The Toronto Star ran an informative article last week about spying on the Internet, particularly using easily accessible tools like Google, blogs and social networking sites. The article delves into cyber-spy rings like Shadows and GhostNets and mentions the upcoming global cyber security summit to be hosted by the University of Toronto this fall. You can see the article on the ERE RSS news feed at www.ere-security.ca .
The article is compelling but the message should not be news to any computer user today. I’m not sure why anybody would be surprised that private information is stolen on the Internet after vast amounts of publicity on Identity Theft and about cyber-fraud.
So the important question is: Are you vulnerable to cyber –spying or to identity theft?
With regard to cyber-spying, the obvious question is: do you have any sensitive defense or political information worth stealing? If the answer is “no” then we can all assume you are not being targeted by a spy-ring.
With regard to identity theft and cyber-fraud, some important questions about your computer are:
Do you update your anti-virus and anti-malware software daily?
Do you patch your operating system as soon as important security patches are available?
Do you patch your web browser with security patches as soon as they are available?
Do you avoid updating software tools such as Adobe Acrobat until the updates have been proven to not introduce security vulnerabilities?
Do you run a sweep of your computer work station with an anti-virus and anti-malware tool once a week?
Do you run a web site safety evaluation tool?
If the answer is “no” to any of the above, you probably have security weaknesses. If you answer “no” to more than one question, you definitely want to consider improving your security procedures.
What about the answers to these questions about your cyber-behavior:
Do you open emails from sources you do not recognize?
Do you open attachments from friendly sources, without screening the attachment for malware prior to opening?
Do you visit unfamiliar web sites without first validating their safety?
Do you post on blogs or social networking sites any personal information including photographs?
Do you provide your home phone number to strangers?
Do you identify the names of your family members to strangers?
If you answer “yes” to any of these questions, you are probably jeopardizing the security and privacy of information on your workstation. If you answer “yes” to any of the last three questions, you may be putting your family members or yourself in harm’s way.
What about your cyber-housekeeping habits, such as:
Do you regularly change the password to your workstation?
Do you have a strong password for your workstation?
Do you encrypt personal information and passwords?
Do you leave unencrypted personal or sensitive information on external media?
Do you dispose of used disks and computer technology without destroying the media and memory hardware?
Do you dispose of scanner and photocopier technology without destroying the media and memory hardware?
Answering “yes” to any of the above, as you’ve already figured out, is not good for your cyber-health.
So the big question is: Do you want to greatly improve your personal cyber-security? If yes, by now you probably have a few new specific action items to execute.
Have a secure week.
Regards, Ron Lepofsky, B.A. SC. (Mech Eng), CISSP
ERE Information Security Auditors
