Tips on Securing a User for Daily Use
With all the news about hackers who break into databases and steal customer information, people who have their identities stolen, and various articles on securing your computer against viruses and malware, it seems that we've forgotten to cover the first line of security against such attacks: the User (you).
For anyone who has seen movies such as “Hackers,” “The Matrix Trilogy,” “Johnny Mnemonic” and various television series, it's very important to note that this is (mostly) Hollywood magic at work. With the exception of an actual SSH hack in “Matrix Reloaded,” many of the scenes you've seen in those movies were not real.
I'll describe one example: “Hackers.” In that movie, released in 1995, many of the scenes involve flashy GUIs (Graphical User Interface), and mainframe computers built out of holographic plastics. We see kids running around on rollerblades getting things done in minutes. A lot of the tech portrayed in that movie was not only impossible, but simply unrealistic, even today.
Not all hacking involves computers, but people. For a movie that gets hacking portrayed in a realistic light, I recommend “Sneakers,” with Robert Redford, Dan Aykroyd, Ben Kingsley, Mary McDonnell, River Phoenix, Sidney Poitier, and David Strathairn. It's a story about a group of people who are hired by the NSA to steal a black box. Rather than spoil the plot, I will say that some of their “hacks,” involve not computers, but people.
For example, to get past a security gate of the Coolridge Institute, they don't use a cloned card or have someone hack into a network. Instead, Redford's character dupes the guy at the front desk into believing that he's there to deliver a cake for a surprise party. That's all. No guns, no violence, and no GUIs. In another scene, the hack takes not minutes, but days to setup. Some parts of the hack directly involves people. It's called Social Engineering; where you get people to give up their information by fooling them.
The first line of security is you, the user. Because all the passwords, patched software, and Limited user accounts won't help you if you give your information out.
Criminals commonly collect personal information through:
Psishing scams – fake e-mails claiming site updates or eBay, PayPal, or a bank claiming your account is compromised and asking you to verify your information.
Fake Websites – where you're directed to verify your confidential account information. They look good though.
Malware software such as keystroke loggers pretending to be anti-virus software or some other kind of software like a game.
Social Engineering, such as phone calls pretending to be the bank or bill collection agencies.
Hacking a vendor's backend server. You know, the one that actually stores your credit card data when you opted to save your card when you ordered something online.
So, what can you do as a user to protect yourself? Here are some tips.
Know what anti-virus and anti-malware software you have on your computer, know what it looks like, and stick with it. If you get an alert while online, check by loading your own anti-virus software and doing a scan—chances are, it's just a fake alert generated by a fake site and is meaningless. In which case simply close out the window.
If you have a Mac or Linux PC, it's highly unlikely (today) that a virus can infect your computer. That's because most viruses and malware are written to run on the Windows operating system. Why? Because the majority of the world's population uses it and that represents the widest net a criminal can cast.
Don't ever go to a site that asks for your personal information such as credit card numbers, account numbers and passwords for “verification.” Remember that your bank will always contact you by certified mail first (and/or by phone when the mail is ignored), and even then they will never ask you for your account number or password (they already know)—especially an unidentified third party claiming to be Chase Manhattan or a bill collection agency about some outstanding charge you never heard of.
Check your account balances regularly. Banks offer Online banking services that allow you to see what your balances are and move money around. You can catch suspicious charges quickly.
Make sure to not save your credit card information on a web site, or enter that information on an untrusted computer.
Don't use a Debit Card to make online purchases. Credit Cards offer greater fraud protections than Debit Cards. In possible, use a Credit Card with a low credit limit for online purchases. If there's a suspicious charge, you can get it resolved quicker and easier than on a Debit Card.
When your web browser warns you that a site you're visiting is malicious, unless you know the site, heed that warning and go somewhere else. Internet Explorer 8, Mozilla Firefox, and other modern web browsers have various protections built-in to help keep you safe, but they only work if you actually use them.
Use long passwords and change them regularly. A few years ago, the standard for a strong password was once a minimum of six characters; a combination of letters and numbers. Now it is ten characters; a combination of upper and lowercase letters, numbers and symbols. Don't keep them written down in plain view of other people or in an obvious location on your computer.
Remember that keeping yourself safe online doesn't just depend on maintaining your equipment, but following some basic guidelines. Know what you have, what you use, what information to not give out, and especially stay informed. The Internet can be a very useful and productive tool, but remember that the most important computer is your own mind. Use it.
For anyone who has seen movies such as “Hackers,” “The Matrix Trilogy,” “Johnny Mnemonic” and various television series, it's very important to note that this is (mostly) Hollywood magic at work. With the exception of an actual SSH hack in “Matrix Reloaded,” many of the scenes you've seen in those movies were not real.
I'll describe one example: “Hackers.” In that movie, released in 1995, many of the scenes involve flashy GUIs (Graphical User Interface), and mainframe computers built out of holographic plastics. We see kids running around on rollerblades getting things done in minutes. A lot of the tech portrayed in that movie was not only impossible, but simply unrealistic, even today.
Not all hacking involves computers, but people. For a movie that gets hacking portrayed in a realistic light, I recommend “Sneakers,” with Robert Redford, Dan Aykroyd, Ben Kingsley, Mary McDonnell, River Phoenix, Sidney Poitier, and David Strathairn. It's a story about a group of people who are hired by the NSA to steal a black box. Rather than spoil the plot, I will say that some of their “hacks,” involve not computers, but people.
For example, to get past a security gate of the Coolridge Institute, they don't use a cloned card or have someone hack into a network. Instead, Redford's character dupes the guy at the front desk into believing that he's there to deliver a cake for a surprise party. That's all. No guns, no violence, and no GUIs. In another scene, the hack takes not minutes, but days to setup. Some parts of the hack directly involves people. It's called Social Engineering; where you get people to give up their information by fooling them.
The first line of security is you, the user. Because all the passwords, patched software, and Limited user accounts won't help you if you give your information out.
Criminals commonly collect personal information through:
Psishing scams – fake e-mails claiming site updates or eBay, PayPal, or a bank claiming your account is compromised and asking you to verify your information.
Fake Websites – where you're directed to verify your confidential account information. They look good though.
Malware software such as keystroke loggers pretending to be anti-virus software or some other kind of software like a game.
Social Engineering, such as phone calls pretending to be the bank or bill collection agencies.
Hacking a vendor's backend server. You know, the one that actually stores your credit card data when you opted to save your card when you ordered something online.
So, what can you do as a user to protect yourself? Here are some tips.
Know what anti-virus and anti-malware software you have on your computer, know what it looks like, and stick with it. If you get an alert while online, check by loading your own anti-virus software and doing a scan—chances are, it's just a fake alert generated by a fake site and is meaningless. In which case simply close out the window.
If you have a Mac or Linux PC, it's highly unlikely (today) that a virus can infect your computer. That's because most viruses and malware are written to run on the Windows operating system. Why? Because the majority of the world's population uses it and that represents the widest net a criminal can cast.
Don't ever go to a site that asks for your personal information such as credit card numbers, account numbers and passwords for “verification.” Remember that your bank will always contact you by certified mail first (and/or by phone when the mail is ignored), and even then they will never ask you for your account number or password (they already know)—especially an unidentified third party claiming to be Chase Manhattan or a bill collection agency about some outstanding charge you never heard of.
Check your account balances regularly. Banks offer Online banking services that allow you to see what your balances are and move money around. You can catch suspicious charges quickly.
Make sure to not save your credit card information on a web site, or enter that information on an untrusted computer.
Don't use a Debit Card to make online purchases. Credit Cards offer greater fraud protections than Debit Cards. In possible, use a Credit Card with a low credit limit for online purchases. If there's a suspicious charge, you can get it resolved quicker and easier than on a Debit Card.
When your web browser warns you that a site you're visiting is malicious, unless you know the site, heed that warning and go somewhere else. Internet Explorer 8, Mozilla Firefox, and other modern web browsers have various protections built-in to help keep you safe, but they only work if you actually use them.
Use long passwords and change them regularly. A few years ago, the standard for a strong password was once a minimum of six characters; a combination of letters and numbers. Now it is ten characters; a combination of upper and lowercase letters, numbers and symbols. Don't keep them written down in plain view of other people or in an obvious location on your computer.
Remember that keeping yourself safe online doesn't just depend on maintaining your equipment, but following some basic guidelines. Know what you have, what you use, what information to not give out, and especially stay informed. The Internet can be a very useful and productive tool, but remember that the most important computer is your own mind. Use it.
posted by Technology Coordinator at 9:23 AM
3 comments
