City of Faith Employee Self Service

Tech Tuesday

Tech Tuesday Series 2:Part 3 Password Sharing and our Shield Wall

By

Announcements 

  1. Tomorrow is City of Faith’s Annual Christmas Party 
  2. A 4th COF jacket order is coming.  
  3. Microsoft Teams Deadline has been extended to February 14th. 
    1. 2 additional training sessions will be held over Teams. The first will be Wednesday December 20th.  
  4. The last pass training sessions will be conducted in February while I travel to each location. 

 

Last Pass Password Sharing  

City of faith deploys two ways to do password sharing. The first is through https://1ty.me/  as pictured below. You can find all of this here 

 

The other method which is more secure is by using Last Pass. Last Pass has a built-in password-sharing feature that can be found by going to your vault.  

  1. Go to the password you want to share with others. 
    1. This can be found by scrolling through the passwords or by typing in the URL or site name of the password you’re looking for. For the purposes here I’ve used the URL  DummyUrl  

 

      1. The Password can be viewed by hitting the wrench icon. 
    2. After you hit the wrench, you can then view the Password by clicking the eyeball.   
  2. To Share the password, you hit the person icon next to the wrench on the search screen.  
    1. You then fill out the pop-up box that will appear. 

 

    1. The email address would be the email of the person you want to share this with, the allow recipients to view the password gives them the ability to view the password.  
    2. Then make sure you hit share. 
    3. The user will then receive an email with a link authorizing them to view the shared password. 

 

    1. I have  shared the password link with all of you created in this process feel free to let me know where the journey took you this time. It’ll show up in your sharing center under shared items.  

Tools we use to protect ourselves. 

The greatest tool against getting scammed is first and foremost your brain and critical thinking skills. But outside of that COF has some great tools we use to minimize the threat.   

    1. Cloud Storage- Storing resident data on local computers is a slippery slope in today’s era and leaves our clients and staff vulnerable to identity theft and fraud. We utilize a virtual cloud hosted server through Revver(formerly Efile) to store all resident files.  
    2. Anti-Virus and Firewalls- All COF devices should have antivirus installed on their devices. We use Trend Micro. This allows us to put in companywide safeguards including URL filtering, and malware protection for those trojan style viruses. (If you for some reason do not have antivirus, see IT) 
    3. MDM – MDM or Multi Device Management allows our systems to be on the same program and see current vulnerabilities and adjust policy instantly to all devices as they occur. We do this through Microsoft 365. (If you for some reason do not have MDM, see IT) 
    4. Last Pass- Last pass allows us to securely store and save passwords making it easier to meet security requirements such as NIST 800-53 and FedRamp requirements (like those 90-day password changes). (If you for some reason do not have LastPass see IT) 
    5. 2(multi) factor Authentication- Most people are probably familiar with this process through systems such as R3M. When you type in your email it sends you a code and then requires your password input as well. This will be coming  to all COF programs that offer it within the next year. I recommend utilizing a Authenticator app to make your life easier See Here  
    6. Forms Bureau- The Forms Bureau allows us to maintain, contain, and retain company proprietary information and is HIPPA compliant. The forms bureau is on cofess (if you don’t know how to access this information see IT). 
    7. Company Policies and Secure Access- We maintain a secure access policy in compliance with FedRamp and NIST regulations that basically state the lowest access needed for all parties to do their jobs. For example, Case Managers can’t access Employee files because that doesn’t pertain to their job.  Anyone who does any hiring has access to a form that sets these access controls and must fill it out even in cases of temporary access requests.  

 

More about Scams 

 

Instead of going over these 1 by one I’m going to provide you with a list of scams I’m familiar with and if you see something say something. The majority of scams that will be up to you to watch out for are called social engineering scams. These are scams where the perpetrators have created a scenario that will lure you the user into a situation that is favorable to the scammer.  

Certainly, there are various scams on the internet that people should be aware of to protect themselves. Here are some common examples: 

 

1.  Phishing Scams:  

   –  Email Phishing:  Fraudulent emails that mimic legitimate sources to trick users into providing personal information, such as login credentials or financial details. 

   –  Website Phishing:  Fake websites designed to look like legitimate ones to steal login information or financial data. 

 

2.  Online Shopping Scams:  

   – Fake online stores that offer products at extremely low prices to lure customers but never deliver the goods. 

 

3.  Tech Support Scams:  

   – Unsolicited calls or pop-ups claiming to be from tech support, stating that your computer has a virus and offering to fix it for a fee. Legitimate tech support companies don’t contact users this way. 

 

4.  Lottery or Prize Scams:  

   – Emails or messages claiming you’ve won a lottery or prize, but to claim it, you need to provide personal information or pay upfront fees. 

 

5.  Romance Scams:  

   – Scammers build a romantic relationship with someone online and then request money for various reasons, such as a medical emergency or travel expenses. 

 

6.  Investment Scams:  

   – Fake investment opportunities promising high returns with little or no risk. Always be cautious and research thoroughly before investing. 

 

7.  Social Media Impersonation:  

   – Fake social media profiles impersonating someone you know or trust, aiming to extract personal information or money. 

 

8.  Job and Employment Scams:  

   – Fake job offers that require payment for training or materials, or requests for personal information that can be used for identity theft. 

 

9.  Cryptocurrency Scams:  

   – Fake ICOs (Initial Coin Offerings), fraudulent exchanges, or Ponzi schemes in the cryptocurrency space. 

 

10.  Ransomware Attacks:  

    – Malicious software that encrypts your files and demands payment for their release. Regularly back up your data and be cautious with email attachments. 

 

11.  Freelance Scams:  

    – Fake job listings that require payment for access to opportunities or promise payment for work that is never actually completed. 

 

Always exercise caution when dealing with unfamiliar websites, emails, or messages. Be skeptical of unsolicited communications and verify the legitimacy of sources before providing personal or financial information. Keep your software and antivirus programs up to date to protect against malware and other online threats. 

 

As always this can be reviewed on the City of Faith Help Desk or on Cofess. 

Thanks,