City of Faith Employee Self Service

Employee News

Tech Tuesday Series 2:Part 3 Password Sharing and our Shield Wall

By

Announcements 

  1. Tomorrow is City of Faith’s Annual Christmas Party 
  2. A 4th COF jacket order is coming.  
  3. Microsoft Teams Deadline has been extended to February 14th. 
    1. 2 additional training sessions will be held over Teams. The first will be Wednesday December 20th.  
  4. The last pass training sessions will be conducted in February while I travel to each location. 

 

Last Pass Password Sharing  

City of faith deploys two ways to do password sharing. The first is through https://1ty.me/  as pictured below. You can find all of this here 

 

The other method which is more secure is by using Last Pass. Last Pass has a built-in password-sharing feature that can be found by going to your vault.  

  1. Go to the password you want to share with others. 
    1. This can be found by scrolling through the passwords or by typing in the URL or site name of the password you’re looking for. For the purposes here I’ve used the URL  DummyUrl  

 

      1. The Password can be viewed by hitting the wrench icon. 
    2. After you hit the wrench, you can then view the Password by clicking the eyeball.   
  2. To Share the password, you hit the person icon next to the wrench on the search screen.  
    1. You then fill out the pop-up box that will appear. 

 

    1. The email address would be the email of the person you want to share this with, the allow recipients to view the password gives them the ability to view the password.  
    2. Then make sure you hit share. 
    3. The user will then receive an email with a link authorizing them to view the shared password. 

 

    1. I have  shared the password link with all of you created in this process feel free to let me know where the journey took you this time. It’ll show up in your sharing center under shared items.  

Tools we use to protect ourselves. 

The greatest tool against getting scammed is first and foremost your brain and critical thinking skills. But outside of that COF has some great tools we use to minimize the threat.   

    1. Cloud Storage- Storing resident data on local computers is a slippery slope in today’s era and leaves our clients and staff vulnerable to identity theft and fraud. We utilize a virtual cloud hosted server through Revver(formerly Efile) to store all resident files.  
    2. Anti-Virus and Firewalls- All COF devices should have antivirus installed on their devices. We use Trend Micro. This allows us to put in companywide safeguards including URL filtering, and malware protection for those trojan style viruses. (If you for some reason do not have antivirus, see IT) 
    3. MDM – MDM or Multi Device Management allows our systems to be on the same program and see current vulnerabilities and adjust policy instantly to all devices as they occur. We do this through Microsoft 365. (If you for some reason do not have MDM, see IT) 
    4. Last Pass- Last pass allows us to securely store and save passwords making it easier to meet security requirements such as NIST 800-53 and FedRamp requirements (like those 90-day password changes). (If you for some reason do not have LastPass see IT) 
    5. 2(multi) factor Authentication- Most people are probably familiar with this process through systems such as R3M. When you type in your email it sends you a code and then requires your password input as well. This will be coming  to all COF programs that offer it within the next year. I recommend utilizing a Authenticator app to make your life easier See Here  
    6. Forms Bureau- The Forms Bureau allows us to maintain, contain, and retain company proprietary information and is HIPPA compliant. The forms bureau is on cofess (if you don’t know how to access this information see IT). 
    7. Company Policies and Secure Access- We maintain a secure access policy in compliance with FedRamp and NIST regulations that basically state the lowest access needed for all parties to do their jobs. For example, Case Managers can’t access Employee files because that doesn’t pertain to their job.  Anyone who does any hiring has access to a form that sets these access controls and must fill it out even in cases of temporary access requests.  

 

More about Scams 

 

Instead of going over these 1 by one I’m going to provide you with a list of scams I’m familiar with and if you see something say something. The majority of scams that will be up to you to watch out for are called social engineering scams. These are scams where the perpetrators have created a scenario that will lure you the user into a situation that is favorable to the scammer.  

Certainly, there are various scams on the internet that people should be aware of to protect themselves. Here are some common examples: 

 

1.  Phishing Scams:  

   –  Email Phishing:  Fraudulent emails that mimic legitimate sources to trick users into providing personal information, such as login credentials or financial details. 

   –  Website Phishing:  Fake websites designed to look like legitimate ones to steal login information or financial data. 

 

2.  Online Shopping Scams:  

   – Fake online stores that offer products at extremely low prices to lure customers but never deliver the goods. 

 

3.  Tech Support Scams:  

   – Unsolicited calls or pop-ups claiming to be from tech support, stating that your computer has a virus and offering to fix it for a fee. Legitimate tech support companies don’t contact users this way. 

 

4.  Lottery or Prize Scams:  

   – Emails or messages claiming you’ve won a lottery or prize, but to claim it, you need to provide personal information or pay upfront fees. 

 

5.  Romance Scams:  

   – Scammers build a romantic relationship with someone online and then request money for various reasons, such as a medical emergency or travel expenses. 

 

6.  Investment Scams:  

   – Fake investment opportunities promising high returns with little or no risk. Always be cautious and research thoroughly before investing. 

 

7.  Social Media Impersonation:  

   – Fake social media profiles impersonating someone you know or trust, aiming to extract personal information or money. 

 

8.  Job and Employment Scams:  

   – Fake job offers that require payment for training or materials, or requests for personal information that can be used for identity theft. 

 

9.  Cryptocurrency Scams:  

   – Fake ICOs (Initial Coin Offerings), fraudulent exchanges, or Ponzi schemes in the cryptocurrency space. 

 

10.  Ransomware Attacks:  

    – Malicious software that encrypts your files and demands payment for their release. Regularly back up your data and be cautious with email attachments. 

 

11.  Freelance Scams:  

    – Fake job listings that require payment for access to opportunities or promise payment for work that is never actually completed. 

 

Always exercise caution when dealing with unfamiliar websites, emails, or messages. Be skeptical of unsolicited communications and verify the legitimacy of sources before providing personal or financial information. Keep your software and antivirus programs up to date to protect against malware and other online threats. 

 

As always this can be reviewed on the City of Faith Help Desk or on Cofess. 

Thanks,
 

Tech Tuesday Series 2 part 2 Scams Likely and Last Pass Set up

By

 

Announcements:

  1. Congrats to Ms. Coleman on Winning The Trailblazer Award!
  2. Forms Bureau is in full swing if it’s on Cofess it’s good to use. Please contact me if you have questions!

In order to continue our Journey in becoming more secure as a company I got a lot of requests for a tutorial on how to sign up for Last Pass. So I’ll bump password sharing to next week’s article. First let me stress this is an amazing password manager available to every person at this company just for being an employee. It is a secure way to share and store passwords and it notifies you if a password was seen on a data breach.

Last pass helps also helps us as a company reduce how often and how managed our passwords need to be by managing one password and letting Last Pass take care of the rest.

TABLE OF CONTENTS


CyberSecurity Memes and Phishing Memes of 2023 - Part 2

 

Join a LastPass business account as a new user

You can join your company’s LastPass Business or LastPass Teams account (once you’ve been invited by a LastPass admin) by activating a new LastPass account.

 

The steps below outline the activation experience for a brand new user whose email address was not associated with any existing LastPass account.

 

  1. Open the Welcome email you received from LastPass with the subject line, “Activate your account to get started.”
  1. Copy the Activation code.
  2. Select Activate Your Account.

A screenshot of a computer screen Description automatically generated

  1. Once redirected to the “Finish account creation” page, paste the Activation code into the field (your LastPass email address is already pre-populated for you).
  1. Create a new master password, then re-enter it to confirm. If desired (recommended) set a Reminder – this is a clue that is sent in a reminder email to help you remember your master password if it is ever forgotten).
  2. Select Continue

A screenshot of a login form Description automatically generated

 

 

Result: Your LastPass vault is then de-crypted and re-encrypted to use your newly created master password to log in to LastPass going forward. 

  1. Once your account is created, choose from the following options for installing the LastPass browser extension:
    • If you already have the LastPass installed, click OK on the confirmation page, and you are redirected to your LastPass vault.
    • If you do not have LastPass installed, you can click Install LastPass on the confirmation page to install the LastPass browser extension and log in.

 

     8. You have successfully activated your LastPass Business or LastPass Teams account, and are now logged in to your vault.

Other Types of Scams

Password Protection isn’t the only way we avoid scammers and having our information stolen.

Adware

Scammers often hide malicious software in pop-ups and links. It’s crucial never to click on a link if you’re unsure of its destination, and the same caution should apply to unfamiliar articles or pop-ups. For more information, click Here!

Phishing:

Beware of scammers who may reach out, pretending to be familiar contacts or trusted sources like Windows Defender. I recently experienced such an incident myself. The scammer posed as a friend, using a common tactic that I’ve observed affecting others in our community.

 

Typically, these scammers initially pretend to be someone you know, perhaps a distant acquaintance or relative. They often provide a plausible excuse for not engaging in a video call or phone conversation, citing reasons like a sore throat, as was the case in my encounter. Following this, they attempt to establish contact with you and then proceed to boast about the success of their fraudulent activities, often involving a significant sum of money.

 

Subsequently, they may claim to have come across your name on a certain list (there’s almost always some list involved) and offer to assist you in acquiring a similar financial gain. However, this is where it takes a turn for the worse—they typically request something less traceable, such as Apple gift cards or funds through cash apps. They will invent reasons for being unable to perform the requested actions themselves.

 

If you find yourself in such a situation, it is advisable to promptly change your password on the relevant platform and clear your browsing history. Stay vigilant and exercise caution to protect yourself from falling victim to these scams.

 

Some helpful advice for cyber security in general.

CyberSecurity Memes and Phishing Memes of 2023

Don’t Be like Grumpy Cat

11 hilarious cybersecurity memes of cats

2023 Trailblazer Winner

By

In March of 2023 the COF Chiefs of Security, under the direction of Director of Security Sam Williams, wanted to establish an award that recognized the leading security officer at City of Faith.  Through these meeting sessions the Roderick T. Pettus Trailblazer Award was created.  During the course of the year the Chiefs nominated various winners for the weekly award, the Reginald T. Ellis Chief’s Cup.  From these weekly winners a close raise began between Rosemary Coleman (Baton Rouge), Jasmine Toately (Little Rock), and TaRhonda Williams (Monroe).  From these 3 location nominees a close vote decided the winner.  On November 28, 2023, Rosemary Coleman was awarded the inaugural Pettus Trailblazer Award.