Borrego Sun - Since 1949

Last October marked the 10th annual observance of National Cyber Security Awareness Month. National, regional, and local events are held in almost every state throughout the month by government agencies, large and small businesses, universities, and non-profit organizations. Information on events can be found at http://www.staysafeonline.org/ncsam/events. The theme for the month is that cyber security is “our shared responsibility” and everyone needs to do their part to protect their piece of cyber space. While everyone should be aware of cyber threats all year long, the focus for the month is to educate individuals and small-to-medium businesses about how to protect themselves against current and emerging cyber threats.

The fifth annual, San Diego regional event, 'CyberFest 2014 – Securing the Internet of Things,' will be held on October 1st in the Point Loma area, drawing attendees from across the United States and even from other countries. The event is organized and sponsored by Securing Our eCity (SOeC) Foundation and CyberTech. More information is available at http://securingourecity.org/cyberfest2014. You might have heard about the “Internet of Things” on the news – it includes “smart” home appliances (refrigerator, coffee maker, microwave oven, lights, heating/air conditioning, etc.) that are starting to be connected to the Internet so that people can monitor and control them from a smartphone (for example). It also includes medical monitoring devices that may be worn or implanted. This is opening up a whole new area for personal security.

Following the national theme for the month of October, how do you share the responsibility for protecting cyber space, at least your small corner of it? Since most home computers don’t usually have information that cyber criminals might want to take, why should you be concerned about protecting your computer from cyber attacks? One tool that criminals use is called a robot network, or “bot-net,” where they install remote control software on home computers of unsuspecting victims, often thousands at a time. They use the combined computing power of the bot-net to attack larger targets, such as banks, credit card companies, retail merchants, government agencies, and large corporations. Using the bot-net helps the criminals hide their identity and location, because tracing the source of the attack usually does not lead directly to their own computers.

Another reason you should protect your home computer, is to keep your personal information private and prevent criminals from gaining access to your financial or medical information. If you save account login information (user IDs and passwords) on your home computer, then cyber criminals may use information to steal your identity, empty your bank account, max-out your credit cards, and modify your medical records. The first and third articles in this series are related specifically to identity theft, which provide more information on how to protect yourself from that crime.

Depending on how you use your computer and what files you save – most of us keep family photographs, movies, and other personal information – which may not be of value to a cyber criminal, but that does not decrease the possibility of files on your computer being destroyed by some type of malicious software (known as ‘malware’). So, this brings us to some simple steps and behaviors you can use to help protect your little piece of cyber space.

Create user accounts for each person who will be using your computer and have separate passwords for each user account. Change the passwords at least twice a year (or more often). This may seem a bit extreme and annoying, but combined with the other security steps, this adds another layer to your defenses against cyber attacks. Don’t stay “logged in” all the time – when the computer is not in use, at least logout all users and then consider turning the computer off (this also saves on your electricity costs).

Make sure your computer operating system (Windows, Mac, Linux, etc.) is automatically kept updated with the latest security and software patches. Also make sure your add-on software (such as Java, Adobe Flash Player, Macromedia Shockwave, etc.) and your applications (such as the office suite, web browser, photo/graphics programs, etc.) are also kept updated. Use the software settings (or preferences) to enable updates or check the software provider’s website for more information on their updates, especially security patches.

Install and use an anti-malware software suite, which should include anti-SPAM, anti-phishing, anti-spyware, and intrusion detection/prevention, in addition to standard anti-virus. The software should use scanning with known malware signatures in combination with heuristic scanning, which looks for abnormal software behaviors that might indicate unknown malware. Consider using a software firewall, which is now included with most current operating systems or is often part of the anti-malware suite. These software packages should also be set to automatically receive daily updates and patches. These security tools provide additional layers of defense against cyber attacks, and there are several free packages that perform well.

You should use a simple router with a built-in (hardware) firewall between your internet service connection (usually a cable or DSL modem) and your computer(s) and other home network devices. This can be done in tandem with the software firewall for added protection, and offers you the ability to segregate your computers within the home. If you use wireless access within your home, you need to secure your wireless router by changing the default administrative account and password, and you should require each connecting computer to have its own password, using WPA-2 (or WPA-PSK) security with AES encryption. Once all your computers have connected to your wireless router (and saved its SSID address), you should disable the SSID broadcast, to prevent unauthorized access into your internet service and potentially into all your home computers. There are several other precautions that can be taken with wireless access which are more specific to particular devices and are not being addressed in this article.

When using multiple computers in the home, to help protect your financial and other personal information, you should designate one computer to use for online business transactions, which include online purchases, banking, and medical services. Do not use that same computer for online games or general internet surfing. If you have children in the home, you should install parental protection software on this computer to block access to online games and unnecessary web sites. In many homes today, the children know how to control the parental protection settings better than their parents, but it should act as a deterrent on that one computer, as long as they have another computer for their games and web surfing. Educate your children on the need to protect personal information against cyber threats, so they will be less likely to misuse the one computer used for online business transactions.

Finally, watch out for scams that trick you into releasing personal information. If you get an email or phone call requesting you to provide account login information, passwords or other personal information – don’t do it. Only if you initiated a phone call using a known valid phone number to contact your bank or other company where you conduct business, and they need to validate who you are, then you can provide the necessary information. If you receive a fraudulent email message, check with your Internet Service Provider to see if they have a security team that accepts those messages to trace them or take other actions. If the message appears to come from your bank or other legitimate business (but it appears fraudulent), then contact that company for how you should report the message.

If you think you have been a victim of a cyber crime, contact your local law enforcement agency, or you can also file a report online at the Internet Crime Complaint Center (http://www.ic3.gov/). To increase your cyber safety while online, educate yourself further using one of the many free resources dedicated to public awareness on cybersecurity, such as http://www.staysafeonline.org, http://www.onguardonline.gov or http://www.stopthinkconnect.org, which provide links to other valid sites.