Cyber Security Made Easy – Part 5

EP goes mobile - check it out!
National
Cyber Security Awareness month is coming to a close. We’ve already touched on
best practices for email and Twitter direct message links, search engine
searches, WiFi, and passwords.  For our
send off of the month, we offer the following final tips: 
  1.       Update
    your antivirus and all other programs (Microsoft, Adobe, Java, etc.) when you
    receive update notifications. (Double check with the software directly that it
    requires an update as rogue pop ups can mislead you into downloading unwanted
    software.)
  2.       Use
    well formed passwords on your computer, laptop, smart phone, and tablet. Not
    only will this help you avoid being hacked by some cyber-criminal but it can
    also save you from family or friends tweeting or posting how much you love Rick
    Astley. (Don’t ask.)
  3.       Backup
    your data on a regular basis. This can be with an external hard drive or a
    cloud data storage plan. Don’t wait until it’s too late because we WILL say “I
    told you so.”
  4. Angry Birds Space - 082/366
    Angry Birds Space – 082/366 (Photo credit: Frikjan)
  5.    Be
    thoughtful when adding new apps; don’t add unnecessary apps to your phone.  Is it a known trusted source for an app?
    Don’t forget that apps even from trusted sources are used to collect data from
    your laptop, smart phone, and tablet. A recent article in New York Times’ discusses how this is legally still a grey area. Applications that seem so handy and innocent such as  Angry Birds or the one that turns your phone
    into a flashlight, are also collecting personal information, usually the user’s
    location and sex and the unique identification number of the smartphone. What
    is even more unsettling is that “in some cases, they cull information from
    contact lists and pictures from photo libraries.” So think twice before
    downloading that app.

Closing
our series so close to Halloween it seems fitting to mention a scary statistic:
In a recent survey by AT&T and the Polytechnic Institute of New York University, 83% of small businesses allow employees to use personal devices for
work. 
We hope we’ve contributed to your
awareness of security this all important month. Be sure to use what you’ve
learned here all year-round. Be safe out there. The Internet is a spooky place. Why not check out our complimentary Nemesis trial?  

Enhanced by Zemanta

Cyber Security Made Easy – Part 4

English: A Master padlock with "r00t"...The topic of creating great passwords has been visited many
times by many people, yet it remains relevant and important because common
passwords are still too common. As educators often feel the pain of knowledge
falling on deaf ears, we beat this horse once again in hopes that one or two
new pupils may take heed.
Make better passwords!
When creating your list of passwords one tip is to ensure
your password does not rank as one of the world’s most popular passwords such as “Jesus,” “Ninja” and “Qwerty.” 
You can also visit our previous blog that covers the basics
on making passwords more effective. Let’s say that your email password is
“whiskers”, the name of your no doubt lovable cat.  You can easily keep
the familiarity of the password while increasing its effectiveness as a
password.

Old password:  whiskersNew password:  I have loved Whiskers since
2004!

Easy to remember, and vastly more secure than
the original password.  If you can’t use spaces, simply remove them.

English: Sprinkles, chocolate syrup and whippe...
Whenever possible, use words and terms which
can’t be found in a dictionary.  This sounds harder than it is.  You
can use altered spelling, nicknames, and clues instead of the actual term.
Old password: I love icecream
New password: !love1c3cr3am
You can also visit trusted 
opinion leaders such as the Canadian site Get Cyber Safe that
highlights:
  • ·      Don’t stay logged into a site but login each
    time you visit the site
  • ·      Clear browsing history or cache after online
    banking and shopping
  • ·      Avoid using a single dictionary word

Or the American site Stop.Think.Connect. that includes:
  • ·     Keep a separate password for each account
  • ·     Make passwords long and strong including
    capital, lowercase, numbers and symbols
  • ·     Limit how and who has access to what you post by
    using privacy settings on websites and set to your level of comfort

Our next blog will cover a list of resources. 

Enhanced by Zemanta

Cyber Security Made Easy – Part 3

NEW YORK, NY - JULY 11:  A free Wi-Fi hotspot ...
NEW YORK, NY – JULY 11: A free Wi-Fi hotspot beams broadband internet from atop a public phone booth on July 11, 2012 in Manhattan, New York City. New York City launched a pilot program Wednesday to provide free public Wi-Fi at public phone booths around the five boroughs. The first ten booths were lit up with Wi-Fi routers attached to the top of existing phone booths, with six booths in Manhattan, two in Brooklyn, and one in Queens. Additional locations, including ones in the Bronx and Staten Island, are to be added soon. (Image credit: Getty Images via @daylife)

With all the talk of cyber
security in the news it is common knowledge that the Internet is not a secure
channel for exchanging information.  Most
people keep this in mind with making their home network secure. Public WiFi
is another story. To see exactly how easy it is to be hacked using
public WiFi, watch the W5 interview. Part one looks at how
easy it is to view someone else’s laptop and part two looks at how easy it is
to access someone’s password for personal banking. 
It is advised when using
public WiFi to avoid logging into areas of the Internet where you may have
sensitive data, such as online banking. As a rule of thumb, when on public
WiFi, pretend everything you are doing is on a giant screen for everyone to
view and all passwords are visible. If you must get on the Internet, when no
familiar and secure network is available, try using your smart phone as a
wireless hotspot instead.
Note: In order to be able to
do this you need to have a data plan that is large enough to support this
option.
Here are the steps for an
iPhone 4G
Step 1: Go to Settings
Step 2: Select Personal
Hotspot
Step 3: Select how you want
to make the connection through Bluetooth, WiFi, or USB.
Step 4: Create password.
Typically it will be 8 characters and you should use best practices including
lower and capital case letters, numbers and symbols.
Step 5: Choose the newly created hotspot from your other
device and key in the password created in the previous step.
In our next installment of
this series we look at best practices for passwords. 

Enhanced by Zemanta

Cyber Security Made Easy – Part 2

Image representing Google as depicted in Crunc...
Image via CrunchBase

There
is encouraging news on the horizon for those in the professional security
field. A recently published survey by NCSA and APWG confirms a shift in
attitude towards online security. Not only are people taking it seriously, but
they also view it as their personal responsibility and welcome the opportunity
to learn more. Below are a few key statistics from the survey.

  • 96
    percent of Americans feel a personal responsibility to be safer and more secure
    online.
  • 93
    percent believe their online actions can protect not only friends and family
    but also help to make the Web safer for everyone around the world.
  • 60
    percent believe that much of the online safety and security falls under their
    own personal control, and consistent with those feelings, 90 percent said they
    want to learn more about keeping safer on the Internet

Making
it easier to educate those 90 percent, here’s our overview on how to safely
search the Internet.

What
could possibly go wrong when searching online with a popular search engine? As
with everything if you do it absent-mindedly and click on the first item that
comes up you might end up with more than just the answer to your search, you
might end up with an infected computer.

You
should be able to answer yes to each of the questions below if not then don’t
click on the link.

  1. Is the text that shows up in the preview for the page grammatically correct?
  2. Is the domain a name that you recognize?
  3. Does the domain of the link end with a country tag that has a history of NOT being associated with malware?For
    the complete list of country abbreviations you can source on Wikipedia
  4. Does
    the domain name and the text describing the page seem logical? 
Warning:
don’t click on a link just because it piques your interest because it seems
such a random response to your search. 

Mark Twain
Cover of Mark Twain

Top tips from Google include:

  1. Simple one or two word searches give you the broadest results.
  2. Use common terms for example instead of my head hurts use headache.
  3. Use quotation marks around your search for an exact search. For example searching for “Samuel Clemmens” will not include results for Samuel Langhorne Clemens or Mark Twain.

The
best and easiest advice to give is limit your searching to trusted sites, not
search engines. If you always get your news from three places, go to those
places first when looking for news. If you usually rely on Wikipedia for your
facts, go to Wikipedia and search there. Find some safe zones that you know and
trust and stick to them. It’s when you stray and explore that you can get lost.

Our next blog in this series we’ll look at using WiFi
Enhanced by Zemanta

Hidden security costs: Should Huawei and ZTE be singled out?

the R&D building of Huawei Technology in Shenz...
the R&D building of Huawei Technology in Shenzhen, China. (Photo credit: Wikipedia)

We all
like the price of Chinese goods but now it seems there might be a hidden cost. 

 After
a year-long study the U.S. House Select Committee on Intelligence has warned Americans not to do business with Huawei or  state owned ZTE. When asked by CBS 60 Minutes, if he would do business with Huawei Mike Rogers replied, “If
I were an American today, and I tell this to you as the Chairman of the House Permanent
Select Committee on Intelligence
, and you were looking at Huawei I would find
another vendor. If you care about your intellectual property, if you care about
your consumer’s privacy and you care about the national security of the United
States of America
.” 

Huawei’s
security issues were also in the news as recently as this past July at DEFCON 2012. Computerworld covers the discussion and lists the main concerns as: there
was no specific contact for security issues, no security advisory updates and there
was no update on bugs found and fixed. The researchers couldn’t comment on any
issues with the “big
boxes” like the Huawei NE series routers because they couldn’t
obtain them. The article ended with a hope that Huawei would follow the lead of American companies like Microsoft, Cisco and Apple that had listened to consumer
demand and improved their security. 

These
are significant concerns being expressed that need to be taken
seriously especially when it comes to infrastructure. While we can’t
prevent cyber-espionage, are we giving them the keys to the vault by bringing
them into our data centres? There shouldn’t be any question of trust or security.

With
these concerns in mind the Canadian government is building out and replacing
their data systems that were “contaminated beyond repair” by massive Chinesecyber-attacks in 2010. Among the list of companies that is being considered for
this multi-billion dollar project is Huawei.  

While
the equipment may not have malware or vulnerabilities built into it now, it does have this
potential through updates and patches.While the Chinese
government may have no role in either of these companies now, they may in the
future.

We all like the price
of Chiese goods. What we might not like is the potential security costs.

What do you think? Should Huawei and ZTE
be singled out? Should the government source only domestic equipment?  Have they crossed the line by going public
with this? Is this a case of the
government meddling in corporate affairs or do you think the issues that were
reported at DEFCON and by the committee provide enough justification?

Enhanced by Zemanta

Cyber Security Made Easy – Part 1

English: A candidate icon for Portal:Computer ...
English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

October
is national cyber security month and offers an ideal opportunity for online
security professionals to reach out to help educate their community.  This is the month when security-wise people
help their friends, family and colleagues in taking proper steps to be safe online.
People
are more receptive to learn how to be cyber safe after incidents such as Wired
magazine
seditor, Matt Honan, had his online life hacked. Honan said his life was ‘digitally destroyed’. He lost a year’s worth of
photos, as well as documents and email that he hadn’t stored anywhere else.

A recent LinkedIn article by Daniel Solove talks about the
real weak link in security: people.

“According to a stat
in SC Magazine, 90% of malware requires a human interaction
to infect.  One of the biggest data security threats isn’t technical –
it’s the human factor.  People click when they shouldn’t click, put data
on portable devices when they shouldn’t, email sensitive information, and
engage in a host of risky behaviors.  A lot of hacking doesn’t involve
technical wizardry but is essentially con artistry.  I’m a fan of the
ex-hacker Kevin Mitnick’s books where he relates some of his clever
tricks.  He didn’t need to hack in order to get access to a computer
system – he could trick people into readily telling him their passwords.”

To
help with mitigating the human error through security education, we’ve created a blog series that
will offer best practices on how to be cyber safe.

Today
we look at best practices for email and twitter links.
Recent
real life examples include links sent through Twitter as direct messages
containing a fake Facebook update that infected the user’s device. The direct message suggested that someone
had posted or tagged the receiver in a Facebook video. Those who clicked on the
link had their computer infected with malware.” 

Also
recently in the news was an email that contained ‘here you have’ in the subject
line. The body of the email would typically read
as “This is The Document I told you about, you can find it Here” or “This is
The Free Download Sex Movies, you can find it Here.” Those who clicked on the link in the email message found they had downloaded and launched
a program that spams the same Trojan Horse out to everyone in their address book,
flooding and crippling e-mail servers.

Should
you click on that link in your email or Twitter direct message?
 Answer “yes” or “no” to each of the following.
If there’s even one question where you answer “no”, then don’t click on the link. As the
saying goes, ‘When in doubt don’t click.’

  1. Do
    you recognize the email address of who sent the email?
  2. Is
    the subject line and content of the message written in the same style that your
    friend, family, acquaintance or the corporation usually communicates?
  3. Does
    the email contain a link with no text introducing the link?
  4. Is
    the spelling correct?
  5. Is
    the email sent at the usual time that is typical of the sender?

Tip:
If you are still curious about an email or link you can search text from the
suspicious email or link to see if it comes up as a malware. But as said if you
have any hesitations don’t click on link – it’s just not worth the risk.

Our next blog will look at tips for searching safely on
engine searches.

Enhanced by Zemanta