Currently Browsing: Security

Protect Yourself On-Line by Not Being an Idiot

The Internets are a nasty, foul, disorganized place full of people and systems designed to steal what you have and who you are.  Whenever you are about to do something on-line ask yourself if an idiot would do that thing.  If the answer is yes, do not do that thing.

Every time you lower your defenses you become an easier and easier target.  Never forget that your common sense if one of your best defenses.  Do not suspend your skepticism and common sense when you open up a web browser or read your email. Instead, keep these things in mind:

1. Do not be an idiot.

You are a target, and don’t ever forget that fact.

Just because you can’t write or read HTML, or can’t describe a packet of data doesn’t mean you don’t know enough to protect yourself.  Not to be cruel, but spammers, phishers and scam artists thrive on naive and unguarded users and their behaviors.  A Google search for “Nigerian Prince” brings you this 2002 post on the InformIT blog about the notorious phishing scam where someone posing as a Nigerian Prince asks users to divulge their personal and banking information.  Why do spammers keep sending these spam emails long after the Nigerian Prince’s pleas have become a punch-line?  Simple: Because people keep falling for it.  We call these people idiots.

Ask yourself – do you know a Nigerian Prince?  How about anyone at all from Nigeria?  Do you have the phone numbers of any Princes in your mobile phone?  No.  You don’t.  You also don’t know 97% of the people who send you email, and you likely know none of the senders of emails found in the junk or spam folder of your email inbox.  If you don’t know the email sender’s name on sight, don’t open the email.  If a random box pops up on your machine asking you to enter your credit card number or allow a download you did not request, don’t allow it.

2. Use strong passwords, not ‘password123’ and use fake answers for security questions

A password is intended to restrict access to a given resource, such as your personal or work computer or a password-protected web site.  To keep out everyone who is not you.  How secure are those systems if you select passwords which are easy to remember and easy to crack?

Create random passwords which are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.  So, like this:

Bad: password123

Good: c4APa96qu

Good passwords are more difficult to remember.  That’s the point.  One would also do well to change their password every few months or so, and avoid using the same password across the board.  Your bank account login should be different from your email login, which should be different from your Amazon.com login.

Also, when establishing answers to security questions, be careful not to use real information.  Don’t enter your mother’s real maiden name.  Use names and answers to security questions which are not connected to your identity.

3. Keep protection systems current and use them regularly

The protections systems around you include the security suite on your home network as well as everything around it – including your telephone, mailbox and garbage cans.  Here’s a quick rundown of the big things to be aware of in your home.

Bills and other personal documents: Shred what you do not need to save.  Store what you need to save in a private, preferably locked location.

Computer anti-virus and anti-spyware: Keep your subscriptions up to date, and utilize them. Run scans on your machine; keep your software firewall running.  We are often asked which security suite is the best, and we usually give the same boring answer.  Using a free tool the right way is better than using an expensive tool the wrong way.  If you are going to purchase a system, we recommend checking out these reviews first:

PC World: The Best Security Suites for 2009

CNet’s Internet Security and Firewall Reviews

Wi-Fi: Always, always, always have your wireless internet connection encrypted and not open to the public.  This involves usage of an encryption key which is required Each wireless router has a factory default username and password, and will say so in the manual.  Follow the instructions, or seek advice on how to change these credentials.

When discussing the topic of personal security online, I’m reminded of early childhood expert Dr. Benjamin Spock’s advice to new parents.  In the preface of his long, detailed book on caring for young children, he implored parents to trust themselves.  He tells them they know more than they think they do.  The same advice hold true when protecting yourself online.  If something doesn’t make sense to you, don’t risk your personal data to avoid feeling dumb.  You may feel dumb erasing the email which appears to be from your old schoolmate, but not as dumb as if you handed over your wallet and keys to a crook.  When you give in to on-line predators, that is excatly what you are doing.  Stay safe; don’t be an idiot.

More technology security tips today on Talk1300 and Talk1300.com

Protecting yourself online takes a mix of common sense and the right tools.  Here are a few.

WSG uses Mozy Pro for off-site backup over the web.

Lifehacker helps you protect your data and again here

Secure Password Generator

Another way to look at making your own passwords

eWeek – Los Alamos lab missing almost 100 computers

Top 9 IT security threats for 2009

Net-Security.org’s Top 9 IT security threats for 2009

ReadWriteWeb.com’s look at emerging threats

MarketWatch.com tells us how to dodge the threat bullet

More Knocks Against Chrome

Mixed Reviews on Google Chrome; It has Some Holes

I’ve been using Google’s new browser, Chrome, and so have a lot of other people, most much smarter than me.  Security Focus puts the question of Chrome and browser security into focus.  Funnier is being able to get Google to tell you about its own problems.  Here’s the SERP for “google chrome has holes.”

CIA: Power Grid Subject to Hacker Attacks

PCWorld reports a CIA analyst as revealing that hacker attacks on the power grids of multiple American cities have caused at least one outage. Read the full article here.

Businesses and organizations can make sure they are prepared for web-based attacks and threats by conferring with their network support provider – if it’s not us, it should be – and making sure employees are aware of how hackers and naer-do-wells attempt to infiltrate closed networks.  Vulnerabilities can stem from global problems like unsecured wireless signals, or desktop level issues such as keeping a password on a Post-It Note stuck to one’s monitor.

It is also advisable to have your network support partner perform an assessment of your backup power supplies.  In our offices, we have opted for a fair level of redundancy.  The building has a diesel generator to cover us during outages as well as combination units from APC which provide both battery backup and surge protection at each desk.

Page 3 of 3123