Download Girl Scouts Cybersecurity Awareness Challenge: Protecting Against Ransomware and more Study notes Computer Networks in PDF only on Docsity!
Girl Scout Cyber Awareness Challenge
In collaboration with the U.S. Department of Homeland Security
Want to explore cybersecurity and protect yourself and others
online?
Join Girl Scouts of the USA, the U.S. Department of Homeland Security (DHS), DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge!
Now through October 24, 2021, complete the activities and submit a description of your work to receive a certificate of recognition from DHS.
Check out www.cyber.org/girlscoutcybersummer and www.girlscouts.org/cyberawareness for resources to help with the activities!
The threat of ransomware is real.
Ransomware is a type of malware that denies the victim (the people or organizations being attacked) access to their data until they pay a ransom. It’s often the malware (short for malicious software) of choice for cybercriminals. Ransomware attacks can shut down entire computer networks and slow, or even stop, the victim’s daily operations.
In 2020, victims paid ransomware attackers $350 million. The number of these attacks on cities and organizations, such as hospitals, schools, small businesses, and utilities, has been increasing in recent years. When an organization or government is attacked by ransomware, it prioritizes getting its data back as quickly as possible. In some cases, paying the ransom appears to be the quickest and cheapest way to restore data; however, cybersecurity experts discourage paying a ransom after an attack for three main reasons:
- Despite what the ransomware promises, paying the ransom does not guarantee that the data will be restored.
- Paying the ransom incentivizes cybercriminals to continue using ransomware, because it “works.”
- Paying the ransom might mean that you’re funding other illegal operations.
Although governments, businesses, and organizations are often the targets of ransomware attacks, individuals are also at risk. Cybercriminals can target anyone with an internet-connected device or with important data stored on their network. In some cases, personal attacks can be even more harmful to individuals, because many users don’t have a cybersecurity plan in place. If you ever become a victim of ransomware attack, report it to the Cybersecurity and Infrastructure Security Agency at https://us- cert.cisa.gov/report.
Complete these ten actions to protect yourself and others online.
Check out www.cyber.org/girlscoutcybersummer and www.girlscouts.org/cyberawareness for resources to help with the activities.
1. Explore cybersecurity with Girl Scouts. Have you earned a Cybersecurity badge or participated in a Cyber Challenge? If so, awesome! You’re on your way to being a cybersecurity expert. If not, get started with an activity on Girl Scouts at Home for your grade level. Then, if you want, head over to the Girl Scout shop for more information to complete the Cybersecurity badge series. - Grades 6–8: Cadette—inventory your digital presence - Grades 9 and 10: Senior—identify functions and privileges - Grades 11 and 12: Ambassador—guard your movements 2. Identify risks in your personal data. Everything you do online leaves a trail of digital footprints. Just like a detective, a hacker can piece them together to learn about you. Your personal data may be vulnerable to cyberattack if you aren’t very careful about how you use digital devices, like phones, tablets, and computers. Make a list to examine what you do online every day; how might your personal information be vulnerable to a cyberattack? Consider how what you do offline makes your
data offline. Backing up your data regularly reduces your risk and keeps your data safe in case anything happens. You can also back up your files manually or find a way to automate your backup system.
8. Clean up your inbox. Hackers try to trick people by sending emails with bad links, harmful attachments, or requests for money and private information. This kind of email is called phishing. If you click the link or download the attachment, a computer virus can sneak into your computer, spreading bad code and destroying information. Then your computer can spread the virus to other computers that you’re linked to. Look through your email accounts—do all the emails in your inbox seem legitimate? Can you find any that are suspicious, like phishing, spam, or clickbait? Delete any spam and make sure not to click on any links or attachments. 9. Plan your digital future. Five or ten years from now, what do you imagine you’ll be doing? Working? Going to college or graduate school? Starting your own company? It’s exciting to think about your future and important to consider how what you do online today can affect your future opportunities. It’s not just hackers who look at digital footprints. Colleges, graduate schools, and employers will often do an internet search before offering a place at their school or a job. Even new friends may do a search. What do you plan to do in your future? Have you considered cybersecurity as a career? No matter what you do, how could what you do online now affect how people perceive you in the future? Reflect on what you’ve learned, and find out about different jobs related to cybersecurity. Then create a list of next steps and cyber habits to lead you to your desired future digital profile.
Here are some questions to consider if an email is legitimate:
- Does it ask you to confirm personal information? A real website or business wouldn’t ask you to confirm personal information, like your login and password. Hackers may send emails that seem like they’re from a website you use and trust.
- Is the email or website one that you know and trust? Take a look at the sender’s email address and any links—they may be just a little bit different from the company’s official email address and website. For example, a hacker might change girlscouts.org to girlsscouts.com or girlscout.org. If you’re suspicious of a link, hover your cursor over it, but don’t click, to see the address where you’d go if you clicked.
- Does it use poor spelling and grammar? A real email from a website you use wouldn’t have lots of spelling or grammar mistakes. It’s also likely that they wouldn’t say “Dear customer.”
- Does it seem urgent? Emails may be written to make you think there’s an emergency or that you can get free money.
10. Create a ransomware awareness campaign to share with your community. Raising awareness about safeguarding personal information benefits society by making it harder for hackers to steal information. What creative ways can you teach others about ransomware and motivate them to embrace cyber habits, like updating their passwords, turning off their webcams, and using social media wisely? Develop an awareness campaign about the importance of ransomware and cybersecurity to share with a community that you’re a part of, like your school, town, or community center. Create materials to share your message in any format that will reach your audience, such as a poster, flyer, digital presentation, comic strip, article, or short video. Then share your campaign with your community to engage people in a conversation about ransomware and cybersecurity. Finally, find ways you can work together to create a safer digital world for all. Check out page 6 for more information and ideas to plan your campaign.
Finally, complete the challenge and submit a description of your
campaign!
Use the materials you created to start a conversation about cybersecurity and ransomware. Share your new knowledge and habits that others can adopt to protect themselves, their data, and devices.
You might:
- Present your campaign to your local government
- Hold a community conversation or panel discussion
- Host a community event
- Hold a community workshop
- Publish your ideas in a local newspaper, in a newsletter, or online
Bonus: Create a cyber action plan with your community.
What next steps can you take together as a community? To expand your campaign, brainstorm and put together a plan for everyone in your community to have a role in making a difference for themselves and others online.
Need more information on cybersecurity and ransomware?
Check out these resources from the Cybersecurity and Infrastructure Security Agency and Cyber.org!
- Cyber Awareness Challenge resources, including cyber career profiles and tips for online privacy.
- Cyber Safety video series, with information about potential threats that you may encounter online and what you can do to stay safe.
- Guides and services, including tips and best practices for individuals, organizations, and technical staff to guard against ransomware.
- Fact sheets and infographics, featuring easy-to-use, straightforward information to help organizations and individuals better understand the threats and consequences of a ransomware attack.
- Trainings and webinars with information on ransomware for technical and non- technical audiences, including managers, business leaders, and tech specialists.
- Ransomware Guide—Prevention Best Practices and Response Checklist for best practices and ways to prevent, protect, and respond to a ransomware attack.
- CISA INSIGHTS—Ransomware Outbreak with background information on specific cyber threats, the vulnerabilities they exploit, and mitigation activities.
- Ransomware Reference Materials for K–12 with information about increased cyberattacks on K–12 schools and remote learning, as well as best practices to avoid becoming a victim of ransomware.
Be a savvy traveler this summer
Remember these tips when you head out for your next adventure:
- Lock your devices. Use your passcode or fingerprint to protect information on your smartphone or tablet.
- Limit your location sharing. Turn off location authorization on apps. Don’t share photos or your location on social media while you’re traveling.
- Turn off your Bluetooth. If you use Bluetooth to connect to a speaker at home, be sure it’s turned off on your phone when you’re traveling. Hackers can locate your phone through Bluetooth.
- Turn off Wi-Fi auto connect. If you’ve set your device to automatically connect to open Wi-Fi networks, turn that off. Make sure every Wi-Fi connection you use is secure.
- Change your passwords. Just in case someone figures out your password while you’re traveling, it’s a good idea to use a different one than you usually use at home. You can change it back when you get home.
- Don’t leave your digital devices unattended. If your hotel room has a safe, put your devices in it when you aren’t using them. If you must leave your devices in the car, lock them in the trunk.
