October is National Cyber Security Awareness Month

Cyber security is a concern and a necessity at all levels. Computers and networks operated by governments, businesses, academia and other associations and agencies have been prime targets of cyber attack, but the number and rate of attacks on privately owned personal computers and smart devices has become explosively endemic. While cyber security and safety is a responsibility of all computer and smart device users, the federal government along with a variety of private and public partners has promoted “National Cyber Security Awareness Month” (NCSAM) for many years. Traditionally, the president of the United States had inaugurated NCSAM with a presidential declaration calling on everyone to be aware of cyber security, and to take all appropriate precautions to secure their digital devices from attack. In October 2012, there will again be a national effort to encourage and promote cyber security.

This year, the lead federal agency promoting Cyber Security Awareness Month will be the Department of Homeland Security (DHS), which will be coordinating events and activities with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). According to the DHS, this joint operation, “ ... encourages Americans to ACT – Achieve Cybersecurity Together – reflecting the interconnectedness of the modern world and the responsibility of each of us in securing cyberspace.”

One might ask, “So what can I really do to help the cyber security effort?” The various agencies working together have come up with a list of actions and activities all computer and smart device users should implement. One of several behaviors encouraged by the alliance is to “Stop, Think, Connect” (stopthinkconnect.org). According to the alliance, all users should: “Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems. Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s. Connect: Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer. Protect yourself and help keep the Web a safer place for everyone.”There are several definitive steps that users can take to implement and improve the security of their digital devices. According to a Microsoft Web page devoted to the National Cyber Security Awareness Month, there are six major practices that we should all accomplish in order to improve our cyber safety and security. Microsoft’s first recommendation is to defend your computer by strengthening your computer’s defenses, and not to be tricked into downloading malicious software. While these first recommendations may seem to be common sense for most computer users, these recommendations are also some of the least implemented. In order to defend our computers and other devices from attack, we need to keep all software (especially Web browsers) up to date; install legitimate and comprehensive security software and keep it current with the latest updates (most security publishers now push hourly or continuous updates); use and never turn off the firewall; be sure to have a hard-to-guess password on your router (and my urging to implement the highest level of encryption available on your wireless access point or device); and to use USB and other flash memory devices cautiously, as they have become a major vector for passing malware between computers and other devices. Microsoft also warns, “Think before you open attachments or click links in an e-mail message, an instant message (IM), or on a social network, even if you know the sender.” Much of the spam and malware being disseminated appears to come from someone we know, as their computers, instant messaging account, address books, or e-mail accounts have been hijacked and used to spread malware and spam to others, under the guise that it is OK because it is from someone you know. Another component of this second recommendation is to never click on links or buttons that appear in pop-up windows.

Identity theft and related financial crimes has become a huge source of revenue for cyber crooks the world over, and Microsoft covers this in its second recommendation, “Protect Sensitive Information.” Microsoft warns users that before they enter any sensitive data on a Web site or online form, look for indications that the Web page is secure, such as the Web address beginning with “https” rather than “http,” and some indication from the browser that the connection is secure. Most browsers use a padlock (clearly open or closed) or some similar indication of a secure connection. Another common trick to steal personal information, such as usernames, passwords, banking and credit card information, and other personal information is commonly referred to as “phishing,” where identity thieves attempt to trick the user into disclosing personal information. Much of this phishing is by way of e-mails informing the user that their e-mail account will be locked unless they respond with their username and password; credit card companies, banks and other institutions asking for personal credit card or bank account information; offers of riches in exchange for helping some foreign official or widow to place investments in this country; foreign lottery winnings; and a variety of other scams. One of the latest common scams is known as “ransomware” where the user’s computer is locked, and a warning from the FBI or other law enforcement agency appears on the screen informing the user that unless he pays a “fine,” typically $200, his computer will remain locked, and he will be prosecuted for several felonies, including possessing child pornography.

Similar requests for personal information that can be abused often arrive in instant messages or social networking postings. Another common e-mail scam is a post apparently from a friend or relative that claims they lost their wallet, checkbook, passport, return airline tickets and credit cards while visiting a foreign country, and are stranded unable to return home. This recognizable friend or relative then asks you to make him a loan and wire a large sum of money to him such that he can get home. The problem is that this is a complete fraud, and that friend or relative overseas is a name stolen from a hijacked e-mail account or address book! Also be aware of phone calls claiming to be from Microsoft (or a recognizable computer security company) telling you that your computer is infected with a virus, and that either for free or for a fee charged to your credit card, they will remotely access your computer and clean it for you, “So please give us remote access to your computer.” Not only will they not clean your computer of malware, but they will likely plant malware on your computer as well as access and steal all of your personal data and information.

Third on Microsoft’s list of recommendations is to create strong passwords, and keep them secret. Passwords should be complex long phrases, consisting of upper case (capital) and lower case letters, along with numbers and symbols. These passwords should not be easy for other to guess like permutations of your name, address, phone number, kids names and birthdays; pets’ names; and other information that can be easily obtained through public or online resources. It is also necessary to utilize different passwords on different Web sites, such that if one Web site is compromised, it will not adversely impact your passwords and accounts on other Web sites. Microsoft emphasizes that it is especially important to use different complex passwords on Web sites that contain your financial information, such as banking, credit card and shopping Web sites.

No. 4 from Microsoft is “Take charge of your online safety and reputation. Discover what is on the Internet about you and periodically evaluate what you find.” What others say about you online in social networking services, blogs and even eBay user ratings can adversely impact your online reputation. It is important to both maintain a positive online reputation and correct erroneous postings about you, but be careful not to fall into someone’s trap and disclose too much personal information.

In its fifth security recommendation, Microsoft urges that users exercise care when using social networks such as Facebook and Twitter. All of the legitimate social networking services offer “settings” or “options” where users can set and manage their privacy and security settings. Users should control who can access their private information, what private information is available, and how others can search for your information. It might be appropriate to block other people from viewing your information. In addition to Microsoft’s suggestions, I would also add do not post information that you are out of town, on vacation or even at a movie or at dinner, as burglars and other crooks read Facebook and Twitter looking for empty homes to burglarize. Turn off the GPS in your digital camera or Smartphone before taking pictures that you want to post on a social networking site such as Facebook, or otherwise strip off the GPS information, as crooks and pedophiles have been known to use the GPS information encoded in digital photographs posted online to locate homes, cars, valuables and children for the purposes of victimization. An old cliché’ says, “Don’t do anything that you would not want your grandmother to read in the newspaper,” and that applies to social media postings as well.

No. 6 from Microsoft says, “Take extra steps to help keep kids safer online.” Online safety and security must be a family effort, and incorporate some mix of guidance and monitoring. Microsoft suggests that “(parents) negotiate clear guidelines for Web and online game use that fit your kids’ maturity and your family’s values. Pay attention to what kids do and who they meet online.” Pedophiles and identity thieves troll chat rooms, social networking Web sites, blogs and other online resources looking for potential victims. Parents and children need to be cognizant of the risks, and educated in what to watch for that might indicate potential risks to children. Children must never disclose personal information to anyone, especially others who claim to be the same age and gender as the child (pedophiles often pretend to be a child in order to gain the confidence of the potential victim). Identity thieves try to gain the trust of children and trick them into disclosing private family information; residential burglars will do the same, asking the child about vacation or dinner plans: “We are going out for pizza and then a movie” tells a burglar that the house may be a good target. Children should never go to meet someone face to face that they met online, unless under the direct supervision and participation of a parent.

There are a number of National Cyber Security Awareness Month events posted online (staysafeonline.org/ncsam/events), several of which will be streamed free over the Internet. There are also free materials available for parents, teachers, children and businesses that can be used in a variety of environments for educating others (staysafeonline.org/ncsam). While October is officially National Cyber Security Awareness Month, every month should be. Stop, think and connect properly, and stay safe online.

shadow