Tag: web security

Safeguard Your “Digital Hygiene”

Safeguard Your “Digital Hygiene” by Rich Barlow.  Available from <https://www.bu.edu/today/2016/personal-information-security/>. [10.03.2016] Photo Courtesy of iStock

October is National Cyber Security Awareness Month, which the University is observing, appropriately enough, by increasing your security.

BU’s Information Services & Technology has erected a so-called perimeter firewall, a monitor programmed to block unauthorized access to the campus data network. (Find more information here.) Your devices and data fall under this cyber-shield whenever you connect to the network, although it can’t protect you if unauthorized parties gain your password or access to your online accounts. That’s where personal “digital hygiene” comes in.

You—most of you, anyway—wouldn’t go through a day without showering, brushing you teeth, or washing your hands. Eric Jacobsen (CAS’93, MET’03), director of information security, predicts future generations will be as vigilant about digital hygiene, which he says is “understanding the things you need to make habits to take care of yourself and your identity. It includes protecting your online presence and your internet-connected devices through good security practices, and managing the information you share about yourself.”

BU can help, not just through techie measures like the firewall, but with retro strategies such as paper shredding and throwing away old computer equipment. This week, the University will run its sixth annual program of shredding personal documents and destroying unwanted hard drives. Students, faculty, and staff may bring their disposable documents and hard drives to three sessions: tomorrow, Tuesday, October 4, from 9 a.m. to noon, in the parking lot behind Agganis Arena; Wednesday, October 5, from 10 a.m. to 1 p.m., in front of the Talbot Building, 715 Albany St., on the Medical Campus; and Thursday, October 6, from 9 a.m. to noon, in the Granby Street parking lot on the Charles River Campus east.

Jacobsen offers these additional tips for keeping personal information safe:

  • Frequent updates of your system and applications are a good idea. Automatic updates on your devices can help with this. “Most security patches are released in response to publicly known vulnerabilities,” Jacobsen says, “and until you apply that patch, your devices are at risk.”
  • Never, never, never give out your password. “Passwords are the first and often the last line of defense for your personal information,” he says, and no one should be asking for them. If you get an email asking you to email back your password, think one thing: Scam.
  • Putting a PIN or password on mobile devices, like phones and tablets, ensures that their data will be protected if you lose them. “Even the federal government with all its resources has trouble accessing devices that are protected by a simple code,” Jacobsen says.
  • “Encrypt the data on your laptop,” he stresses. “Apple and Microsoft have provided ways to enable encryption from within the operating system. Make sure you follow their instructions on saving the configuration or key to a USB device and keep that somewhere safe, but separate from your laptop.”
  • Vary your passwords with different internet sites. Using the same password everywhere means that if it’s compromised on one site, all your sites and personal information are jeopardized. At the very least, Jacobsen says, “you should use a unique password for the University to protect your student data; a unique password for anything financial, like your bank; and a different password for your social media sites.”
  • “Remember that every piece of information you put in social media sites may be seen by anyone. Make sure the information you share in these forums is something you’re prepared to share with the world and for all time,” he says. People who have failed to heed this advice have, on occasion, lost their jobs.

Most of any individual’s information on the internet, whether it’s social media or banking, is protected by one thing: a password. People who would like access to your data are well aware of this and will attempt to trick you into giving them your password. The most common form of this attack is “phishing”: the person who wants your password will email you and ask you for it. This works a lot more often than most people realize, and some of the ways they ask for your password are clever. The easiest to spot is the email that simply asks you to email the password back. More creative attacks will try to convince you to go to a website and log in, except that site you are logging in to is not the one you are expecting. It’s advisable to be skeptical of links within email sent from sources you don’t know that take you to a page requiring you to log in.

Safeguard Your “Digital Hygiene” by Rich Barlow.  Available from <https://www.bu.edu/today/2016/personal-information-security/>. [10.03.2016] Photo Courtesy of iStock

How to Protect Yourself After the Yahoo Attack

How to Protect Yourself After the Yahoo Attack by The New York Times.  Available from <http://www.nytimes.com/interactive/2016/technology/personaltech/what-to-do-if-hacked.html?_r=1> [UPDATED September 23, 2016]

Yahoo said on Thursday that hackers in 2014 stole the account information of at least 500 million users, including names, email addresses, telephone numbers, birth dates, passwords and, in some cases, security questions.

Even if you might not have used a Yahoo account for years, security experts say the incident could have far-reaching consequences for users beyond Yahoo’s services.

Here are some answers to frequently asked questions about how you can protect yourself.

How do I know if my personal information was stolen?

Assume it was.

Yahoo said it had begun notifying potentially affected users, but its breach was huge, and similar attacks and smallerthefts happen all the time.

Should I change my password?

The first step, as always, is to change passwords for sites that contain sensitive information like financial, health or credit card data. Do not use the same password across multiple sites.

Changing Yahoo passwords will be just the start for many of you. Comb through other services — especially those for which you provided a Yahoo email address to create an account — to make sure passwords used on those sites aren’t too similar to what you were using on Yahoo.

And if they weren’t doing so already, they’ll have to treat everything they receive online with an abundance of suspicion, in case hackers are trying to trick them out of even more information.

How do I create stronger passwords?

Try a password manager like 1Password or LastPass.
These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.

If you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.

Examples:

  • My favorite number is Green4782#
  • The cat ate the CoTTon candy 224%
  • Or, if you’re extra paranoid, consider mimicking this setup:

Jeremiah Grossman, a web security expert, memorizes only a few passwords, including one to unlock his computer, and another to unlock an encrypted USB drive containing a file with a list of all his passwords for dozens of services. None of his passwords are memorable because they are random.

“I select them quite literally by banging on the keyboard a few times like a monkey,” Mr. Grossman said, adding that his setup is “a bit more paranoid” than that of the average person.

Create the strongest passwords for the sites that contain the most sensitive information and do not reuse them anywhere.
Are passwords enough?
Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.

Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.

How can I stop my information from being stolen in the first place?

Increasingly, you cannot. Regularly monitoring your financial records can help minimize the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it. Consumers can slow down hackers and identity thieves, but corporate computer security and law enforcement are the biggest deterrents.

What if you have changed your password after the breach happened but before it was disclosed?

The Yahoo attack happened two years ago but was disclosed only this week. Even if you changed your passwords recently for other websites, chances are at least some of them are similar to the password linked to your Yahoo account two years ago.

To play it safe, you should change your passwords, starting with your most sensitive accounts, including your online banking account.

Forget about security questions

Sites will often use security questions like “What was the name of your first school?” or “What is your mother’s maiden name?” to recover a user’s account if the password is forgotten.

These questions are problematic because the internet has made public record searches a snap and the answers are usually easy to guess.

In a recent study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user’s answer to the question, “What is your favorite food?” (It was pizza.)

With 10 tries, an attacker would have a 39 percent chance of guessing a Korean-speaking user’s answer to the question, “What is your city of birth?” and a 43 percent chance of guessing the favorite food.

Jonathan Zdziarski, a computer forensics expert, said he often answered these questions with an alternate password. If a site offers only multiple choice answers, or requires only short passwords, he will not use it.

“You can tell a lot about the security of a site just by looking at the questions they’ll ask you,” he said.

Photo:  By Yahoo! Inc. [Public domain], via Wikimedia Commons

How to Protect Yourself After the Yahoo Attack by The New York Times.  Available from <http://www.nytimes.com/interactive/2016/technology/personaltech/what-to-do-if-hacked.html?_r=1> [UPDATED September 23, 2016]

Six tips for staying safe online

Six tips for staying safe online Article By: Megan Ellis.  Available from <http://technology.iafrica.com/features/1036155.html>[Mon, 19 Sep 2016 11:48 AM]

More and more people are falling victim to cybercrimes, from downloading malware to falling for phishing scams.

We spoke to Kaspersky Lab Africa’s MD Riaan Badenhorst to find out how users can stay safe online.

Here are six tips for staying safe online.

Encrypt your sensitive information

“If your smart device or computer contains data encryption features, make sure you use them to minimise the chances of your personal information from being lost or stolen,” Badenhorst says.

This can apply to anything from confidential files to pictures you wouldn’t want to show up online.

Various operating systems have some way of encrypting files and a quick internet search can point you in the right direction.

Don’t use unreliable apps

Messenger apps are considered by users to be the most unreliable communication tools, according to Kaspersky Lab research.

However, it’s pretty difficult to avoid using these apps in today’s online world.

Badenhorst suggests only using apps you know that you can trust.

“It is also important that users are careful when choosing online tools for personal communication, and only use a device reliably protected by a password and an Internet security solution,” he says.

Whatsapp this year announced that it had encrypted user messages, meaning that your information is pretty safe. However there are a few unreliable apps out there.

Install an Internet Security app

Badenhorst suggests using internet security apps and programs to protect your devices. There are a variety of options out there with varying levels of security.

Of course, he touts Kaspersky Internet Security for Android as a good option.

“It can help protect your privacy, and safeguard personal data, even if your device is lost or stolen. It also has a function that allows you to protect and track all the data saved on your smartphone – so that it is easily traceable and well protected,” he says.

Create a strong password

This must be the oldest advice in the book, but it’s also the most often ignored advice.

Having a strong password is the first line of defence from having your information accessed without permission.

You should also not use the same password for multiple accounts – after all, this is how Facebook’s Mark Zuckerberg got hacked earlier this year.

Don’t open suspicious emails

One of the easiest ways hackers can get your personal information is by using email scams. While most of now know not to trust those Nigerian prince requests for help, there are many variations of scams out there.

“In light of emails that claim that you have won the lottery or a certain amount of money due to a competition, if it’s too good to be true – it probably is,” Badenhorst said.

“Remember to NEVER send your personal information via email to anyone you don’t know (not even banks ask for this information via email).”

Also, do not open files or follow links from senders you don’t know – this can often lead to malware being downloaded to your device.

“In most cases, when handling a spam message, the best course of action is to simply delete the message immediately,” Badenhorst says.

Be cautious while shopping online

Online shopping is one of the great things about the internet – but it also comes with risks.

“At Kaspersky Lab we encourage users to check if the URL onto the address bar is correct. Instead of just clicking a link to take you to your chosen retailer’s website, it’s safer to type the retailer’s URL into the address bar on your web browser. It may take a little more effort, but this simple action can help to prevent you visiting a fake or malicious website,” Badenhorst says.

Also, always check when you have to put in any payment information that the URL starts with “https”. Sites that don’t have a valid security certificate won’t have this, or if their security certificate has expired there will be a red line through the “https” to indicate it is not necessarily secure.

Photo Credit: pexels.com

Six tips for staying safe online Article By: Megan Ellis.  Available from <http://technology.iafrica.com/features/1036155.html>[Mon, 19 Sep 2016 11:48 AM]

5 tips to keep kids safe online this school year

5 tips to keep kids safe online this school year by Sean Wright, For The Tennessean.  Available from <http://www.tennessean.com/story/life/family/2016/09/15/5-tips-keep-kids-safe-online-school-year/90413066/> [12:49 p.m. CDT September 15, 2016]

As kids go back to school — often with laptops, smartphones and tablets in tow — we’re reminded of both the wonderful opportunities technology offers them and of the dangers it presents. From cyberbullying and sexting to pornography, there is a side of connected life that we want to protect our children from. But where should we start?

The good news is that the right technology can both protect kids and teens from these dangers and facilitate healthy lines of communication about internet safety. Here are five tips for finding and using the right kinds of internet safety tools for your family.

1. Find a good content filter. Simply put, content filters block the bad stuff. These software applications prevent access to websites that contain inappropriate content.

Most content filters give parents granular controls over what kinds of content they wish to block, and many contain age-defined filtering levels. Some solutions, such asOpenDNS, even filter content at the network level, giving parents the ability to filter all web traffic in their home network — on a child’s laptop, tablet, phone or even friends’ devices.

2. Consider monitoring software. Monitoring software facilitates conversation between parent and child about online behavior. These applications report online activity to parents, allowing them to approach their children about dangerous or unhealthy online habits.

Covenant Eyes is a monitoring solution with a monthly flat-rate subscription fee for unlimited devices within a family. The subscription also includes a device-level content filter, which allows parents to protect children even when they access the internet outside of a filtered home network.

3. Understand how these tools work together. Content filters are a necessary first line of defense, protecting against the massive amount of pornographic and otherwise objectionable content on the web. But as advanced as content filters have become, they don’t catch everything. This is where monitoring software is helpful. Sometimes, the best filter is another human being — one who has the best interest of the child in mind and can communicate with and educate the child if his or her online activity becomes problematic.

4. Review parental controls on mobile devices. According to the Pew Research Center’s 2015 study on the way teens use technology, nearly 75 percent of teens now have a smartphone or access to one. This means that parents need to adapt internet safety strategies to mobile devices as well as computers.

This can be tricky because, unlike traditional computers, smartphones and tablets provide multiple ways of accessing internet content. For instance, on an iPhone, it’s possible to access Facebook, as well as content from the web that people post in a newsfeed, via the Facebook app, which is separate from the phone’s native Safari browser. This makes content filtering and monitoring difficult because there’s no good way to monitor and filter all apps across the board.

Still, when coupled with administrative settings on the device and healthy parent-child communication about app use, filtering and monitoring solutions can make smartphones and tablets relatively safe for kids and teens to use.

Ultimately, parents will need to decide what further controls, if any, should be imposed. On iOS devices, for instance, parents can block access to social media apps, and can require parental permission for all app downloads.

5. Take a holistic approach. Because of the numerous ways kids and teens access the internet and interact on it, it’s critical to think through a holistic strategy that combines content filtering, monitoring software, parental controls and healthy parent-child conversations. Parents should arm themselves with information on the capabilities of internet safety technologies and match those capabilities to what is best for their children.

Sean Wright is founder and president of Affinity Technology Partners, a managed IT services provider in Brentwood. The company specializes in network management, systems administration and network security for small to mid-sized businesses and non-profits. They also provide home users with family internet safety services, wi-fi speed-up and general technology support.  Learn more atwww.affinitytechpartners.com.

(Photo: Getty Images/iStockphoto)

5 tips to keep kids safe online this school year by Sean Wright, For The Tennessean.  Available from <http://www.tennessean.com/story/life/family/2016/09/15/5-tips-keep-kids-safe-online-school-year/90413066/> [12:49 p.m. CDT September 15, 2016]