Protecting Your Information Worms are similar to viruses because they self-replicate, W
Cyber Awareness h
The best way to protect information is to copy it however, they do not require any user interaction to be
Information is a critical asset. Therefore, it must be a
and store it in a secure location. activated. Worms spread because of vulnerabilities or
protected from unauthorized modification, destruction and "
1. If you are connected to a network, store your “holes” in software.
disclosure. This Pamphlet describes information security 1
files in folders set aside for you. 1.Install either a software or hardware firewall. A well
concepts and defines steps required to properly safeguard c
2. If you are not connected to a network, save configured firewall can help stop propagation of a worm.
information. It is the responsibility of everyone each 2
your files to CDs or floppy disks regularly. 2.Anti-virus software will often detect
employee and home user-to become familiar with good a
3. Ensure that backups reflect the most current worms. Keep your anti-virus software up-to-date
security principles and to follow the information protection 3
information by copying the data on a regular 3. Know where to find your anti-virus vendor's "rescue"
tips. w
basis, and after all significant changes. The website for your home computer.
Did You Know? 4
frequency of the backup cycle should be 4. Keep your PC and servers "patched."
Based on recent statistics: That the average unprotected
consistent with the frequency with which you
computer can be compromised in a matter of minutes. The
modify the information.
majority of individuals who thought their computers were
4. Save your original installation CDs/diskettes
safe... were wrong. T
to use as the backup for your PC software. Trojans (also known as backdoors) are malicious
Firewalls code hidden in a legitimate program that, when executed, h
performs some unauthorized activity or function. This can p
Any machine connecting to the Internet should utilize a
range from stealing your password and credit card r
User IDs and Passwords firewall. There are two types of firewalls. Software firewalls
information to allowing someone to take control of your y
Your user ID is your identification, and it's what links you usually run on PCs. Hardware firewalls are separate
computer. To prevent installation of Trojans on your s
to your actions on the system. Your password devices designed to efficiently protect computers. They are
machine: i
authenticates your user ID. Protect your ID and password. usually used by businesses, organizations, schools and
Remember, generally, you are responsible for actions governments. All firewall protection creates a barrier 1. Run anti-virus software on your desktop and follow the
best practices for using it. b
taken with your ID and password. Follow these best between the computers and the Internet. Firewalls should
2. Be careful about downloading games, screensavers and 2
practices: be configured to filter out unauthorized or dangerous
other files. Download only from trusted Internet sources. o
1. Your password should be changed periodically. information and prevent intruders from scanning and
3.Be careful about file and music sharing services because 3
2. Don't reuse your previous passwords. retrieving personal or sensitive information from the
you can inadvertently share files you did not intend to b
3. Don't use the same password for each of your accounts. computer.
share. Downloaded files can contain viruses and other i
4. NEVER tell or share your password with ANYONE. Malicious Code Protection
malicious code. o
5. When your computer prompts you to save your Malicious code can take forms such as a virus, worm or
password, click on "No”. Trojan. It can hide behind an infected web page or disguise
6. Never use a word found in a dictionary (English or itself in a downloadable game, screen saver or email
foreign). attachment.
7. If you think your password has been compromised, Computer viruses are programs that spread or self- A denial-of-service attack is an assault A
change it immediately. replicate. They usually require interaction from someone to
upon a network or web site that floods it with so many w
8. Make your password as long as possible -eight or more be activated. The virus may arrive in an email message as
additional requests that regular services are either slow or t
characters. Create a password that's hard to guess but an attachment or be activated by simply opening a
completely interrupted. In some instances, a group of i
easy for you to remember. When possible, use a mix of message or visiting a malicious web site. Some viruses
remotely controlled, compromised desktops are combined c
numbers and letters, special characters or use only the consume storage space or simply cause unusual screen
to jointly attack a target system. a
consonants of a word. If you have difficulty in thinking of a displays. Others destroy information. If a virus infects your
Spyware and related “adware,” are software sometimes S
password that you can remember, try using the first letter PC, all the information on your hard drive may be lost
downloaded from a web page, by following a link in an d
of each word in a phrase, song, quote or sentence. For and/or compromised. Also, a virus in your PC may easily
email or are installed with freeware or shareware software e
example, "The big Red fox jumped over the Fence to get spread to other machines that share the information you
without the user's knowledge. Spyware is used to track w
the hen? Becomes TbRijotF2gth?. access. Viruses can exhibit many different symptoms. At
your Internet activity, redirect your browser to certain web y
home, disconnect the PC from the Internet and run a full
sites or monitor sites you visit. Spyware may also record s
virus scan.
your passwords and personal information to send to a y
Home Computer Protection malicious web site. m
Properly safeguarding your personal computer (PC) is one 1. Read the freeware and shareware license agreement to 1
of the most important ways of protecting your information see if adware or spyware is mentioned before installing the s
from corruption or loss. software. s
1. Check that your anti-virus software is updated at least
1. Log off or lock your computer when you. are away from 2. Choose to "Close" any pop up windows by clicking on
every week or set it for automatic updates. New, fast
your PC. In most cases hitting the “Control-Alt-Delete" the “X”. t
spreading worms and viruses are released every day.
keys and then selecting "Lock Computer" will keep others 3. Do not respond to any dialogue boxes that appear 3
2. Before implementing or using software from any source,
out. You will need your password to sign back in, but unexpectedly; click on "X". Clicking on "No" or "Cancel u
check it for viruses with a current virus scanner.
doing this several times a day will help you to remember sometimes installs spyware. c
3. Store removable media, such as CDs/thumb
your password. 4. Beware of visiting web pages which are untrusted. i
drives/diskettes as "write protected" whenever possible to
2. If you have a modem, make sure it does not accept 5. Install software to detect spyware and adware on your 4
help prevent infection by viruses.
incoming calls (auto-answer should be off). PC. 5
4. Do not load free software on your computer from an
3. When possible, remove your personal or sensitive Hoaxes are email messages that resemble chain P
untrusted source.
information before allowing your workstation equipment to letters, offer free money, or contain dire warnings and H
5. Consider blocking extensions such as: .bat, .cmd. exe,
be repaired off-site or replaced by an outside vendor. offers that seem to be too good to be true. If you receive a o
.pif, .scr, or .zip through content filtering software.
4. Install firewall and anti-virus software. If you have hoax via email, delete it. Sharing hoaxes slows down mail s
6. Depending on the extent of the infection, you may need
multiple machines, have this software on all of them. servers and may be a cover for a hidden virus or worm.
to re-install your operating system.
� Mobile Computing Security 3. Use MAC ACL filtering- Networks use a 1 .Newer software and operating systems can be e
Computers are now accessible via a variety of unique hardware address identifier set to automatically apply updates. If your a
means. A person can even download data from the called a MAC, to help regulate software supports this, set up the automatic a
Internet to a cell phone. While convenient and fun communications between machines on updates.
to use, some good practices will help protect your the same network. The MAC Access Control 2. For older software, the software vendor
information. List (ACL) can permit certain MAC typically makes the patches available on their
Laptops, PDAs and Cell Phones are more easily addresses access to the network while web site. Check the web site at least once a
stolen or misplaced because of their size. denying access to other MAC addresses, month for updates and follow the instructions to
Remember, if your laptop is gone, your data is too. limiting access to only authorized apply them. If the vendor provides email
Small computer devices carry information that must computers. notification, subscribe to the notifications and
be protected. Social Engineering is an approach to gain follow the instructions in the email to apply the
access to information through misrepresentation. It patch as soon as possible.
is the conscious manipulation of people to obtain
information without their realizing that a security Possible Symptoms of a Compromised
breach is occurring. It may take the form of Computer
impersonation via telephone or in person and Is your machine:
If you use a laptop, remember the following: through email. Some emails entice the recipient ➢ Slow or non-responsive? Experiencing
1. Secure it with a cable lock or store it in a into opening an attachment that activates a virus. unexpected behavior?
locked area or locked drawer. 1. Before providing information to a telephone ➢ Running programs that you weren't
2. Backup your data. caller, check if the individual is authorized to expecting?
3. Encrypt confidential information stored on it. receive that information. ➢ Showing signs of high level of activity to
4. Keep it with you during air and vehicle: travel 2. Before opening an email attachment or clicking the hard drive that is not the result of
until it can be locked up safely. Do not forget to on a link, verify it is from someone you know, anything you initiated?
retrieve it after passing through airport ensure your anti-virus software is current and that ➢ Displaying messages on your screen that
security. the message in the email makes sense for you to you haven't seen before?
Treat all your portable devices in the same receive. It all the parts don't add up, the attachment ➢ Running out of disk space unexpectedly?
careful manner you use with your laptop and may contain a virus. Delete it. ➢ Unable to run a program because you
keep an eye on them. Phishing is a scam in which an email don't have enough memory and this
message directs the email recipient to click hasn't happened before?
on a link that takes them to a web site where ➢ Program constantly crashing?
they are prompted for personal information ➢ Rejecting a valid and correctly entered
such as a pin number, social security
password?
number, bank account number or credit
card number. Both the link and web site may Home users may wish to call their ISP and/or anti-
Wireless Security virus vendor.
closely resemble an authentic web site
Wireless networks and laptops are very however, they are not legitimate. If the Security Breaches
popular for their ease of use and phishing scam is successful, personal Security breaches can take several forms.
Portability. The Internet can be reached accounts may be accessed. If you receive one The best defense against security breaches
via radio waves without having to plug of these emails:
are conscientious and alert users. You are
your machine. into a network. It is with 1. Do not click on the link. In some cases,
doing so may cause malicious software to be the most important person for early
the same ease of connecting that detection and prevention.
downloaded to your computer.
malicious individuals connect to 2. Delete the email message. Examples of breaches include:
unprotected networks. Attackers 3. Do not provide any personal information ❖ Damage to equipment, facilities
conduct drive-by eavesdropping, called in response to any email if you are not the or utilities.
“war driving” to listen in on unsecured initiator of the request.
❖ Loss or misplacement of media
devices in homes and businesses. Take the (e.g. disks, tapes, paper)
following steps to secure any wireless containing confidential/highly
equipment, restricted information.
1. Change the default passwords and ❖ Inappropriate use of the
default SSID, which is an computing environment.
identifier that is sometimes referred to as ❖ Unauthorized access or
the “network name", Each wireless device attempted unauthorized access
comes with its own default settings, some Patching to information or computing
of which inherently contain security People are constantly finding security holes (i.e. resources.
vulnerabilities. Most default passwords vulnerabilities) in computer software which could If you discover a security breach, you
are known to hackers. should report the breach to your
be used to infect your computer with a virus,
2. Turn off broadcasting the SSID if Information Security Officer immediately.
spyware or worse. When vulnerabilities are
possible; this will make it more difficult
for a hacker to gather your SSID discovered, the software vendor typically issues a fix
information . (i.e. patch) to correct the problem. This fix should
be applied as soon as possible because the average
time for someone to try to exploit this security hole
can be as little as a few days.
