Who is Using Cyberthreat Intel & How? Take Survey - Enter to Win iPad

Security Awareness Tip of The Day

Upcoming Webcasts RSS Feed Click here to subscribe to the Security Awareness Tip of the Day RSS Feed

To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.

SANS Institute is using Twitter! Click Here

SANS Security Tip Contest. Have your tip featured on the SANS Tip of the Day!

October 31, 2014

If you weren't expecting an attachment, write back and request that sender embeds text in email

When you see your anti-virus package "scanning" a Word or Excel file, the odds are VERY high that it won't find any of the important new vulnerabilities nation states and rich criminals are using to get past the most sophisticated defenses. Don't open email attachments unless you were expecting them. Send a note back and ask the person to embed the text in a simple email. This matters to your career. The people who break this rule will be the reason their organization's data are stolen and they won't be able to hide.

October 30, 2014

Keep it off the floor

No matter where you are in public - at a conference, a coffee shop, or a registration desk - avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you're aware of it.

Visit http://onguardonline.gov/laptop.html for more information.

October 29, 2014

Get it out of the car

Don't leave your laptop in the car - not on the seat, not in the trunk. Parked cars are a favorite target of laptop thieves; don't help them by leaving your laptop unattended. If you must leave your laptop behind, keep it out of sight.

Visit http://onguardonline.gov/laptop.html for more information.

October 28, 2014

Treat your laptop like cash

If you had a wad of money sitting out in a public place, would you turn your back on it - even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.

Visit http://onguardonline.gov/laptop.html for more information.

October 27, 2014

Treat your laptop like you want to keep it

Thinking of taking your laptop on the road? It's a great way to work and stay in touch when you're out and about, but you need to take some steps to keep your laptop safe-and in your possession. Here are some things you can do to keep track of your laptop:

  • Treat it like cash.
  • Get it out of the car...don't ever leave it behind.
  • Keep it locked...use a security cable.
  • Keep it off the floor...or at least between your feet.
  • Keep passwords separate...not near the laptop or case.
  • Don't leave it "for just a sec"...no matter where you are.
  • Pay attention in airports...especially at security.
  • Use bells and whistles...if you've got an alarm, turn it on.

Visit http://onguardonline.gov/laptop.html for more information.

October 26, 2014

When you log out, log out completely

Closing or minimizing your browser or typing in a new web address when you're done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the "log out" button to terminate your online session. In addition, don't permit your browser to "remember" your username and password information. If this browser feature is active, anyone using your computer will have access to your investment account information.

Visit http://onguardonline.gov for more information.

October 25, 2014

VoIP: It's a phone, it's a computer, it's...

Voice over Internet Protocol (VoIP) is one way people are making and receiving telephone calls using an Internet connection rather than a regular phone line. VoIP services can also be attacked by computer viruses, worms, or spam over Internet telephony (SPIT). Here is how it works: VoIP converts your phone call -- actually, the voice signal from your phone -- into a digital signal that travels over the Internet to the person you are calling. If you are calling a plain old telephone number, the signal is converted back at the other end. If you're comfortable with new technology, you may want to learn more about VoIP. It's smart to do some research on this technology before signing up for it.

Visit http://onguardonline.gov/voip.html for more information.

October 24, 2014

10 Scams to Screen from Your Email

  1. The "Nigerian" Email Scam
  2. Phishing
  3. Work-at-Home Scams
  4. Fake software updates
  5. Foreign Lotteries
  6. Sexual Enhancement products
  7. Check Overpayment Scams
  8. Pay-in-Advance Credit Offers
  9. Debt Relief
  10. IRS refunds

Visit http://onguardonline.gov/spam.html for more information.

October 23, 2014

It's 10 p.m. Do you know whom your kids are chatting with online?

While social networking sites can increase a person's circle of friends, they also can increase exposure to people with less than friendly intentions. Here are tips for helping your kids use social networking sites safely:

  • Help your kids understand what information should be private.
  • Explain that kids should post only information that you - and they - are comfortable with others seeing.
  • Use privacy settings to restrict who can access and post on your child's website.
  • Remind your kids that once they post information online, they can't take it back.
  • Talk to your kids about avoiding sex talk online.
  • Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.

Visit http://onguardonline.gov/socialnetworking.html for more information.

October 22, 2014

Don't get hooked by a Phishing expedition

  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message.
  • Don't cut and paste a link from the message into your Web browser -- phishers can make links look like they go one place, but actually send you to a different site.
  • Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly.
  • Don't send personal or financial information by email.
  • Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.

Visit http://onguardonline.gov/phishing.html for more information.

October 21, 2014

Don't let spyware control your computer use

Lower your risk by taking the following steps:

  • Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.
  • Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly.
  • Download free software only from sites you know and trust. Enticing free software downloads frequently contain other software, including spyware.
  • Don't click on links in pop-ups.
  • Don't click on links in spam or pop-ups that claim to offer anti-spyware software

Visit http://onguardonline.gov/spyware.html for more information.

October 20, 2014

If your personal information is stolen, four steps to take

It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:

  • Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.
  • Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.
  • File a police report with local law enforcement officials. This is an essential step for protecting your rights.
  • Report your theft to the Federal Trade Commission, online, by phone, or by mail

Visit http://onguardonline.gov/idtheft.html for more information.

October 19, 2014

If you suspect malware is on your computer - Stop, Confirm, Scan

Malware, short for "malicious software," includes viruses and spyware designed to steal personal information, send spam, and commit fraud. If you suspect malware is on your computer —

  • Stop shopping, banking, or any online activities that involve user names, passwords, or other sensitive information.
  • Confirm that your security software is working and up-to-date. At a minimum, your computer should have anti-virus and anti-spyware software, and a two-way firewall.
  • Once your security software is up-to-date, scan your computer for viruses and spyware, deleting or quarantining anything the program identifies as a problem.
  • If you suspect your computer is still infected, you may want to run a second anti-virus or anti-spyware program - or call in professional help.
  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.

Visit http://onguardonline.gov/malware.html for more information.

October 18, 2014

Stop. Think. Click: Seven Practices for Safer Computing

  1. Protect your personal information. It's valuable.
  2. Know whom you're dealing with.
  3. Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly.
  4. Be sure to set up your operating system and Web browser software properly, and update them regularly.
  5. Protect your passwords.
  6. Back up important files.
  7. Learn whom to contact if something goes wrong online.

Visit http://onguardonline.gov/stopthinkclick.html for more information.

October 17, 2014

If you receive child pornography via email, report it to your manager or IT section immediately

Sending pornographic images of children is a serious criminal offense and most police forces will investigate promptly and insist that all traces are removed. When you report it, don't forward the image. Sending it on spreads the images across more systems, making it harder to clear up and causes needless distress to the person you are reporting it to.
October 16, 2014

Avoid spam in your IM email account

Did you ever sign up with an Instant Messenger client so that you could chat with your buddies? Perhaps you have more than one running on the desktop. Each popular IM client comes conveniently with an Email account, and each time there is an email associated with your IM screen name, you receive a notice with this account filling up. You can prevent the spam or any email notices from appearing by using a single filter. Since I added the following filter on my email account attached to my Yahoo IM, I no longer get these notifications. Simply add a filter that the From/ Address includes @ to go directly to trash. You will be able to communicate with all your IM buddies without the hassle of being notified of items coming into the inbox.
October 15, 2014

Don't click the "unsubscribe" link at the bottom of unsolicited emails

Spam filters are catching most unwanted e-mail, but some might still reach you. Most spam is designed to get you to respond with your own email or to click a link to "unsubscribe." When you respond or click the "unsubscribe" link, the sender takes your email address and adds it to a SPAM database of active email addresses. You might then start to receive a large amount of SPAM in your inbox. Do not respond or click the "unsubscribe" links.
October 14, 2014

Save your files to a network server

A computer user working on a critical project was saving the analysis document on his Windows desktop. Unfortunately, the Windows desktop was located on the local hard drive and local hard drives were not automatically being backed up. When his hard disk failed, he lost the file and had to work through nights and a weekend to make up for the lost time. If your company permits network backups or remote storage, be sure you back up your important files. PS. Important files don't include things like vacation pictures, which can overburden the backup system. Ask the help desk for advice on where such files should be saved.
October 13, 2014

E-mail is insecure by default because it is more like a postcard, not a sealed envelope

A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
October 12, 2014

Beware of USB flash drive's autoplay feature

  1. If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
  2. Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
    • Open My Computer
    • Right click on your cdrom drive selecting "Properties"
    • Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
    • Click Apply (you must apply each setting change one at a time!)
    • Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action")
October 11, 2014

Don't enter your password on an untrusted computer.

A password is only as secure as the computer or network it is used on.

Bad Guys target public kiosk-type computers and wireless networks, such as those in Internet cafes, conference centers, hotels and motels, and airports. The instant you type your password on a computer that is infected or rigged, or on one using a compromised wireless network, the Bad Guy has got that password for good. This is one reason why you should change your passwords on a schedule, and never reuse a password on several computers or systems. Regard all public-use computers as untrustworthy. If you have no choice but to use a public computer, change your password before you log off or at the next available opportunity.
October 10, 2014

Paper files Have to Be Protected Too

You've probably heard that To err is human, but to foul things up completely you need a computer. We know it's important to protect the big databases that we store, but we can't ignore paper records. The amount of information held on paper may be much smaller, but many of the most serious leaks happen through very human methods — reports stolen from desktops or read over someone's shoulder. Keep sensitive paper files locked away when they are not being used and don't read them in public places.
October 9, 2014

It takes two to tango and two firewalls to secure your system

Contrary to the myth that hardware firewalls are better than software firewalls, both are equally necessary to secure your system because they provide different kinds of protection. Any size network — whether it's one or two computers on a home network or 100 computers in a business — needs to be protected by a hardware firewall, and every connected computer needs to be protected by a software firewall.
October 8, 2014

Think twice before posting pictures of yourself or your family and friends

Photographs often contain information that could be used to identify you or the places you visit frequently. Never post unflattering or embarrassing pictures (no matter how funny) that could come back to haunt you. Carefully examine photos for identifying information such as the name of your school, the name of a sports team or organization you belong to, the address of the place you work or your favorite social hangout. Do not give out the full name of a child in your captions. One mother was very concerned to see her son's wrestling picture online with his full name. Pictures can also be copied or altered and used on other websites in ways that might be detrimental to your reputation.
October 7, 2014

Don't share your password-even with an assistant or close coworker

A salesperson relied on his assistant every day, trusting her with his username and password. She quit, but not before she deleted all of his sent e-mail and all of his saved files...Turns out she wasn't backing up the computer either.

Several coworkers used the same ID to login—it seemed easier that way. The time came to change their password and they forgot to tell each other. One by one, they all called the help desk to get the ID reset, and they ended up locking each other out of their computers and getting reprimanded for sharing.
October 6, 2014

Hey, I know who you are and where you work! It says so right there on your badge

Security badges are meant to prove identity and display access privileges at work. They should never be worn outside of the office in public when going to lunch, taking a break, or even walking outside. Exposing your badge in public permits identity thieves to see your name, office, and possibly your level of security clearance. Whats worse is that now the public knows what your badge looks like, thereby increasing the chances of successful forgery. Always remove and put away your badge when leaving work, even if just for a break.
October 5, 2014

Place a fraud alert to protect against identity theft

By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.

If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.

Here are numbers you always need to contact if your wallet, etc., has been stolen:
  1. Equifax: 1-800-525-6285
  2. Experian (formerly TRW): 1-888-397-3742
  3. Trans Union: 1-800-680-7289
  4. Social Security Administration (fraud line): 1-800-269-0271
You can get a free credit report once a year from each of the three credit reporting agencies. They have set up a web site for this: https://www.annualcreditreport.com/cra/index.jsp
October 4, 2014

A cheap way to avoid an expensive disaster

Backing up your files is a cheap way to avoid an expensive disaster. How much is it to buy a backup drive? About $75.00. Backup software? $30 or less. An hour of consultant's time to install and show you how to use it? About $100. Not losing your data? Priceless.
October 3, 2014

Remember that any email or instant message you send could come back to haunt you

Once you send an e-mail, it has a very good chance of being saved in someone's mailbox or archived on a server forever. People involved in scandals like Oliver North, Monica Lewinsky, Patricia Dunn (the former Hewlett-Packard chairman), and Bill Gates probably wish they could take back an email or two... Instant Messages can also be saved and used at a later date to embarrass you. Paris Hilton might be able to shed additional light on that subject. Be careful about what you put in writing and whom you send it to.
October 2, 2014

People Forget, Computers Don't

In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.

Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.

For more info, and to download Microsoft's Hidden Data Removal tool, see http://www.microsoft.com/downloads/.