IT Security Top Issues
SPAM
SPAM is the spontaneous undesired bulk messages. The most common SPAM is e-mail but SPAM also includes IMs, blogs and mobile phone IM's.The US Federal Trade Commission studied SPAM and found that spammers get email addresses these ways:
86% of email addresses that are publicized on websites are 'harvested' by spammers, and receive unsolicited email.63% of "remove me from your list" requests are not honored.
66% of SPAM messages have falsified information in the "from" or "subject" headings or in the text of the email.
- http://www.atg.wa.gov/junkemail
- http://www.oag.state.tx.us/consumer/spam.shtml
- http://www.FTC.gov/spam
Viruses & Spyware
Viruses and Spyware can be very damaging to your PC and to your personal information. Virus can be implemented into your PC without your knowledge. Viruses can attach themselves to email and be distributed with out your knowledge. Once they have been distributed, Viruses can explode into a major internet concern. Sypware collects your personal information from you PC and reports it back to the creator of the malicious code. This is all done with out you knowledge. These codes also allow for other internet users to control you PC, this is called computer hijacking. Keep your Virus and Spyware up-to-date and scan you PC weekly.
Phishing/Pharming
Each of these techniques is used to get a person's private information for financial remuneration. One technique is redirecting a user from the official web site to a replica falsified web site. Another technique is to randomly call someone and falsely represent a financial institution to obtain passwords and account information. It is an immense task to constantly be aware of new possible scenarios due to the fact attackers are always coming up with new attack methods.
Social Engineering
Social Engineering is the practice of acquiring private information by exploitation of a justifiable consumer. Tools most commonly used by a social engineer are the telephone and Internet. The idea is to deceive a person into revealing sensitive information, or getting them to do something that is against typical activities with out their knowledge of consent. Social engineers strive to get:- Bank Account Information
- Credit Card Numbers
- Social Security Numbers
Identity Theft
Identity theft is also known as Identity Fraud and iJacking. Identity theft is when someone obtains and exploits your private information for monetary gain. If you are a victim of Identity theft contact you local police departments Cyber Crime Unit, Social Security Administration, the three credit bureaus (Equifax, Experian and Trans Union), and the Federal Trade Commission. According to Crimedoctor.com, as of April 2002, 11.8 million Americans, that is 1 in every 22 adults, fall victim to identity theft.- Federal Trade Commission www.ftc.gov
- Department of Justice www.usdoj.gov
Password Do's & Dont's
Six simple ways to protect your password:
- Never user you name last, middle or first
- Never use a pet name
- Never use a date
- Never use alligator words these are words in the backwards spelling
- Never use you login in name
- Never use a number sequence
Four good tips in creating passwords:
- Make the password at least seven character the longer the better. Passwords in Microsoft Windows can be up to 128 characters long!
- Always include upper and lower case characters
- Always have a symbol in the password
- Have at least four different character in you password
Five rules for password security:
- Do not tell anyone your password
- If you need to tell someone your password, change it as soon as possible
- Do not write it down and place it under the keyboard or anywhere else
- Do not check the "remember my password" box
- Always use different password for each system you are accessing
Computer Updates
It is important, for security reasons, to keep your computer updated. Currently Microsoft has automatic updates which keep your windows software up-to-date. Automatic updates are only required to be set up once, then Windows continuously knows to update after the set up. Not only does your Windows software need to be updated but also sypware protection and virus software.
Physical Security
On a daily basis we may not consider the physical security of our network, although physical security is an immense issue for Alamo Colleges.A few steps that can be taken to protect the Alamo Colleges network:
- When leaving your PC hit Control+Alt+DEL, click Lock computer. This prevents someone from using your network id and access for their own gain.
- Beware of social engineering. Social engineering is when a theft convinces you to provide secure information or to do something out of the ordinary for their personal or financial gain.
- When in a public place (ex: computer lab) when you leave the PC make sure to log out.
- When leaving your office for the night make sure your desk is secure.
Viruses & Spyware
Viruses and Spyware can be very damaging to your PC and to your personal information. Virus can be implemented into your PC without your knowledge. Viruses can attach themselves to email and be distributed with out your knowledge. Once they have been distributed, Viruses can explode into a major internet concern. Sypware collects your personal information from you PC and reports it back to the creator of the malicious code. This is all done with out you knowledge. These codes also allow for other internet users to control you PC, this is called computer hijacking. Keep your Virus and Spyware up-to-date and scan you PC weekly.
Desktop Hacking
Desktop hacking can happen through file transfers and shoulder surfing. When file transfers are conducted the files need to be encrypted before the transfer. This will not allow the packet to be intercepted and decoded to gain user names and passwords. Shoulder surfing happens when some stands over your shoulder when you are entering personal information. You should face your desk to view the door or place a mirror to constantly have a view of what is behind you.
