To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.
If your personal information is stolen, four steps to take
It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:
Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.
Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.
File a police report with local law enforcement officials. This is an essential step for protecting your rights.
Report your theft to the Federal Trade Commission, online, by phone, or by mail
If you receive child pornography via email, report it to your manager or IT section immediately
Sending pornographic images of children is a serious criminal offense and most police forces will investigate promptly and insist that all traces are removed. When you report it, don't forward the image. Sending it on spreads the images across more systems, making it harder to clear up and causes needless distress to the person you are reporting it to.
October 16, 2014
Avoid spam in your IM email account
Did you ever sign up with an Instant Messenger client so that you could chat with your buddies? Perhaps you have more than one running on the desktop. Each popular IM client comes conveniently with an Email account, and each time there is an email associated with your IM screen name, you receive a notice with this account filling up. You can prevent the spam or any email notices from appearing by using a single filter. Since I added the following filter on my email account attached to my Yahoo IM, I no longer get these notifications. Simply add a filter that the From/ Address includes @ to go directly to trash. You will be able to communicate with all your IM buddies without the hassle of being notified of items coming into the inbox.
October 15, 2014
Don't click the "unsubscribe" link at the bottom of unsolicited emails
Spam filters are catching most unwanted e-mail, but some might still reach you. Most spam is designed to get you to respond with your own email or to click a link to "unsubscribe." When you respond or click the "unsubscribe" link, the sender takes your email address and adds it to a SPAM database of active email addresses. You might then start to receive a large amount of SPAM in your inbox. Do not respond or click the "unsubscribe" links.
October 14, 2014
Save your files to a network server
A computer user working on a critical project was saving the analysis document on his Windows desktop. Unfortunately, the Windows desktop was located on the local hard drive and local hard drives were not automatically being backed up. When his hard disk failed, he lost the file and had to work through nights and a weekend to make up for the lost time. If your company permits network backups or remote storage, be sure you back up your important files. PS. Important files don't include things like vacation pictures, which can overburden the backup system. Ask the help desk for advice on where such files should be saved.
October 13, 2014
E-mail is insecure by default because it is more like a postcard, not a sealed envelope
A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
October 12, 2014
Beware of USB flash drive's autoplay feature
If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
Open My Computer
Right click on your cdrom drive selecting "Properties"
Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
Click Apply (you must apply each setting change one at a time!)
Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action")
October 11, 2014
Don't enter your password on an untrusted computer.
A password is only as secure as the computer or network it is used on.
Bad Guys target public kiosk-type computers and wireless networks, such as those in Internet cafes, conference centers, hotels and motels, and airports. The instant you type your password on a computer that is infected or rigged, or on one using a compromised wireless network, the Bad Guy has got that password for good. This is one reason why you should change your passwords on a schedule, and never reuse a password on several computers or systems. Regard all public-use computers as untrustworthy. If you have no choice but to use a public computer, change your password before you log off or at the next available opportunity.
October 10, 2014
Paper files Have to Be Protected Too
You've probably heard that To err is human, but to foul things up completely you need a computer. We know it's important to protect the big databases that we store, but we can't ignore paper records. The amount of information held on paper may be much smaller, but many of the most serious leaks happen through very human methods — reports stolen from desktops or read over someone's shoulder. Keep sensitive paper files locked away when they are not being used and don't read them in public places.
October 9, 2014
It takes two to tango and two firewalls to secure your system
Contrary to the myth that hardware firewalls are better than software firewalls, both are equally necessary to secure your system because they provide different kinds of protection. Any size network — whether it's one or two computers on a home network or 100 computers in a business — needs to be protected by a hardware firewall, and every connected computer needs to be protected by a software firewall.
October 8, 2014
Think twice before posting pictures of yourself or your family and friends
Photographs often contain information that could be used to identify you or the places you visit frequently. Never post unflattering or embarrassing pictures (no matter how funny) that could come back to haunt you. Carefully examine photos for identifying information such as the name of your school, the name of a sports team or organization you belong to, the address of the place you work or your favorite social hangout. Do not give out the full name of a child in your captions. One mother was very concerned to see her son's wrestling picture online with his full name. Pictures can also be copied or altered and used on other websites in ways that might be detrimental to your reputation.
October 7, 2014
Don't share your password-even with an assistant or close coworker
A salesperson relied on his assistant every day, trusting her with his username and password. She quit, but not before she deleted all of his sent e-mail and all of his saved files...Turns out she wasn't backing up the computer either.
Several coworkers used the same ID to login—it seemed easier that way. The time came to change their password and they forgot to tell each other. One by one, they all called the help desk to get the ID reset, and they ended up locking each other out of their computers and getting reprimanded for sharing.
October 6, 2014
Hey, I know who you are and where you work! It says so right there on your badge
Security badges are meant to prove identity and display access privileges at work. They should never be worn outside of the office in public when going to lunch, taking a break, or even walking outside. Exposing your badge in public permits identity thieves to see your name, office, and possibly your level of security clearance. Whats worse is that now the public knows what your badge looks like, thereby increasing the chances of successful forgery. Always remove and put away your badge when leaving work, even if just for a break.
October 5, 2014
Place a fraud alert to protect against identity theft
By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.
If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.
Here are numbers you always need to contact if your wallet, etc., has been stolen:
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
Backing up your files is a cheap way to avoid an expensive disaster. How much is it to buy a backup drive? About $75.00. Backup software? $30 or less. An hour of consultant's time to install and show you how to use it? About $100. Not losing your data? Priceless.
October 3, 2014
Remember that any email or instant message you send could come back to haunt you
Once you send an e-mail, it has a very good chance of being saved in someone's mailbox or archived on a server forever. People involved in scandals like Oliver North, Monica Lewinsky, Patricia Dunn (the former Hewlett-Packard chairman), and Bill Gates probably wish they could take back an email or two... Instant Messages can also be saved and used at a later date to embarrass you. Paris Hilton might be able to shed additional light on that subject. Be careful about what you put in writing and whom you send it to.
October 2, 2014
People Forget, Computers Don't
In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.
Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.
The Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months. Take advantage of these free reports, and verify the information that they contain. - Don Young
September 30, 2014
Don't buy anything from a spammer
If an unexpected email brings you news that seems too good to be true, it is probably a spam and a scam. If you didn't request information about the product or service, it is probably a spam and a scam. If it promises to enhance parts of your body, it won't. If it promises you an easy mortgage, you can do better by visiting your bank. If it promises that you can make a fortune on a penny stock, you can't. If you are unsure, ask five friends. Chances are four of them also received the spam and you can know to steer clear.
September 29, 2014
Use common sense when reviewing your email
If you did not order a new laptop, then you should not be receiving an update on its shipping status. Delete these emails.
September 28, 2014
Five Security Tips
If you don't understand the warning message, say no and consult IT support. It's easier to go back and say yes if you need to than be sorry and have to rebuild your machine.
Certificates: If you don't understand a website certificate message, say no and consult IT support. It is easier to go back and say yes if you need to than be sorry and have to rebuild your credit.
Antivirus: Running antivirus does not slow your computer down nearly as much as a virus does.
Back-up: Backing up your data may seem like a waste of time — er, until you spill coffee all over your laptop.
Passwords: Writing down your password around your desk is about as secure as leaving a $20 bill lying on the dashboard of your car. How well do you trust anyone these days?
September 27, 2014
Don't Trust Links Sent in Email Messages
A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.
September 26, 2014
Back up your information so you don't join Kroll Ontrack's Top 10 Countdown this year
A customer who told engineers she had "washed away all her data" after putting a USB stick through a cycle in her washing machine.
A father who, while feeding his baby daughter, forgot about the USB stick in his top pocket. As he leant over the high chair, the device fell into a dish of apple puree.
After discovering ants had taken up residence in his external hard drive, a photographer took the cover off and sprayed the interior with insect repellent. The ants were killed off and the data was eventually recovered.
Whether it is financial management software, instant messaging or a social networking website, take the time to see what security settings are offered to protect you and your information. Follow these steps for all of the software you use, not just email.
Go to Options or Preferences
Every program is different, so look for words like "Privacy", "Safety" or "Security" and click on them.
Select the most restrictive option (i.e. only let the people you approve view your information or contact you — or the one that best accommodates your business needs).
Save the settings.
September 24, 2014
Use Outlook? Use the Auto-Preview, not the Reading Pane
If you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it. Disable the Reading Pane and Enable Auto Preview:
Choose View -> Reading Pane -> Off
Choose View -> AutoPreview
Now you can see what is Junk, and which ones may have an HTML payload.
September 23, 2014
Connect for good health
Keep computers healthy—frequently connect them to the network. When you connect, you can get security patches and anti-virus updates. Whenever possible, use automatic updates to ensure your system is up to date.
September 22, 2014
If you access the Internet from a shared computer, make sure you don't leave anything behind
Being able to access the Internet from different locations — the library, a computer lab at school, an Internet cafe — is a great convenience, but it can also pose a security risk to personal information. If you do access the Internet from a shared computer, here are a few things you need to remember.
Don't check the "remember my password" box.
When you're done, make sure you log off completely by clicking the "log off" button before you walk away.
If possible, clear the browser cache and history.
Never leave the computer unattended while you're logged in.
Trash all documents you used, and empty the recycle bin.