Wednesday, 30 November 2011

INTERNATIONAL COMPUTER SECURITY DAY


“The only real security that a man can have in this world is a reserve of knowledge, experience and ability.” - Henry Ford

November 30th is International Computer Security Day. The day is an important reminder for all computer users to review their “safe” practices when using computers, the internet and all manner of data storage devices. Computer Security Day began in 1988 when the Washington, D.C. chapter of the Association for Computer Machinery (ACM) sought to bring computer-related security issues to the nation’s forefront. Since that time, Computer Security Day has evolved into a worldwide event, observed in over 40 countries. Some organisations choose to have functions on the next business day if the day falls on a weekend.

Most of us who use a computer have experienced one or more adverse security events relating to our use of computers. The discovery of viruses, worms, Trojans and spyware on our hard disk, leakage of passwords and overtaking of email accounts by hackers, loss of data, failure of backups, etc, etc. Add to that of course, computer crime and the way that many people get scammed online and through emails. It is a frightening prospect and one that can cause loss of data, personal information theft (including identity theft), loss of money and a great deal of heartache!

On this day at least, we should use the occasion to take at least one action to improve the security on our computers. Here are just a few suggestions on what you can you do:
•    Change your password(s) to strong password(s). At minimum, mix upper case and lower case letters, numbers, and special symbols. The longer the password, the better it is.
•    Remove the “sticky note” from under your keyboard that has all your passwords written on it!
•    Update your anti-virus software and run a full system scan, eliminating all suspicious files.
•    Check your system for software updates, including security updates!
•    Do you know what a “Firewall” is? If not, find out. If yes, are you using it effectively?
•    Delete unneeded or “strange” files from you computer – get help from an expert if you are unsure.
•    Back up, back up, back up important files!

Is your email system secure against email viruses, which are able to cripple your email system and corporate network in minutes? Many of these hazardous viruses are being distributed worldwide via email in a matter of hours, for example, the LoveLetter virus that wrought havoc around the world in 2000. Email worms and viruses can reach your system and infect users through harmful attachments. But that’s not all! Some viruses are transmitted through harmless-looking email messages and can run automatically without the need for user intervention, like the Nimda virus. Find out what your personal protection against such attacks is and ensure that you adhere to the security protocols.

Internet users are being warned to never respond to emails which ask for personal details. Everyone should be aware of the practice of “phishing” involving sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organisation already has.

These phishing websites, however, are bogus and set up only to steal the user’s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organisation’s site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Phishing, also referred to as brand spoofing or carding, is a variation on “fishing”, the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. Criminals are getting smarter and making better use of technology. He says people would be surprised at how sophisticated some of the phishing attacks have become. There are very credible copies of websites and emails, which are sucking in the most unlikely people. He believes more money is being made by organised crime through internet fraud, than through illegal drugs.

But do remember, security awareness is most effective when people practice security habits daily, not just once a year!

malware |ˈmalˌwe(ə)r| noun; Computing
Software that is intended to damage or disable computers and computer systems.
ORIGIN: Blend of malicious and software.

3 comments:

  1. ugh...yeah good day to remember...been hit a few times...

    ReplyDelete
  2. Thanks for this good reminder, Nicholas!

    ReplyDelete
  3. Always good to be reminded of these things!

    ReplyDelete