To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.
A computer user working on a critical project was saving the analysis document on his Windows desktop. Unfortunately, the Windows desktop was located on the local hard drive and local hard drives were not automatically being backed up. When his hard disk failed, he lost the file and had to work through nights and a weekend to make up for the lost time. If your company permits network backups or remote storage, be sure you back up your important files. PS. Important files don't include things like vacation pictures, which can overburden the backup system. Ask the help desk for advice on where such files should be saved.
March 8, 2014
Never respond to an email asking for personal information
Companies you do business with should never ask for account information, credit card numbers or PIN information in an email message. If you have any questions about an email you receive that supposedly comes from your financial institution, call the local branch office. Do NOT respond to the email.
March 7, 2014
Don't Investigate a Security Problem Unless You Are Authorized by the System Owner
A security specialist was suspicious after donating to a charity website and not getting an acknowledgement. So he ran a couple of tests on the site to see if it was what it claimed to be. Unfortunately, he set off the site's security alarms, ending up convicted of a crime under the UK Computer Misuse Act and out of a job. At work, rather than trying to check by yourself, report suspected problems inside your company to your manager, IT area or security team. Aside from getting into trouble, you could destroy evidence or confuse people who are investigating an issue. http://www.channelregister.co.uk/2005/10/06/tsunami_hacker_convicted/
March 6, 2014
Don't download files from unknown sources
Not all web sites are safe. Always ensure that the source you are downloading from is legitimate. Use extreme caution if you are referred to a site by an email message. If you're uncertain, don't download.
March 5, 2014
Check and make sure your friend sent that great screensaver
A common method of transmitting malware is by infecting some unsuspecting user's computer and then using that computer to infect others. One simple way to do this is for a hacker to hijack your address book and send copies of the malware to everyone in that address book. Of course, YOU need to be enticed to run the malware, and the best way to do that is to fool you into thinking the attachment is something else. If a friend or acquaintance sends you a "great screensaver" or something like that, which you were not expecting, take a few minutes to confirm that person really sent it. If they know nothing about it, then delete the message.
March 4, 2014
Look before you click
Do not open e-mails when you can't tell who the sender is. The "friendly" postcard below warns alert readers of danger with its weird syntax, poor spelling and suspicious web address. PS Do NOT click on any links in this message if they appear.
Hello friend! You have just received a postcard from someone who cares about you! It has been a long time since I haven't heared about you! I've just found out about this service from Claire, a friend of mine who also told me that...." If you'd like to see the rest of the message, click here http://[link removed]ro/postcard. gif.exe to receive your animated postcard! Thank you for using http://[link removed].com's services !!! Please take this opportunity to let your friends hear about us by sending them a postcard from our collection!
March 3, 2014
Beware of Shoulder Surfing
A person who is standing near as you fill out a form, enter your PIN number, or punch in your calling card numbers may be doing more than just waiting their turn. To help prevent shoulder surfing, shield your paperwork from view using your body and cup your hand over the keypad.
Submitted by Nitin Dewan
March 2, 2014
Turn off your wireless AP when it's not in use
Power off your wireless access point (AP) when you know you won't be at home or when it's not in use. Your AP can't be accessed by hackers when it is not powered on. So, turn it off and limit the amount of time you leave yourself open to attack.
March 1, 2014
Do not allow Internet Explorer to store passwords for you
Stored passwords allow anyone who can access your machine to log in to your web accounts as you. In addition, there are numerous utilities that can expose that hidden information and actually reveal the password. If you've reused that password for other logins, many systems or web sites could be compromised.
February 28, 2014
Think twice before posting pictures of yourself or your family and friends
Photographs often contain information that could be used to identify you or the places you visit frequently. Never post unflattering or embarrassing pictures (no matter how funny) that could come back to haunt you. Carefully examine photos for identifying information such as the name of your school, the name of a sports team or organization you belong to, the address of the place you work or your favorite social hangout. Do not give out the full name of a child in your captions. One mother was very concerned to see her son's wrestling picture online with his full name. Pictures can also be copied or altered and used on other websites in ways that might be detrimental to your reputation.
February 27, 2014
Watch out for shoulder surfers
Watch out for shoulder surfers who read over your shoulder or try to steal your password. If you have your back to the door or an open cubical wall, get a rear view mirror to stick up and watch behind you when youre typing. This also prevents office pranksters from sneaking up on you. When in public places, such as Internet cafes, always try to sit with your back to a wall to prevent onlookers. Glass walls dont count — thieves can look right through them!
February 26, 2014
Use a strong voicemail password. This helps prevent crooks from hijacking your phone line or voicemail
A busy person set his voicemail password to match his extension. It seemed easy to remember but was also easy to guess. A prison inmate guessed the password and began using the account to communicate with fellow criminals—leaving messages for them and deleting legitimate messages.
The receptionist at a small business came into the office at 8:30 a.m. and the phones were ringing off the hook. She picked up one of the lines and was surprised to hear people talking in a foreign language. Turns out fraudsters were using the phone system to steal international long-distance phone time.
February 25, 2014
Don't Trust Links Sent in Email Messages
A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.
February 24, 2014
Lock it when you leave it
Never leave your computer logged in when you walk away, not even for a minute. Make it a habit to log off your workstation whenever you get up. Remember to always leave your Windows computer by pressing the keyboard shortcut combination of the Windows logo key and the letter "L" on a Microsoft natural keyboard. Get it? Leave Windows by pressing the Windows logo + L keys together to lock it up.
February 23, 2014
Don't Click to Agree without Reading the Small Print
Some free software passes your information on to advertisers, changes your PC or downloads other software without asking you. Some suppliers will claim that this is OK because you agreed to this. How? People often click on the "agree" button to accept 20 pages of difficult legal jargon they don't understand. But buried in the middle can be a sentence allowing the software to do whatever it likes. You can argue in court that the terms aren't reasonable, but then it will be too late — the damage has been done and your PC is broken. Learn from other people's pain: if terms and conditions are hard to understand, it is probably deliberate. If it isn't worth the trouble to read the conditions, don't risk using the software.
February 22, 2014
How to spot a phishing email...
It could be a phishing email if...
There are misspelled words in the e-mail or it contains poor grammar.
The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers.
There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address."
The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example:
Do not sign the back of your credit cards. Instead put "PHOTO ID REQUIRED"; although merchants and their employees are still hit-and-miss on actually checking that ID, more of them are paying attention.
When you order your checks, don't list any telephone number. You can always write it on the check at the time of the transaction. If you have a PO Box, use that instead of your home address or your work address.
Be aware of which credit cards you carry now have embedded RFID chips because the information on one of those chips can be read surreptitiously by someone near you using a simple hand-held scanner.
Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Store those photo copies in a secure place and refresh it when you change cards.
February 20, 2014
Outsmart hoax e-mail
Productivity-sapping e-mail circulates close to April Fool's Day. Keep the e-mail system from bogging down with thousands of unnecessary messages—delete hoaxes and jokes.
One year, an April Fool e-mail claimed that "for every person that you forward this e-mail to, Microsoft will pay you $245.00 ..." It was forwarded to thousands of people even though it sounded too good to be true. At one nationwide company, in-boxes were clogged and the e-mail servers had to be reset, delaying legitimate e-mail.
February 19, 2014
People Forget, Computers Don't
In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.
Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.
If you weren't expecting an attachment, write back and request that sender embeds text in email
When you see your anti-virus package "scanning" a Word or Excel file, the odds are VERY high that it won't find any of the important new vulnerabilities nation states and rich criminals are using to get past the most sophisticated defenses. Don't open email attachments unless you were expecting them. Send a note back and ask the person to embed the text in a simple email. This matters to your career. The people who break this rule will be the reason their organization's data are stolen and they won't be able to hide.
February 17, 2014
Keep it off the floor
No matter where you are in public - at a conference, a coffee shop, or a registration desk - avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you're aware of it.
Don't leave your laptop in the car - not on the seat, not in the trunk. Parked cars are a favorite target of laptop thieves; don't help them by leaving your laptop unattended. If you must leave your laptop behind, keep it out of sight.
If you had a wad of money sitting out in a public place, would you turn your back on it - even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.
Thinking of taking your laptop on the road? It's a great way to work and stay in touch when you're out and about, but you need to take some steps to keep your laptop safe-and in your possession. Here are some things you can do to keep track of your laptop:
Treat it like cash.
Get it out of the car...don't ever leave it behind.
Keep it locked...use a security cable.
Keep it off the floor...or at least between your feet.
Keep passwords separate...not near the laptop or case.
Don't leave it "for just a sec"...no matter where you are.
Pay attention in airports...especially at security.
Use bells and whistles...if you've got an alarm, turn it on.
Closing or minimizing your browser or typing in a new web address when you're done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the "log out" button to terminate your online session. In addition, don't permit your browser to "remember" your username and password information. If this browser feature is active, anyone using your computer will have access to your investment account information.
Voice over Internet Protocol (VoIP) is one way people are making and receiving telephone calls using an Internet connection rather than a regular phone line. VoIP services can also be attacked by computer viruses, worms, or spam over Internet telephony (SPIT). Here is how it works: VoIP converts your phone call -- actually, the voice signal from your phone -- into a digital signal that travels over the Internet to the person you are calling. If you are calling a plain old telephone number, the signal is converted back at the other end. If you're comfortable with new technology, you may want to learn more about VoIP. It's smart to do some research on this technology before signing up for it.
It's 10 p.m. Do you know whom your kids are chatting with online?
While social networking sites can increase a person's circle of friends, they also can increase exposure to people with less than friendly intentions. Here are tips for helping your kids use social networking sites safely:
Help your kids understand what information should be private.
Explain that kids should post only information that you - and they - are comfortable with others seeing.
Use privacy settings to restrict who can access and post on your child's website.
Remind your kids that once they post information online, they can't take it back.
Talk to your kids about avoiding sex talk online.
Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.