Cyber Security Insider Secrets – Page 7 – Protect Your Info

Daily Tip 08 – Fake Security (Part 2)

Banks and other sites like to ask you “security questions” to verify your identity when you log in. You must provide the same answer as you did when you registered your account or when you last updated your security questions. That’s supposed to verify that the person attempting to log in is really you.

As we discussed yesterday, the security solutions often relied upon to protect us often fail to do their job. That is the case with these security questions. They may keep out an amateur. But a skilled account cracker can probably still get in. And, if you don’t remember your answers, you might not be able to get into your account yourself.

There are ways to improve upon the way these questions work, to make them more effective. We talk about that in today’s extended tip.

The most important part of today’s “tip” is that ALL solutions have flaws.

We should not trust solutions to keep us safe. They can be effective as part of the solution. But if we rely on them and then believe we are now safe, we’re wrong.

Apply Good Solutions, But Remain Vigilant!

Daily Tip 07 – Fake Security (Part 1)

We are told to follow certain rules, to do certain things. If we do those things, it will keep us secure.

Did anybody check to see if those rules really make sense?

Are they actually working?

Often the rules are a good starting place. But we assume that, if we follow them, everything is good.

But it isn’t always so.

Today’s post is about getting us to ask questions:
Are the steps we are taking working?
Should we be doing more?
Should we be doing something else instead?

There are a lot of good ideas out there. And a lot of them are worth paying attention to.

But someone needs to make sure we are not just DOING THINGS, but that we are doing THE RIGHT THINGS.

What about your Social Security Number. How safe is that? Is it being kept safe? By You? By Others? Maybe we need to rethink how we use it.

Daily Tip 06 – Curiosity Killed the Cat

The Internet is great. But, just like in a big city full of wonderful things to do, there are people who will take advantage of you. They will turn your innate curiosity, your desire to be helpful, and other good traits against you.

They prey on your fear and cause you to worry.

All this is intended to manipulate you. If they are successful, they get your money, information, and anything else they can.

They are good. Are you able to withstand them?

Daily Tip 05 – Hooked

Phishing is the attempt to trick you into taking an action that will give the attacker access to your information or resources.

This used to be done by sending out a mass e-mail to as many people as possible. Some people would end up opening it. Today, that kind of thing still happens. You’ve probably received e-mails that say your bank account, or your e-mail, has been suspended due to a problem with the account. Or perhaps it is about a problem with a FedEx delivery. You are instructed to click on a button or link to resolve the problem. If you do, the bad guy has “hooked” you.

But a great deal of today’s phishing is much more sophisticated The person sending the e-mail has done their research and sends a very specifically-crafted and well-targeted e-mail to just one or to a very few people. It is so well done that it looks legitimate and is appropriate to the circumstances in the recipient’s life or work. The recipient may never suspect that it is malicious and that it can compromise their computer. Or, they may discover it, too late, after the “dastly deed” has been done.

Even a well-informed and cautious person can find it difficult to determine whether these well-designed phishing attempts are legitimate e-mails or are actually phishing attempts. But the first step toward not becoming a victim is to be aware of how sophisticated some of them are. That awareness might just give you the chance to question and then attempt to validate the e-mail before becoming “hooked.”

Daily Tip 04 – Battery Power & Lightning Power

Get a surge protector. Better yet, get a UPS (Uninterruptible Power Supply), sometimes known as a battery backup unit. It will protect your computer and may keep your data from becoming badly damaged if there is a power failure. It doesn’t hurt to connect your other sensitive electronic devices to these either. Just don’t overload them.

Daily Tip 03 – Don’t Be Seduced by “The Cloud”

Graphic Image of Cloud

Companies talk about “The Cloud” as if it is the ultimate solution. You get the idea that, if you’re not using “The Cloud,” you’re back in the last millennium.

Don’t be fooled. Going to the cloud could bring some benefits but also creates some risks.

You should evaluate the business on the same terms as any other business, but also consider the added risks.

Daily Tip 02 – E-mail Not Safe??

E-mail is not a secure method of sending information.

Do not send sensitive information by e-mail.

Daily Tip 01 – When Files Go Missing

Welcome to Day 1 of my Daily Tips for National Cyber Security Awareness Month.

TODAY’S TIP

If your data disappears, there is a good chance you can get it back. But your next action might make it disappear forever.

Don’t do anything else until you have a GOOD plan in place on how to proceed. If your data or your files are important, the most important thing is not to do anything that might damage the possibility of getting them back.

A plan on how to respond to lost data can be found HERE

BIG ANNOUNCEMENT

The countdown timer has reached ZERO and has been removed, but the announcement is still valid all month.

What Is This Site About?

Why Are We Called “Cyber Security Insider Secrets”?

The name Cyber Security Insider Secrets may cause you to think I’m going to get really technical. I’m not. In fact, I’m going to avoid being technical as much as possible.

I will be focusing on what is important for you to know. The purpose is not to share esoteric information that doesn’t really make a difference to you. But there is too much information that you need to know that the “insiders” know but the public doesn’t.

What are these “Secrets”?

These are not secrets because nobody is allowed to discuss them. They’re not secrets because they are hard to understand. Mostly, they are secrets because no one is communicating them to the general public. Or, if they are being communicated, they may not be talked about in a way that the public can easily understand them or can put them to use.

There are also a number of common beliefs about security that are only partially true. And there are some myths. These are held by many technical people and are also communicated to the general public. Over time, I will be shedding some light on these misunderstandings and shattering some myths.

Why “Insider”?

Some of this important information is largely limited to those who 1) have extensive training and experience in security and 2) who also have a mindset about security that is largely lacking in the larger technology community. That mindset normally comes from involvement in a community with a specialization in security, usually limited to those who are involved in the management of security for large companies (I include those addressing security for the public sector and/or government).

Having that mindset simplifies security questions and can help you sleep better even though you just heard about the latest security scare on the news. This mindset is part of what I will teach.

A number of the things I will be revealing are not even well-known among those who consider themselves up-to-date on technology. Many of the people who run IT for companies (the ones who set up and fix the computer systems, and provide help for the people who use them) don’t even know some of this stuff. Don’t misunderstand. I consider most of those people competent (although I’ve met far too many that I would consider to fall short of that qualification). That lack of knowledge about these things is largely because they haven’t specialized in security.

I want to emphasize something. It is NOT my goal to turn you into a technology guru. My goal is for you to know the things you need to know to be safe. And I want you to understand some things that will not only help keep you safe but that will enable you to be less anxious the next time you hear about a security problem on the news.

This outcome will not happen overnight. But if you “tune in” regularly, you will find that, in time, you will know more than 95% (probably more than 99%) of the general population. In fact, in many cases, you will probably know more than the IT people do when it comes to keeping yourself and your information safe. And you will be able to do that without having to strain your brain studying. You will be able to do that without becoming a “techie.” At least, that is my goal.

There are some things the technical people will still know that you won’t. Those are the more technical things. Those things are especially important when it comes to keeping a large company safe. But, you can get tremendous protection from the things I intend to teach you, without becoming a technical expert.

(If you wonder why I am qualified to teach this, see the Who? page.)

To summarize and recap:

This site is to bring information to the general public that the public is not getting. It includes information that is often limited to security specialists, not because it has to be but because that information often just doesn’t reach either the public or even the larger technology community. In addition, this site will bring some information to the public that they have heard before, but will expand upon that information to make it more usable. It does no good to say “do this” if the person getting that message has no idea how to do it. Or if they don’t know when to do it or why.

This information will be focused on how to keep you and your information safe.

I will attempt to do all this in a way that can be understood by a non-technical person and in a way that enables the recipient to make decisions and to understand security. The focus will be on what is necessary to be safe in today’s environment.