Cyber Hygiene. You are no doubt wondering what it is I mean by “cyber hygiene” – The Collins Online Dictionary notes: “Cyber hygiene refers to steps that computer users can take to improve their cybersecurity and better protect themselves online.”
Practice good cyber hygiene with devices:
Let us start with your device (PC, laptop, smartphone, tablet, etc.). For any device which you accepts a digital memory device be it an external hard drive, USB stick, smart-card memory chip, or compact disc, disable the auto-run feature for your device. Why? With auto-run enabled, any executable file (read malware / virus program ) will automatically begin running, and your device will become infected. What you want to do is have your anti-virus software program inspect the external data source BEFORE you allow it to run an executable file so as to detect and neutralize any virus. (See NCSAM Tip #2: Keep your security software current)
You might be thinking, well I only use new digital memory devices – Which is what IBM thought in 2010 when they handed out USB sticks to delegates attending the Australia CERT (Computer Emergency Response Team) security conference which contained malware. (Read the letter IBM sent to the delegates of the AusCERT where they used devices which came infected from the manufacturer).
How often do we receive a CD or a USB from friends or family with something of interest. If you simply drop the CD into the drive or stick the USB stick into the slot and run, you are entrusting the security of the device to the security protocols used by that friend or family member. Like pureness of Ivory Soap, 99.44% of the time there is nothing there, but why take the chance?
Practice good cyber hygiene with your email:
Phishing is sport fishing to the criminal
Your willingness to click on a link in your email is what every criminal who originates an email is counting on. The costs to generate an email campaign is infanticidal, and the return if only .003% of the millions who receive the email click on the link within covers the cost and more. You see, your infected device can provide the criminal with your personal information and online interactions – say for example your tax returns stored on your computer (your name, identity number (SSN in the US), address, employer, date of birth) has all the information necessary for someone to pose as you and leverage your good credit – this is called Identity Theft (IDTheft). Your device could also be used as part of a greater network of devices, called a “BOT Net” – in this way the computer can be used to obfuscate the point of origin of the criminal (think of it as someone far away originating their efforts as if they were sitting at your computer as they have established control of your device), when law enforcement traces the criminal activity back to the point of origin, the trail stops with you.
So when you receive that email that says – Look what they are saying about you! Don’t go clicking that link. Similarly, always look at the header data of the email (the name on the email may have that of a trusted person and the email address, but the point of origin is in a far away local or domain and just doesn’t add up. You can always reach out to your family members and ask, Did you just send me a link?
Practice good cyber hygiene and enjoy being connected.