Android Device’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change the privacy and security settings on their Android devices. As we become ...
Configuring & Securing a Home Wi-Fi Router
A great way to reduce your cyber risk is to ensure your home Wi-Fi network is properly configured and secured. Think about how many devices are connected to your home’s wireless network right now. In modern households, there could easily be a dozen or more connected devices. Laptop computers, tablets, ...
Stop What You Are Doing and Enable MFA
What do Target, Home Depot, JP Morgan, Sony Pictures Entertainment, Yahoo, the Office of Personnel Management, the Democratic National Committee, and three Ukrainian electric utilities have in common? If your answer is that these organizations all experienced cyber intrusions that resulted in the large-scale theft of data, or the first ...
An Intro to Using Hashes to Check File Integrity
Disclaimer: If technical jargon makes you queasy, proceed with caution! When downloading new software or updating existing software, how do you ensure that what you are installing is safe, unaltered, and from a reputable source? The simple answer is to compare the checksum of the file you downloaded to the ...
Mitigation Guides
DDOS Attack Types and Mitigation Strategies
Distributed denial-of-service (DDOS) attacks are malicious cyber operations that use a network of systems to target a service or network in attempts to overwhelm it or its infrastructure such that it can no longer function properly and shuts down fully or partially. The motivations for DDOS attacks vary. DDOS threats are a common extortion tactic threat actors use against e-commerce sites and online businesses to compel payment in ransomware cases.
Ransomware: Risk Mitigation Strategies
While ransomware infections are not entirely preventable due to the effectiveness of well-crafted phishing emails and drive-by downloads from otherwise legitimate sites, organizations can drastically reduce this risk by implementing cybersecurity strategies and improving cybersecurity awareness and practices of all employees. The most effective strategy to mitigate the risk ...
Defending Against DDOS Attacks
The substantial increase in remote work and education, use of technology including Virtual Private Networks (VPN) connections, and reliance on various online services and resources raises cybersecurity concerns as organizations may be subject to cyberattacks, such as distributed denial-of-service (DDOS) attacks. DDOS attacks can disrupt the availability of networked devices, ...
Mitigating the Risk of Malware Infections
Malicious software, known as malware, is a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. The following is a list of the different ...
Backups: The Cure to Viral Cyber Infections
Given the steady uptick in ransomware across the country, and right here in our State, we simply cannot overstate the importance of maintaining good backups that are stored offline (physically off of the network) and regularly tested to ensure you can fully recover in the event of a data loss ...
Website Defacements – How to Protect Your Website
Imagine you wake up one day to find that your company’s website no longer displays your logo, products, or contact information. Instead of providing an online presence for your business, your website is now promoting a hacking group or terrorist organization. Your customers are angry and your employees are confused. ...
Bots and Botnets: There Are Zombies Among Us
October is one of my favorite months of the year – the air is crisp, the leaves are beginning to change, pumpkins are everywhere, and Halloween is right around the corner. It’s also National Cyber Security Awareness Month and, as a way to pay tribute to this wonderful time of ...
Insider Threat Demands a Proactive Approach
These days, so much attention is given to external cybersecurity threats that it is often easy to forget that insider threats can be just as damaging, especially when it comes to theft of intellectual property, trade secrets, personally identifiable information (PII), and other sensitive data. Insider threats can include current ...
Public Wi-Fi – Sacrificing Security for Convenience
In my previous CyberLog post, I shared some of the information I learned while attending DefCon 23, an annual hacker conference held in Las Vegas. What I didn’t mention, though, were the things I had to take into consideration prior to my arrival. As this was my first time attending, ...
Social Engineering
Last week, I had the opportunity to attend DefCon 23, an annual conference where hackers and cybersecurity professionals from around the world descend on Las Vegas to learn and share information about hacking techniques, system and software vulnerabilities, online privacy, and data protection. Each day of the convention was jam-packed ...
This is Security Series
Securing API Keys, Access Tokens, and Secrets
Summary In an increasingly digital society, enterprise systems and software services offer various solutions that address the needs of government entities, organizations, and small businesses. The inner workings of these systems and services rely on vital components such as API keys, access tokens, and secrets to deliver business functionality to ...
DDOS Attack Types and Mitigation Strategies
Distributed denial-of-service (DDOS) attacks are malicious cyber operations that use a network of systems to target a service or network in attempts to overwhelm it or its infrastructure such that it can no longer function properly and shuts down fully or partially. The motivations for DDOS attacks vary. DDOS threats are a common extortion tactic threat actors use against e-commerce sites and online businesses to compel payment in ransomware cases.
User Beware: Your Smartphone Is Tracking Your Every Move
From services to apps, users of smartphones are unwittingly consenting to being tracked in real-time by a multitude of companies for the purposes of providing “requested features, integrations, user experience improvements,” and many other laudable-sounding reasons. What is not known by many users is that detailed information on their precise location and activity is being beaconed out by their phone and collected, shared, and sold to numerous organizations that aggregate these data sources with others to build a user profile that would make spy agencies and repressive governments green with envy.
Tips for Teleworkers, Remote Access Security
Telework Program Fundamentals: For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans. For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. ...
The Importance of Multi-Factor Authentication
Knock, Knock – Who’s There? This month, another collection of user ID’s and passwords was released on the dark web. It includes more than 2 billion records that have been compiled from data breaches dating back as far as 2008. Identity and authentication mechanisms - i.e. usernames and passwords - ...
Applying Standards
Solving Cybersecurity Problems Through the Application of Standards In November 1999, Bruce Schneier famously wrote that “complexity is the worst enemy of security” in his essay titled, A Plea for Simplicity – you can’t secure what you don’t understand. As information technology has proliferated throughout society over the past 20 ...
Supply Chain Security
On June 27, 2017, the NotPetya malware was unleashed via a malicious, modified update to the accounting software package, M.E. Doc, which is used by many businesses in the Ukraine and elsewhere. Included in the malicious update package were exploits that helped the malware spread to computers throughout the world, ...
Network Segmentation
Crunchy on the Outside, Soft and Chewy on the Inside Modern approaches to cybersecurity are often heralded as revolutionary, brilliant ideas. But in reality, these modern approaches are simply the adaptations of effective security strategies and tactics from other industries or disciplines. Security is security. For years, best practices in ...
Information Asset Management
Those Who Fail To Learn From History Are Bound to Repeat It In 1948, in his address to the House of Commons, Winston Churchill stated, “those who fail to learn from history are bound to repeat it.” The context then, as it is today, provides an ominous warning that those ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.