10
Security Tips for the Holidays
December 24, 2004
I
love Christmas. It is a special time of the year for our
family. A time of remembrance and sharing, a time of gift
giving and being thankful for what you have been blessed
with.
However,
there always seem to be someone that is out to ruin a good
thing. In that vein of thought, it has been said that this
is the busiest time of the year for hackers. Many
families purchase a new computer for Christmas. After
being unwrapped, there is the excitement of setting it up
and getting connected to the Internet. Many times this is
done without a clear understanding of the precautions that
should be taken - this is what the hackers have been
waiting for.
Like a den
of thieves, they lay in wait for your shiny new system to
blissfully connect to the Internet. Once connected, they
pounce with their electronic infections of viruses,
spyware, email viruses, adware, worms, malware, trojan
horses, scumware, and more. These forms of electronic
infections can damage your computer and be spread to
others.
Before you
connect your news system to the Internet, let me suggest a
few precautions and security implementations. This advice
has been compiled from several internationally recognized
security organizations, such as anti-virus manufactures,
Government departments, and public partnerships, like the
National Cyber Security
Alliance (NCSA).
-
Use “anti-virus software” and keep it up to date.
Viruses can
damage
your computer and be spread to others.
Make sure you have anti-virus software on your computer!
Anti-virus software is designed to protect your
computer against known viruses so you don’t have to
worry. But with new viruses emerging daily, anti-virus
programs need regular updates, like annual flu shots, to
recognize these new viruses. Be sure to update your
anti-virus software regularly! The more often you keep
it updated, say once a week, the better. Some products
can be configured to auto-update when you connect to the
Internet. Check with the web site of your anti-virus
software company to see some sample descriptions of
viruses and to get regular updates for your software.
-
Use “Anti-spyware” software and keep it up to date.
The
consequences of spyware and adware infections can
include banking and identity theft, unusual computer
problems, slow Internet access, changed browser
homepage, search pages or favorites, and excessive
numbers of adware generated adverts such as pop-ups.
Make sure you have anti-spyware software on your
computer! Anti-spyware software is designed to protect
you and your computer against known spyware, adware,
malware, scumware and more. But with new spyware
emerging daily, anti-spyware programs need regular
updates. Some products can be configured to auto-update
when you connect to the Internet. Be sure to update
your anti-spyware software regularly! The more often
you keep it updated, say once a week, the better. Check
with the web site of your anti-spyware software company
to learn more about new privacy threats and to get the
most recent updates for your software.
-
Protect your computer from Internet intruders – use
“firewalls.”
Equip your computer with a firewall! Firewalls create a
protective wall between your computer and the outside
world. They come in two forms, software firewalls that
run on your personal computer and hardware firewalls
that protect a number of computers at the same time.
They work by filtering out unauthorized or potentially
dangerous types of data from the Internet, while still
allowing other (good) data to reach your computer.
Firewalls also ensure that unauthorized persons can’t
gain access to your computer while you’re connected to
the Internet. You can find firewall hardware and
software at most computer stores and in some operating
systems. Don’t let intruders in!
-
Regularly download security updates and “patches” for
operating systems and other software.
Most major software companies today release updates and
patches to close newly discovered vulnerabilities in
their software. Sometimes bugs are discovered in a
program that may allow a criminal hacker to attack your
computer. Before most of these attacks occur, the
software companies or vendors create free patches for
you that they post on their web sites. You need to be
sure you download and install the patches! Check your
software vendors’ web sites regularly for new security
patches or use the automated patching features that some
companies offer. Ensure that you are getting patches
from the correct patch update site. Many systems have
been compromised this past year by installing patches
obtained from bogus update sites or emails that appear
to be from a vendor that provides links to those bogus
sites.
Older computer systems, such as Windows 98 or 95, should
be replaced with Windows XP Professional, which is more
robust and secure. Microsoft Windows security updates
are downloadable at
http://windowsupdate.microsoft.com
While you are there sign up for Microsoft Security
Update, a free e-mail alert service that tells you when
to take action and what software to download.
-
Don’t open emails or attachments from unknown sources.
Be suspicious of any unexpected email attachments even
if they appear to be from someone you know. A simple
rule of thumb is that if you don't know the person who
is sending you an email, be very careful about opening
the email and any file attached to it. Should you
receive a suspicious email, the best thing to do is to
delete the entire message, including any attachment. If
you are determined to open a file from an unknown
source, save it first and run your virus checker on that
file, but also understand that there is still a risk.
If the mail appears to be from someone you know, still
treat it with caution if it has a suspicious subject
line (e.g. “Iloveyou” or “Anna Kounikova”) or if it
otherwise seems suspicious (e.g., it was sent in the
middle of the night). Also be careful if you receive
many copies of the same message from either known or
unknown sources. Finally, remember that even friends and
family may accidentally send you a virus or the e-mail
may have been sent from their machines without their
knowledge. Such was the case with the "I Love You"
virus that spread to millions of people in 2001. When
in doubt, delete! If you receive an email from a
trusted vendor or organization, be careful of phishing,
a high-tech scam used to deceive consumers into
providing personal data, including credit card numbers,
etc. For information about “phishing” go to the FTC
document titled “How Not to Get Hooked By a Phishing
Scam”,
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.pdf.
The best way to make sure you’re dealing with a
merchant you trust, and not a fraudster, is to initiate
the contact yourself. Type the merchant’s address into
your Internet browser instead of clicking on a link in
an e-mail.
-
Use hard-to-guess passwords.
Mix
upper case, lower case, numbers, or other characters not
easy to find in a dictionary, and make sure they are at
least eight characters long. Passwords will only keep
outsiders out if they are difficult to guess! Don’t
share your password, and don’t use the same password in
more than one place. If someone should happen to guess
one of your passwords, you don’t want them to be able to
use it in other places. The golden rules of passwords
are: (1) A password should have a minimum of 8
characters, be as meaningless as possible, and use
uppercase letters, lowercase letters, symbols and
numbers, e.g., xk2&LP97. (2) Change passwords
regularly, at least every 90 days. (3) Do not give out
your password to anyone! For enhanced security, use
some form of two-factor authentication. Two-factor
authentication is a way to gain access by combining
something you know (PIN) with something you have (token
or smart card).
-
Disconnect from the Internet when not in use.
Remember that the Digital Highway is a two-way road. You
send and receive information on it. Disconnecting your
computer from the Internet when you’re not online
lessens the chance that someone will be able to access
your computer. And if you haven’t kept your anti-virus
software up-to-date, or don’t have a firewall in place,
someone could infect your computer or use it to harm
someone else on the Internet and help protect others:
disconnect!
-
Back-up your computer data on disks or CDs regularly.
Experienced computer users know that there are two types
of people: those who have already lost data and those
who are going to experience the pain of losing data in
the future. Back up small amounts of data on floppy
disks and larger amounts on CDs, removable hard drives,
or flash memory. If you have access to a
network, save copies of your data on another computer in
the network. Many people make weekly backups of all
their important data. And make sure you have your
original software start-up disks handy and available in
the event your computer system files get damaged. Be
prepared!
-
Check your security on a regular basis. When you change
your clocks for daylight-savings time, reevaluate your
computer security.
The
programs and operating system on your computer have many
valuable features that make your life easier, but can
also leave you vulnerable to hackers and viruses. You
should evaluate your computer security at least twice a
year – do it when you change the clocks for
daylight-savings! Look at the settings on applications
that you have on your computer. Your browser software,
for example, typically has a security setting in its
preferences area. Check what settings you have and make
sure you have the security level appropriate for you.
Set a high bar for yourself!
-
Make sure your family members and/or your employees know
what to do if your computer becomes infected.
It’s
important that everyone who uses a computer be aware of
proper security practices. People should know how to
update virus protection software, how to download
security patches from software vendors and how to create
a proper password. Make sure they know these tips too!
Of course, Stratagem Technical Services offers you
assistance with implementing these precautions. We
offer professional, cost-effective computer service and support for
the personal, small business, and larger corporate
communities. Visit our website at
http://www.stratagemtech.com
We wish you peace, prosperity, and happiness during
this holiday season and throughout the coming year.
Troy Van Marter
President
(203) 304-2074 |