You are the most important asset in our defense against cyber-crime.  Here are some tips on protecting you and San Francisco Opera from being victims:

 

Be an email skeptic

The majority of digital threats today emanate from within the organization.  Hackers get a foothold by sending tricky emails, known as phishing attempts, to unsuspecting victims.  They craft emails made to look like official emails from banks, Opera IS, the IRS, or even your manager, requesting you to fill out an online form, review an attachment, or some other seemingly innocuous task.  From there they can steal your credentials and install malware on your computer or phone.  If it looks fishy, it probably is phishy!

  • Never reveal personal or financial information in a response to an e-mail request, no matter who appears to have sent it.
  • If you receive an e-mail message that appears suspicious, call the person or organization listed in the "From" line before you respond or open any attached files.
  • Never click links in an e-mail message that requests personal or financial information. Enter the Web address into your browser window instead.
  • Report any e-mail that you suspect might be a spear phishing campaign within your company.

Here are some great resources for more information on these kinds of attacks: 

https://www.us-cert.gov/ncas/tips/ST04-014

http://www.sans.edu/research/security-laboratory/article/spear-phish

 

Be a telephone skeptic

It is easy for an unauthorized person to call us and pretend to be an employee or one of our business partners.  Caller ID can be easily forged.  Don’t respond to calls requesting confidential information about employees, patrons, donors, or passwords.

 

Watch what you email

Confidential information included in emails can easily be compromised while in transit to the recipient.  It is also very easy for that information to get hacked once it is with the recipient.  Under no circumstances should credit card numbers or social security numbers be sent via email.  Use a phone call to convey sensitive information or work with the Help Desk to determine a secure means of transmission.

 

Update and protect all of your devices

Mobile devices are now the hacker’s delight.  They make easy targets as people are slow to update phone software.  What can they steal from your phone, you ask?  User names and passwords.  And once they have those, they can do a lot more damage.  Be sure to update your phone and apps regularly.  Make sure your home computer is properly updated and has antivirus software with current definitions installed. 

 

Use two-factor authentication

To battle the biggest threat of someone stealing your username and password, we suggest using two-factor authentication wherever available.  Most major email services now support two-factor or multi-factor authentication, as do the major social networking sites, financial sites, and sites where sensitive information is stored.  Set it up today.

 

When in doubt, ask the Help Desk

We are happy to answer any questions about security or suspicious activity.  It is much easier to avoid getting compromised than dealing with a breach.  Please email us at helpdesk@sfopera.com