Transcript
Common Computer Security Definitions Virus - A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. Even a simple virus can be dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Malware - Short for malicious software, malware refers to software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse. Spyware - Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, most apps do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Firewall - A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Phishing - The act of calling or sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The phishing source directs the user to provide or update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.
Computer Security Recommendations Use Security Software - A security software suite that includes antivirus, spyware, malware, firewall, and spam protection is ideal. Popular options include Norton, McAfee. Microsoft Security Essentials and Windows Defender are free with Windows. Ensure all are updated each time you start your computer. Maintain current software and updates - Make sure you have the latest updates to your operating system software. This is easily automated. Secunia PSI is good for identifying most other software updates and patches needed. Use secure browsers - Use only the latest version. Internet Explorer is most vulnerable. Google Chrome, Mozilla Firefox are better, faster, more secure alternatives. Safari is great for Mac users. Don't click on pop-up windows that tell your computer is infected with a virus - This is known as scareware. Antivirus software doesn't work this way. These pop-ups install malware onto your computer. It can be a scam that requires you to pay money to have the software removed by the software originator. Use Strong Passwords - Contain alpha and numeric characters, upper and lower case, at least one special character ($@#&!), and at least 8 characters long (the longer the better). Never share your password with
anyone. Legitimate vendors and services will not request them. Don't use the same password for multiple sites/services. Do not open unknown or suspicious e-mail - Consider the source of the e-mail, scrutinize links and attachments carefully. When in doubt simply delete the e-mail, even when you know the sender. Log out of or lock your computer when stepping away - Use password-protected screensaver. Treat sensitive data very carefully - When creating files, don't name them with identifying words like SSN, password, identification, etc. Frequently back up important documents and data - Lots of options online (Carbonite, Dropbox) and off-line (Windows backup, external hard drive, etc.) Restrict remote access - Disable or significantly limit file and print sharing. This is done by default in Windows Vista forward. Avoid or be extremely careful using peer to peer (P2P) networks like BitTorrent. Delete data securely - Consider using programs like Erase (Windows) or Permanent Erase (Mac) and Diskwipe to thoroughly and securely remove deleted files and folders from your hard drive. Use physical security - Lock up your laptop and mobile devices when not in use. Don't use public WiFi without using a VPN (secure) connection
Mobile Device Security Recommendations Label your device with your name and a phone number where you can be reached to make it easy to return to you if it is lost, even if the battery is dead. Configure a passcode to gain access to and use the device. This helps prevent unauthorized individuals from gaining access to your data. Don’t use easy to guess codes like 0000, 1234, or last 4 digits of SSN. Set an idle timeout that will automatically lock the phone when not in use. This also helps prevent unauthorized individuals from gaining access to your data. Keep all software up to date, including the operating system and installed "Apps". This helps protect the device from attack and compromise. Do not "jailbreak" or "root" your device. "Jailbreaking" and "rooting" removes the manufacturer's protection against malware. Obtain your apps only from trusted sources such as the Apple iTunes Store, Google Play, or the Amazon App Store for Android. This helps you avoid malware which is often distributed via illicit channels. Enroll your device in a managed environment. This helps you configure and maintain your security and privacy settings. Enroll your device in Find My iPhone or an equivalent service. This will help you locate your device should it be lost or stolen.
If your device supports it, ensure that it encrypts its storage with hardware encryption. In conjunction with a management service or "Find My iPhone," this can allow data to be removed quickly in the event that the device is lost or stolen.
Secure Your Wireless Router A wireless network means connecting an Internet access point – such as a cable or DSL modem – to a wireless router. Going wireless is a convenient way to allow multiple devices to connect to the Internet from different areas of your home. However, unless you secure your router, you’re vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cybercrimes. Here are ways to secure your wireless router: Change the name of your router: The default ID - called a service set identifier” (SSID) or “extended service set identifier” (ESSID ) – is assigned by the manufacturer. Change your router to a name that is unique to you and won’t be easily guessed by others. Change the pre-set password on your router: When creating a new password, make sure it is long and strong, using a mix of numbers, letters and symbols. Review security options: When choosing your router’s level of security, opt for WPA2, if available, or WPA. They are more secure than the WEP option. Create a guest password: Some routers allow for guests to use the network via a separate password. If you have many visitors to your home, it’s a good idea to set up a guest network. Use a firewall: Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for attempts to access your system and blocking communications with sources you don't permit. Your operating system and/or security software likely comes with a pre-installed firewall, but make sure you turn on these features.
Protecting Your Privacy Tips to safely enjoy social networking: Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way. Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online. Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness, and mastery of the environment.
Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking. Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know trust) more synched up with your daily life. Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences. Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.
Other Privacy Recommendations Email best practices - use more than one email account, each for specific needs, i.e. work, shopping, social networking, etc. Compose emails with privacy in mind. Use Bcc instead of To or Cc for multiple recipients. Don’t include personal indentity data. Monitor your credit report – look for errors and fraud. You have the right to one free credit report per year from each of the three credit bureaus: Equifax, Experian, and TransUnion. Order one report every four months so that you can monitor your credit reports on an ongoing basis. Reduce unwanted telemarketing phone calls. Register with the National Do Not Call Registry. If you receive a call from a company with which you do business, ask to be placed on its internal "Do Not Call List." Don't use a debit card. Debit cards offer less legal protection than credit cards in the event of fraudulent purchases. A lost, stolen, or otherwise compromised debit card can result in your bank account being wiped out by a thief, without using your PIN number. Use a credit card instead and ask your bank to replace your debit card with an "ATM only" card. Reduce your junk mail. Remove yourself from as many national mailing lists as possible by registering for the Direct Marketing Association's Mail Preference Service. You must renew your registration after three years. Learn more by reading PRC's Fact Sheet 4. Use 2-factor authentication whenever possible. If your email service and financial institutions offer it, enable 2factor authentication. This is a security process that requires you to enter a new, unique passcode every time you try to log into the site -- and that code comes from your phone. So unless a cybercriminal has access to your phone, they can't log in, even with your ordinary password.
Helpful Privacy Protection Website Services/Tools Hotspot Shield VPN http://www.hotspotshield.com/lp/free_vpn_wm5/ Disposable, Temporary Virtual Phone Numbers - Private, Anonymous Telephone Services http://www.tossabledigits.com/ Mailinator - Let Them Eat Spam! http://www.mailinator.com/ Search DuckDuckGo - Anonymous Alternative to Google.com https://duckduckgo.com/ Eraser (Windows) http://eraser.heidi.ie/download.php Permanent Eraser (Macs) http://www.edenwaith.com/products/permanent%20eraser/ Disk Wipe (Windows) http://www.diskwipe.org/
