(ISC)2 Blog

by F. Gary Alu

What is the first thing we should check when we turn on our computer? That’s a question I always pose to the kids when I present the (ISC)2 Safe and Secure Online Program.  If your answer is Facebook or Email, you have a problem.  Of course having a look at your anti-virus application is the place to start.  Is it running?  Are the databases current? (by current I mean no older than 24 hours).  Even the best anti-virus (AV) solution will do one little good if it is not running because the subscription has expired or if the databases are days or even weeks old.

There is really no good excuse for not having a good anti-virus and anti-malware application installed and running on your computer.   Nearly every major vendor has a free version, not to be confused with a “trial version”.  The trial version permits full-unlicensed use for a brief period, typically 30 days, at the end of which the user is required to purchase the licensed version.  I point this out because I can’t tell you how many times I have come across users who did not really understand that the trail version actually quits working. There are several free solutions available today, Microsoft Security Essentials for the Windows platform comes to mind.  In my neck of the woods, Cox provides free McAfee to its subscribers.

Hold up! Still not time to dive into our e-mail.  After we have verified our AV system is working we need to check for updates to our operating system and installed applications.  The immediate application of security updates is very important!  Always make certain you have a good backup before you apply any patch or install any new software.  Understand that security updates for our applications are just as important as the security updates for our operating systems.  This includes not only our productivity suites, e.g. word processing, spreadsheets, etc., but other applications we tend to take for granted, such as Adobe Flash and Adobe Reader (PDF files).  These should all be set to automatically download updates when they are available and prompt us to install.

Good to go?  Well almost.  We are now confident that our desktop and applications are safe and happy we must deal with what’s behind door number one, the Internet.  A click of the mouse and we have the whole world at our fingertips.  We need to wonder, does the whole world now have us at their fingertips as well?

Let’s start with our connection to the Internet.  I must say that the cable providers have really come a long way from the days where we paid for service and they dropped in a digital subscriber line (DSL) or cable modem and told us to “plug your computer here”.  They learned hard lessons from exploits like the Melissa macro virus of the 90’s or the Slammer Worm in 2003.  Critters like these cause significant disruption for users and the Internet service providers (ISP).  The sales people are now much more knowledgeable and aware.  They ask the right questions, such as “do you have a DSL/Cable Router”? If you do not have one they offer to sell you one or they recommend one and where to buy one.  The router connects directly to the cable modem and not our computer.  We connect to the router, either via WiFi or Ethernet cable.  This router is also our “Firewall” and it hides our private systems and keeps the “Internet fingertips” out of our stuff.

 Nearly there!  I would be remiss if I did not mention online shopping.  I am writing this article two weeks before Christmas and eCommerce is in full swing.  It is easy, convenient, and definitely saves us money.  There are, however, some serious pitfalls and we need to understand and be aware so we do not fall victim to social engineering exploits like phishing, virus hoaxes and other confidence games that are always present on the Internet.    We are going to shop, that’s a given, so how do we protect our identity and our money?  My best advice for a first step is work with your bank.  When an identity is stolen or a debit or credit card is compromised the banks suffer losses and they don’t like it either.

I never use a debit card, as a debit card, to make a purchase anywhere, online or in person.  Always run it as a credit card!  My bank recommended we setup a separate account to be used only for online purchases.  I move money into this account when I need it, i.e. replenish my Starbucks card; make a purchase from Amazon, etc.  If my account is compromised am an only at risk of losing the small amount in that account and not my entire checking account.  There are of course requirements and agreements between my bank and myself and these will differ from bank to bank.   This does limit the liability for both of us so it is a win-win all around.

If you would like to view more information about securing Facebook or protecting your computer system, please visit http://cyberexchange.isc2.org/safe-secure.aspx