Home > Publications > Non-Technical > Cyber Security New Year's Resolutions

Cyber Security New Year's Resolutions


Install Anti-Virus Software

Install an anti-virus software and set it to update it automatically. Installing anti-virus software prevents/blocks unauthorized users from introducing  a virus into the computer. There are many different companies that offer anti-virus software, anti-spam, anti-spyware, and a firewall as a package. The prices can range from $50-$100 for a service of one year and usually includes anti-virus updates, customer service help (depending on the package that is chosen), a tool that scans the computer for viruses, and a virus removal tool,  etc... Once the anti-virus is set to update automatically, your stress level will be reduced because the anxiety factor (of continually updating it) is removed.

Schedule Automatic Updates (Operating System)

Scheduling automatic updates keeps the operating system up-to-date with the latest security patches, recent hotfixes, and current driver and software updates etc.... Also, the operating system updates are linked to the anti-virus software . If the operating system is not updated there is a probability that the anti-virus software version will not function properly and it could lead to an accidential virus infection. So, remember to configure your computer to receive operating system updates automatically. 

Protect Your Passwords

Passwords need to be protected because they  access to network and online accounts. Follow these guidelines to become dilligent in protecting passwords:

1.  NEVER tell or share your password with ANYONE.
2.  Don't write down your password
3.  Change your password periodically - If you use the same password it will be
     easy for a person to guess and access your account. 
4.  Don’t reuse your previous passwords.
5.  When your computer prompts you to save your password, click on “No.”
6.  Never use a word found in a dictionary (English or foreign.)
7.  If you think your password has been compromised, change it immediately.
8.  Make your password as long as possible - - eight or more characters.
9.  When possible, use a mix of numbers and letters, special characters or use only
     the consonants of a word.
10. Create a password that’s hard to guess but easy for you to remember.  If you 
     have difficulty in thinking of a password that you can remember, try using the
     first letter of each word in a phrase, song, quote or sentence. For example, 
    “The big Red fox jumped over the Fence to get the hen?”
     becomes TbRfjotF2gth?.

Recognize Social Engineering

Social engineering is a method people use to obtain sensitive information about a company by holding a conversation with you to acquire user id's and passwords so they can cause damage to the computer network or to your accounts. Social engineers are well trained to get personal information from you without you even knowing it by slipping in subtle questions in the conversation. They can also pose as the computer help desk person, a visitor from another company, or someone that is knowledgeable in a particular field. They can talk to you in person, on the telephone or listen in on a conversation. Some tips to remember are:

1. Contact them, if some one calls you and asks for personal information ask them
    for their extension to verify their phone number. If they do not want to give out
    their extension or a call back number, Hang Up, they are probaly a social
2. If someone comes and starts a conversation with you, listen carefully to what
    they are asking. Usually social engineers will slip in a question to obtain your
    personal information. Be attententive becasue people are apt to only listen 25%
    of the time and will answer to what is being asked.
3. If you see an unfamiliar person walking around asking various questions ask
    them directly if they need help or who they are with. Make sure you find the
    person they are with to verify the person is legitmate. They could be a social
    engineer glancing at desks searching for passwords left out in the open

It is human nature to converse with other people, just be attententive to what they are asking.

Identify Hoaxes and Scams

Learn how to recgonize hoaxes and scams by looking for these clues in your e-mail:

1.  If the subject of the message contains a FWD, RE or a catchy phrase (You
     won a trip!!)
2.  Technical sounding language- Usually people fall for this one, if the language of
     the message sounds intelligent than it must be true. Be careful and research the
     message for its validity before going further.
3.  Credibility by association-This is when a person within the company sends out 
     the hoax and it assumed by management that it is real, so management backs it 
4.  Common mispelled words- Theses are words that you would not normally
     mispell. They can be inserted anywhere within the message.
5.  If the message contains a hook, threat and a request. The hook gets you to
     read the message (the subject heading will be something that will grab your
     attention). The threat states that if you don t do this something you will happen
     to you. The request will ask you to send this to as many people as you can.

Hoaxes are dangerous because they can contain viruses in the message. Also, your IP address can be added to a mailing list and you could start to receive unwanted e-mail (spam). Check out this website for more information on hoaxes and scams:  http://hoaxbusters.ciac.org/.

Get acquainted with Social Networking Sites

A social networking site is an online community where people can converse, gossip, share ideas, interests, and make new friends. These sites can be dangerous because you do not know with whom you are speaking with, and they can contain viruses through advertisments, gadgets and clickable icons. Any person can post information, ideas, thoughts, and opinions on social networking sites, therefore; there is no method to prove what was posted. Always accomplish your own research to find out if what was posted is true. Some popular social networking sites are MySpace, FaceBook, You Tube etc....