- Staying Safe on Social Networking Sites - December 2011 (.doc, 119k): The popularity of social networking sites such as MySpace, Facebook, Twitter and others has expanded tremendously in recent years; therefore, the need for users to take precautionary security measures and remain vigilant has never been greater. This Newsletter identifies the security concerns of social networking sites and provides tips on how to stay safe on social networking sites.
- Tips for Secure Shopping Online During the Holiday Season - November 2011 (.doc, 118k): With the increased volume of online shopping, it is important that consumers understand the potential security risks and know how to protect themselves and their information. This Newsletter provides tips to facilitate a more secure online shopping experience.
- Cyber Security and You – Top Ten Tips - October 2011 (.doc, 472k): While there are many steps that people can take to be safe online, this newsletter provides a list of ten things you can do to secure your information.
- Disaster Preparedness for Personal Information Assets - September 2011 (.doc, 472k): It's important to consider how we safeguard our information in the event of a natural disaster, man-made event, or even a system failure. This newsletter will discuss some steps you can take to secure your critical information and some best practices to make information security part of daily life.
- Phishing Alerts, Fake Traffic Tickets & False Credit Union Messages - August 2011 (.doc 471k): There have been a number of recent "phishing" campaigns, which are attempts by individuals or groups to solicit personal information from unsuspecting users by employing social engineering techniques. This month's newsletter will focus on some of recent campaigns and provide guidance for protecting yourself and your information.
- Cyber Crime: How It Happens And How You Can Protect Yourself - July 2011 (.doc 153kb): An increasing number of domestic and international criminals are using the Internet for illegal purposes. Computers and other electronic devices can be used to commit crimes. This newsletter will discuss who are potential targets, the nature of computer and cyber crime, and what you can do to be safe.
- Securing Mobile Devices (.doc, 472k): Mobile computing devices include mobile phones, IP phones, pagers, BlackBerry devices, iPhones, smart phone, and portable storage devices, such as USB drives. Some of these devices are multifunctional and may be used for voice calls, text messages, email, Internet access, and may allow access to computers and/or networks. While increased productivity is a positive feature for any organization, the risks associated with mobile devices can be significant and include issues stemming from human factors to technological issues.
- Cyber Bullying: What You Need to Know To Keep Your Family Safe (.doc, 470k): A growing concern has been the use of the Internet to "bully" or harass someone, which is called cyber bullying. While the activity affects both adults and children, this newsletter will focus on the impact to children and what steps can be taken to protect them.
- Phishing Alert –Epsilon Data Breach (.doc, 469kb): Phishing is a vehicle to obtain your personal data, such as credit card numbers, passwords, account data, or other information. The scam attempts to entice email recipients into clicking on a link that takes them to a bogus website. This website may then prompt the recipient to provide personal information such as social security number, bank account number or credit card number, and/or it may download malicious software onto the recipient's computer.
- Safeguarding your Personal Data (.doc, 472kb): By understanding the risks and combining some common sense rules with a little bit of technology, home users can safeguard their data from these threats and understand the needs for security controls in the workplace to help protect computing resources and data.
- Cyber Ethics (.doc, 468k): Cyber Ethics refers to the code of responsible behavior on the Internet. We should all employ the basic tenets of Cyber Ethics to be good "cyber citizens." This Newsletter identifies who and why we should be concerned with cyber ethics and outlines some of the rules of cyber activities.
- Cyber Security Emerging Trends and Threats for 2011 (.doc, 498k): The year 2010 was another busy year for cyber security professionals and end users, as we faced a number of cyber security incidents and events. This Newsletter identifies some of the challenges we will face in 2011 and provides tips on what we can do defend against these challenges.
- Increase in Java Exploits - December 2010 (.doc, 591k): Java is a programming and computing platform widely used for stand-alone and web-based applications/applets, including utilities, games, and business applications. Many applications and websites require end-users to have Java installed, and the software is used extensively because of its flexibility. Once a program has been created and compiled in Java, it will run on a variety of software and operating system platforms (such as Windows and Macs). This Newsletter identifies the potential cyber security concerns and provides tips on what you can do to be safe with Java.
- Online Holiday Shopping Security Tips - November 2010 (.doc, 212k): Online shopping during the upcoming holiday season is expected to grow from last year. Faster Internet access speeds, coupled with enhanced functionality and deployment of mobile devices are just a few factors that may contribute to consumers’ increased use of the Internet for holiday shopping. Before going online, it’s important to understand the potential security risks and what precautions to take. This Newsletter provides tips to help consumers stay safe while shopping online and what to do if you encounter problems with an online shopping site.
- Why Cyber Security is Important - October 2010 (.doc, 225k): Many aspects of our lives rely on the Internet and computers, including communications (email, cell phones, texting), transportation (traffic control signals, car engine systems, airplane navigation), government (birth/death records, social security, licensing, tax records), finance (bank accounts, loans, electronic paychecks), medicine (equipment, medical records), and education (virtual classrooms, online report cards, research). This Newsletter defines Cyber Security, identifies the importance of Cyber Security and the threats associated with it, and provides tips on what we do to help protect our information and systems.
- Detecting and Avoiding Fake Anti-Virus Software - September 2010 (.doc, 220k): You may be familiar with this or similar messages appearing on a website, urging you to take action. Unfortunately, these messages are often scams that attempt to install malicious software (malware) onto your computer. Such software is referred to as rogue (fake) anti-virus malware, and the number of incidents associated with these are increasing. This Newsletter identifies how a computer can become infected, the impact of a rogue anti-virus software, and tips on how to protect against this type of threat.
- Protecting Children Online - August 2010 (.doc, 189k): Children are spending more of their time online than ever before. According to one study, children and young adults ranging from eight to 18 years old spend an average of 1.5 hours a day using a computer outside of school. As use of the Internet and online technologies becomes more ingrained into our everyday lives, it is important we ensure that our youth understand how to use these powerful tools and how to protect themselves from becoming cyber victims. This Newsletter provides tips on how to keep your children safe online.
- Protecting Data Contained in Copiers and Printers - July 2010 (.doc, 190k): You are probably familiar with many of the standard best practices for safeguarding your data, such as not carrying unencrypted sensitive data on portable devices; use a complex password; and keeping your PC current with updated anti-virus software and security patches. However, do you realize that another important aspect of safeguarding your data means taking precautions about the information that may be stored in printers or copiers? This Newsletter provides helpful tips on how to appropriately address the risk of data loss and unauthorized disclosures as a result of network printer and copier use.
- PC Maintenance - June 2010 (.doc, 190k): As with most types of equipment, you must perform periodic maintenance on your home PC to keep it in good operating condition. Performing maintenance will help your PC run faster, use resources more efficiently, and could save you from headaches caused by system failures and degradation. Most importantly, proper PC maintenance is crucial in order to protect your machine from security threats such as worms, viruses, and other malicious activity. This Newsletter provides helpful tips on how to keep a home PC maintained.
- Identity Theft - May 2010 (.doc, 189k): Identity theft is a crime in which your personal information such as your name, Social Security number, date of birth, and address is stolen and may be used by someone to assume your identity, often for the purpose of financial gain. This Newsletter provides helpful tips regarding protecting your personal information and what to do should you become a victim of identity theft.
- Cloud Computing - April 2010 (.doc, 194k): Cloud computing is a growing trend in information technology as organizations look for ways to save money and add flexibility to their operations. Cloud computing, while still an evolving service, provides on-demand network access to a shared pool of computing resources such as networks, servers, storage and applications. This Newsletter identifies the security concerns and addresses what organizations should do when considering cloud computing.
- Security and Privacy on Social Networking Sites - March 2010 (.doc, 202k): Social networking sites have become very popular avenues for people to communicate with family, friends, and colleagues from around the corner or across the globe. While there can be benefits from the collaborative, distributed approaches promoted by responsible use of social networking sites, there are information security and privacy concerns. The volume and accessibility of personal information available on social networking sites have attracted malicious people who seek to exploit this information. This Newsletter provides helpful tips regarding security and privacy while using social networking sites.
- Backing Up Your Files - February 2010 (.doc, 189k): Loss of data can be devastating, especially if the information cannot be recovered or reproduced. Whether data is lost due to a physical disaster, virus, theft, or accidental deletion, the recovery of the data cannot be accomplished unless you have a plan in place. The need to back up important data to ensure its availability in the event of loss or theft cannot be overstated. Backup and recovery plans are essential not only for government and businesses but also for home users. This Newsletter identifies what users should back up, how to back up data, and what media can be used for backups.
- Cyber Security Trends for 2010 - January 2010 (.doc, 185k): As we begin the new year, it’s an opportune time to assess the cyber security landscape and prepare for what new challenges may lie ahead, as well as what current threats may continue. This Newsletter identifies some new and current cyber security trends we will face in 2010.
- Automatic Software Updates and Patching – December 2009 (.doc, 176k): Security vulnerabilities are flaws in the software that could allow someone to potentially compromise a system. Each year, the volume of software security vulnerabilities discovered increases, and the hacking tools available to exploit these vulnerabilities become more readily available and easier to use. No entity is immune to vulnerabilities, so we must ensure we understand the risks and take appropriate mitigation steps. This Newsletter provides tips on how to update and patch systems in order to protect against potential attacks.
- Online Holiday Shopping Tips – November 2009 (.doc, 202k): The holiday season is approaching quickly and many of us will be shopping online. With the increased volume of online shopping, it's important that consumers understand the potential security risks and know how to protect themselves and their information. The Newsletter provides tips on how to promote a safe and secure online shopping experience.
- Top Ten Cyber Security Tips – October 2009 (.doc, 204k): In recognition of the 2009 National Cyber Security Awareness Month, this Newsletter is designed to provide you with the TOP 10 Cyber Security Tips that you can - and should - use to protect your computer system.
- Cyber Ethics – September 2009 (.doc, 197k): Responsible behavior on the Internet in many ways aligns with acceptable behavior in everyday life, but the consequences can be significantly different. Some people try to hide behind a false sense of anonymity on the Internet, believing that it does not matter if they behave badly online because no one knows who they are or how to identify them. That is not always true. Computers, browsers, and Internet service providers may keep logs of their activities which can be used to identify illegal or inappropriate behavior. This Newsletter defines cyber ethics and identifies responsible behaviors on the Internet.
- Browser Cookies – August 2009 (.doc, 185k): Did you know you can get “browser” cookies almost every time you go on the Internet? These cookies help with Internet commerce, allow quicker access to websites, or can personalize your browsing experience. However, there are some privacy and security issues that you should be aware of, so it is important to understand the purpose of a “browser” cookie and manage their use on your computer appropriately. This Newsletter will help you understand what a “browser” cookie is, what it is used for, and what risks might be associated with using cookies.
- Cybercrime – July 2009 (.doc, 200k): The term “cybercrime” is usually referred to as any criminal offense committed against or with the use of a computer or computer network. For something to be considered a crime; however, requires a law to denote it as such, and the laws have, to this point, lagged behind technology. Existing laws relating to cybercrime oftentimes do not apply to specific acts being investigated and those laws vary from state to state. Some cybercrime may be more easily prosecuted if it is simply viewed as a more commonly recognized crime, e.g. vandalism instead of web defacement. This Newsletter defines cybercrime, identifies the trends in cybercrime, and what you can do if you become a victim.
- Security of Mobile Communication Devices - June 2009 (.doc,199k): Mobile communication devices have become indispensable tools for today's highly mobile society. Small and relatively inexpensive, these multifunction devices can be used not only for voice calls but also text messages, email, Internet access along with stand alone applications similar to those performed on a desktop computer. A significant amount of personal, private, sensitive and/or confidential information may accumulate or be accessed via these devices. This Newsletter identifies some of the risks with these devices and provides steps you can take to protect your personal and work issued mobile communication device.
- Rogue (Fake) Anti-Virus Software: How to Spot It & Avoid It! - May 2009 (.doc,212k): A free PC scan or an offer to clean your computer of supposedly infected files are often attempts by malevolent persons or organizations to install malicious software (malware) such as a Trojan horse, keylogger, or spyware. Such software is referred to as rogue (fake) anti-virus malware. This Newsletter provides information on how to protect your computer from rogue (fake) anti-virus software.
- Security of Credit Card Transactions - April 2009 (.doc,778k) The use of credit cards to pay for goods and services is a common practice around the world. It enables business to be transacted in a convenient and cost effective manner. However, more than 100 million personally-identifiable, customer records have been breached in the US over the past two years. Many of these breaches involved credit card information. Continued use of credits cards requires confidence by consumers that their transaction and credit card information are secure. This Newsletter provides information as to how the credit card industry has responded to security issues and steps you can take to protect your information.
- Social Networking Sites How to Stay Safe - March 2009 (.doc,776k) Social networking sites are online communities of Internet users who want to communicate with other users about areas of mutual interest, whether from a personal, business or academic perspective. The specific functionality of the various sites may differ, but in general, the sites allow you to provide information about yourself and communicate with others through email, chat rooms and other forums. This Newsletter addresses the security concerns of social networking sites and provides tips on what you can do to protect yourself.
- Cyber Security Trends - Feb. 2009 (.doc,785k) Some of the key challenges we face in 2009 are discussed.
- Challenge or Secret Questions - January 2009 (.pdf,47k) The security concerns of challenge or secret question prompts are discussed.
- Pop-Ups - December 2008 (.doc, 777k) What pop-ups are and what you can do to keep them from affecting the security of your computer and data.
- Internet Shopping - November 2008 (.doc, 790k) While online shopping can be convenient and time-saving, you must shop smart and take precautions to mitigate the risks.
- Phishing - October 2008 (.doc, 784k) The newsletter expands upon the material and recommendations from the November 2007 newsletter. October is National Cyber Security Awareness Month.
- Personal Privacy - September 2008 (.doc, 793k) Personal information has become a frequent target for data thieves and the volume of breaches involving personal information continues to grow. According to the Privacy Rights Clearinghouse, there have been more than 240 million records containing sensitive personal information involved in security breaches to-date nationally.
- Firewalls - August 2008 (.doc, 781k) Firewalls add a layer of protection by blocking unauthorized and potentially dangerous data from entering your computer or network. Firewalls are especially critical for users who have an "always on" connection to the Internet.
- Web Browser Attacks - July 2008 (.doc, 789k) Web Browsers are vulnerable to attack or exploit. This newsletter provides information on what you can do to protect yourself from Browser attacks.
- Data Breach - June 2008 (.doc, 779k) Would your organization know what to do if a data breach occurred? This newsletter provides guidance and information regarding data breaches, including information about privacy laws and regulations, and steps to take when a breach occurs.
- Encryption - May 2008 (.doc, 783k) One method of increasing security is through data encryption. This newsletter provides background on encryption and some appropriate considerations for its use.
- Social Engineering - April 2008 (.doc, 763k) Social engineering is an attack approach that relies on the trusting nature of individuals in order to gain access to a target (e.g., information or facility) through misrepresentation. This newsletter provides examples of social engineering techniques and ways to avoid becoming a victim of such attacks.
- Annual Maintenance for Computers - March 2008 (.doc, 781k) Just like an automobile, if not maintained properly, a computer can malfunction and breakdown; the result, a potential loss of important information. This Newsletter provides instructions and guidance for regular computer maintenance to minimize these risks.
- Securing a Wireless Network - February 2008 (.doc, 777k) A wireless network can provide many benefits and conveniences; however, there are just as many risks if not set-up properly. This Newsletter provides instructions for setting up a secure wireless network to minimize the risks.
- Securing Your Laptop - January 2008 (.doc, 776k) The portability of laptops makes them extremely convenient. However, we must be aware of the security risks associated with the loss or theft of laptops, and take proper precautions to prevent such loss or theft. This Newsletter provides practical tips and instructions to minimize these risks.
- Online Shopping - December 2007 (.doc, 107k) Tis the season for online shopping! However, the ease and convenience of online shopping is not achieved without some risk. This Newsletter explains how to enhance your online shopping experience while minimizing your risk.
- Phishing - November 2007 (.doc, 107k) Phishing is a technique using email or other types of electronic messaging to obtain personal information for fraudulent purposes, such as identity theft. This Newsletter explains what it is and what steps you can take to minimize your risk and how to avoid becoming a victim.
- Protect Your Child Online - October 2007 (.doc, 219k)
Children present unique risks when using computers, especially computers connected to the Internet. This Newsletter identifies some simple steps you can take to keep children safe online and a list of resources geared toward protecting children online.
- Botnets - September 2007 (.doc, 62k)
Botnets are a significant problem on the Internet. They are a growing source for staging denial of service attacks, stealing personal information for identity theft, and sending out email-based phishing attacks and spam. This Newsletter explains what these are and how you can mitigate the risk.
- Grid Computing — August 2007 (.doc, 63k)
Seemingly innocuous, downloading programs which claim to share the unused resources of your computer to assist with scientific research efforts, such as, finding a cure for a disease, or search for extraterrestrial life on other planets, are risky business. This Newsletter explains the risks, current state policy and why the risk of running these programs on state systems may outweigh the potential benefits.
- Internet Hoaxes and Urban Legends — August 2007 (.doc, 61k)
Tired of receiving emails promising get-rich-quick schemes, warnings of major computer meltdowns or images exploiting the latest natural disaster? These emails are more than just an annoyance; they do have a purpose, which is often malicious. This Newsletter explains some of the tactics used and provides steps to help stop them from bogging down networks and clogging in boxes.
- Telecommuting Security Risks — July 2007 (.doc, 55k)
Telecommuting is used by organizations for a multitude of reasons, including cost and environmental benefits. This Newsletter provides steps that should be taken to address security when telecommuting is implemented.
- Recognizing and Avoiding Spyware — June 2007 (.doc, 62k)
Spyware is a type of computer program that attaches itself to your operating system, generally without your permission or knowledge. This month's Newsletter will help you detect, remove and prevent instances of Spyware on your computer.
- Unintended Information Disclosure — May 2007 (.doc, 68k)
This Newsletter will help you understand what unintended disclosure means and how serious the issue is. It will also outline how your organization’s protected information can become exposed, how you can respond to such an incident, and how you can help prevent such incidents from occurring.
- Security Concerns Regarding Peer To Peer (P2P) File Sharing — April 2007 (.doc, 59k)
Peer-to-Peer (P2P) networking has become a popular method for sharing files, music, photographs and other information. Although the concept of file sharing seems benign, there are a number of risks associated with P2P.
- Safeguarding Your Data — March 2007 (.doc, 57k)
How do you safeguard sensitive/confidential data? The manner of protection often depends on what kinds of data you are safeguarding, and how important or sensitive it is to you and your organization.
- Protecting Portable Devices — February 2007 (.doc, 55k)
These devices are popular and convenient, they are also easily lost or an ideal target for thieves. Learn more tips toprotect both the device and the information contained on the device.
- What is cyberbullying? — January 2007 (.doc, 56k)
It is a new, and growing, practice of using technology to harass, or bully individuals. Learn some helpful smalls on how you can protect yourself.
- Preventing and Responding to Identity Theft — December 2006 (.doc, 56k)
Identity theft, or identity fraud, is a crime that can have substantial financial and emotional consequences. Learn some helpful smalls on how you can protect your own personal information.
- Safe Online Shopping — November 2006 (.doc, 53k)
Shopping online has become more popular and convenience. The following ten tips can help stay secure while doing online shopping.
- Top Ten Cyber Security Tips — October 2006 (.doc, 80k)
The TOP 10 simple, easy and basic things that everyone can and should do to protect their computer systems and data from harm.
- Staying Safe on Social Networking Sites — September 2006 (.doc, 48k)
The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so certain precautions should be taken.
- Erasing Information and Disposal of Media — August 2006 (.doc, 48k)
Protecting confidential and sensitive data from accidental disclosure is very important. We should all strive to properly handle data erasure and the disposal of media.
- How Anonymous Are you? — July 2006 (.doc, 48k)
- Why Cyber Security is Important — June 2006(.doc, 40k)
Learn more about the risks and protecting information by preventing, detecting, and responding to attacks.
The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.
Cyber Threat Level
- California Security Jumpstart
- California IT Directory
- Forms and Tools
- Policy (SAM /SIMM /MM /BL /TL /Compliance)
- Really Simple Syndication (RSS) Feeds
- Samples and Templates
- Status of Required Security Reporting Activities
- California Military Department
- California Government Operations Agency
- California Department of Technology
- California Highway Patrol
- California Governor's Office of Emergency Services
- State of California Office of Health Information Integrity
- Department of Justice´s Privacy Enforcement and Protection Unit