Cybersecurity Guides
Instructional Guides
The NJCCIC’s Guide to Accessing Instagram’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
The NJCCIC’s Guide to Accessing Your Android Device’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change the privacy and security settings on their Android devices. As we become ...
The NJCCIC’s Guide to Accessing Google’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change their privacy and security settings, as well as instructions on how to ...
The NJCCIC’s Guide to Accessing Twitter’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
The NJCCIC’s Guide to Accessing Facebook’s Security & Privacy Settings
The NJCCIC is providing this guide to help our members and website visitors manage their cyber risk and maintain the security and privacy of their information. This guide provides users with the steps needed to access and change privacy and security settings, as well as instructions on how to view ...
Configuring & Securing a Home Wi-Fi Router
A great way to reduce your cyber risk is to ensure your home Wi-Fi network is properly configured and secured. Think about how many devices are connected to your home’s wireless network right now. In modern households, there could easily be a dozen or more connected devices. Laptop computers, tablets, ...
Stop What You Are Doing and Enable MFA
What do Target, Home Depot, JP Morgan, Sony Pictures Entertainment, Yahoo, the Office of Personnel Management, the Democratic National Committee, and three Ukrainian electric utilities have in common? If your answer is that these organizations all experienced cyber intrusions that resulted in the large-scale theft of data, or the first ...
An Intro to Using Hashes to Check File Integrity
Disclaimer: If technical jargon makes you queasy, proceed with caution! When downloading new software or updating existing software, how do you ensure that what you are installing is safe, unaltered, and from a reputable source? The simple answer is to compare the checksum of the file you downloaded to the ...
Passwords, Passwords, Passwords
When engaging with our NJCCIC members, we often find ourselves sounding like broken records with how frequently we end up on the topic of passwords. The fact is, account credentials—username & password—are the primary target of many of today’s cyber threat actors. Once a user account is compromised, a hacker ...
Mitigation Guides
DDOS Attack Types and Mitigation Strategies
Over the past several months, the NJCCIC noted a significant uptick in the number of distributed denial-of-service (DDOS) attacks in which thousands of malware-infected systems are used to flood organizations’ networks, thereby preventing or impairing the authorized use of the targeted networks, systems, or applications. In some instances, these ...
Defending Against DDOS Attacks
The substantial increase in remote work and education, use of technology including Virtual Private Networks (VPN) connections, and reliance on various online services and resources raises cybersecurity concerns as organizations may be subject to cyberattacks, such as distributed denial-of-service (DDOS) attacks. DDOS attacks can disrupt the availability of networked devices, ...
Ransomware: Risk Mitigation Strategies
While ransomware infections are not entirely preventable due to the effectiveness of well-crafted phishing emails and drive-by downloads from otherwise legitimate sites, organizations can drastically reduce this risk by implementing cybersecurity strategies and improving cybersecurity awareness and practices of all employees. The most effective strategy to mitigate the risk ...
Mitigating the Risk of Malware Infections
Malicious software, known as malware, is a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. The following is a list of the different ...
Backups: The Cure to Viral Cyber Infections
Given the steady uptick in ransomware across the country, and right here in our State, we simply cannot overstate the importance of maintaining good backups that are stored offline (physically off of the network) and regularly tested to ensure you can fully recover in the event of a data loss ...
Website Defacements – How to Protect Your Website
Imagine you wake up one day to find that your company’s website no longer displays your logo, products, or contact information. Instead of providing an online presence for your business, your website is now promoting a hacking group or terrorist organization. Your customers are angry and your employees are confused. ...
Bots and Botnets: There Are Zombies Among Us
October is one of my favorite months of the year – the air is crisp, the leaves are beginning to change, pumpkins are everywhere, and Halloween is right around the corner. It’s also National Cyber Security Awareness Month and, as a way to pay tribute to this wonderful time of ...
Insider Threat Demands a Proactive Approach
These days, so much attention is given to external cybersecurity threats that it is often easy to forget that insider threats can be just as damaging, especially when it comes to theft of intellectual property, trade secrets, personally identifiable information (PII), and other sensitive data. Insider threats can include current ...
Public Wi-Fi – Sacrificing Security for Convenience
In my previous CyberLog post, I shared some of the information I learned while attending DefCon 23, an annual hacker conference held in Las Vegas. What I didn’t mention, though, were the things I had to take into consideration prior to my arrival. As this was my first time attending, ...
Social Engineering
Last week, I had the opportunity to attend DefCon 23, an annual conference where hackers and cybersecurity professionals from around the world descend on Las Vegas to learn and share information about hacking techniques, system and software vulnerabilities, online privacy, and data protection. Each day of the convention was jam-packed ...
This is Security Series
DDOS Attack Types and Mitigation Strategies
Over the past several months, the NJCCIC noted a significant uptick in the number of distributed denial-of-service (DDOS) attacks in which thousands of malware-infected systems are used to flood organizations’ networks, thereby preventing or impairing the authorized use of the targeted networks, systems, or applications. In some instances, these ...
User Beware: Your Smartphone Is Tracking Your Every Move
From services to apps, users of smartphones are unwittingly consenting to being tracked in real-time by a multitude of companies for the purposes of providing “requested features, integrations, user experience improvements,” and many other laudable-sounding reasons. What is not known by many users is that detailed information on their precise location and activity is being beaconed out by their phone and collected, shared, and sold to numerous organizations that aggregate these data sources with others to build a user profile that would make spy agencies and repressive governments green with envy.
Tips for Teleworkers, Remote Access Security
Telework Program Fundamentals: For many organizations, telework programs have been in practice for years – whether as part of the organization’s everyday work program or as a component of their business continuity plans. For those organizations, policies, educational programs, technologies, and support services for the remote workforce are well established. ...
The Importance of Multi-Factor Authentication
Knock, Knock – Who’s There? This month, another collection of user ID’s and passwords was released on the dark web. It includes more than 2 billion records that have been compiled from data breaches dating back as far as 2008. Identity and authentication mechanisms - i.e. usernames and passwords - ...
Applying Standards
Solving Cybersecurity Problems Through the Application of Standards In November 1999, Bruce Schneier famously wrote that “complexity is the worst enemy of security” in his essay titled, A Plea for Simplicity – you can’t secure what you don’t understand. As information technology has proliferated throughout society over the past 20 ...
Supply Chain Security
On June 27, 2017, the NotPetya malware was unleashed via a malicious, modified update to the accounting software package, M.E. Doc, which is used by many businesses in the Ukraine and elsewhere. Included in the malicious update package were exploits that helped the malware spread to computers throughout the world, ...
Network Segmentation
Crunchy on the Outside, Soft and Chewy on the Inside Modern approaches to cybersecurity are often heralded as revolutionary, brilliant ideas. But in reality, these modern approaches are simply the adaptations of effective security strategies and tactics from other industries or disciplines. Security is security. For years, best practices in ...
Information Asset Management
Those Who Fail To Learn From History Are Bound to Repeat It In 1948, in his address to the House of Commons, Winston Churchill stated, “those who fail to learn from history are bound to repeat it.” The context then, as it is today, provides an ominous warning that those ...
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.