|English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)
is national cyber security month and offers an ideal opportunity for online
security professionals to reach out to help educate their community. This is the month when security-wise people
help their friends, family and colleagues in taking proper steps to be safe online.
are more receptive to learn how to be cyber safe after incidents such as Wired
magazine’seditor, Matt Honan, had his online life hacked. Honan said his life was ‘digitally destroyed’. He lost a year’s worth of
photos, as well as documents and email that he hadn’t stored anywhere else.
A recent LinkedIn article by Daniel Solove talks about the
real weak link in security: people.
“According to a stat
in SC Magazine, 90% of malware requires a human interaction
to infect. One of the biggest data security threats isn’t technical –
it’s the human factor. People click when they shouldn’t click, put data
on portable devices when they shouldn’t, email sensitive information, and
engage in a host of risky behaviors. A lot of hacking doesn’t involve
technical wizardry but is essentially con artistry. I’m a fan of the
ex-hacker Kevin Mitnick’s books where he relates some of his clever
tricks. He didn’t need to hack in order to get access to a computer
system – he could trick people into readily telling him their passwords.”
help with mitigating the human error through security education, we’ve created a blog series that
will offer best practices on how to be cyber safe.
we look at best practices for email and twitter links.
real life examples include links sent through Twitter as direct messages
containing a fake Facebook update that infected the user’s device. The direct message suggested that someone
had posted or tagged the receiver in a Facebook video. Those who clicked on the
link had their computer infected with malware.”
recently in the news was an email that contained ‘here you have’ in the subject
line. The body of the email would typically read
as “This is The Document I told you about, you can find it Here” or “This is
The Free Download Sex Movies, you can find it Here.” Those who clicked on the link in the email message found they had downloaded and launched
a program that spams the same Trojan Horse out to everyone in their address book,
flooding and crippling e-mail servers.
you click on that link in your email or Twitter direct message?
Answer “yes” or “no” to each of the following.
If there’s even one question where you answer “no”, then don’t click on the link. As the
saying goes, ‘When in doubt don’t click.’
you recognize the email address of who sent the email?
the subject line and content of the message written in the same style that your
friend, family, acquaintance or the corporation usually communicates?
the email contain a link with no text introducing the link?
the spelling correct?
the email sent at the usual time that is typical of the sender?
If you are still curious about an email or link you can search text from the
suspicious email or link to see if it comes up as a malware. But as said if you
have any hesitations don’t click on link – it’s just not worth the risk.
Our next blog will look at tips for searching safely on