Monday, September 13, 2010

Online Safety: Remember what your mother told you

It's not often you see someone saying the same things you would do to protect yourself "in the real world" apply in the virtual world, too. US CERT Cyber Security Tip ST05-014, "Real world warnings keep you safe online" uses some old sayings to demonstrate that very point: 

    * Don't trust candy from strangers - Anyone can post anything on the internet, so don't accept anything as truth until you've verified it. Watch out for spam and phishing emails - and remember that email addresses and URL's can be spoofed. Make sure you know where you're information is coming from.

    * If it sounds too good to be true, it probably is - How many times have you seen an add on a page or a pop-up window proclaiming that you are the 1,000,000th visitor to a site? All you had to do was give them some information to claim your prize! How many emails have you received claiming to have millions just waiting for you to claim them? This type of scam predates email by decades. Don't let greed get the better of you. You're more likely to hit the jackpot on every lotto drawing for a month than you are to actually recieve money (or anything good) from one of these scams, or their cousins, the "let us scan your computer" popup.

    * Don't advertise that you are away from home - Autoresponders, the email auto replies you can setup for when you're away from your desk, are a wonderful thing. But don't give any more information than absolutely necessary. "I will be in training all week and will be able to answer email sporadically, if at all" is probably ok. "On vacation in Aruba from 9-12 to 9-24! Woohoo!" isn't.

    * Lock up your valuables - If someone can access your computer they may be able to access or steal personal information. Maybe even information you didn't realize was on your computer. Usernames and passwords, bank account information, all kinds of things that can either give them access to things you don't want them to have, or things that will allow them to figure our what you might use as a username or password and gain access to things you don't want them to have.

* Have a backup plan - Regular backups help recover from data loss caused by successful attacks, hardware failure, carelessness or accidents. They can also help you determine what kind of damage may have been done. Unfortunately, if a successful attack isn't discovered for a long time backups may be compromised, too.

Some other usefull CERT articles:

Using Caution with Email Attachments

Avoiding Social Engineering and Phishing Attacks

Reducing Spam, Identifying Hoaxes and Urban Legends

Recognizing and Avoiding Spyware