To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.
If your personal information is stolen, four steps to take
It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:
Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.
Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.
File a police report with local law enforcement officials. This is an essential step for protecting your rights.
Report your theft to the Federal Trade Commission, online, by phone, or by mail
When a major news event happens, cyber criminals send email with a subject line related to the event and include an attachment that is malware to infect your computer and make it part of a botnet for sending SPAM and conducting other illegal activities. You can see examples of these catchy subject lines at http://www.flickr.com/photos/panda_security/with/3256919391/
May 19, 2013
Print out important documents
A digital photography expert told me that CDs are expected to "live" for up to ten years. I want kids—and maybe grandkids—to see photos, so I print the best ones. Same goes for documents: print important files so that they are accessible in future decades. Of course, you want to back up these files too.
May 18, 2013
Don't click on links in pop-ups or banner advertisements
In July 2007, when iPhones were scarce and strongly in demand, Botnet herders put software on already infected computers that redirected users browsing for iPhones to phony websites. The malware caused pop-ups and banner advertisements on infected computers; clicking on the provided links took users to the phony sites. People who attempted to buy iPhones from the sites were actually providing the Bad Guys with their personal and financial information. You can expect to see something similar for any fad that comes along. When your heart is tempted by the latest hot fad, don't throw caution to the wind.
May 17, 2013
Backup important files on a regular basis
Backup important files on a regular basis and store the backups in a safe place. (Preferably off site.) You can backup files to removable disk or save copies to network shares. Unfortunately, it's not a matter of "if" you'll lose files one way or another; it's a matter of "when".
May 16, 2013
Don't Trust Links Sent in Email Messages
A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.
May 15, 2013
Know your IMEI?
Did you know there is a unique serial number that identifies each mobile phone? Press *#06# on your phone's keypad, and it will display a 15 digit number. Make a record of that number, it is your International Mobile Equipment Identity (IMEI) number; and, if the phone is lost or stolen, the phone can be identified even if a new SIM card is added. Your provider can also block others from using the phone on their network, which could help protect you against expensive 1-900 phone calls and similar mischief.
May 14, 2013
Effectively delete files
When you delete a file, depending on your operating system and your settings, the file may be transferred to your trash or recycle bin. This "holding area" essentially protects you from yourself—if you accidentally delete a file, you can easily restore it. An unauthorized person will also be able to retrieve it. Does your recycle bin include credit card information, passwords, medical, or other personal data? Is there sensitive corporate information? Empty the trash or recycle bin on a regular basis to ensure that deleted information stays deleted.
May 13, 2013
Don't pass on chain messages or send warnings to everyone you know
Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don't pass them on — it is as simple as that. You may get messages from friends, warning you about a new virus, health scare, charity appeal or con trick. These are very likely to be hoaxes or just plain wrong. Be very suspicious of messages that ask you to pass them to "everyone you know". That leads to an endless chain of forwarded messages that go on long past any real or imagined threat. If it is really convincing, pass it to your IT section or helpdesk for them to consider.
May 12, 2013
What you ask people walking around inside your company offices without a valid identity card: "May I help you?"
Security comes before a false sense of social etiquette. If you see someone anywhere on your office premises whom you don't know, and who doesn't have a valid ID, go ahead and ask the question. You can't be too alert.
Submitted by Nitin Dewan
May 11, 2013
Never respond to an email asking for personal information
Companies you do business with should never ask for account information, credit card numbers or PIN information in an email message. If you have any questions about an email you receive that supposedly comes from your financial institution, call the local branch office. Do NOT respond to the email.
May 10, 2013
Patch and update on a regular basis
Because hackers are constantly looking for vulnerabilities, it is important to keep your software up to date and patched. Unpatched, out-of-date systems are a leading cause of security incidents. Take the time to ensure you have the most recent patches and updates installed.
May 9, 2013
See just how "Security Aware" you really are
Do you believe you're a little more Security Aware? Can you identify the threats that exist in your environment and the steps you should take to avoid them? Take the following quizzes and find out.
No matter how friendly you are, you wouldn't let your neighbor read your bank statements and private letters. If you have a wireless network in your house and don't protect it, you could be doing just that. As they come "out of the box", most wireless networks let anyone in range connect to them and that could also let them see your PC and your email. It is worth taking a few extra minutes when setting them up to enable the encryption settings. Briefly, if you don't understand the jargon, WPA is better than WEP.
May 7, 2013
Don't be an unintentional spammer
If you're like most people, you've probably received at least one hoax or chain letter in your inbox. What should you do with the next one you receive? Delete it! Why you ask? Because chain letters and hoaxes have the potential to cause problems (lots of network traffic or just filling up someone's inbox) and they can also be very annoying. Visit the following sites to find out more about hoaxes and chain letters.
Dont leave important, sensitive, or confidential material lying around the office. Common printing areas are frequented by people coming and going. Often you will be in line to pick up your documents and others may handle them before you. This leads to unnecessary information disclosures. One boss had a print job disappear, and had e-mailed the whole floor about it. The pages never turned up. Always use the closest print station, or a dedicated printer for confidential information, and go get it right away!
May 5, 2013
Watch out for shoulder surfers
Watch out for shoulder surfers who read over your shoulder or try to steal your password. If you have your back to the door or an open cubical wall, get a rear view mirror to stick up and watch behind you when youre typing. This also prevents office pranksters from sneaking up on you. When in public places, such as Internet cafes, always try to sit with your back to a wall to prevent onlookers. Glass walls dont count — thieves can look right through them!
May 4, 2013
Don't enter your password on an untrusted computer.
A password is only as secure as the computer or network it is used on.
Bad Guys target public kiosk-type computers and wireless networks, such as those in Internet cafes, conference centers, hotels and motels, and airports. The instant you type your password on a computer that is infected or rigged, or on one using a compromised wireless network, the Bad Guy has got that password for good. This is one reason why you should change your passwords on a schedule, and never reuse a password on several computers or systems. Regard all public-use computers as untrustworthy. If you have no choice but to use a public computer, change your password before you log off or at the next available opportunity.
May 3, 2013
Use Outlook? Use the Auto-Preview, not the Reading Pane
If you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it. Disable the Reading Pane and Enable Auto Preview:
Choose View -> Reading Pane -> Off
Choose View -> AutoPreview
Now you can see what is Junk, and which ones may have an HTML payload.
May 2, 2013
Don't enter your username and password on any computer you don't control.
Using public computers will always carry the risk of exposing your personal data. "Public" computers — as in college library computers. A Kentucky college student has been charged with identity theft and unlawful access to a computer for allegedly breaking into other students' email accounts at the University of the Cumberlands, and using the access and information to blackmail them. He did this by allegedly placing spyware on computers at the college library to harvest the information he needed to access the email accounts. Then he threatened to divulge the contents of certain messages unless the students complied with his demands.
E-mail is insecure by default because it is more like a postcard, not a sealed envelope
A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
April 30, 2013
Revoking security access isn't always enough
A California man has been arrested for interfering with computers at the California Independent System Operator (Cal-ISO) agency, which controls the state's power transmission lines and runs its energy trading markets. Even though Lonnie C. Denison's security access had been suspended at the request of his employer because of an employee dispute, he allegedly gained physical access to the facility with his card key. Once inside, Denison allegedly broke the glass protecting an emergency power cut-off station and pushed the button, causing much of the data center to shut down. Cal-ISO was unable to access the energy trading market, but the power transmission grid was unaffected.
April 29, 2013
Stop! Nobody Sends Email to Dead People!
One type of Phishing (fake emails to trick you into sharing your private financial details) is to send a note claiming to want to send you a sum of money but not being able to because they have been told you are deceased. The idea is for you to prove you are not dead by giving up your financial information. As always, if it sounds too good to be true, it is probably not true. If someone wants to contact you in order to give you a large sum of money, they will almost certainly do it by certified mail, not by email.
April 28, 2013
Do NOT open unknown or unexpected e-mail attachments
This morning I got an e-mail from my boss with an attachment. My boss is a man of few words on e-mail. If he wants to explain or discuss something with me, he picks up the phone. When he wants me to read or edit something we have talked about, he sends it to me. Even though the subject line was a date, the e-mail had no text, AND my boss hadn't told me he was sending me an attachment, I opened it because it was from my boss at an e-mail address I recognized. Bad move. Imagine my surprise when my Norton anti-virus screen popped up with a message that the attachment contained a virus and had been deleted. Hackers had spoofed his address and I had fallen for it.
April 27, 2013
Don't be duped by Internet Fraud
We all get offers that seem too good to be true. Whether they come by email or appear on web sites, they are often clever schemes designed to dupe the gullible. Don't be tricked by Internet Fraud. For more information see http://www.lookstoogoodtobetrue.com.
April 26, 2013
Check for encryption or secure sites when providing confidential information online
Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window. For more information about phishing, please visit http://www.onguardonline.gov/phishing.html