We Don’t Think IT Security Is Important!

We Don’t Think IT Security is Important:

by Debi Ides

Just last week, while talking with a friend, he casually mentions “yeah, I got an alert from my bank that my credit card was used again.” I said, “Again!, you haven’t done anything to prevent this?” He answers with, “my bank doesn’t charge me, they reverse charges, it takes a couple of days.”

The conversation did not end there. I probed a little bit. First I asked if he was at home when he made these purchases….yes, he was. Secondly, I asked him when he logs on is he using Administrator or Standard user. “I only have one user on my computer.” I explained to him that he needs to remedy this immediately as well as always making sure he is on a “https” site when using his credit card.

Well, sad but true, that’s the attitude of most people. Those that are security professionals need to talk to more people in their personal networks. Get the word out, talk to your relatives and co-workers. With the little knowledge I have, I try to drive the importance of IT security into people around me, especially those I know that use Social Networking such as Facebook, etc. When it comes down to it, most people just don’t care!!

Below is a perfect example of what could actually happen, and probably does. It’s really scary to watch. I myself, was forced to “unfriend” many of my contacts from my Facebook, and have not finished cleaning-up yet; I still need to “remove apps” from my page.

If you are one of those skeptical people or one that dismisses internet or computer security or believe it’s not important. Click on the “Take this lollipop” link below. It might change your mind!

http://www.takethislollipop.com/

http://defintel.blogspot.com/2011/07/it-security-isnt-important.html

Advertisements

Murky Waters

It might seem kind of “phishy,” but I believe the most secure Networks and Systems are secured by “hackers.” Because hackers have the knowledge and skills to get in, this means they will have the knowledge and skills to keep others out. For myself, I am just beginning. There is so much information out on the Web and Internet regarding security. The Internet is a great provider of information, instant access to probably anything you can think of. It has become so easy, and a way of life for most to simply pick up your device like a tablet or smartphone and “Google” any information you may need or want. We browse the Web, check email several times a day putting ourselves at risk of becoming victims of cyber-crime. New technology leads to new threats. The need of more technology to fight those threats becomes necessary. It’s an evil catch-22.

With that said, I believe education and awareness are our best plan of action to avoid becoming victims of cyber-security . Many people I know are still extremely cautious and avoid using the Internet and Web- based services to shop or bank. I would like to think I have found a happy medium, keeping strong passwords and only using secure sites…

…but, we are all human, and by nature are curious. We all will inevitably click once too many times, and unlike turning down the wrong road and just making a “k” turn, if navigated to an unsecure site or you are tricked into sharing personal and or sensitive information; the “back” click or going in reverse will not help.

Be careful where you surf. Do not open emails from unknown sources, if you must, and cannot help yourself or, “just check them out,” be very wary of links and attachments. Before you use your PC and/or Laptop again; be sure to setup a second user with standard user permissions. Never use your “Administrator” user on a regular basis. This leaves you wide open for malicious attacks.

Please make sure that you are using a recently updated password with at least 8 characters in total, while using upper, lower case, special characters, and numbers. This helps avoid any access to your information whenever you are logged on websites.

Lastly, make sure to keep your computer and devices updated with new versions and security patches.  These tips will hopefully help you keep your home computers, Smartphone’s, and portable devices safe.

Happy Surfing!

Amazing source of information can be found regarding all aspects of security interests at:

The Open Web Applications Security Project:

https://www.owasp.org/index.php/Top_10_2010-A9

                                                

                                                         “https://www.trustwave.comRoy Lamond, M.Ed.,Trustwave, n.p, n.d.

Keep Yourself “Off The Hook”

-History of Phishing

Phishing originated sometime around 1995. It was not until around 2005, everyday people heard or knew about it. People all over the globe fall victim to phishing scams every minute of every day. To avoid being a part of the statistics, it is smart to do some research to understand how phishing works.

Phishing scams use fake emails and websites to lure people using links and/or prompts for use in fooling the user to provide personal/sensitive information. The earliest hackers were called “phreaks.” Phreaking is a term to describe the underground communities which explore and study different telecommunication systems. This is the reason the “ph” is used in place of the “f” in the spelling.

“America Online” is the first known case of criminal issues regarding Phishing. As per record on the internet, the first event using the term “phishing” occurred in a Usenet newsgroup called alt.online-service.america-online and was recorded on January 2, 1996.

In 2001, phishing attention was targeted at online payment systems. The first recorded attack is known to be E-Gold in June, 2001, which was not considered successful. By 2003, phishers used email worms and spoofed email to PayPal customers, leading these people to sites that requested them to update credit card information. These phishers had dozens of  registered domains that appeared legitimate using eBay and PayPal. By 2004, phishers graduated to banking sites and their customers. Since then, more sophisticated ploys and methods have been executed and deployed.

The best defense is knowledge and awareness. if you think you have been the victim of phishing or identify theft, please contact the following agencies:

Report all phishing activity to the Federal Trade Commission at www.consumer.gov/idtheft or call  (877) IDTHEFT

Major Credit Bureaus:

Equifax (800) 525-6285

P.O. Box 740250

Atlanta, GA 30374

www.equifax.com

Experian (888) 397-3742

P.O. Box 1017

Allen, TX 75013

www.experian.com

TransUnion (800) 680-7289

P.O. Box 6790

Fullerton, CA 92634

www.transunion.com

                                                                               “History of Phishing,” n.a, n.p, Phishing.org, © 2012