Organisations' and people's dependency, use and application
of information is not only all pervasive but so are the risks
to this information. Information could be lost due to a system
failure, corrupted by user processing errors, modified as
part of some computer fraud, or disclosed to unauthorized
users. Understanding what the risks are and assessing how
these risks affect and impact business are vital to being
able to manage them effectively.
- Some general
good security habbits
- A few words on Passwords
- When browsing
- Making Internet Explorer
- About Autofill
wiping data from your PC
- Accidents and Risks
- Bots, Botnets and Rootkits
When surfing the Internet, it is wise to take some
basic steps to safeguard sensitive information.
- Do not give your full name to people you do not know
- Do not give credit card details to untrusted people or
- Do not give out social security numbers, phone numbers,
addresses or other sensitive information out in chat rooms
- Never think that you have nothing important on your machine
so you do not need protection. If you have any financial
or personal information on your computer then the attackers
could use it for their own gain. They could also gain control
of your computer and use it against attacking other people
general good security habbits
- Lock your computer when you are not at your desk. This
will prevent someone from accessing all your information.
- When you are not browsing the internet, dicsonnect it
from the network. This way you minimise the possibilities
of attackers scanning your network or causing any type of
harm to it.
- Make sure you do regular back ups to all your important
information in case of a disk failure or power failure.
- Do not think that having a firewall and an antivirus software
will keep you 100% secure from intrusions. Although they
form an important role into protecting your information,
they do not guarantee to protect you from an attack. Combining
these technologies with good security habits is the best
way to reduce your risk.
- Make sure you keep your firewall and antivirus software
up to date.
A few words on
Why they matter
Passwords are a way of proving who we are in order to use
a particular service. We use them for email access, banking,
access to systems etc. If someone borrows our access to the
system they can impersonate us.
Think of passwords as locks in your house doors. For each
lock in your house there is
a different key, that way someone who gets one of your keys
will not be able to open all the doors in your house. You
should not share your keys with strangers and you should not
hide them under the mat or in a flowerpot outside your house.
Each key has its unique making, different grooves that separate
them from others. It is the same thing with passwords for
Managing to remember a few passwords is not a great deal,
but as we use more computers and we have access to more programmes
or websites, they can get out of hand.
It is better to use different passwords for different services
you use. Each password should be unique and you should not
write them in post-it notes near your desk or share them with
others. Use as complex keys as possible using different combinations
of word letters, characters and numbers.
The most important thing is that the combination of your key
is not too easy and not too complicated so you are able to
remember it without having to write it down.
Passwords sent over the Internet can be sniffed and stolen,
that is why it is wise to use different passwords for Internet
access and different for your Local
Computer attackers use brute-force techniques to discover
your passwords. It is the same with a thief trying different
key combinations to open your house door. If the attacker
has some information about you, then he/she could use to reveal
your password and narrow down the options, so it is wise not
to use any reference to your personal life like birtdays,
pet names or any other combination.
Another technique that attackers use is sniffing. This way,
no matter how strong
a password you may have (long string of characters, capital
letters, numbers all random), the attacker will be able to
see it and use it. What you need to do against sniffing is
that you use a different password with every account access
that you have. You can test the strenght of your password
A study at Cambridge University in 1999 examines the memorability
and security of passwords. A paper describing it can be found
While browsing, sometimes we get those popup
windows that pose as a security warning
that you might be having. They can be very disturbing, and
vendors of those products try to trick people into visiting
their website. By clicking on that popup window,
it takes you to their website from where you can download
their product. This is very misleading because it tricks people
to think that they might be having a security problem and
that maybe they should download this programme to be on the
What you should not do is react quickly to those messages
and click on the to see what they are for.
Internet Explorer and Mozilla browsers have popup window blockers
that you can configure youself. For instance, on trusted websites
or the websites that you usually open and you want them to
allow pop ups then you can set your browser to accept them
from that particular website. You can do the opposite for
sites you do not trust.
Making Internet Explorer
The default settings of IE can be changed to enhance
security. They are set to allow users to view web pages with
everything they have to offer, this sometimes though
is not a secure practice and can cause security risks.
In its security zones you can manualy change the Custom level
to the settings you want. In each setting you can either choose
the Enabling, Prompting or Disabling function.
For ActiveX controls you
can chose to run only the signed ones. You can find out more
on IE security settings from here.
It is a new trend that for the ease of use, browsers
now use the Autofill feature that enable you to enter addresses,
credit card numbers and other data with only a couple of keystrokes
as it stores that information the first time so when you visit
a website you only need to put the first couple of letters
or digits and it shows the whole string of characters that
you want to use.
It might sound helpful but it can lead to a few problems.
For example someone who has access to your computer can view
your details, make purchases in your name and discover where
you live. You do not need to do much to avoid this, just follow
a couple of best practices:
Use different passwords for logging in and for accessing files
or websites, or even better, disable the Autofill feature
and delete all the information that already has been stored
in your computer.
For Mac's Safari browser you go to Preferences,
click on AutoFill, and deselect User Names And Passwords and
Other Forms. Then click on the Edit button next to each of
these options, and, in the sheet that appears, click on Remove
All and then on Done. In Firefox, choose
Firefox: Preferences, click on Security, and deselect Remember
Passwords For Sites. Then go to /Users/your user name/ Library/Application
Support/Firefox/ Profiles/your profile and delete the formhistory.dat
wiping data from your PC
If you are planning to sell or give away your PC, even if
you give it away to be recycled,
it is important that you make sure you wipe out all the data
in your hard drive as there
might be some personal data like financial information that
could be used for identity theft.
Simply deleting personal files or email boxes is not enough
as they can leave traces of your account information. Even
emptying the recycle bin does not totally remove data from
the hard disk. What happens is that when we are deleting a
file, windows only removes the file name from its directory
files and not the data itself. There are some tools that can
be used to view the hard drive and undelete the information
you thought you have got rid off.
Another more efficient way of permanently deleting data is
by formating your disk.
You need to delete the disk partition and format the disk.
More information on how to delete
a partition here.
Accidents and Risks
It has been a growing concern to many IT security experts
of the increasing numbers of portable laptops. This, at the
same time increases the possibilities of these portable computers
of being stolen or lost with the information they contain
being also lost. They are an easy target to thiefs as they
are easily identifiable. Not all employees are aware of the
security risks that they impose to their organisation, and
that can only change through training and even sanctions when
cases like these happen.
Most criminals use laptops to sell their hardware or get the
value of the machine but companies cannot risk having their
critical data fall to the wrong hands.
It is imporant that data in a laptop is protected. Just using
a password is not enough as hackers can use dictionary
attacks to uncover them. However, encrypting your hard
disk with all its date within, leaves nothing for the thief
to uncover. Another thing that users can do, is carry their
laptops in casual bags rather than laptop cases. Backing up
their data every so often is also important. There is also
tracing technology that can be put on laptops that can help
users get it back. Ztrace
is one of them.
Some good practices on laptop use:
Treat your laptop like cash. Always look out for it.
Keep it locked. Secure it with a cable that attaches to a
desk or chair.
Keep it off the floor. It is easier for people to steal it
when its on the floor, without you noticing. Its better to
keep it between your feet.
Do not leave it in the car. Not even for a minute. Someone
might even break your car to get access to your laptop.
Bots, Botnets and Rootkits
Bots are little programmes installed in a system without any
Botnets are networks of computers on which a bot has been
installed. They are managed remotely from a Command and Control
(C&C) server. Those programmes are used
to hijack computers for online criminal activities such as
identity theft, scams,
spam email. They usually involve computers from different
countries, making tracking more difficult. Computer users
are the weakest link in this situation as well. Educating
everyday users in detecting malicious activity in their computers
Botnets represent an increasing problem theatening everyday
users, governments, industries and companies.
A rootkit is a piece of
software that can be installed in a system without you knowing.
It is not always malicious, as it can be pafrt of a larger
software package that is not supposed to cause any harm. On
the other hand, it is used by attackers to open access for
them, monitor your actions, modify programs and even perform
actions on your computer unoticed.