Adware Spyware

Computer Security 101

 ' \

Computer Security 101

               

Sensitive information
 
Your computer can be a goldmine of personal information to an identity thief. If you leave your computer unattended then anyone can walk up, sit down   and see what you've been doing.  As an example... Internet Explorer   has a history feature that lets you see what web pages you have been   browsing (View...Explorer...History). People also are unaware that it only takes a few seconds for a hidden file to be planted in one of your directories that can cause all kinds of mischief.
 
  The U.S. Secret Service has estimated that consumers nationwide lose   $745 million to identity theft each year. As recently as  April 2006, a notebook containing information on 3,600 Boeing employees   was stolen. This was not the first such theft;   November 2005, a laptop was stolen containing the personal data of   161,000 Boeing employees and retirees.
 
So what can you do if you become a victim   of identity theft?  Boeing provided a free service to allow people to   check their credit history. Some signs to check for include unexplained   charges or withdrawals from your financial accounts; unexplained credit   card accounts, previous addresses listed on your credit report where you   never have lived. If you find that bills or other mail stops arriving in   your mailbox you might check to see if the thief has submitted a change   of address without your knowledge. If a credit application is denied for   no apparent reason, or debt collectors begin calling about merchandise   or services you didn't buy then you had better contact the police immediately. 

According to the Identity Theft Resource Center, the average victim spends 607 hours and averages $1,000 just to clear their credit records.    As with any crime, you cannot control when the event will happen. As a website owner, you might find that hackers purposely hack into your system, leave hacker graphics, and generally try to destroy the workings of your application. This of course disrupts your customer base and causes you a lot of time to re-engineer your program back to its original state. To prevent such risks from completely destroying your website it is important to back up your database and all important graphics, data, and important written   procedures needed to keep your website up and running. It is important that if you are hacked into that you file an FBI report right away. Most of these criminals leave behind clues such as web urls, graphics and hidden information that can be discovered by a savvy programmer who can then help the FBI to stop these types of crimes.  Besides backing up your data there are ways  to minimize your risk by remaining diligent and by minimizing outside   access to your personal information.
  
Risk management
 
Risk safeguards must be taken into account during all phases of the systems life cycle.  Risk is defined as the possibility that a particular threat will  adversely impact an information system by exploiting a particular vulnerability of your systems or data. Risk Management includes risk   avoidance (simply avoid the problem.. if your building is a flood zone..   move somewhere else), risk mitigation (controls that are used to reduce the risk from occurring), Risk transference (if loss is to occur another entity might be used to accept the risk...an additional backup of data is used if the main data area has been damaged by fire, etc.)
 
Some risk analysis formulas needed to help quantify risk includes research to determine the values of the following data:   
     
  • Asset Value (AV) in dollar
    •  
  • Exposure Factor (EF): percentage of loss a threat would cause for an asset
    •  
  • Single Loss Expectancy (SLE): Loss from a single occurrence of threat (SLE = EF x AV)
    •  
  • Annualized Rate of Occurrence (ARO): Estimated frequency of  threat in one year
    •  
  • Annualized Loss Expectancy (ALE): Total expected loss per year (ALE=ARO x SLE)
    •  
 

The quantitative analysis of information risk is measured by low,  medium or high risk. What is the likelihood that a particular threat   will occur? What countermeasures will be taken to reduce identified   threats? What is the likelihood of risk after you have implemented   safety measures?
  
Accountability
 
You can take steps to  protect your data.  By regularly making backup copies of your files and storing  them in a separate location, you can typically get some, if not all, of  your information back in the event your computer crashes.
 
There are also ways to document crime when someone has stolen your email  address. A lot of people are finding unknown email in their inboxes. If you go into your email box and have returned emails being returned to you with your email address as the sender (but you did not send out the email) and in the body of the email you see they are selling drugs or writing strange messages that have no meaning what can  you do? What happens is that most of these messages have bounced... your email address is put  on a black list or deletion list.. meaning you may not be able to send to people in the future unless you backtrack and contact the person of the ip address of the computer that really sent out the email messages.
 
  What this person is doing is posing as you and sending out spam.    Spam is illegal in the U.S. and carries a very high fine of around $11,000 in some cases. ALWAYS copy the header and report the crime not  only to the FBI but to the originating organization that sent out the   email. In most cases you will not be able to track the spammers down because they put in several false headers, but by documenting and keeping these emails for the proper authorities, you can reduce your risk of being charged with spam. Headers usually contain IP addresses and you can prove what your computer IP address is by going into Netmeeting (Start...run...conf) and looking at the last item under the help menu. At the bottom of the help menu will be your ip address.
 
  Make sure you include your ip address when forwarding your information to the FBI so they know that you are not the spammer.  Another way to get your personal information is by phishing. I get countless emails that are telling me   that they are from my bank or eBay... but when you let your mouse hover  over the email link you see that the link goes elsewhere.  Phishing   is defined as the act of sending an email to a recipient falsely claiming to have an established, legitimate business.  The intent of the phisher is to scam the recipient into surrendering their private   information, and ultimately steal your identity. Never use the link in an email to log in with your personal information, it is much safer to type the link into your browser that was given to you when you signed  up for your service. We cannot prevent a lot of crime, but we can plan on overcoming the results by being actively aware and by documenting the results of our actions and the actions of others.
Cookie Policy

This website uses cookies that are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. By accepting this OR scrolling this page OR continuing to browse, you agree to our Privacy Policy