To learn more about information security and how to keep yourself, family, and friends secure subscribe to OUCH!, the free, monthly security awareness newsletter, now published in over twenty languages. More at the OUCH! homepage.
If you weren't expecting an attachment, write back and request that sender embeds text in email
When you see your anti-virus package "scanning" a Word or Excel file, the odds are VERY high that it won't find any of the important new vulnerabilities nation states and rich criminals are using to get past the most sophisticated defenses. Don't open email attachments unless you were expecting them. Send a note back and ask the person to embed the text in a simple email. This matters to your career. The people who break this rule will be the reason their organization's data are stolen and they won't be able to hide.
October 30, 2014
Keep it off the floor
No matter where you are in public - at a conference, a coffee shop, or a registration desk - avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you're aware of it.
Don't leave your laptop in the car - not on the seat, not in the trunk. Parked cars are a favorite target of laptop thieves; don't help them by leaving your laptop unattended. If you must leave your laptop behind, keep it out of sight.
If you had a wad of money sitting out in a public place, would you turn your back on it - even for just a minute? Would you put it in checked luggage? Leave it on the backseat of your car? Of course not. Keep a careful eye on your laptop just as you would a pile of cash.
Thinking of taking your laptop on the road? It's a great way to work and stay in touch when you're out and about, but you need to take some steps to keep your laptop safe-and in your possession. Here are some things you can do to keep track of your laptop:
Treat it like cash.
Get it out of the car...don't ever leave it behind.
Keep it locked...use a security cable.
Keep it off the floor...or at least between your feet.
Keep passwords separate...not near the laptop or case.
Don't leave it "for just a sec"...no matter where you are.
Pay attention in airports...especially at security.
Use bells and whistles...if you've got an alarm, turn it on.
Closing or minimizing your browser or typing in a new web address when you're done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the "log out" button to terminate your online session. In addition, don't permit your browser to "remember" your username and password information. If this browser feature is active, anyone using your computer will have access to your investment account information.
Voice over Internet Protocol (VoIP) is one way people are making and receiving telephone calls using an Internet connection rather than a regular phone line. VoIP services can also be attacked by computer viruses, worms, or spam over Internet telephony (SPIT). Here is how it works: VoIP converts your phone call -- actually, the voice signal from your phone -- into a digital signal that travels over the Internet to the person you are calling. If you are calling a plain old telephone number, the signal is converted back at the other end. If you're comfortable with new technology, you may want to learn more about VoIP. It's smart to do some research on this technology before signing up for it.
It's 10 p.m. Do you know whom your kids are chatting with online?
While social networking sites can increase a person's circle of friends, they also can increase exposure to people with less than friendly intentions. Here are tips for helping your kids use social networking sites safely:
Help your kids understand what information should be private.
Explain that kids should post only information that you - and they - are comfortable with others seeing.
Use privacy settings to restrict who can access and post on your child's website.
Remind your kids that once they post information online, they can't take it back.
Talk to your kids about avoiding sex talk online.
Tell your kids to trust their gut if they have suspicions. If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.
If your personal information is stolen, four steps to take
It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:
Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.
Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.
File a police report with local law enforcement officials. This is an essential step for protecting your rights.
Report your theft to the Federal Trade Commission, online, by phone, or by mail
If you receive child pornography via email, report it to your manager or IT section immediately
Sending pornographic images of children is a serious criminal offense and most police forces will investigate promptly and insist that all traces are removed. When you report it, don't forward the image. Sending it on spreads the images across more systems, making it harder to clear up and causes needless distress to the person you are reporting it to.
October 16, 2014
Avoid spam in your IM email account
Did you ever sign up with an Instant Messenger client so that you could chat with your buddies? Perhaps you have more than one running on the desktop. Each popular IM client comes conveniently with an Email account, and each time there is an email associated with your IM screen name, you receive a notice with this account filling up. You can prevent the spam or any email notices from appearing by using a single filter. Since I added the following filter on my email account attached to my Yahoo IM, I no longer get these notifications. Simply add a filter that the From/ Address includes @ to go directly to trash. You will be able to communicate with all your IM buddies without the hassle of being notified of items coming into the inbox.
October 15, 2014
Don't click the "unsubscribe" link at the bottom of unsolicited emails
Spam filters are catching most unwanted e-mail, but some might still reach you. Most spam is designed to get you to respond with your own email or to click a link to "unsubscribe." When you respond or click the "unsubscribe" link, the sender takes your email address and adds it to a SPAM database of active email addresses. You might then start to receive a large amount of SPAM in your inbox. Do not respond or click the "unsubscribe" links.
October 14, 2014
Save your files to a network server
A computer user working on a critical project was saving the analysis document on his Windows desktop. Unfortunately, the Windows desktop was located on the local hard drive and local hard drives were not automatically being backed up. When his hard disk failed, he lost the file and had to work through nights and a weekend to make up for the lost time. If your company permits network backups or remote storage, be sure you back up your important files. PS. Important files don't include things like vacation pictures, which can overburden the backup system. Ask the help desk for advice on where such files should be saved.
October 13, 2014
E-mail is insecure by default because it is more like a postcard, not a sealed envelope
A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
October 12, 2014
Beware of USB flash drive's autoplay feature
If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
Open My Computer
Right click on your cdrom drive selecting "Properties"
Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
Click Apply (you must apply each setting change one at a time!)
Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action")
October 11, 2014
Don't enter your password on an untrusted computer.
A password is only as secure as the computer or network it is used on.
Bad Guys target public kiosk-type computers and wireless networks, such as those in Internet cafes, conference centers, hotels and motels, and airports. The instant you type your password on a computer that is infected or rigged, or on one using a compromised wireless network, the Bad Guy has got that password for good. This is one reason why you should change your passwords on a schedule, and never reuse a password on several computers or systems. Regard all public-use computers as untrustworthy. If you have no choice but to use a public computer, change your password before you log off or at the next available opportunity.
October 10, 2014
Paper files Have to Be Protected Too
You've probably heard that To err is human, but to foul things up completely you need a computer. We know it's important to protect the big databases that we store, but we can't ignore paper records. The amount of information held on paper may be much smaller, but many of the most serious leaks happen through very human methods — reports stolen from desktops or read over someone's shoulder. Keep sensitive paper files locked away when they are not being used and don't read them in public places.
October 9, 2014
It takes two to tango and two firewalls to secure your system
Contrary to the myth that hardware firewalls are better than software firewalls, both are equally necessary to secure your system because they provide different kinds of protection. Any size network — whether it's one or two computers on a home network or 100 computers in a business — needs to be protected by a hardware firewall, and every connected computer needs to be protected by a software firewall.
October 8, 2014
Think twice before posting pictures of yourself or your family and friends
Photographs often contain information that could be used to identify you or the places you visit frequently. Never post unflattering or embarrassing pictures (no matter how funny) that could come back to haunt you. Carefully examine photos for identifying information such as the name of your school, the name of a sports team or organization you belong to, the address of the place you work or your favorite social hangout. Do not give out the full name of a child in your captions. One mother was very concerned to see her son's wrestling picture online with his full name. Pictures can also be copied or altered and used on other websites in ways that might be detrimental to your reputation.
October 7, 2014
Don't share your password-even with an assistant or close coworker
A salesperson relied on his assistant every day, trusting her with his username and password. She quit, but not before she deleted all of his sent e-mail and all of his saved files...Turns out she wasn't backing up the computer either.
Several coworkers used the same ID to login—it seemed easier that way. The time came to change their password and they forgot to tell each other. One by one, they all called the help desk to get the ID reset, and they ended up locking each other out of their computers and getting reprimanded for sharing.
October 6, 2014
Hey, I know who you are and where you work! It says so right there on your badge
Security badges are meant to prove identity and display access privileges at work. They should never be worn outside of the office in public when going to lunch, taking a break, or even walking outside. Exposing your badge in public permits identity thieves to see your name, office, and possibly your level of security clearance. Whats worse is that now the public knows what your badge looks like, thereby increasing the chances of successful forgery. Always remove and put away your badge when leaving work, even if just for a break.
October 5, 2014
Place a fraud alert to protect against identity theft
By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.
If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.
Here are numbers you always need to contact if your wallet, etc., has been stolen:
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
Backing up your files is a cheap way to avoid an expensive disaster. How much is it to buy a backup drive? About $75.00. Backup software? $30 or less. An hour of consultant's time to install and show you how to use it? About $100. Not losing your data? Priceless.
October 3, 2014
Remember that any email or instant message you send could come back to haunt you
Once you send an e-mail, it has a very good chance of being saved in someone's mailbox or archived on a server forever. People involved in scandals like Oliver North, Monica Lewinsky, Patricia Dunn (the former Hewlett-Packard chairman), and Bill Gates probably wish they could take back an email or two... Instant Messages can also be saved and used at a later date to embarrass you. Paris Hilton might be able to shed additional light on that subject. Be careful about what you put in writing and whom you send it to.
October 2, 2014
People Forget, Computers Don't
In 2003, the British Government published a report on Iraq's security and intelligence organizations. Then a Cambridge University lecturer discovered that much of the document was copied from three different articles, one written by a graduate student. How did he know? The document contained a listing of the last 10 edits, even showing the names of the people who worked on the file.
Hidden data can often be found within Microsoft Office documents particularly Word. Whenever you exchange documents with clients, either convert them to PDF format (WYSIWYG) or else run them through Microsoft's Hidden Data Removal tool.