| Related Resources |
 |
|
 |
|
|
August 2008
Volume 2, Issue 8
Top Ten Cyber Security Risks
This edition of the newsletter is designed to illustrate the TOP 10 simple, easy, and basic things that everyone can and should do to protect their computer systems and data from harm by various cyber attacks and other types of security incidents that can cause damage, consume computer resources, or expose confidential information.
1. Use and Regularly Update Firewalls, Anti-Virus, and Anti-Spyware Programs
There are many types of Internet security and safety issues that you should defend against. One of the most effective ways to defend your computer is to use a firewall and up-to-date anti-virus and anti-spyware products.
A firewall works by filtering information coming from and going to your network/computer and/or the Internet. It identifies and rejects information that comes from a location or source known to be dangerous or contains information that seems
suspicious. Anti-virus programs can stop viruses, worms, and Trojan horses, which are malicious programs that can cause damage to your computer and information on your computer. Those malicious programs can also slow down Internet access and might even use your computer to spread themselves to your friends, family, or co-workers. Spyware is a general term used for software that performs certain behaviors such as pop-up advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent. Anti-spyware programs help stop such misuse but should be kept up-to-date in order to detect the newest identified threats. Configuring your anti-virus and antispyware products to automatically update their identification files on a daily basis is highly recommended.
For more information:
2. Properly Set Up and Patch Operating Systems, Browsers, and Other Software Programs
Whenever security updates or service packs become available, download them promptly and patch your operating systems
and programs. These patches are created to protect systems against potential attacks. Be aware that attacks sometimes
occur before updates are released. Update all software that you use for browsing the Internet (Internet Explorer, Firefox,
Netscape, Opera, Amaya, etc.), because Internet-based browsing attacks are becoming more common and more dangerous.
Other software programs that communicate or interact with the Internet, like e-mail, web servers, and remote desktop software
are especially susceptible to attacks and should be kept current on patches and version levels.
For more information:
3. Passwords and Authentication Methods
Passwords and other authentication methods are ways systems verify that you are who you claim to be. If someone
authenticates as you, the system will think it’s you. That person can do anything you can do on your computer, and the system
will log their actions (such as deleting files, sending malicious e-mails, or browsing to inappropriate sites) under your access
credentials. Don't share your passwords and access codes, don’t store them in unencrypted files, and don’t write them down
unless you then place them in a locked, secured location. Default passwords, names, and dictionary words, even in different
languages, can easily be guessed or cracked, so use complex passwords that are at least eight characters long and have
numbers, letters, and special characters in them. Passwords aren’t much use if you cannot remember them, so use a pass-
phrase instead. The phrase Would you like 3 scoops of ice cream? can become the strong password Wul3$o1c?
For more information:
4. Lock Your Computer When You Leave It, and Configure It To Lock Automatically After a
Short Period Of Inactivity
One of the fastest ways to compromise a system is to simply walk up to an unattended, unlocked workstation or server and
access the system, so be safe and lock your system when you leave it. It's also very easy to get sidetracked and stay away
from your desk longer than you anticipate, so configure your system to lock automatically after a short period of inactivity. It is
an easy way to help protect your account and the items you have access to. Generally, lockout after 15 minutes of inactivity is
recommended, and, for critical systems, shorter lockout periods are recommended.
For more information:
5. Back Up Important Files Regularly
There are many ways you can lose information on a computer, such as a destructive virus, a power surge, lightning, floods, or
a big magnet. Sometimes equipment just fails. If you regularly make backup copies of your files and keep them in a separate
place, you can get some, or even all, of your information back if something happens to the originals on your computer.
For more information:
6. Be Cautious When Using the Internet
Browsing to non-work related sites can increase the risk of becoming infected with spyware, viruses, and other malicious code.
Download files and install programs only when you are authorized to do so and only when there is a real need. Know with
whom you are dealing on the Internet – anonymous doesn’t necessarily mean safe, and many criminals are very good at
impersonating real financial organizations like banks and credit card companies. Never share personal or confidential
information if you are not the initiator of the transaction. Never share sensitive or confidential information over an unencrypted
Internet connection.
For more information:
7. Messaging Security – E-Mail and Instant Messaging
E-mail and instant messaging (IM) are wonderful tools, but they can be used or misused in a variety of ways. Do not send
confidential or sensitive information, like Social Security numbers, account numbers, or secret information through
unencrypted e-mail or IM. Do not open a message or an attachment from an unknown sender. If you share personal
information with others as a result of answering spam or phishing messages, your identity can also be stolen.
For more information:
8. Review Your Computer Security
Evaluate your computer’s security periodically and apply appropriate repairs, upgrades, and replacements. If you don’t
maintain your system’s security by keeping it up-to-date, it may eventually be exposed to serious security threats.
For more information:
9. Learn How to Respond to a Cyber Incident
Learn how to recognize cyber attacks and know what to do if things go wrong. Ask if your organization has a cyber security
incident response plan and a cyber security incident response team, and use it when appropriate. Remember that rapid
response can be crucial, so when things do go wrong or you encounter a suspicious security-related event, report it
immediately. If you don’t know how to report a cyber incident, ask someone in your IT department or your help desk.
10. Remember That Cyber Security Is Everyone's Responsibility
Just like one leak can sink a boat, one data leak, one security breach, or one malicious worm can sink an organization. By
protecting yourself and the systems entrusted to you, you are protecting your co-workers, your entire organization’s network
and data and, ultimately, the citizens who depend on you.
ADDITIONAL RESOURCES
For previous issues of the Monthly Cyber Security Tips Newsletter, please visit our reading room .
For more information on Internet security, please visit the SecureTexas website. SecureTexas provides up-to-date technology security information as well as tips to help you strengthen your part of Texas'
technology infrastructure. Report serious information security incidents as quickly as possible to your agency's Information
Security Officer and to DIR’s 24/7 Computer Security Incident Notification hotline: 512- 350-3282.
Brought to you by MS-ISAC | Powered by United States Computer Emergency Readiness Team | Distributed by Department of Information Resources and SecureTexas
Copyright Carnegie Mellon University | Produced by US-CERT
|
