Tuesday, October 30, 2012

Online Self-Defense - Part 4 of 3 - Don't Phall for Phishing!

   I said in part 1 that this would be a 3 part series, because everything comes in 3's.  Well... it's still Cyber Security Month and I would be remiss if I didn't write about phishing.  So we'll just call this part 4 of 3!  Here are parts 1, 2 and 3.

   As you probably know, phishing refers to an attempt to fraudulently get your personal information by masquerading as a trusted source. Examples include: a fake email that looks like it came from your bank; a fake fraud warning message that looks like it came from your credit card company, or; a distress message that looks like it came from a "friend" asking for money.

Tuesday, October 23, 2012

Online Self Defense - Part 3 - Don't Click!

   This is the third post in my series on Online Self-Defense.  We've covered malware and passwords, two key issues effecting your online privacy and security.  If you've tried the simple tips I gave on those two subjects then you are now safer than most web surfers.

   Now, to keep you and your computer safe... don't click on that link!

Tuesday, October 16, 2012

Online Self Defense - Part 2 - Passwords

   Last week I started a series on themes I covered in a talk entitled "Online Self-Defense".  In part 1 of that series, posted here, I talked about protecting your computer. This week we'll look at passwords.

   Passwords are a mess!  A "good" password has these features:

  • hard to create
  • hard to remember
  • hard to enter
  • probably has to be changed as soon as you memorize it
  • plus other inconsistent, random rules depending upon the site

Tuesday, October 9, 2012

Online Self Defense - Part 1 - Your Computer

   Happy US Cyber Security Month!  This partnership between Homeland Security, NCSA and MS-ISAC is an opportunity to recognize the importance of information security.  How are you celebrating?

   Last week I ran a couple of sessions at work on awareness and security.  Over the next few posts I will be reviewing some of the 3 themes I covered in a talk entitled "Online Self-Defense". You can view the slides on my slideshare page. (actually, the talk focuses on just 2 of the themes but that's OK!). Since everything comes in threes (omne trium perfectum), I will give 3 easy tips for each theme (and some bonus tips as well).

   The first theme is protecting your computer or device.

Tuesday, October 2, 2012

Stuff I Say - No One Has Ever "Read and Understood"

   Most organizations have policies.  Most medium-to-large sized organizations have security policies.  I hope that yours does!  Policies are a cornerstone to a security program.  People need to know what to do and policy is that high-level guidance.

   Of course, people need to read those policies!

   Many organizations will have staff sign a form that states they have read and understood the policies.  Sometimes this happens just once.  Sometimes it's annually, perhaps at the same time as an annual performance review.  Sometimes it's when a person joins the organization, or shortly thereafter.

   But does that work?  What is the goal?  I say that doesn't work!  No one has ever "read and understood"!