Cyber Attacks

Cybersecurity is present in every aspect of our lives, whether it be at home, work, school, or on the go. The Department of Revenue wants to increase your awareness of cybersecurity and protect yourself online.

Cybersecurity comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Effective cybersecurity reduces the risk of cyber attacks and protects organizations and individuals from the unauthorized exploitation of systems, networks and technologies.

Everyone can be a potential target and cause a security incident. Hackers count on just one person who will want to help or to be curious to cooperate and “click” on a link or attachment in a business or personal email.

Types of cyber threats include:

Phishing: Masquerade as trustworthy person or business to steal financial or personal information through fraudulent email or instant messages

Insider threats: Employees either unintentionally (falls victim to a phishing attack) or maliciously extract data for financial gain

Denial of service: Hacker floods a website with more traffic than it can handle causing a disruption in service

Weak credentials: Reusing same credential on multiple systems could compromise sensitive information if hacker cracks a password

Computer viruses: Malware, trojan and ransomware

Spyware threats: Program that monitors online activities or installs programs without consent

Hackers and predators: Programmers who victimize others for their own gain

How to protect yourself

How can you protect yourself from phishing attempts to steal your information?

Limit what you share online. The less you share about yourself, the smaller the target you are for a phishing attack. Cyber criminals use information you post online to learn how to gain your trust.

Protect your credentials. No legitimate company or organization will ask for your username and password or other personal information via email. Your bank definitely won’t.

Still not sure if the email is a phish? Contact IDRSecurity@iowa.gov.

Beware of attachments. E-mail attachments are the most common target for malicious software. When you get a message with an attachment, delete it — unless you are expecting it and are absolutely certain it is legitimate.

Confirm identities. Phishing messages can look official. Cyber criminals steal organization and company identities, including logos and URLs that are close to the links they’re trying to imitate. There’s nothing to stop them from impersonating schools, financial institutions, retailers, and a wide range of other service providers.

Trust your instincts. If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via their website, e-mail, or telephone number.

Check the sender. Check the sender’s e-mail address. Any correspondence from an organization should come from an organizational email address.

Take your time. If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cyber criminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.

Don’t click links in suspicious messages. If you don't trust the e-mail (or text message), don’t trust the links in it either. Beware of links that are hidden by URL shorteners or text like “Click Here.” They may link to a phishing site or a form designed to steal your username and password.

Social networking guides

Many people use social media to keep in touch with people and emerging trends. However, you still must protect yourself when using social networking.

Think before you post. What you publish online is widely accessible and will be around for a long time, so carefully consider the content before you publish.

Connect only with people you know and trust. Don’t accept “friend” requests unless you know the person well.

Limit what you share. Keep certain things private from everyone.

Backup your important data. Ransomware won’t be nearly as devastating if your data is safely and securely backed up.

Limit personal info on social media. Don’t include personal information such as birth date, home town or phone numbers.

Enable privacy and security settings. Review your social media policy settings as they occasionally change

Limit social logins. Many applications will suggest your Facebook or other social logon account as a single sign on for their application. This may be convenient for you but it is also easy for a cyber criminal to easily access all your associated accounts using just that one social media account password.

Change your passwords. Your passwords should be regularly changed at least every nine months to one year.

Manage your passwords securely. Use a password manager application to store your account credentials.

Get your news and information from a trusted source. Don’t rely on information that just pops into your social media newsfeed. Instead, get it from a trusted source. Most of Iowa’s 300-plus newspapers, for example, (which are also now online) have been in existence for an average of 150 years and hire trained journalists and editors who have knowledge in media ethics and simply report local news. They also report all the expenses that local government spends with taxpayer money in the public notice section, as required by Iowa Code. Always keep in mind there are millions of bad players (many from foreign countries) on social media who are attempting to get you to think, act or vote in a certain way that may not always in your best interest.

— Information courtesy of the Iowa Department of Revenue.