Saturday, July 31, 2010

Nothing Personal

On reviewing a few reports on the state of Internet Security, lately I have observed a pattern nobody seems to want to talk about. Perhaps the overuses of such issue and the constant reminders about it have become common and invisible signs for our IT-avert and strained eyes.

Here we go again: most security breaches both at home and at the workplace happen due mainly to human error.

Although I am also tired of repeating the same long list of safe actions on visiting Websites, opening email attachments, replying to certain messages and all that jazz; this time I would like to focus on something that should concern you: your personal information. Even better, these are only a few tips to protect your financial information.

1. Financial institutions will never contact you via email asking for your personal information, they already have it when you signed up the contract. Do not provide anything personal to messages that look legitimate; but are not.

2. Whether you receive electronic or printed statements for your credit cards and banking accounts, peruse them carefully every month, and clarify charges you don’t identify as soon as you review your statement.

3. Change passwords every few months, at least make an effort to change them every six months or annually. Select easy to remember passwords for you, but that are complex and difficult to guess for everybody else; a longer than 7 characters combination of numbers, uppercase and lowercase letters is best. Dare I suggest you base them on your name, the institution, a date and even perhaps a sequential number in a way that only you know? For example, I would set something like this for Uberbanken Bank: user name “hector_curiel” password “HC1999UberBank01”.

4. The same way you shred confidential paper based documents and expired credit cards, make sure no personal information is being given away when you dispose of external Hard Drives, USB flash drives, and obviously computers. Make sure the contents of such devices are erased and if at all possible, destroy the Hard Drives.

5. When connecting wirelessly to the Internet, make sure the signal you are using is encrypted. If not possible, at least make an effort not to transmit any confidential information in the form of email –or similar- messages; also avoid on-line banking when this is the case.

As you can see, all it really requires is a little bit of common sense. If you start educating yourself on best practices at work, at home, and when using public facilities; the virtual world will become a safer place for us all.
A simple search on the internet for what you want to know, and depending on your Internet literacy and needs, will take you to places such as these:
http://corp.support.com/blogs/post/7-common-sense-ways-protect-your-online-bank-account
http://www.tdameritrade.com/security/onlineSafetyTips/onlineSafetyTips.html
http://www.commonsense.com/internet-safety-guide/
http://ask-leo.com/how_do_i_stay_safe_in_an_internet_cafe.html

Enjoy and use the Web appropriately and you’ll help us all, starting with yourself.
Nothing Personal.

Saturday, July 17, 2010

Extracts from Computer Crime and Security Survey

This week I received the 14th Annual Computer Security Institute’s Computer Crime and Security Survey, Executive Summary. It is a long document with plenty of tables and graphs; along with much IT and Information Security related jargon that in reality only IS Professionals fully understand.

However, a few figures catch my attention on the Types of Attacks Experienced by businesses: while some assaults that only technically-inclined individuals can perform vary year after year; some easier to understand for the average person are worth mentioning.
The Exploit of wireless networks reduced considerably to only 7.6%.
The three more prominent types of “attacks”:
3. Insider abuse of Net access or Email @ 29.7%, down from almost 60% in 2007
2. Laptop/mobile device theft @ 42.2%, down from 50.0% in 2007
and
1. Malware infection @ 64.3%. Up from 52% in 2007 and 50.0% in 2008

How are you protecting your data on these regards?
Are your personnel being trained on and constantly reminded of best navigation and Internet use practices?
Are your portable devices secured through strong authentication and encryption?
and
Most importantly, what type of malware protection does your business utilize?

Average losses due to these attacks, although lower than the US$345,000.00 in 2007; are still high at US$234,000.00

I’ve seen companies still using “free” products believing it is cheaper to have these packages instead of proper protection for their assets.
I’m sure yours is not one of them. Is it?

Thursday, July 1, 2010

Send you a what?

So, tomorrow noon (July 2nd @ 12:00) marks the exact middle of the entire year. In case you are unaware of, this is the first decade of the new millennium.
And yet, just a few minutes ago I received a telephonic request for me to send a “FAX” …
Gosh! Don’t they have an email system, or at least one free Y! or HoTMaiL address?

I replied indicating that the last time I had the need to use a FAX machine was May of 1999. I would have a very hard time finding such machine around here. And, obviously, I suggested I would scan whatever physical document they were requesting and would send it via email if they provided an address. After three silent seconds that sounded as if the person on the other side of the line had discovered Radium, she said in a loud and –I’m sure- smiley voice: “That’s an EXCELLENT idea. Yes, please!”

As I see it, the only companies that push and promote FAX lines -and machines- are the telephone suppliers’ corporations. Aside from those, I honestly believe we should declare FAX machines defunct. If possible, before the end of the year.

If, by any chance you still own one of those relics, please know that:
+ You are wasting not only space, but also electricity, ink and paper; and damaging the environment.
+ If you have a scanner (67% chance), and your recipient has an email address (90%+ chance), you can kiss your F@# machine goodbye.
+ If you count on a MFP printer (most big copiers are or can be), you can kiss your F@# machine goodbye.
+ Some of these MFPs come with software that allows you to see the documents before deleting, storing, or printing them. You can kiss your F@# machine goodbye.
+ If you have a server with a modem, the server can act as a FAX recipient and also send, and the electronic documents can be managed easily: delete SPAM, keep the good ones in organized folders, etc. In brief, you can kiss your F@# machine goodbye.
+ There are many Internet-based companies that provide a FAX-to-Email service (and vice versa, if definitely unavoidable). Some are very affordable for low volumes of such documents. There are many options and plans and you can pay on-demand or a subscription fee; such prices will save you money by substituting that aged machine and the power and telephone line associated to it. So, you can kiss your F@# machine goodbye.

Think about this the next time the word FAX appears in your horizon. It would be lovely to see the Wikipedia definition of FAX as “A fax (short for facsimile) was a document sent over a telephone line. Fax machines existed, in various forms, since the 19th century and until the end of 2010, though modern fax machines became feasible only in the mid-1970s as the sophistication increased and cost of the three underlying technologies dropped…”

Believe me, you can kiss your F@# machine goodbye.