Module Zero – Site Security

In this module we will cover:

• How to build in cybersecurity to all content creation activities
• Protecting your members and organization from Phishing and Spear Phishing attacks
• Protecting your forms from hackers & spammers
• Protecting your blogs from spammers
• How to find the latest cybersecurity tips

Built-in Cybersecurity

Built-in cybersecurity is the activity of thinking about and implementing cybersecurity techniques during the website content creation and editing process. Built-in cybersecurity is not considered an afterthought; it’s built in right from the beginning.

Download our cybersecurity handbook here:

The Don’ts of Site Cybersecurity

• Don’t share your username and password.
• Don’t post email addresses on your club site.
• Don’t upload any PDF, Word or Excel file directly from the Internet.
• Don’t upload any file with macros activated or enabled.
• Don’t post member information anywhere on your club site.
• Don’t upload member information anywhere on your club site.

The Dos of Site Cybersecurity

• Do contact Kiwanis IT if your club site has been hacked or you think it may of been hacked.
• Do subscribe to the Cyberheist News Blog
• Do have all site content creators complete this cybersecurity training module.
• Do use contact forms with reCaptcha to communicate with the public.
• Do train your site content creators on the cybersecurity Dos and Don’ts.
• Do use reCaptcha on all blog posts that allow comments.

Protecting your members and organization from Phishing and Spear Phishing attacks

How do the hackers do it?

It’s incredibly simple for hackers to create a targeted Spear Phishing campaign that can cause personal, financial and brand damage to an organization, staff and its members.

There are several ways to Spear Phish, some of which are fairly complex but the easiest and most common way to Spear Phish a business or organization is as follows.

• The hackers write a computer program that automatically searches the Internet for organization information stored in website HTML, Excel and PDF files. This information includes
  • Name
  • Email
  • Organization information
  • Role or title
• Computer program extracts the data and stores it on the hacker’s computer.
• A Spear Phishing email is created by the hacker that targets a specific group within an organization based on the mission of the organization.
• The targeted Spear Phishing email is sent to all members in the target group, from what appears to be coming from a person belonging to the target group.
• The Spear Phishing email provokes an emotional response, usually about a sick child that needs financial support for medical treatments.
• The Spear Phishing email has links to a malicious website where the member interacts and gives up personal and financial information.
• The hacker then monetizes the compromised member data either by selling it to other hackers or by using the data themselves to make purchases or to collect payments from the member’s bank account

Example of a Real Spear Phishing Email

How to avoid being Spear Phished

• Do subscribe to the CyberHeist News Blog
• Do search for and remove all files or website content that contains member information including:
  • Member name
  • Member email
  • Member club and or district
  • Member title
• Don’t post email addresses on your club site.
• Don’t share your username and password.
• Don’t upload any PDF, Word or Excel file directly from the Internet.
• Don’t upload any file with macros activated or enabled.
• Don’t post member information anywhere on your club site.
• Don’t upload member information anywhere on your club site.

How to stay updated on cyber threats

• Check out the Resources page
• Subscribe to the CyberHeist News Blog
• Check out ThreatPost for the latest cyber threat news

Congratulations!

You have successfully completed this module. If you follow the guidelines in this module, you will be able to securely use your new club site. Great work!