Are You Security Aware?

Common practices to increase security awareness and protect your information and computers

Chris Duncan, ITeck Solutions

Security breaches are on the rise . . .

Security breaches are on the rise . . .

even in firms that have ample resources to prevent them.

Unfortunately, today’s antivirus programs alone can’t stop these attacks.

Fishing Phishing is the practice of gaining information or access under the guise of something else.

A few common methods for tricking users into giving access to their information or allowing dangerous programs to install:

Updates you didn’t request to install

Links to Dropbox or other file sharing programs

Updates you didn’t request to install

Links to Dropbox or other file sharing programs

Emails with an invoice saying you purchased something

Updates you didn’t request to install

Links to Dropbox or other file sharing programs

Emails with an invoice saying you purchased something

Emails from the bank or IRS saying you owe or should receive money

Updates you didn’t request to install

Links to Dropbox or other file sharing programs

Emails with an invoice saying you purchased something

Emails from the bank or IRS saying you owe or should receive money

Emails from FedEx or UPS saying a package is arriving or has shipped

Updates you didn’t request to install

Links to Dropbox or other file sharing programs

Emails with an invoice saying you purchased something

Emails from the bank or IRS saying you owe or should receive money

Emails from FedEx or UPS saying a package is arriving or has shipped

Emails saying you have a fax or message

Updates you didn’t request to install

Even well know websites can be compromised with false

ads that are infected.

The only sure line of prevention is common sense and vigilance.

If the email pertains to something you didn’t do, buy, ship or ask for, don’t open it.

If you are not expecting a fax or voice mail message via email, don’t open it.

No bank or government agency will communicate urgent matters via email.

No legitimate institution will ever ask you for private information via email.

Sometimes the display name you see in an email or the sentence that is a hot link might not actually go to the

correct email address or link destination implied.

If you see a URL or link in an email or website, first put your mouse over it and look in the bottom left corner of the window to see it’s true destination.

Read URL’s in their entirety and look for any typos or peculiar endings. For example: www.amazone.com.ru where amazon is misspelled or a country code is at

the end.

When reading a subject line or email, look for phrasing or language that doesn’t fit or seem right.

At the moment, smart phones and Apple and Google tablets are safe places to open any suspicious emails or links.

If you suspect anything, use your phone or tablet to open the message or website. This will prevent viruses, but do

not provide any personal information.

When suspicious, manually create and address an email in reply to something or manually type the

address of the site you want to go to rather clicking on a link within an email.

When in doubt, delete.

When sending emails out with any confidential or personal information, use an encryption program to

protect your information.

If you connect your computer to a public WiFi

service . . .

If you connect your computer to a public WiFi

service . . .

you are vulnerable to anyone and everyone else on that network.

You are more secure using a cellular hotspot.

Protecting private information is not just about securing your computer.

Be aware of your surroundings, including what people can see on your computer screen and what

you talk about.

Thumb drives are virus vectors. Be overly cautious when accepting them from other persons.

Data never truly deletes. Do not give away thumb

drives or hardware that had Personally Identifiable

Information on it.

Erase all information from cell phones before

trading them in.

Change your passwords every 45 - 90 days using a “complex” password.

Passwords must not contain your entire account name, or your full name.

To increase security, passwords should contain characters from three of the

following five categories:

1Uppercase Characters

of European languages

(A through Z, with diacritic marks, Greek and Cyrillic

characters)

2Lowercase Characters

of European languages

(a through z, sharp-s, with diacritic marks, Greek and

Cyrillic characters)

3

Base 10 Digits

(0 - 9)

4Non-Alphanumeric

Characters

(~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)

5Any Unicode character that is categorized as an alphabetic

character but is not uppercase or lowercase. This includes Unicode characters

from Asian languages.

Think outside the box when creating your password.

We know you love them, but try not to use the names of spouse, children or pets when creating your password.

And don’t just change the last number of your old password!

Congratulations on becoming more security aware!

Want to find out more about securing your company, personnel and personal information?

Contact us to discuss your IT and data security needs:Phone: 1-866-483-2544

Email: info@itecksolutions.com