Meet the NetSafe team: Jesse Greenslade

JesseNetSafe staff have between them more than 30 years experience of internet safety and security issues. Jesse Greenslade is the latest full time member of staff, joining us back in June 2014 as Office Manager.

Jesse has worked for six years in the education and health sectors and is tasked with everything from day to day admin and finance to managing NetSafe’s member relationships and investigating new funding sources.

He was recently awarded an AMP Regional Scholarship to go towards the funding of his debut children’s book titled ‘First Week Blues’ which looks at the impact of bullying on young people. Learn more about Jesse’s story and pre-order your own copy at www.beyourhero.nz.

- – - – - – - – - – -

How has the impact of bullying affected your own life?

If we go back for a minute and look at the “social norm” society puts on young people in New Zealand and around the world it creates an image of what one must be.

When I was at school, and even more so now, society gives the impression that boys should like sports, PlayStation, Xbox. They must be tough on the inside and out. Girls should like dolls and playing netball etc. When children age and become teenagers they begin to drink and go to parties. These are all stereotypes that society puts on young people. Because I did not fit within the “social norm” I was ostracised from my peer group – I was bullied because I was different. One of the main impacts bullying had on me was my self-confidence, because people questioned my appearance and who I was.

At 25, you’re the youngest member of the NetSafe team – was cyberbullying an issue for you at school?

Cyberbullying did not have a huge impact on me at school. I didn’t have Facebook until I was seventeen and I wasn’t bullied via text messages. I think it is harder for young people now because unlike me I had an escape from bullying when I was at home. I had a break, now young people are getting bullied in the privacy and comfort of their own home. They have no escape

What inspired you to write First Week Blues? And what has been the response to date?

The idea of writing First Week Blues came from wanting to help young children, to teach them strategies to cope to give them inspiration that they can get through it.

Everyone can relate to Blue, at some stage in our lives we have felt vulnerable or excluded in way or another. The response has been great, the book has been reviewed by Chief Human Rights Commissioner David Rutherford which I never thought would happen. I have support from other organisations in New Zealand that deal with children who are different and who don’t fit in with the social norm.

Hairy MacLary, the Gruffalo or the Cat in the Hat. What’s your favourite storybook character?

I loved Hairy MacLary. Hair MacLary had a group of friends who all came from a different walk of life. It goes to show that no matter how small or big you might be you can be accepted into a friendship group.

What would you say to a young person experiencing bullying today?

To all the young people out there who have been bullied or are being bullied, you are not alone.

Stand strong and fight for what you know is right. You are not alone and you will get through this, be proud of who you are.

What you are experiencing is only temporary. Talking to someone and being honest about what is going on can change the situation you are in. And to the bullies, next time you judge someone or stick a label on that person think about their situation and about what you are about to say or do. Your next action could have an impact on their life forever. Some scars do not heal.

Young people reading this who have had a hard time at school with bullying or who may be fighting with depression need to push on. Asking for help or talking about your feelings is the best things you can do for you. Don’t respond to the bully it only ignites the ammunition.

What made you want to work at NetSafe?

NetSafe is an organisation that supports people dealing with digital challenges. What drove me more to NetSafe as an organisation is its work with young people who are getting bullied online. I have a passion and desire to help young people like me who have been bullied and working for an organisation like NetSafe enables me to do that.

What have been your first impressions of the work we do?

The work NetSafe does is amazing; it offers a listening ear as well as support and guidance to help people get through what they are experiencing. NetSafe is an amazing team and I am proud of working with such an excellent organisation.

What would be your ‘top tips’ for Kiwis wanting to protect themselves online?

  • Never give out your password to anyone even if you trust them.
  • Before you post something online ask yourself would I be happy for this post or image to be shared around the world? You never know who might share it.
  • If you are adding someone on Facebook only add them if you know them.
  • Always have a strong password and ensure it is something nobody can guess.

Related Links:

Securing the human: iWatches and online porn

My morning commute was made particularly exciting today by something I hate – a texting driver. As I negotiated Auckland’s ferocious rush hour traffic, it became increasingly obvious that the driver in front of me - bumbling along at 30km/h in a car with a prominent yellow P plate – was typing a lengthy reply to a friend or family member as they continually glanced up and down between the road ahead and the contents of their smartphone.

Texting whilst driving is without doubt one of the few things I can’t stand in our continuously connected world.

Ten years of motorbiking around London taught me that texting drivers are a road safety nightmare as they fail to observe fellow road users whilst updating their social status. The law, both here in New Zealand and in other countries around the world, has thankfully been updated to reflect this menace and has been matched by a range of road safety campaigns targeting texters. Even the mobile operators have tried to offer services that divert calls to voicemail to block the temptation to take a call whilst at the wheel.

It’s this combination of Engineering (voicemail services), Enforcement (fines and policing) and Education (shocking video campaigns) – the three E’s – that has shaped modern awareness programmes. When the three are combined, some good can often be seen to result.

How do you change behaviour?

Dick Tracy multi-tasks using his antique smart watch (Wikipedia)

This morning I read an interesting story in the UK media suggesting that iWatches and smartwatches may be the next range of devices to tempt us mere mortals into bad behaviour behind the wheel.

“An iWatch has the potential to be just as distracting as any other smartphone device – indeed more so if you have to take your hand off the wheel and your eyes off the road to interact with it.”

You can already hear car horns blaring when the motorist waiting for a green light at the front of a queue of traffic is too engaged with their mobile, reading the contents of their email before pulling into the work car park.

Just imagine what it will be like when we’re all wearing Dick Tracy style smart watches that are coupled to in-car entertainment set-ups rivalling the cockpit of a 747?

Stephen Turvil from motoring.co.uk makes an important point though when discussing this ‘threat’:

despite the wealth of technology at their fingertips the majority of motorists recognise it is their primary responsibility to look through the windscreen. Pressing buttons and staring at screens is secondary. To these people, smart watches and smartphones pose no threat. Okay so a device beeps and flashes. So what? Ignore it. Simply concentrate on staying safe. If a motorist lacks self control a device can be switched-off or locked in the boot. Drivers – once we exclude the actions of others and/or rotten luck – are as safe as they want to be.

Responsibility thus lies with the individual to take adequate steps to ensure their own safety and the safety of others sharing the road.

The same could be said of online safety and security – an individual’s response to digital challenge which eventually becomes the social norm could see many of the current issues affecting Kiwis resolved.

Returning to the motoring analogy, remember back to the days when nobody wore seat belts? A generation later and the three E’s have played their part in driving society’s adoption of the seat belt as a compulsory preventative measure to increase safety. Imagine then if internet users (and network owners and device manufacturers) were equally compelled to adopt similar simple and easy steps to protect computers against malware?

The Most Popular Time for Online Porn?

Mondays at NetSafe are always busy. Being a non-profit we don’t offer a 24/7 service and calls to our free helpline are diverted to voicemail over the weekend, usually resulting a large backlog by the time 8am Monday comes.

Over the last year, ransomware has always reared its ugly head on a Monday morning as many ‘recreational surfers’ browsing adult content sites find their unpatched computer is infected, locked up and/or the data encrypted after a quick visit to a decidedly dodgy website. That’s not to say, of course, that ransomware is delivered only by adult websites and putting in place security controls is key.

Downloading that video codec or browser plugin to watch the clip of your choice is always a bad idea and some adult websites can harbour nasty ‘droppers and downloaders’ (malware attack kits) just waiting to infect your computer using one of many potential security vulnerabilities.

Porn it would seem, according to statistics just released from one of America’s most popular adult video websites, is popular all year round, whatever the season.

Before giving in to that desire for 9 minutes and 53 seconds of carnal pleasure, checking your computer is secure and upgrading your browser to the latest version (never mind switching to private mode) could well pay dividends. And potentially cut the number of calls to NetSafe on a Monday too.

Using the past to predict the future: identifying vulnerable websites

If you’ve been following New Zealand media over the last week or so, you’d be forgiven for thinking that anyone and everyone was ‘hacking’ systems looking for information that could give them an advantage over their competitors.

The media spotlight on leaked emails and wide open websites has certainly brought a rise in enquiries to NetSafe about data privacy, hacking and security vulnerabilities.

Raising awareness of computer security

NetSafe has worked with the North Harbour Business Association over the last month to deliver a programme of cyber security education based on the Connect Smart Guide for SMEs, a 4 step process that looks at raising awareness of computer security issues amongst small businesses.

It’s always hard to steer clear of technical jargon and acronyms when discussing cyber security but NetSafe does have the advantage of using real life case studies to illustrate ‘bad stuff’ that happens to real New Zealanders and small Kiwi businesses.

Over the last 4 years our ORB website has taken more than 11,000 cyber incident reports  from people and businesses across New Zealand with more than $10m in losses recorded from a range of digital challenges.

Common incidents affecting SMEs:

  • Ransomware
  • Intercepted emails
  • Hacked websites
  • Employment scams
  • Spear phishing
  • Insider threats

When it comes to hacked websites, there are plenty of ways to identify threats and vulnerabilities your site may be at risk from. These range from professional security companies offering penetration testing services to reading up on industry standards and guidelines like the OWASP Top 10.

Recent academic research has highlighted the fact if you use a popular Content Management System or CMS to power your website, you’re more likely to encounter issues:

CMSes simplify configuration by reducing technical barriers, which means that they are often administered by non-experts. This could lead to a greater chance for server misconfiguration.

Second, CMS platforms are a form of software monoculture, exhibiting common vulnerabilities in both the underlying code and the default configurations.

Furthermore, we suspect that a key driving force behind the variation in compromise rates across software types is the software’s market share. When more webservers run a particular type of software, they collectively become a more attractive target for miscreants.

In short, if you’re using a popular system such as WordPress or Joomla to build the bones of your website it pays to keep the CMS patched and protected.

A tool like the Wordfence security plugin can highlight just how many automated attacks your site may face from attackers spread across the net:

Wordfence detects attackers attempting to gain access to your WordPress installation
Wordfence detects attackers attempting to gain access to your WordPress installation

Using the past to predict the future

Whilst pen testing and incident management plans can be considered reactive tools to improve security, imagine a world where data mining and software algorithms could identify threats in advance – highlighting the fact that the popularity of your website, the number of back links you have earned and the kind of content you publish and the systems you use can highlight risks before a hack takes place.

Automatically Detecting Vulnerable Websites Before They Turn Malicious, a paper by Kyle Soska and Nicolas Christin from Carnegie Mellon University, makes interesting reading when it comes to thinking about software or automated systems that could predict with some accuracy websites at risk from future attack and potentially assist web search engine companies with filtering poisoned search results before end users visit them and run the risk of a drive by download.

Some may say the criteria identified are common sense things that webmasters and IT teams can look for and protect against in advance. For smaller companies though, any assistance with protecting their websites from defacement or data breaches are well worth exploring.

Connect Smart: Don’t wait until it’s too late!

A phone call to NetSafe this morning from a PC user facing the loss of a year’s worth of data serves as a timely reminder that taking a proactive approach to computer security is essential when ransomware gangs and other cybercrimials are actively targeted out of date software or unpatched computers.

The computer owner had actually taken the time to back up important business files, but sadly found the USB backup had also been encrypted with CryptoWall ransomware as it was still attached to the infected machine.

With complex malware being able to ‘jump across’ to back up locations – including cloud based services like Dropbox – the onus is on every computer user to protect themselves online and store several copies of essential data, ideally in separate locations.

Last week, international law enforcement agencies took down the network behind CryptoLocker ransomware but it would appear other malware writers are moving in to grab a share of the market.

Connect Smart Week is coming

Next week marks the start of the new government initiative, Connect Smart. This rebranded Cyber Security Awareness Week for 2014 will highlight ways home internet users and SMEs can protect themselves from phishing attacks and malware infections and will be launched in Wellington.

TechSecurity-2NetSafe will be promoting the week and my colleague Lee will be speaking at a free to attend cybercrime event in Wellington on 18 June along with other computer security experts.

The Institution of Professional Engineers New Zealand (IPENZ) is hosting the event which starts at 6pm at Queen Margaret College, 53 Hobson Street, Thorndon, Wellington. More information can be found on the IPENZ website.

Protect yourself online: secure all devices

The recent high profile ‘hack’ of some iPhone owners’ iCloud accounts by ‘Oleg Pliss’ is another reminder of how essential it is to apply good computers security practices to all your connected devices.

NetSafe recently published guidance on smartphone security with 12 Tips for Protecting Your Digital Device as evidence is emerging of new variants of ransom malware now being developed for Android smartphones and tablets.

Whilst news media reported yesterday that Russian authorities may have caught the ransom gang behind the Apple ID hack, it’s essential that New Zealanders use Connect Smart Week as an opportunity to review their online safety and security.

Teach a man to phish and…

Tax Refund Ray
Tax-refund Ray – watch out for unexpected phishing emails around tax time suggesting a large cheque can be claimed from IRD or other companies.
Click on the links and you may suffer a nasty sting. Grant payments and bank fee refunds are increasingly being offered by telephone cold callers too.

Phishing has been in the news again this week with the high profile attacks on Apple IDs as one plucky cybercriminal named Oleg Pliss developed a new way to hold iDevices to ransom.

The continuing success of phishing attacks remains a concern that individuals and small businesses need to address:

  • training staff to recognise strange looking emails and not opening attachments trying to masquerade as invoices, delivery notes and tax refund alerts
  • and putting in place email filtering and spam detection that can lessen the impact of unwanted messages.

A report out today suggest phishing attacks on PayPal users is on the rise in 2014, with researchers observing a 73 percent increase in the number of phishing websites targeting PayPal login information.

The report even suggests a growing army of phishermen are taking the time to hone their skills, downloading code to build fake login pages and tweaking the look and feel to improve their ‘conversion metrics’ – an online marketing standard normally associated with more legitimate commerce operators.

PayPal is owned by eBay, the US auction giant which has suffered its own mega breach recently and was subsequently criticised by security professionals for taking a long time to warn customers that account data was at risk.

Identifying genuine threats

Yesterday I spent some time trying to work out if an email supposedly sent from eBay post-breach was a genuine request for users to reset their passwords.

Interestingly, the message spoke of the attack and suggested securing accounts was essential but provided no link in the body of the text to visit a webpage, no doubt an intentional step to reassure those receiving it this really was from the company and not cybercriminals trying to exploit the well publicised event.

Check out the screenshot below – would you have been able to decide if the email was real?

eBay-Password-Reset-Email
Click on the picture to view the email full-size

Both eBay and PayPal have comparatively low user numbers in New Zealand – the auction company was seen off by local operator Trade Me some time back. But both companies are more widely known across the Tasman in Australia where Kiwis are likely to have been buying goods on the .com.au site.

As we approach tax time, phishing gangs will no doubt step up their efforts against our own IRD. Take the time to read guidance on the organisation’s own website and report phishing emails to them so they can be taken down before personal information is passed over or logins compromised.

More resources:

Advice and guidance for dealing with digital challenges