The threat of online security: How safe is our data?
Just about anyone that gets online is at risk. Online security threats are one of the biggest challenges on the Internet today. The problem is that the people that want to attack your computer and the computers of the people that you know don't create difficult methods to create problems instead they focus on common failures that will give them access. When those that get on the Internet know how these attacks take place, these attacks can be lessened and even prevented in most cases.
The best thing you can do if you get on the Internet at all is to use security software and hardware such as firewalls and authentication servers, as this is the most effective way to protect your computer and your personal information.
The problem is that every day there are new viruses and security threats that are launched all over the Internet, which means you need programs that can be updated continuously and don't just target one specific type of problem.
It is best if you choose hardware and software that will update itself each time you are on the Internet, without you having to remember. It's also very important that you choose your passwords carefully, so that those that might want access to your information won't be able to guess as to what password you might use.
Some of the online security threats are:
1. Computer virusesThe most common form of malicious code is a computer virus, a program or a fragment of code that replicates by attaching copies of itself to other programs.
There are four main classes of viruses:
(a) The first class consists of file infectors, which imbed themselves into ordinary executable files and attach to other system executables when the file is run.
(b) The second category is system or boot-record infectors, which infect the first sector on a driver from which the operating system is booted-up. These viruses are not as prevalent now that floppy disks are less frequently used.
(c) The third group of viruses is called macro viruses, which infect data files that include scripting "macros."
(d) Finally, viruses that use more than one attack method are called multi-part viruses.
For example, the May 2000 "I LOVE YOU" virus was even simpler a small piece of code attached to electronic mail. Double-clicking on the executable caused it to send an e-mail to everyone in an address book, subsequently damaging victims' machines. Fast-spreading viruses like "I LOVE YOU" cause e-mail servers to overload and businesses to shut down email correspondence. For example, in one day, the "I LOVE YOU" virus caused over $100 million in United States damages and over $1 billion in worldwide losses.
2. Denial of Service Attacks (DOS) DOS is another form of malicious code, are carefully crafted and executed. DOS attacks are not new, yet they are growing in sophistication. Traditional DOS attacks usually involve one computer attacking another, but the use of multiple computers in a highly organized attack is becoming increasingly common. Such attacks, known as Distributed Denial of Service attacks (DDOS), were witnessed in a number of large corporate computer shutdowns in 2000. Understanding the technical components of a DDOS attack is important, since these attacks precisely reveal the vulnerabilities inherent to the Internet. A DDOS attack functions by overwhelming a server with a deluge of messages that appear to be normal.
3. Online fraudIt is a broad term covering Internet transactions that involve falsified information. Some of the most common forms of online fraud are the sale via Internet of counterfeit documents, such as fake IDs, diplomas, and recommendation letters sold as credentials; offers of easy money, such as work at-home offers that claim to earn individuals thousands of dollars for trivial tasks; prank calls, in which dial-up connections lead to expensive long distance charges; and charity facades, where donations are solicited for phony causes.
4. PhishingIt is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers.
5. WormsA computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
6. Trojan horseThe Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
7. Web servers and services
Many default HTTP web servers expose visitors every time they log on to these websites. You should be sure that you have the patches available that have been released over the last few years and that your computer isn't utilizing a default configuration.
8. Spyware attacksSpyware attacks are something that we are probably all familiar with, as they are the most common online security threat faced by Internet users. Spyware is simply a computer program that is designed to steal information from your computer without your knowledge. The software will typically be installed on your computer without you even knowing it, and then it will send your personal information such as documents, passwords, credit card numbers, bank accounts, and many others to another source. Common spyware includes Trojan horses, key loggers, dialers, and adware programs.
Online threats are very real, but if you know how you become vulnerable, you will be able to better protect yourself. You should be able to get online without constantly worrying.
Below are some of the tips for keeping the company data safe:
1. Encrypt it
It's one of the most overlooked-and easily fixable-precautions that a small business can take.
2. Back it up
When data goes missing, it is often the only copy. Not only has the information potentially fallen into the wrong hands, but it's probably also lost forever. Make sure to back up all important files onto the company servers before leaving town. If those servers are in turn backed up to an e-vaulting provider, it may be possible to restore your files directly from the provider to your hastily-purchased replacement."
3. Travel smart with your technology
A few simple precautions can prevent data loss, that is never leave your laptop unattended. Don't leave it in the car, in the conference room, or in the workspace you're using at a client's office unless it is locked.
4. Do not work from an unsecured computer
Many hotels and conference centers offer courtesy PCs to guests so they can access e-mail while they're away. The single most important tip for securing road warrior information is to minimize work done on a local computer. The better way will be directly connect to a remote server for document and data management, preferable from your own PC or PDA. Many of these public computers are infected with spyware that monitors and records your keystrokes. It is important to not be lulled into a false sense of security.
5. Use a password
Believe it or not, many mobile devices lack even the most basic password-protection. Passwords are among the simplest and most reliable form of data protection available. There are four basic password rules. First, make sure your password is at least eight characters. Second, include at least one number, one capital letter and one special character, such as "#" (but don't use numbers instead of letters, such as m0us3, since password crackers check for these). Third, never use a word that can be found in a dictionary, thereby preventing a "dictionary attack." And finally, resist the urge to use personal information such as your birthday because this information can be found out.
6. Get on a stick
Instead of carrying your company's sensitive data on a PC or PDA, keep it on a memory stick or portable hard drive. It doesn't matter if your laptop is stolen or damaged, your data will be fine as long as you have the USB memory device. As a bonus, many of these devices allow you to encrypt the information on them, so even if they are lost, they're useless.
1. Encrypt it
It's one of the most overlooked-and easily fixable-precautions that a small business can take.
2. Back it up
When data goes missing, it is often the only copy. Not only has the information potentially fallen into the wrong hands, but it's probably also lost forever. Make sure to back up all important files onto the company servers before leaving town. If those servers are in turn backed up to an e-vaulting provider, it may be possible to restore your files directly from the provider to your hastily-purchased replacement."
3. Travel smart with your technology
A few simple precautions can prevent data loss, that is never leave your laptop unattended. Don't leave it in the car, in the conference room, or in the workspace you're using at a client's office unless it is locked.
4. Do not work from an unsecured computer
Many hotels and conference centers offer courtesy PCs to guests so they can access e-mail while they're away. The single most important tip for securing road warrior information is to minimize work done on a local computer. The better way will be directly connect to a remote server for document and data management, preferable from your own PC or PDA. Many of these public computers are infected with spyware that monitors and records your keystrokes. It is important to not be lulled into a false sense of security.
5. Use a password
Believe it or not, many mobile devices lack even the most basic password-protection. Passwords are among the simplest and most reliable form of data protection available. There are four basic password rules. First, make sure your password is at least eight characters. Second, include at least one number, one capital letter and one special character, such as "#" (but don't use numbers instead of letters, such as m0us3, since password crackers check for these). Third, never use a word that can be found in a dictionary, thereby preventing a "dictionary attack." And finally, resist the urge to use personal information such as your birthday because this information can be found out.
6. Get on a stick
Instead of carrying your company's sensitive data on a PC or PDA, keep it on a memory stick or portable hard drive. It doesn't matter if your laptop is stolen or damaged, your data will be fine as long as you have the USB memory device. As a bonus, many of these devices allow you to encrypt the information on them, so even if they are lost, they're useless.
7. Get a security policy and stick to it
Having an ironclad policy about how to treat company laptops will take you a long way in keeping your data safe. Such a policy should be comprehensive. It should address what to do with a laptop, anytime and anywhere, regardless if the laptop is on, off or even online. A server that is deployed on the enterprise premise should terminate secure tunnels and manage user credentials, patch management and security policies.
Having an ironclad policy about how to treat company laptops will take you a long way in keeping your data safe. Such a policy should be comprehensive. It should address what to do with a laptop, anytime and anywhere, regardless if the laptop is on, off or even online. A server that is deployed on the enterprise premise should terminate secure tunnels and manage user credentials, patch management and security policies.
8. Inoculate your laptops before releasing them into the wild
There is a lot of bad stuff out there. Make sure your employees' mobile computing devices are protected. Be sure your laptop is equipped with the right blend of IT security: anti-spam, anti-spyware, a Virtual Private Network and a personal firewall because hackers use a variety of tactics to defeat security.
There is a lot of bad stuff out there. Make sure your employees' mobile computing devices are protected. Be sure your laptop is equipped with the right blend of IT security: anti-spam, anti-spyware, a Virtual Private Network and a personal firewall because hackers use a variety of tactics to defeat security.
9. Educate your employees
If your people do not know what is out there, how can they take the necessary precautions? Mobile users should be aware of every site they visit and every communication they open on their mobile devices. Unsolicited communications, no matter how inviting, can contain threats to the mobile device. People should only open communications from known sources and limit mobile Internet browsing to trusted sites.
10. Don't be stupid
People display highly sensitive data, like company secrets and even information that could facilitate identity thefts, on their laptops. They do not bother to install an inexpensive polarizing overlay that could avoid shoulder-surfing. In other words, if your case says "IBM" or "HP" or "DELL" or even a well-known manufacturer of computer bags, you have increased your radar profile for thieves. There are lots of less noticeable bags out there that can help you avoid being the next victim.
11. Consider data-level security precautions
These add yet another layer of security to your documents, protecting them from would-be thieves. There are cost-effective security solutions on the market that are easily integrated with Microsoft products like Exchange, SharePoint and the Office suite. They provide a simple way for small businesses to benefit from these solutions without radically changing existing IT policies and procedures."
12. Do not leave well enough alone
If you're really concerned with security, these precautions just represent a good start. Experts say you should always be working to improve your safeguards, even as the bad guys try to crack your defenses. You have to control who can access your data. For companies that are serious about security, a user ID and password are not good enough. There should be some form of two-factor authentication, like a Smart Card, USB token or SoftCerts. But do not rely solely on passwords. Keeping your data safe while you're out of the office is an ongoing challenge.
Besides that, another way for company to secure customer information is outsourcing security service. But company has to be careful not to outsource privacy completely, or to rely too much on the consultant to make important decisions. Turn to outside help for direction, but always remain of its own programme.
Company should also limit the connectivity for example, limit downloads. Do not simply download software that you have never heard of, instead stick with the names that you know. You should also take care to scan all files before they are downloaded.
The employees of the company use only authorized media for loading data and software.
On the other hand, enforce the mandatory access controls. The employees of the company should always remember to scan their computer with Anti-virus. Delete all the cookies in the computer to prevent track on the history or password and on the firewall to prevent hackers.
In conclusion, with a few precautions and by taking a long view on mobile security, you can make sure the company’s valuable information does not fall into the wrong hands.
Related Links:
Subscribe to:
Post Comments (Atom)
3 comments:
There are too many threats and sometimes we cant even detect and prevent them. There is no a perfect way to solve this online threats.
yes, I agree with you. What we can do is try our best to prevent those threats. So that it would be a seriuos harm to us.
There are lot of online security threats. Sometimes, we people are not able to detects from where threat is attacking our system. We must perform our best precaution what we can. This is the only way else there is still no permanent solution for threats.
Post a Comment