Faith-Based Daily Awareness Post 06 October 2023

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against, and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters. 

FBI Highlights Online Safety Tips During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, and the FBI is reminding the public to be cyber smart all year long. National Cybersecurity Awareness Month, now in its 20th year, is hosted by the Department of Homeland Security and the National Cyber Security Alliance. Multiple agencies, including the FBI, collaborate to raise awareness about cybersecurity and stress the collective effort needed to stop cyber intrusions and online thefts and scams.

As the premier cyber investigative agency, the FBI works to keep the public safe online but there are simple steps anyone can take to better protect themselves and their families, including:

• Keeping all systems and software up to date and using a good anti-virus program.
• Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using slight variations in spelling.
• If an unsolicited text or email asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the number provided in the message. Instead, go to the company’s website to log into your account or call the number on the company’s official website.
• Do not open any attachments unless you’re expecting the file, document, or invoice, and have verified the sender’s email address.
• Scrutinize all electronic requests for a payment or transfer of funds.
• Be extra suspicious of any messages urging immediate action.
• Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.

Analyst Comments:

Faith-Based Organization (FBO), like any other organizations, need to protect themselves from cyber-attacks. Following the FBI’s tips, listed above, will help reduce an FBOs vulnerability to a cyber-attack. CISA’s Secure Our World campaign is another resource to protect individuals, families, and businesses.

FB-ISAO’s 15 September Daily Awareness Post discussed a report of $400,000 stolen from a FBO in a cyberattack and see this week’s FB-ISAO Weekly Advisory on Cyber Warnings for more incidents and resilience information. The Daily Awareness Post also provided the following advice.

“Because this attack is purposefully designed to trick users, one of the best defense methods is cybersecurity awareness training and recurring refreshers to remind staff and volunteers of these types of scams. It is also important that strict security protocols be put in place to verify and validate such requests and that staff and volunteers closely follow established procedures.”

Members may also be interested in these new products from our federal partners:

NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations. The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders. Read the Executive Assistant Director at CISA’s blog post on the “Urgency for Software Manufacturers to Incorporate Secure by Design Principles.” Additionally, NSA and CISA encourage organizations to review the joint CSA for recommended steps and best practices to reduce the risk of malicious actors exploiting the identified misconfigurations. For more information on secure-by-design principles, visit Secure by Design and Security-by-Design and -Default.

The FB-ISAO website also provides Cybersecurity Resources.