Security Awareness Tip

November 19, 2009
Print out important documents
A digital photography expert told me that CDs are expected to "live" for up to ten years. I want kids—and maybe grandkids—to see photos, so I print the best ones. Same goes for documents: print important files so that they are accessible in future decades. Of course, you want to back up these files too.

November 18, 2009
Don't give away your data when you give away your handheld device
Be careful before you resell or give away your handheld devices like Palms. The new owner can uncover data. At a minimum, figure out how to reset it to the factory standard. Refer to your manual or call the manufacturer. For more information on deleting data: http://www.informit.com/guides/content.asp?g=security&seqNum=234&rl=1

November 17, 2009
Don't click on links in pop-ups or banner advertisements
In July 2007, when iPhones were scarce and strongly in demand, Botnet herders put software on already infected computers that redirected users browsing for iPhones to phony websites. The malware caused pop-ups and banner advertisements on infected computers; clicking on the provided links took users to the phony sites. People who attempted to buy iPhones from the sites were actually providing the Bad Guys with their personal and financial information. You can expect to see something similar for any fad that comes along. When your heart is tempted by the latest hot fad, don't throw caution to the wind.

November 16, 2009
Always lock your computer (by pressing CTRL + ALT + DELETE and hitting "Enter") before walking away from it
Locking your computer before leaving it unattended prevents anyone else from accessing it while you are away. This is especially important when there are customers in your office. Leaving your computer unlocked can expose customer data to a third party. Even when there is no one in your office, data could be exposed if your computer screen faces an outside window, especially on the ground floor.

November 15, 2009
Control access to buildings and work areas
Each one of us has a responsibility to ensure that our building is secure. When you enter the building from a side door or after hours, make sure the door closes properly and check to see that no one has slipped in behind you. If you see someone you don't know wandering around, don't be afraid to grab a co-worker and ask which room they're looking for or who they're visiting. It's better to be safe than sorry!

November 14, 2009
Don't check "remember my password" boxes
Numerous programs offer the option of "remembering" your password. Unfortunately, many of them have no built-in security measures to protect that information. Some programs actually store the password in clear text in a file on the computer. This means anyone with access to the computer can read the password. It's best to retype your password each time you log in eliminating the possibility that someone will be able to steal or use it.

November 13, 2009
Make sure your personal information is protected when you do business online
Always read the privacy statement before you fill in the blanks. You should also verify that the site is using encryption before you submit any information — look for https in the web address and for a padlock or key in the lower right corner of your browser. Don't send your personal information (social security number, credit card number, etc.) in an email or through instant messaging.

November 12, 2009
Do not write your password down and leave it near your computer
Writing your password on a 'sticky-note' and sticking it on your monitor makes it very easy for people who regularly steal passwords to obtain yours. Hiding it under your keyboard or mouse pad is not much better, as these are common hiding places for passwords. However if you must write something down, jot down a hint or clue that will help jog your memory or store the written password in a secure, locked place.

November 11, 2009
Backup important files on a regular basis
Backup important files on a regular basis and store the backups in a safe place. (Preferably off site.) You can backup files to removable disk or save copies to network shares. Unfortunately, it's not a matter of "if" you'll lose files one way or another; it's a matter of "when".

November 10, 2009
Watch out for shoulder surfers
Watch out for shoulder surfers who read over your shoulder or try to steal your password. If you have your back to the door or an open cubical wall, get a rear view mirror to stick up and watch behind you when youre typing. This also prevents office pranksters from sneaking up on you. When in public places, such as Internet cafes, always try to sit with your back to a wall to prevent onlookers. Glass walls dont count — thieves can look right through them!

November 9, 2009
Hey, I know who you are and where you work! It says so right there on your badge
Security badges are meant to prove identity and display access privileges at work. They should never be worn outside of the office in public when going to lunch, taking a break, or even walking outside. Exposing your badge in public permits identity thieves to see your name, office, and possibly your level of security clearance. Whats worse is that now the public knows what your badge looks like, thereby increasing the chances of successful forgery. Always remove and put away your badge when leaving work, even if just for a break.

November 8, 2009
When selecting a screen name...make sure it doesn't say too much about you
Screen names that hint at personal interests, hobbies, or favorite sports, combined with other clues in your profile will give enough information for someone to figure out who you are and where they can find you.

November 7, 2009
Can you hear me now? Do NOT trust your cell phone Bluetooth earpiece
Many cell phone Bluetooth hands-free earpieces have a default pin of 0000. A hacker with a Bluetooth antenna can connect to your earpiece and eavesdrop on everything that you are saying. In fact, they can even transmit to it. Think that's unlikely? Check out the YouTube video at: http://www.youtube.com/watch?v=1c-jzYAH2gw

November 6, 2009
Patch and update on a regular basis
Because hackers are constantly looking for vulnerabilities, it is important to keep your software up to date and patched. Unpatched, out-of-date systems are a leading cause of security incidents. Take the time to ensure you have the most recent patches and updates installed.

November 5, 2009
Use a password in only one place.
Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

November 4, 2009
Think twice before you post personal information. Remember, even crooks may see what you post on social media sites
Criminals are mopping up because social media users are willing to share personal information about themselves and others. This data can be used to guess your password, give them the answers to account security questions or send you email with malicious attachments that appear to be from someone you know.

November 3, 2009
Use Outlook? Use the Auto-Preview, not the Reading Pane
If you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it.
Disable the Reading Pane and Enable Auto Preview:

1. Open Outlook.
2. Choose View -> Reading Pane -> Off
3. Choose View -> AutoPreview
4. Now you can see what is Junk, and which ones may have an HTML payload.

November 2, 2009
Effectively delete files
When you delete a file, depending on your operating system and your settings, the file may be transferred to your trash or recycle bin. This "holding area" essentially protects you from yourself—if you accidentally delete a file, you can easily restore it. An unauthorized person will also be able to retrieve it. Does your recycle bin include credit card information, passwords, medical, or other personal data? Is there sensitive corporate information? Empty the trash or recycle bin on a regular basis to ensure that deleted information stays deleted.

November 1, 2009
Be careful with cybercafe computers
Cybercafe's offer a convenient way to use a networked computer when you are away from home or office. But be careful. It's impossible for an ordinary user to tell what the state of their security might be. Since anyone can use them for anything, they have probably been exposed to viruses, worms, Trojans, keyloggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email, which may contain personal information; to any secure system, like the network or server at your office, bank or credit union; or for shopping online.

October 31, 2009
If your browser questions a website's security, stop, think, and verify.

When visiting the "https" secure sites of banks and online shopping retailers, you may see an onscreen warning, such as "There is a problem with the website's security certificate" or "Secure Connection Failed." Don't just click to continue or to make an exception. The warning may only indicate that there is a harmless temporary problem with the site or with the network. But it can also mean that the site is bogus or has been compromised by hackers, and someone is listening in on your conversation with your bank or retailer.

Be smart. Contact your bank or retailer by phone to find out if they know about a problem with their website or the network. Don't be the next victim of fraud.

October 30, 2009
Securing your wireless network - priceless!
Laptop: $1,000
Wireless router: $100
Being able to connect to the Internet with peace of mind, knowing that you did it safely: priceless.

Wireless networks are inherently unsafe because anyone within range can use them and potentially steal your information if these networks are not set up properly. If you don't know what needs to be done to secure them, get help from a technical friend or use a professional from the store where you bought it.

October 29, 2009
Use a strong voicemail password. This helps prevent crooks from hijacking your phone line or voicemail
A busy person set his voicemail password to match his extension. It seemed easy to remember but was also easy to guess. A prison inmate guessed the password and began using the account to communicate with fellow criminals—leaving messages for them and deleting legitimate messages.

The receptionist at a small business came into the office at 8:30 a.m. and the phones were ringing off the hook. She picked up one of the lines and was surprised to hear people talking in a foreign language. Turns out fraudsters were using the phone system to steal international long-distance phone time.

October 28, 2009
Turn off your wireless AP when it's not in use
Power off your wireless access point (AP) when you know you won't be at home or when it's not in use. Your AP can't be accessed by hackers when it is not powered on. So, turn it off and limit the amount of time you leave yourself open to attack.

October 27, 2009
Beware of USB flash drive's autoplay feature

1. If you find a USB token in the wild, don't plug it into your USB port as it could autoinstall software if your system is set to autoplay CDROMs.
2. Though many organizations' standards call for disabling autoplay of CDROMs, you should check and set yours. To disable autoplay follow these instructions (for WinXP):
   • Open My Computer
   • Right click on your cdrom drive selecting "Properties"
   • Select Autoplay page and set each menu option to "Select an Action to Perform" = "Take no action"
   • Click Apply (you must apply each setting change one at a time!)
   • Repeat for each item in the list (alternatively ensure that all are set to "Prompt me for action")

October 26, 2009
Read error messages and checkboxes
When you see an error message pop up on the screen, read it! You may not understand everything, but if you look through the message, you can get the gist. Hackers can sometimes generate errors to collect everything you type and everything that comes up on your screen. If you don't understand the error, at least capture the screen. To do that, hold down the shift key and press the key labeled "Print Screen" or "PrtSc". That will put the screen into short-term storage called the clipboard. Then open an e-mail message, right click on the message body and select "paste". Now you can print it or send it to tech support for further analysis.

October 25, 2009
A password should be used by only one person.
Passwords are like bubble gum; they are much better when used by only one person. If you share your computer with others, each person should have a unique account, username, and password. Don't allow another user to know or use your password, and don't ask another user if you can use theirs. When it's your turn to use the computer, log the last user off, and log on using your own username and password. When you take a break, don't leave your computer open. Log off or lock it. And remember: Passwords shorter then 8 characters are easy to crack; avoid common words and proper names; and use both uppercase and lowercase letters, numbers, and symbols.

October 24, 2009
Protect your home wireless networks
No matter how friendly you are, you wouldn't let your neighbor read your bank statements and private letters. If you have a wireless network in your house and don't protect it, you could be doing just that. As they come "out of the box", most wireless networks let anyone in range connect to them and that could also let them see your PC and your email. It is worth taking a few extra minutes when setting them up to enable the encryption settings. Briefly, if you don't understand the jargon, WPA is better than WEP.

October 23, 2009
Don't tell ANYONE your password
One way someone could learn your password is to phone you claiming to be from another part of your organization, maybe your IT or Audit teams, and say they need your account details to let them investigate problem. This should never be necessary. Good systems are set up so that nobody but you will ever know your password and authorized IT workers have their own accounts giving them access to what they need.

October 22, 2009
Turn off the message preview pane in Outlook or Outlook Express
If the message preview pane is enabled, the messages in your inbox are automatically "opened" as you scroll through them. While this is convenient, it also poses a potential security risk. If you disable the preview pane, you can delete any email that looks suspicious BEFORE it's opened and avoid a possible virus infection.