Saturday, May 2, 2015

Preventing and Responding to Identity Theft

According www.us-cert.gov/ncas/tips/ST05-019, you can be a victim of identity theft even if you never use a computer. Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers, and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving), or picking up a receipt at a restaurant that has your account number on it. If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts, or apply for loans.
The internet has made it easier for thieves to obtain personal and financial data. Most companies and other institutions store information about their clients in databases; if a thief can access that database, he or she can obtain information about many people at once rather than focus on one person at a time. The internet has also made it easier for thieves to sell or trade the information, making it more difficult for law enforcement to identify and apprehend the criminals.

How are victims of online identity theft chosen?
Identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. Thieves may target customers of certain companies for a variety of reasons; for example, a company database is easily accessible, the demographics of the customers are appealing, or there is a market for specific information. If your information is stored in a database that is compromised, you may become a victim of identity theft.

These are few ways to minimize your risk:

Always do businesses with reputable companies:  before providing any personal or financial information, make sure that you are interacting with a reputable, established company. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information

Take advantage of security features - Passwords and other security features add layers of protection if used appropriately.

Check privacy policies: Take precautions when providing information, and make sure to check published privacy policies to see how a company will use or distribute your information. Many companies allow customers to request that their information not be shared with other companies; you should be able to locate the details in your account literature or by contacting the company directly.

Be careful what information you publicize: attackers may be able to piece together information from a variety of sources. Avoid posting personal data in public forums.

Use and maintain anti-virus software and a firewall: protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall Make sure to keep your virus definitions up to date.
Be aware of your account activity: pay attention to your statements, and check your credit report yearly. You are entitled to a free copy of your credit report from each of the main credit reporting companies once every twelve months.

Note:
Individuals, be very careful in the way you intend to disposed your personal information and dropping your personal data. There might be dumpster divers in places just waiting for the opportunity to arrive.

Use the hints that are given above to help protect your data and be safe from identity theft.


Undertsanding fake Virus

What is Fake Virus?
Fake virus is malicious software designed to steal information from unsuspecting users by legitimate security software. The malware makes numerous system modifications making it extremely difficult to terminate unauthorized activities and remove the program. It also causes realistic, interactive security warnings to be displayed to the computer user.

How can computer become infected with fake antivirus?
Criminals distribute this type of malware using search engines, emails, social networking sites, internet advertisements and other malware.

How users will know their computer gets infected:
The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

Steps to protect yourself
•           Be cautious when visiting web links or opening attachments from unknown    senders.
•           Keep software patched and updated.
•           To purchase or renew software subscriptions, visit the vendor sites directly.
•           Monitor your credit cards for unauthorized activity.






Saturday, April 25, 2015

Types of cyber attacks

Types of Cyber Attacks
There are many methods of Cyber Attacks from malware injection to phishing to social engineering to internal stealing of data. Other advanced but common forms are DDoS Attacks, Brute Force attacks, hacking, holding a computer system (or a website) for ransom using direct hack or ransom ware.

Some of them have been listed below:

·        Gaining, or attempting to gain, unauthorized access to a computer system or its data.
·        Disruption or denial of service attacks (DDoS)
·        Hacking a website or mal-facing the site
·        Virus or malware installation
·        Unauthorized use of a computer for processing of data

·        The inappropriate use of computers or applications by employees of a company, the way it is use my cause severe harms to the company.

Cyber Attacks Response

Cyber Attacks Response
Cyber attacks can be essential information for users, businesses and other institutions that has an attack. The same applied to any field of IT, when it comes to protection against cyber attacks. Furthermore, assuming that your computer or website were attacked, after taking all the precautions they are some response you can take as follows:

• Did the attack really happen or is someone calling in to play a prank.
• If you still have access to your data, back it up.
• If you cannot access your data, and the hacker is demanding ransom, you may want to consider approaching the legal authorities.
• Negotiate with the hacker and regain the data.
• In case of social engineering and employees misusing their privileges, checks should be conducted to determine if the employee was innocent or acted deliberately.
• In the case of DDOS attacks, the load should be mitigated to other servers, so that the website comes back online as soon as possible. You may rent out servers for a while so that costs are minimal.
http://www.thewindowsclub.com/cyber-attacks-definition-types-prevention



Saturday, April 18, 2015

Careers in Cyber Security


  • Candidates who are willing and have an interest in cyber security should have the knowledge and required skills to respond quickly to threats as soon as they are detected.
  • They should be able to poses a set of technical abilities to perform a lot of activities and remain extremely collaborative.

Here are a few jobs that is available with the Cyber Security field:

  • Computer Crime Investigator: is a professional that investigates a number of crimes and recovering file systems on computers that has been hacked or damaged.
  • Security Analyst: is a finance professional who is responsible for maintaining the security and         integrity of data. 
  • Security Consultant: is a professional or adviser to give advice in any number of security                   specialization.
  • Security Architect: is a professional who is responsible for maintaining the security of a company's computer system.
  • Network Security Engineer: is a professional who implement, maintain and integrate the WAN (Wide Area Network), LAN( Local Area Network) and server architecture. 

Cyber Security, Advantages and Disadvantages

Cyber security refers to a range of concepts including the practice protecting an organization's information, networks, computer, and resources against attacks from security and computer attacks.

Advantages of Cyber Security:

  • Improved security of cyberspace.
  • Increase in cyber defense.
  • Increase in cyber speed.
  • Protecting company data and information.
  • Protects systems and computers against virus, worms, Malware and Spyware etc.
  • Protects individual private information.
  • Protects networks and resources.
  • Fight against computer hackers and identity theft.
Disadvantages of Cyber Security:

  • It will be costly for average users.
  • Firewalls can be difficult to configure correctly
  • Need to keep updating the new software in order to keep security up to date.
  • Make system slower than before.

Saturday, April 11, 2015

Computer Based Training to Reinforce Security Protocols in the Workplace

According to http://www.knowledgeanywhere.com/blog/news-and-events/post/use-computer-based-training-to-reinforce-security-protocols-in-the-workplace, these are some outline on basic computer based training security protocols in the workplace;

Attracting viruses and other nasty malicious bugs is a real concern for every business. Therefore, cyber security is an important part of workplace practices. All employees need to learn and actively practice cyber security measures. Computer based training is a good way for companies to help employees learn safe practices.

Workplace Policy for Acceptable Computer Usage

All workplaces need to have a clear and precise protocol that outlines what is acceptable use of computers. Each company will have different expectations, as will different divisions within companies. These need to be constantly reviewed as workplace roles, conditions and expectations change to suit the needs of business.
Security protocols must be written in a way that is easy to understand. The document must also clearly show how to report incidents of abuse, how an employee can seek help with areas of concern, and clearly outline the consequences of abuse. If the protocol is new to the workplace, all staff members need to know the terms.

Educating Employees

New employee orientation programs must discuss the workplace's policy for safe computer use. It is not something to shove in a package and send home with people to read at their own leisure. Existing employees need initial training, plus ongoing training to ensure the information remains fresh in their minds.

Whole Staff Training

If cyber safety issues have not been addressed thoroughly, compulsory sessions for staff members are in order. Research has shown that the most successful outcomes result from small sessions. Ideally, computer based training, presented in a small virtual classroom, delivers initial training.
These sessions should address cyber security in employee's own homes first. This creates relevancy for the importance of cyber security in a way that addressing workplace security simply can't do. Then transition the skills to the workplace using eCourses or additional virtual training sessions. By highlighting the risks and costs to the company, employees find the information more relevant.

Computer Based Training and Cyber Security

Once employees are aware of better cyber security practices, using a learning management system to deliver quizzes to staff members is a good way to check employee knowledge of the issue. For example, having employees answer a Tip of the Day, or a Daily Quiz on computer security makes people more mindful of how they use the computer.
Keeping track of the responses is valuable for the IT security department too. They can be used to follow up with employees needing additional training and when used as part of performance reviews, they can reinforce accountability among employees.