Congress recently passed a resolution declaring October, 2005 as “National Cyber Security Month”. While the intent of the resolution was very good, and the resources allocated and events that were planned nationally for October were commendable, we need to recognize that every day in every month should be a cyber security concern.
“National Cyber Security Month” is officially administered by a public – private partnership, the National Cyber Security Alliance (NCSA), whose membership is a “whose who” of federal law enforcement and consumer protection agencies, software and security companies, internet service providers, and telecommunications companies.
To implement the recommendations of the NCSA, a greatly revised and updated website has been created at www.staysafeonline.org (formerly at www.staysafeonline.info). This website is an excellent resource for all computer users, including individuals, businesses, educators, and others. For several years on the old website was a listing of ten cyber safety rules, which has now been combined into eight, listed as the “Top 8 Cyber Security Practices”. Regular readers of this column will recognize all eight, as each rule has been the topic of columns in the past. The eight practices listed are:
Protecting your personal information pertains primarily to the scourge known widely as identity theft. While the Federal Trade Commission (FTC) estimates that over 10 million Americans are victims of identity theft of all types annually, costing individuals and businesses in excess of $50 billion (Source: FTC Synovate report, www.consumer.gov/idtheft), the NSCA has made a special effort to educate computer users about the cyber risks associated with the percentage of identity theft that is computer based by providing detailed, but easy to comprehend information that all consumers should have in order to protect themselves from online identity theft (www.staysafeonline.org/basics/pharming_tips.html). Covering both the crime of “Phishing”, where victims are encouraged to go to an authentic looking but illicit website where personal information, account numbers, PIN numbers, and other personal information is entered, and “Pharming”, which is defined in the words of the NCSA, “… this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you're taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.”
Another valuable tip made by the NCSA is the necessity to have a backup of all important files. When I recently underwent a mandatory evacuation (15 days!) due to Hurricane Rita, one of the first items I packed was my external hard drive containing a current backup of my primary computer system, along with a “restore” CD that would allow me to recover any programs, data, and other critical files if my primary computer would have been lost or damaged. Some not so fortunate people, victims of Rita, Katrina, and other disasters, have found recovery more difficult because they lacked a current backup of their critical files necessary to get back into operation. For many personal computer users, loss of such data would be an extreme inconvenience, but to a business, the loss of critical records and data could also be an extreme financial tragedy.
All too many people panic, maybe justifiably, if they are victimized by a virus, hacker, or some other malevolent event involving their computers. The tip “Learn what to do if something goes wrong” contains information that may lower the aggravation level of the victim. Tips are provided on recovering from a virus infection or hacker attack, internet fraud, identity theft, and deceptive “spam” emails. If a user takes proper precautions, as mentioned above, by having antivirus software, anti-spyware software, and a firewall properly installed and very frequently updated, the chance of victimization is greatly reduced, but still quite present. The cliché “knowledge is power” is very apropos when dealing with being a victim – if we all knew what to do, then we would have many fewer security problems with our computers!
The technical media is rife with stories about operating system and software vulnerabilities. Miscreants often take advantage of such vulnerabilities either before they are publicly disclosed, or shortly after. For this reason, responsible software publishers release periodic security patches and tips, closing many of the recently discovered or known security vulnerabilities. The practice “Be sure to set up your operating system and Web browser software properly, and update them regularly”. Companies, such as Microsoft, periodically release security patches for many of their current and recent products, closing many of these vulnerabilities. It is imperative that users keep their software properly updated, and their browser settings properly set, in order to harden their computers from attack.
There is a lot of excellent information on the website at staysafeonline.org. I strongly suggest that readers of this column promptly go to the site and review the information presented.
For more information on the Tulsa Computer Society click here