This threat has not gone unnoticed by our political leadership. Last year, in a joint executive branch – private enterprise initiative, the “National Cyber Security Alliance” was created to promote personal computer safety and security. What is unusual is that this is the first time that the executive branch of the federal government has directly become involved in providing assistance to private individuals in securing their computers from cyber attack. The private sector participants sound like a “who’s who” of computer related companies, including AOL, Apple, AT&T, Cisco, Computer Associates, EDS, Lucent, McGraw Hill, Microsoft, Mitre, Network Associates (McAfee), Symantec (Norton), The U.S. Chamber of Commerce, WorldCom, and many others. These corporations have joined with the FBI, GSA, and other federal agencies in a coordinated attempt to get private citizens to become more aware of the needs and techniques necessary to have secure computers and data.

To this end, the National Cyber Security Alliance is promoting Sunday, April 6, as the semi-annual “National Cyber Security Day” when everyone will be encouraged to check his computer for security shortcomings, and implement necessary security procedures. Just as we have been warned for years to change the batteries in our smoke detectors when we reset our clock every spring and fall, the Alliance also encourages us to check our computers on those same days.

The Alliance has created a website with all of the necessary information at www.staysafeonline.info (.info is one of the new domains which is to explicitly be used for the dissemination of noncommercial information). In addition to having information available on tips to safeguard your system, there is also a cyber security test, educational materials, and other security related Internet resources. Specifically, the Alliance is asking that all computer users immediately implement the following 10 security tips, and that all users should use the Cyber Security Day to verify that the tips are implemented. The tips recommended by the Alliance are:

1. Use protection software "anti-virus software" and keep it up to date.
2. Don't open email from unknown sources.
3. Use hard-to-guess passwords.
4. Protect your computer from Internet intruders -- use "firewalls".
5. Don't share access to your computers with strangers. Learn about file sharing risks.
6. Disconnect from the Internet when not in use.
7. Back up your computer data.
8. Regularly download security protection update "patches".
9. Check your security on a regular basis. When you change your clocks for daylight-savings time, reevaluate your computer security.
10. Make sure your family members and/or your employees know what to do if your computer becomes infected.

While to many of us, these tips may be common sense, there is overwhelming evidence that despite the information periodically posted in this column, and widely disseminated in the media, many of our local users are still not using safe computing practices. Anecdotally, I still often have numerous callers to my weekly radio shows on KLVI who are not utilizing updated antivirus software (Item #1 on the Alliance list), routinely open and activate virus bearing emails (item #2), have their vulnerable computers “hacked” into (#4), use insecure file swapping utilities (#5), leave their DSL or cable internet service connected when not surfing the net (#6), do not have current backups (#7), and fail to have ever installed the free security patches published by software publishers (#8). The damage done locally by failing to follow these tips is incalculable, but significant in both terms of time and money. As far as the use of secure passwords, I have found several local businesses using easy to guess passwords for access to sensitive information on their internal networks, a clear violation of tip #3. Similarly, when recently visiting a local business that did use appropriate complex alphanumeric passwords, several users had “post-it notes” on their computer monitors with the passwords in plain sight! One local business even had its network passwords posted on the wall in its customer service area where any customer could easily see them. There is no excuse for such insecure behavior. These businesses are but a few examples of the insecurities that National Cyber Security Day focuses upon, and all of us need to address and respond appropriately to these security tips.

Other then a few minutes of time, the implementation and verification of these security recommendations can be inexpensive or even free. In previous columns here a variety of “free for personal use” antivirus and firewall utilities have been presented, and similar commercially available utilities are available locally from area businesses.

In addition to posting information about the appropriate steps needed to secure our computers, the Alliance is also sponsoring a series of contests and events for school children in grades K – 12 to become involved in computer security. The contests consist of a poster competition, where the top prizes include trips to Washington, D.C., and awards of computer equipment to the winners’ schools. Details, and copies of the previous winning posters, are available on the website at staysafeonline.info.

We should consider our threats continuously, not just on National Cyber Security Day. I will again remind you of this semiannual event next October, when we “fall back”.

For more information on the Tulsa Computer Society click here