To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.
Think twice before you post personal information. Remember, even crooks may see what you post on social media sites
Criminals are mopping up because social media users are willing to share personal information about themselves and others. This data can be used to guess your password, give them the answers to account security questions or send you email with malicious attachments that appear to be from someone you know.
April 15, 2014
Lock your workstation before you leave your desk
Did you know there are keyboard shortcuts other than CRTL+ALT+DEL that you can use to lock your desktop? This will prevent people from walking up and snooping on your computer. You can save a keystroke by simultaneously pressing the Windows key + L. The Windows key has four wavy squares.
Or, to make things even easier, create a desktop shortcut.
Right click any empty area of your desktop
Type in the following: rundll32.exe user32.dll, LockWorkStation
Name your shortcut
Now it's as easy as a double click!
April 14, 2014
Keep your password secret
Your password is like your bank account PIN - if you give your PIN to someone else, your bank is unlikely to pay you back if it is used to steal from your account. Likewise, your company expects you to use your password to stop others misusing your computer account. If you share your password, you may be held responsible for what other people do with it.
A good password should contain a mix of all the four types of characters: uppercase and lowercase letters, numbers, and symbols. Any character on your Windows or Mac keyboard is legal in a password you make for your own computer. Remember to include at least 8 characters and avoid common words and proper names. Some characters may be illegal for certain networked systems; when in doubt, try it out. Another way to make your password complex is to base it on a word in a foreign language with a least 8 letters, avoiding common words and proper names. Just add a number, a symbol, and a capital letter or two as you go.
April 12, 2014
Back up your information so you don't join Kroll Ontrack's Top 10 Countdown this year
A customer who told engineers she had "washed away all her data" after putting a USB stick through a cycle in her washing machine.
A father who, while feeding his baby daughter, forgot about the USB stick in his top pocket. As he leant over the high chair, the device fell into a dish of apple puree.
After discovering ants had taken up residence in his external hard drive, a photographer took the cover off and sprayed the interior with insect repellent. The ants were killed off and the data was eventually recovered.
A California man has been arrested for interfering with computers at the California Independent System Operator (Cal-ISO) agency, which controls the state's power transmission lines and runs its energy trading markets. Even though Lonnie C. Denison's security access had been suspended at the request of his employer because of an employee dispute, he allegedly gained physical access to the facility with his card key. Once inside, Denison allegedly broke the glass protecting an emergency power cut-off station and pushed the button, causing much of the data center to shut down. Cal-ISO was unable to access the energy trading market, but the power transmission grid was unaffected.
April 10, 2014
Get a separate email address for postings
To secure your data and reduce SPAM sent to your business as well as to your private email account, get a dedicated address for internet postings. Never use your business email address for posting guestbook entries, votes, or questions and answers in forums and surveys. It's good to be reachable in these situations, but best to be anonymous.
April 9, 2014
Read error messages and checkboxes
When you see an error message pop up on the screen, read it! You may not understand everything, but if you look through the message, you can get the gist. Hackers can sometimes generate errors to collect everything you type and everything that comes up on your screen. If you don't understand the error, at least capture the screen. To do that, hold down the shift key and press the key labeled "Print Screen" or "PrtSc". That will put the screen into short-term storage called the clipboard. Then open an e-mail message, right click on the message body and select "paste". Now you can print it or send it to tech support for further analysis.
April 8, 2014
Stay safe when buying or selling online
Internet auction sites and online stores make shopping a breeze during the holiday season. But buying or selling merchandise online can have risks. Visit the following sites to learn more about keeping your online accounts and personal information secure and how to guard against fraud.
If you did not order a new laptop, then you should not be receiving an update on its shipping status. Delete these emails.
April 6, 2014
Don't tell ANYONE your password
One way someone could learn your password is to phone you claiming to be from another part of your organization, maybe your IT or Audit teams, and say they need your account details to let them investigate problem. This should never be necessary. Good systems are set up so that nobody but you will ever know your password and authorized IT workers have their own accounts giving them access to what they need.
April 5, 2014
E-mail is insecure by default because it is more like a postcard, not a sealed envelope
A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
April 4, 2014
A password should be used by only one person.
Passwords are like bubble gum; they are much better when used by only one person. If you share your computer with others, each person should have a unique account, username, and password. Don't allow another user to know or use your password, and don't ask another user if you can use theirs. When it's your turn to use the computer, log the last user off, and log on using your own username and password. When you take a break, don't leave your computer open. Log off or lock it. And remember: Passwords shorter then 8 characters are easy to crack; avoid common words and proper names; and use both uppercase and lowercase letters, numbers, and symbols.
April 3, 2014
If you download FREE software...Make sure you don't get more than you bargain for
Free software that you download could be just what you think it is — a single software package. However, many times free software comes bundled with other unwanted, harmful programs including spyware, viruses, or even Trojan horse programs. To help keep your computer free from unwanted guests, make sure the site you are downloading from is one you know and trust. Also verify that your operating system and anti-virus software have been updated and patched BEFORE you click the download button!
April 2, 2014
Don't use information related to yourself as a password
Students at a school in London exploited a teacher's poor password selection to access grades and other school records. The teacher had used his daughter's name as a password, but became suspicious when students made reference to an excursion, which had not yet been announced, so he changed his password to the registration number of his car, which was parked outside the school every day. When he received complaints from other teachers about grades being leaked, he changed it again, this time to his postcode. The students in question cracked this within days too.
April 1, 2014
Use Outlook? Use the Auto-Preview, not the Reading Pane
If you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it. Disable the Reading Pane and Enable Auto Preview:
Choose View -> Reading Pane -> Off
Choose View -> AutoPreview
Now you can see what is Junk, and which ones may have an HTML payload.
March 31, 2014
Don't make that call!
If you receive an email asking you to call an 800 number related to a banking issue, don't call the number. Your credit card has a phone number on the back as do your account statements. Be safe, don't call a phone number listed in an email; instead look the number up on your account statements. There is a new attack called Vishing, designed to have you call a fake, automated answering system, and get you to enter your account number and other sensitive information.
March 30, 2014
Print out important documents
A digital photography expert told me that CDs are expected to "live" for up to ten years. I want kids—and maybe grandkids—to see photos, so I print the best ones. Same goes for documents: print important files so that they are accessible in future decades. Of course, you want to back up these files too.
March 29, 2014
Don't check "remember my password" boxes
Numerous programs offer the option of "remembering" your password. Unfortunately, many of them have no built-in security measures to protect that information. Some programs actually store the password in clear text in a file on the computer. This means anyone with access to the computer can read the password. It's best to retype your password each time you log in eliminating the possibility that someone will be able to steal or use it.
March 28, 2014
Remember that any email or instant message you send could come back to haunt you
Once you send an e-mail, it has a very good chance of being saved in someone's mailbox or archived on a server forever. People involved in scandals like Oliver North, Monica Lewinsky, Patricia Dunn (the former Hewlett-Packard chairman), and Bill Gates probably wish they could take back an email or two... Instant Messages can also be saved and used at a later date to embarrass you. Paris Hilton might be able to shed additional light on that subject. Be careful about what you put in writing and whom you send it to.
March 27, 2014
Report or challenge strangers in your office
Visitors and staff should wear badges. Others you don't recognize may be opportunist thieves who have walked past reception or found an open back door. Grab a co-worker and politely ask if they need some assistance or report them to your security or reception staff. Thieves are as likely to steal your purse or wallet as they are to take company property, so it is in everyone's interest to keep our premises safe.
March 26, 2014
Many people think that 'formatting' a hard drive will wipe out all the data so it cannot be recovered
Not so. To prevent the possibility of future recovery, use a third-party, low-level hard drive formatting tool, such as Killdisk (downloadable at no charge from www.killdisk.com) to overwrite data on the hard drive with a random sequence of 1's and 0's.
March 25, 2014
Protect your home wireless networks
No matter how friendly you are, you wouldn't let your neighbor read your bank statements and private letters. If you have a wireless network in your house and don't protect it, you could be doing just that. As they come "out of the box", most wireless networks let anyone in range connect to them and that could also let them see your PC and your email. It is worth taking a few extra minutes when setting them up to enable the encryption settings. Briefly, if you don't understand the jargon, WPA is better than WEP.
March 24, 2014
Backup important files on a regular basis
Backup important files on a regular basis and store the backups in a safe place. (Preferably off site.) You can backup files to removable disk or save copies to network shares. Unfortunately, it's not a matter of "if" you'll lose files one way or another; it's a matter of "when".
March 23, 2014
It takes two to tango and two firewalls to secure your system
Contrary to the myth that hardware firewalls are better than software firewalls, both are equally necessary to secure your system because they provide different kinds of protection. Any size network — whether it's one or two computers on a home network or 100 computers in a business — needs to be protected by a hardware firewall, and every connected computer needs to be protected by a software firewall.
March 22, 2014
Four Tips to Help Keep Your Computer Secure
Anti-virus. A reliable, effective anti-virus program with the latest updates. Both licensed and free anti-virus software are available. Whichever you use, make sure it scans incoming and outgoing emails for malware.
Anti-spyware. Reliable effective anti-spyware is a must for securing your computer. Both licensed and free anti-virus software, such as Windows Defender, are available.
Two-way Personal Firewall. Two-way personal firewall software monitors network traffic to and from your computer and helps block malicious communications.
Anti-Keylogger software. Anti-Keylogger software products, like AntiLogger and Keyscrambler Personal, help prevent what you type on your computer, especially sensitive information such as the usernames, passwords, and financial information you use in making online transactions, from being hijacked by Bad Guys.
-- Ramkumar Raghavan
March 21, 2014
If you print it, go get it right away!
Dont leave important, sensitive, or confidential material lying around the office. Common printing areas are frequented by people coming and going. Often you will be in line to pick up your documents and others may handle them before you. This leads to unnecessary information disclosures. One boss had a print job disappear, and had e-mailed the whole floor about it. The pages never turned up. Always use the closest print station, or a dedicated printer for confidential information, and go get it right away!
March 20, 2014
Beware of USB flash drive's autoplay feature
If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
Open My Computer
Right click on your cdrom drive selecting "Properties"
Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
Click Apply (you must apply each setting change one at a time!)
Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action")
March 19, 2014
Place a fraud alert to protect against identity theft
By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.
If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.
Here are numbers you always need to contact if your wallet, etc., has been stolen:
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
If your browser questions a website's security, stop, think, and verify.
When visiting the "https" secure sites of banks and online shopping retailers, you may see an onscreen warning, such as "There is a problem with the website's security certificate" or "Secure Connection Failed." Don't just click to continue or to make an exception. The warning may only indicate that there is a harmless temporary problem with the site or with the network. But it can also mean that the site is bogus or has been compromised by hackers, and someone is listening in on your conversation with your bank or retailer.
Be smart. Contact your bank or retailer by phone to find out if they know about a problem with their website or the network. Don't be the next victim of fraud.