Cyber Security for Dummies

Since my last post about the Cybersecurity Act of 2009, I’ve been thinking of all the practical approaches to securing yourself, your home computers, your home network and your online activity from online attackers. These are all things that anybody, even “dummies”, can do.

Shopping Online
Be careful about providing your personal or financial information through a website without taking measures to reduce the risk. There are some indicators that show measures have been taken to secure their site such as a lit lock icon on the browser’s status bar or a website URL that begins with “https://” (the “s” stands for “secure”). Do not enter personal information onto a site if the URL domain name is different from that of the original site you intended to purchase from. Some scammers will use IP addresses instead of domain names. An IP address will look something like this 127.11.234.54 and is easy to identify in your address bar. Other scammers will use subdomains to look like you’re at a legitimate site such as, https://secure.amazon.com.purchase.cart.checkout.myscamsite.ru/checkout.aspx?id=456. Notice how it looks like it might be Amazon.com, but the real domain is myscamsite.ru? Unfortunately, no indicator is foolproof. Just be careful.

Social Networking

Facebook Privacy
Facebook Privacy
Social networking sites such as Facebook, Twitter, LinkedIn, MySpace, etc., require you to provide a certain amount of personal information and encourage you to share more to your friends and others who visit your profiles. How much personal information you share is up to you. Remember, just because the Internet creates a “sense” of anonymity, you should always exercise the same amount of caution that you would in meeting someone in person. The lack of a physical interaction gives us a false sense of security. Family, friends, neighbors, colleagues, teammates, bosses and acquaintances will read what you post. In addition, hackers, identity thieves, law enforcement and, in some cases, enemies will also read your posts as well.

So, what can you do to protect yourself on the social networking sites that you use?

  1. Read the privacy policies of the sites that you use. If they do not explicitly say that they don’t sell or share your private information and/or email address to third parties, they probably will. You will know if they have shared your email address if you suddenly start receiving an unusual amount of SPAM after registering at such a site.
  2. Check, adjust and set the privacy settings within your profile. The more legitimate and secure social networking sites will give you some sort of control over the data that is shared on your profile page. Some will allow you to only allow people you have connected with to view your profile. Others will allow only invited, logged in guests to view it. Be sure to read any documentation provided by the service to learn how you can secure your info.
  3. Don’t connect to people you do not know or people you do not recognize or remember. I personally have received numerous requests to connect on LinkedIn and Facebook from people that I do not know or recognize. If you don’t know them, ignore or delete the request.
  4. Always remember that once you have posted something, it can be nearly impossible to delete it from the Internet. Even if you remove the information from your profile or site, saved or cached versions can still exist on people’s computers, search engine indexes, etc. This guy found that out the hard way (Twitter gets you fired in 140 characters or less).
  5. Last of all, just use common sense. If you wouldn’t want what you posted to be broadcast on the nightly news or on the front page of a newspaper, or Digg, or anywhere else for that matter, then don’t post it.

Blogs and Other Websites

Dilbert - Passwords
Dilbert - Passwords
If you maintain a blog, follow similar steps in protecting your information as with Social Networking above. In addition, make sure your usernames and passwords are secure and not easily reproduced. Don’t use obvious passwords like your anniversary, birthday, children’s names, spouse’s name, favorite sports teams, etc. A rule of thumb in choosing a password is if it contains special characters such as !,@,#,$,%,^,&,* or any others plus number combinations and a word, the password would be very difficult for a person or an automated software program to figure out. Some sites limit the usage of these characters, so do your best to select a secure password within the limitations they provide.

If you own your own domain name and do not use a third party service that gives you a sub-domain make sure your “whois” information does not provide any information that you do not want public, such as:

  1. Email address
  2. Phone number
  3. Home address

If that is unavoidable, keep in mind that that information is available to anybody who does a domain lookup on your domain. There are third-party services who make your domain “private”, but my experience with them is they are a pain in the butt to work with and in a way, they own your domain name, not you. It is difficult to get control of your domain or make changes to it once they have control.

Email, Text and Instant Messaging
Email, instant messaging (IM) and text messaging (SMS) services DO NOT use secure methods of sending and receiving your messages. Your messages can be intercepted at any point during it’s transmission. Do not send passwords, usernames, credit card data, or any other private information via email, instant messaging or text messaging. Make a phone call if you must share that information.

Do not open an email if:

  1. You do recognize the name of the person sending you the email.
  2. The subject line is suspicious.
  3. The from name is your name or email address. Unless you sent yourself the email, of course.
  4. An attachment looks suspicious (executable file or other installation files)

If you use an email mail client such as Outlook, Outlook Express, Thunderbird, Evolution, etc. be sure to disable the preview pane in your inbox and SPAM (junk) folders. Doing this will help you avoid opening a malicious email unintentionally.

Securing Your Computer and/or Home Network
I have three suggestions for securing your home network and computers.

  1. Use a hardware firewall or wireless network router that has a built-in firewall.
    Windows Firewall
    Windows Firewall
    • Make sure you use a secured wireless network with a passphrase and encryption, otherwise anybody can intercept packets of data being sent through your network.
  2. Use firewall software on your individual computers. Windows has a built-in firewall that you can turn on easily. There are also several open source firewall programs available.
  3. Switch to Linux or a Mac. 🙂

Summary
This post is in no way intended to be the end-all-be-all of advice for cyber security, but is a good start. Just use common sense, be careful, and take active measures to secure your privacy. Stay Safe Online has some great info about online security. To learn more about cyber security from the government, go to www.us-cert.gov, for what it’s worth. 🙂 To teach your kids about net safety in a fun way, visit www.netsmartzkids.org.

Leave a Reply

Your email address will not be published. Required fields are marked *