Good Security Habits
Security Tip by Department of Homeland Security
How can you minimize the access other people have to your information?
You may be able to easily identify people who could, legitimately or not, gain physical access to your computer — family members, roommates, co-workers, members of a cleaning crew, and maybe others. Identifying the people who could gain remote access to your computer becomes much more difficult. As long as you have a computer and connect it to a network, you are vulnerable to someone or something else accessing or corrupting your information; however, you can develop habits that make it more difficult.
Lock your computer when you are away from it.
Even if you only step away from your computer for a few minutes, it’s enough time for someone else to destroy or corrupt your information. Locking your computer prevents another person from being able to simply sit down at your computer and access all of your information.
Disconnect your computer from the Internet when you aren’t using it.
The development of technologies such as DSL and cable modems have made it possible for users to be online all the time, but this convenience comes with risks. The likelihood that attackers or viruses scanning the network for available computers will target your computer becomes much higher if your computer is always connected. Depending on what method you use to connect to the Internet, disconnecting may mean disabling a wireless connection, turning off your computer or modem, or disconnecting cables. When you are connected, make sure that you have a firewall enabled (see Understanding Firewalls for more information).
Evaluate your security settings.
Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of the software, or if you hear of something that might affect your settings, reevaluate your settings to make sure they are still appropriate.
What other steps can you take?
Sometimes the threats to your information aren’t from other people but from natural or technological causes. Although there is no way to control or prevent these problems, you can prepare for them and try to minimize the damage.
- Protect your computer against power surges and brief outages.
Aside from providing outlets to plug in your computer and all of its peripherals, some power strips protect your computer against power surges. Many power strips now advertise compensation if they do not effectively protect your computer. Power strips alone will not protect you from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources.
- Back up all of your data.
Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. You have probably already experienced this at least once — losing one or more files due to an accident, a virus or worm, a natural event, or a problem with your equipment. Regularly backing up your data reduces the stress and other negative consequences that result from losing important information. Determining how often to back up your data is a personal decision. If you are constantly adding or changing data, you may find weekly backups to be the best alternative; if your content rarely changes, you may decide that your backups do not need to be as frequent.
Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top tips for home users.
Authors: Mindi McDowell and Allen Householder
Backups are an important part of your computer or mobile devices maintenance. It is just as important, if not more, than patches and software upgrades. When it comes to backing up data (pictures documents, spreadsheets, banking software, etc), there can be a lot of varying opinions on how often you should backup your computer or mobile device. The most important thing is to have a backup before a potential data loss disaster happens. Without a backup, there is little to no chance of recovering the data. These days, most operating systems and mobile devices support automatic backups. Chances are good yours does, so set it up.
Sometimes, no matter how careful you are, your computer or mobile device could become compromised by a malicious virus, you have a corrupt hard-drive that crashes, or it slips out of your hand and shatters on the floor. Whatever way it happens, you may need to do a restore or recovery to get that device and your information back in working order.
Can you answer these questions?
- Have you backed up your computer or mobile device? If yes, good for you.
- Do you remember when?
- Do you know where it is located?
- Is it on a thumb drive, external hard-drive, network drive, the cloud?
- Do you know how to restore the backup to your computer if necessary?
In the Age of Information, data is important, so make sure you do not lose yours.
USB drives, Jump Drives, Thumb Drives, whatever you call them, are small, readily available, inexpensive, and extremely portable. They are very popular for storing and transporting files which also makes them appealing to attackers too.
Attackers can use your USB drive to infect other computers with malicious code, or malware, which can detect when a USB drive is plugged into a computer. The malware will download malicious code onto the USB drive and when the USB drive is plugged into another computer, the malware infects that computer.
Since USB Drives are usually small in physical size, one of the biggest security risks are they are easily lost or stolen. The loss of a USB drive can mean hours of lost work and the potential that the information cannot be replicated. And if the information on the drive is not encrypted, anyone who has the USB drive can access all of the data on it.
Protecting your data
Here are some steps you can take to protect the data on your USB drive and on any computer that you might plug the drive into:
- Use the security features – Use passwords and encryption on your USB drive to protect your data, and make sure that you have the information backed up in case your drive is lost.
- Keep personal and business USB drives separate – Do not use personal USB drives on computers owned by your organization, and do not plug USB drives containing corporate information into your personal computer.
- Use and maintain security software – Use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current.
- Keep all software up to date – Keep the software on your computer up to date by applying any necessary patches.
- Do not plug an unknown USB drive into your compute r– If you find a USB drive, give it to the appropriate authorities (a location’s security personnel, your organization’s IT department, etc.). Do not plug it into your computer to view the contents or to try to identify the owner.
- Disable Autorun – The Autorun feature causes removable media and USB drives to open automatically when they are inserted into a drive. By disabling Autorun, you can prevent malicious code on an infected USB drive from opening automatically.
Sec – UR- ity…You are at the center.
If you are replacing a printer or returning it to a leasing agency, you will want to check on the internal storage first. If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. Prevent a breach by ensuring you erase or destroy the data or by removing the device’s hard disk, before you throw out or replace the printer, to prevent someone from recovering the saved documents.
Check your printer’s documentation or speak to its manufacturer to determine whether it has a drive–and if it does, learn how to erase the data. If you can easily remove the drive, you may be able to connect it to a PC and erase the data.
Everyone likes the sound of Free, but when it comes to software you may get more than you paid for when you download and install it. Free software is notoriously susceptible to viruses and other malware. If you do need to download free software, it is a very good idea to consult with your IT department regarding first. Always scan any software you download for viruses, regardless of source, and be cautious during the install process. A free software program may ask you to install other software programs that you don’t need.
Your Voicemail should be afforded the same level of protection as your e-mail account. Voicemail has the possibility of containing sensitive or confidential information and should be protected by a password.
It is a good practice to delete old voicemails you no longer need to reduce the risk of compromising sensitive or confidential information. This is especially true for mobile devices which have a greater potential of getting lost or stolen.
Protect personal information. The identity saved could be your own.
Identity Theft is a growing problem in the United States and the World because more and more people are using the Internet to manage their personal lives. With everything from diet and fitness sites to online banking, people are connecting to the Internet and providing these sites with a lot of personal identifiable information. There is absolutely nothing wrong with using these sites as long as the individuals are aware of the risks and guard against them. They need to use good strong passwords, ensure their device(s) are patched with the most recent software patches and Anti-virus software available, and are aware of the risks of using public Wi-Fi connections. Unfortunately, not everyone does.
In 2014, Identity Theft was the #1 Consumer Complaint which is no surprise since it is estimated that an Identity Fraud incident occurs every 2 seconds.
So, chances are Identity Theft or Fraud will happen to you or someone you know. If it does, do you know what you need to do or where to go to protect yourself or your friend from further damage?
The Federal Trade Commission has the website www.IdentityTheft.gov which should be your first stop. It will help walk you through the steps necessary to recover from the theft of your identity.
There are other great websites to help you and your children understand and prevent possible issues when using the Internet.
Here are a couple of them:
Check out the website, get some ideas, then make it a point to incorporate these internet security practices in your personal, home, and work lives.
All Operating Systems Can Be Affected By Viruses and Malware. Take Steps to Protect Your System. Many believe that Mac computers are immune to viruses and malware, but this is not true. Any operating system, and even mobile devices such as smartphones and tablets, can acquire viruses and malware. To protect your system, ensure that you have an updated security system/anti-virus software running at all times, scan anything you add to your computer, apply software patches, and avoid opening programs and links that seem suspicious or aren’t from someone you trust.
Because we care, we’re security aware.
Paper Documents Also Have to Be Protected Too
It seems that almost everything today is online or is in the process of becoming accessible online so it only makes sense that most of our focus is on securing the network and creating strong passwords. We needed also to keep in mind that digital data is not the only thing that needs to be protected. Paper documents also need to be protected. When disposing of any confidential documents, make sure they are shredded first or disposed of in bins for shredding. Also, be sure to lock up any sensitive documents before you go home at the end of the day.
Leave a clear desk while you are away and at the end of each day
Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. It is so important you use common sense and be wary of any messages that seem odd or suspicious.
Think before your click!
Security Technology Cannot Stop All Attacks.
Technology alone cannot protect you from the bad guys. They are constantly developing new ways to get past firewalls, anti-virus and filters. Whether you are surfing the Internet or reading e-mails, you are the best defense against any attacker. Sometimes the best defense is a good offense, so change your passwords, backup your data, and keep your software patched.
Do your Part…Be Security Smart!
Cyberbullying is the practice of using technology to harass or bully someone else. Just like regular bullying, cyberbullying can range from cruel rumors to threats, harassment, or even stalking and can quickly escalate because of the use of technology.
Below are some good tips from the United States Computer Emergency Readiness Team (US-CERT) to help protect you and your children/students:
- Teach your children good online habits – Explain the risks of technology and teach children how to be responsible online. Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.).
- Keep lines of communication open – Regularly talk to your children about their online activities so that they feel comfortable telling you if they are being victimized.
- Watch for warning signs – If you notice changes in your child’s behavior, try to identify the cause as soon as possible. If cyberbullying is involved, acting early can limit the damage.
- Limit availability of personal information – Limiting the number of people who have access to contact information or details about interests, habits, or employment reduces exposure to bullies that you or your child do not know. This may limit the risk of becoming a victim and may make it easier to identify the bully if you or your child are victimized.
- Avoid escalating the situation – Responding with hostility is likely to provoke a bully and escalate the situation. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. Other options include subtle actions. For example, you may be able to block the messages on social networking sites or stop unwanted emails by changing the email address. If you continue to get messages at the new email address, you may have a stronger case for legal action.
- Document the activity – Keep a record of any online activity (emails, web pages, instant messages, etc.), including relevant dates and times. In addition to archiving an electronic version, consider printing a copy.
- Report cyberbullying to the appropriate authorities– If you or your child are being harassed or threatened, report the activity. Many schools have instituted bullying programs, so school officials may have established policies for dealing with activity that involves students. If necessary, contact your local law enforcement. Law enforcement agencies have different policies, but your local police department or FBI branch are good starting points. Unfortunately, there is a distinction between free speech and punishable offenses, but the legal implications should be decided by the law enforcement officials and the prosecutors.
Although, more common amongst teenagers and young adults, cyberbullying can affect any age group.
Because we care, be security aware!
Security for Kids
A security thought for kids at home and in the classroom. One of the most effective methods you can use to protect kids online is to talk to them. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues and discuss the possible results of not making safe decisions online. If you don’t know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Quite often, kids love the idea of being the teacher and will open up.
Think before you click!
Educating Kids on Cyber Safety
The Internet is a real part of the everyday life of kids. Social media and online gaming are big parts of their online activity and with the advances in technology, schools are now requiring homework be completed and submitted online. Kids are literally growing up “connected.” With so much of a child’s life revolving around connection to the Internet, it is important we teach them how to navigate it safely.
The number one way to make sure kids are safe when using the Internet is to engage them in face to face conversation. Know what your kids are doing online and educate them about today’s risks and what they should do to protect themselves. Help them understand:
- the dangers of identity theft, malware, and virus’
- the Internet does not have a delete or undo button to remove pictures, videos, or comments
- the people on social media and game sites are not always who they say they are or nice
- the Internet is a good tool and resource when used properly
In addition to talking to them, make sure they are talking to you about it too.
Be aware…teach your kids to connect with care!
Gone are the days when all the computers we use stay at school or the office; this is especially true with the 1:1 initiative in schools with the students taking the devices home to finish their homework. So, it is important for everyone to understand the Acceptable Use Policy still applies even when you are at home or away from the school environment. We need to make sure we follow all policies even when working remotely.
Acceptable use policies are designed to be used regardless of where you work. Whether you are working from home or on a trip, you should still be following acceptable use policies to protect both yourself and the school or organization.
Basic Online Safety
Here are some Golden Rules for being Safe Online:
- Don’t give out personal information such as your address or phone number
- Don’t send pictures of yourself to anyone, especially inappropriate or indecent pictures
- Never agree to meet someone in person whom you have met online
- Don’t become online “friends” with people you really don’t know
- Don’t open emails or attachments from people you don’t know
- If you see or read something online that worries you, tell someone/inform your parents about it immediately.
- Only post online what you are comfortable with other people seeing.
Remember these when you are online and be a good Digital Citizen.
Don’t Fall for Ransomware
Scammers keep developing new tricks to try to snag money from users; the newer forms of tricks involve the use of ransomware. The scammers will infect vulnerable machines through the use of a computer virus, which will lock your computer and files and demand a payment for its release. These forms of viruses will also try to coerce users into paying a false fine by mimicking local police or security services. Follow these steps to help stop those scammers!
- Identify the Scam. No legitimate law enforcement agency will inform users of illicit activities through a pop-up window and demand a payment over the Internet. Regularly back up your computer. This will give you the ability restore your computer without losing all your valuable information.
- Use anti-virus tools or bring your computer to a computer specialist to remove the virus.
- Do not make any payments. There’s no guarantee that the cyber criminals will actually unlock your computer.
- Report the complaint to the Internet Crime Complaint Center (IC3).
For more information, please visit:
Having a standard naming convention on your network and an up-to-date hardware inventory are two very useful tools in managing the security of your network.
With an established naming convention, a scan of your network can quickly reveal any devices that do not belong on your network. In addition to security, standard naming conventions will easily identify if the device is a workstation, printer, server, iPad, or a wireless access point. This can be helpful in troubleshooting or creating group policies.
An up-to-date hardware inventory can help with life-cycle management of the devices on your network and maintain accountability of who is currently assigned that device. Devices too old to support upgrades and security patches should be identified as the first ones replaced. Knowing who has the devices will help with getting the devices turned in for replacement.
Staying current on upgrades and patches will reduce your security risks on your network.
This is a SANs Org Tip
CEO Fraud is a type of targeted attack. It commonly involves a cyber criminally pretending to be your boss, then tricking or fooling you into sending the criminal highly sensitive information or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures.
Cyber Secure at Work
FIVE WAYS TO BE CYBER SECURE AT WORK
Businesses face significant financial loss when a cyber-attack occurs. Cybercriminals often rely on human error – from employees failing to install software patches to clicking on malicious links – to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of every employee to keep data, customers, and capital safe and secure.
Follow these simple tips from the Stop.Think.Connect.™ Campaign to help foster a culture of cybersecurity in your organization.
- When in doubt, throw it out. Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it’s best to delete it.
- Back it up. Make electronic and physical back-ups or copies of all your important work. Data can be lost in many ways including computer malfunctions, malware, theft, viruses, and accidental deletion.
- Guard your devices. In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.
- Secure your accounts. Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. When available, turn on stronger authentication for an added layer of security, beyond the password.
- Report anything suspicious. If you experience any unusual problems with your computer or device, report it to your IT Department.
If You Are a Victim of Identity Theft
Report any identity theft immediately by following these steps:
- Contact the three major credit bureaus and have them place a fraud alert on your credit report.
- If a credit card was involved, contact the credit card company and have a new credit card with a new number issued.
- Contact your local law enforcement agency and file a report.
- File a complaint with the Federal Trade Commission.
- Document all conversations so you know whom you spoke to and when
What is Malware?
SANS Tip of the Day
Malware is software—a computer program—used to perform malicious actions. In fact, the term malware is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them or gain access to what they contain. Once installed, these attackers can use malware to spy on your online activities, steal your passwords and files, or use your system to attack others.
Care to be Security Aware!