Online Safety Tips, Security Education

Staying off of the suspect list

Often, we’re our own worst enemy.  We do things that make us a likely target for blame.  In other words, we’re on the suspect list.  We receive the blame when something goes wrong because of our actions or the access we maintain.

The idea is to keep yourself and other off of that list.  First of all, it disrupts the investigation in finding the true source of the problem.  Second, it causes others to distrust those on the suspect list, even if their innocent.  The best way to prove innocence is to have a clear name from the onset.

Often security professionals and IT managers have access to many systems, applications, or facilities. They believe it’s required because of their position or responsibility.  The problem is that having access puts them on the suspect list.  Many times I’ve been accused when there were network issues.  “Were you running one of your security scans again?” was a common statement aimed at me just because I had the ability to run scans, not that I did.

Often other activities may add us to the “suspect list”, such as browsing the Internet, transferring documents from home to work and vice versa, clicking on links in email, or installing freeware or shareware applications on a work computer. While they’re not bad in and of themselves, these actions do have potentially dangerous consequences.

Here are five things you need to do to keep yourself off of the suspect list:

  • Limit your access.  This is the concept of least privilege.  If you don’t need it or don’t use it every day, disable or delete your access to it.
  • Only use administrator privileges when you administer the system.  If you’re always logged as an admin, then you’re just asking for trouble.
  • Freeware isn’t always free and shareware may mean your sharing more than the program.  Finding programs on the Internet may save money in the short run, but they occasionally contain hidden malware than can take down your system.
  • Think before you click.  Be aware of where you go on the Internet.
  • Keep your secrets secret.  If you allow others to use your login id or badge, then that person is you and you’ll be on the suspect list if something goes wrong. Badges and passwords are like gum, it’s not cool to share once used. 

Security’s objective is to keep people off of the suspect list.  We know that the great majority of our work force wants to do what’s right.  We want to help you.  Like the police, our objective isn’t to get you into trouble, but to keep you out of trouble.  Consider what you should do to keep yourself and others off the suspect list.  It will make your life much easier.

Online Safety Tips, Security Education, Security Management

2012 Webinar Announcement

2012 – The Year of Online Protection

2011 was the year of the breach.  2012 should be the year was get security right and start protecting ourselves, communities, organizations and families online.

To help kick-off the New Year, I’m hosting an online seminar titled, “Protecting yourself and your company from the evils of the internet in 2012.”  It is scheduled for Wednesday, January 25 1-2 p.m. CST and you can see it freely online, once you register.

From our Seminars and Outreach page:

Ron Woerner, Director of Bellevue University’s Master of Science in Cybersecurity program, will discuss the perils of the Internet, how hackers can take over your computer and how they access your private information. It’s not all doom and gloom, though. Woerner will suggest ways to protect yourself and your company in 2012. Come to this online presentation with your questions on online safety and security. You will have the opportunity to participate in a live question and answer session with Woerner following the presentation.

It’s going to be more than just your typical & basic keep yourself safe online talk.  I will be providing detailed tips, tricks, and techniques to keep 2012 from being another Year of The Breach. It will end with a chance for you to ask your questions about online protection to help you focus your security activities in 2012.

Please join in the conversation if you want to learn more about online safety, hear about our Cybersecurity programs, or are just looking for certification credits.

To learn more and register for the event, go here: http://www.bellevue.edu/cybersecurity/.

Human Aspects, Online Safety Tips, Security Education

Congratulations – You are a WINNER!

Everyone wants to be a winner. You may have seen the pop-up or big letters on a webpage announcing that you have won an iPad2, $1000, or some other grand prize.  All you need to do is “Click here to win your prize!”  It seems simple and harmless, but you should know where it is taking you, what you’re giving up, and what could be loaded on your computer. 

Users are taken to these sites when they mistype well known domain names such as wikipedia.com, amazon.com, and youtube.com.  (I’ll let you conduct your own research, but you can see a list here: http://www.bfk.de/bfk_dnslogger.html?query=69.6.27.100#result. They all resolve to the same IP address. I don’t want anyone accidently clicking on a link to a bad site.  Proceed at your own risk!)   

I’ve included a screenshot as an example:

Example of winning page

To “claim” your prize, you need to enter much of your personal information on a site whose origin is questionable.

Some of these websites even have their own form of privacy policies stating exactly what they’d do with your personal information.  Basically, once you give it to them, they can do with it as they please.

They can sell it, give it away, or use it without ever informing you or asking further permission.  They can even perform further background checks on you.  Since you agree to the policy when you click submit, there may be nothing you can do to stop them; especially if the site owners are in another country.

To avoid this type of fraud, it’s important to remember, “Stop. Think. Click.” from staysafeonline.org. The Protect Yourself website (http://www.staysafeonline.org/in-the-home/protect-yourself) contains a number of great tips to help all webizens. From that website, comes this: 

“Use your judgment about what you post about yourself on Internet sites. When any site requests information about you, ask these questions:

  • Who is asking?
  • What information are they asking for?
  • Why do they need it?

Think about the amount and detail of information being requested.”

Another good website on Identity Theft protection is from the U.S. Federal Trade Commission (FTC): http://www.ftc.gov/bcp/menus/consumer/data/idt.shtm.  What other websites do you recommend? 

Are there other tips you recommend to keep yourself and others safe and secure online?  Feel free to leave comments below. 

Be aware when you surf and remember to “Trust, but verify.”