What is cyber security?
It seems that everything relies on computers and the internet now — communication (email, cell phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system? Cyber security involves protecting that information by preventing, detecting, and responding to attacks.
What are the risks?
There are many risks, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there's no 100% guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.
What can you do?
The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
Hacker, attacker, or intruder - These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
Malicious code - Malicious code, sometimes called malware, is a broad category that includes any code that could be used to attack your computer. Viruses and worms are examples of malicious code. Malicious code can have the following characteristics:-
It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
Some forms propagate without user intervention and typically start by exploiting software vulnerability. Once the victim computer has been infected, the malicious code will attempt to find and infect other computers. This code can also propagate via email, websites, or network-based software.
Some malicious code claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
Vulnerability - In most cases, vulnerabilities are caused by programming errors in software. Attackers might be able to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.
Why is it important to remember that the internet is public?
Because the internet is so accessible and contains a wealth of information, it has become a popular resource for finding information about people. It may seem less intimidating than actually interacting with other people because there is a sense of anonymity. However, you are not really anonymous when you are online, and it is just as easy for people to find information about you as it is for you to find information about them. For example, although people are typically wary of sharing personal information with strangers they meet on the street, they may not hesitate to post that same information online. Once it is online, it can be accessed by a world of strangers, and you have no idea what they might do with that information.
What guidelines can you follow when publishing information on the internet?
View the internet as a novel, not a diary - Make sure you are comfortable with anyone seeing the information you put online. Expect that people you have never met will find your page; even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption.
Be careful what you advertise. When deciding how much information to reveal, realize that you are broadcasting it to the world. Supplying your email address may increase the amount of spam you receive. Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack.
Realize that you can't take it back - Once you publish something online, it is available to other people and to search engines. Some search engines "cache" copies of web pages so that they open faster; these cached copies may be available after a web page has been deleted or altered.
As a general practice, let your common sense guide your decisions about what to post online. Before you publish something on the internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you.
Good Security Habits
Lock your computer when you are away from it. Even if you only step away from your computer for a few minutes, it's enough time for someone else to destroy or corrupt your information.
Disconnect your computer from the Internet when you aren't using it. The likelihood that attackers or viruses scanning the network for available computers will target your computer becomes much higher if your computer is always connected.
Evaluate your security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. It is especially important to check the settings for software that connects to the internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need.
Protect your computer against power surges and brief outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources.
Back up all of your data. Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. Regularly backing up your data on a disk or network reduces the stress and other negative consequences that result from losing important information. Determining how often to back up your data is a personal decision.
Use and maintain anti-virus software and a firewall - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall. Make sure to keep your virus definitions up to date. Regularly scan your computer for spyware - Spyware or adware hidden in software programs may affect the performance of your computer and give attackers access to your data.
Avoid unused software programs - Do not clutter your computer with unnecessary software programs. If you have programs on your computer that you do not use, consider uninstalling them. Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should turn it on.
Ideally, you will have separate computers for work and personal use but if you don’t consider creating separate user accounts - If there are other people using your computer you may be worried that someone else may accidentally access, modify, and/or delete your files. Setting boundaries and guidelines will help to protect your data.
Use passwords and encrypt sensitive files - Passwords and other security features add layers of protection if used appropriately. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase.
Follow corporate policies for handling and storing work-related information - If you use your computer for work-related purposes. These policies were likely established to protect proprietary information and customer data, as well as to protect you and the company from liability.
Dispose of sensitive information properly - Simply deleting a file does not completely erase it. To ensure that an attacker cannot access these files, make sure that you adequately erase sensitive files.
Comments