Software, Technology

How-to: Secure the Weakest Link behind the Keyboard – Part II


Image: chain link 2 by unknownNow for the seriously weak link – you.We busy little bees rush in, skim-read, ignore warnings, know better than everyone else, are highly suggestible, insatiably curious and when on-line, generally risk-blind.

And that’s on a good day. The rest of the time we go skipping through the online minefield with gay abandon and the kind of blasé wilfulness that would get us killed crossing the street.

Then we whine a lot when we fall victim to the latest social engineering scam.

Always Check Email Attachments Before Opening Them
Whether or not you asked for it, recognise it, or want it; decide ‘do I need to open this?!?! Opening attachments is not mandatory.

Second, check ALL email attachments for viruses. You email client may do this for you. You anti-virus software may have a plugin to do this automatically. If not (say you’re on web-mail) save attachments to your hard disk first, then, in Windows Explorer, right-click the file and select Scan With [your anti-virus software] before you open it. It will either come up clean or be quarantined as a threat. You can then go back to the sender (if it’s someone you know) and check that they intended to send this and you can warn them they have a possible infection.

If the carrier email came from some unknown recipient it is probably part of a phishing attack. Blacklist and block that sender and move on.

We all know what spam is? Yes? We mentioned phishing last time. Phishing emails claim to be from a real retail,insurance, bank or credit card company asking for personal details of policies and accounts, often directing you to log in to a website. No legitimate company operates this way. I’ve seen some very convincing Barlcaycard and Paypal fakes. Examine the addresses and look for the string of sub-domains surrounding the company name, you’ll spot that the site doesn’t belong to that institution at all. Fake.

Never click on attachments and links unless you know it to be safe. I know, we all get links sent us all the time and curious beings that we are, we follow where we are led. Most of the time this is fine, until you get hit with lots of ‘download now’ buttons screaming in your face. Even ‘reputable’ (full debate later) websites, such as YouTube, gets viruses posted disguised as video codecs and other attachments. The rule is; if in doubt, don’t touch it.

When banking or shopping on-line, look for the padlock icon in-browser which tells you the site uses HTTPS (you will see this in the web address), which is an encrypted data connection using a valid security certificate. The padlock may be in different colours and in different positions on the screen depending on the browser you are using. You will also get warning messages if the HTTPS and certificate cannot be verified.

Only give private personal information when absolutely necessary. Banking and shopping demand identification to complete transactions for sure. But many other websites seem to want personal details for no valid reason. Most of it is for spamming – sorry, marketing purposes. Some if it will be for repeat-charging your credit card. At worst it may be for outright identity theft. Consider carefully which details you are giving away and if necessary, abort your visit to the site, or at least, be as sneaky as they are and give some reasonable-looking but invalid information that will prevent actual abuse.

Dispose of old devices carefully. When your devices comes to the end of their life with you, be sure to erase anything that could be used to identify you or commit identity theft using your details. This includes hand-me downs to children with a habit of buying in-app goodies on Candy Crush. This goes for PC’s, tablets, smart-phones; these are all computers with storage that we use to shop, bank, pay our taxes and stay social. Clear them down before you discard, pass on, or recycle them.

The best thing to do is download a utility that will erase the storage by overwriting the contents several times, so as to prevent data reconstruction. If you can, remove the storage – hard drive, SSD, SD card – and dispose of it separately from the device.

In Part III we’ll look at some types of social engineering, which is where security can be seriously compromised by the weak link behind the keyboard. AJS

Related: How-to: Secure the Weakest Link behind the Keyboard – Part I

About Allan J. Smithie

Allan J. Smithie is a journalist and commentator based in Dubai.

Discussion

7 thoughts on “How-to: Secure the Weakest Link behind the Keyboard – Part II

  1. Game-ify the intro screens and user tours for all social media and email s that folks get a reward for going through it. Sure, they won’t remember it all, but if it raises awareness and even some of it sticks, then that saves a few ID thefts and drive-by’s, don’t it?

    Posted by Steven Tor | December 21, 2014, 5:21 pm
  2. User education is the only way to stop all this. I wish I could say its just the older generation, but there are millions od kids who don’t have a clue either. Trust is the fraudster’s best weapon.

    Posted by Dennis Tub | December 22, 2014, 12:31 am
  3. Some kind of Internet driving license is needed, although who knows how you get everyone tested and signed off. It’s basic self-protection. Schools have got to start mandatory education for on-line behavior.

    Posted by George S | December 22, 2014, 1:31 am
  4. In the Internet most people assume they’re safe and no one is going to target them as an individual. Wake up people!

    Posted by CarterAgew | December 22, 2014, 2:29 am
  5. Folks in a hurry do dumb things without thinking of the consequences. Antonio.

    Posted by Antonio Cilatk | December 22, 2014, 2:43 am
  6. Social engineering is the problem; poeple are too easily led into giving away personal info. Rich.

    Posted by Richard Hisa | December 22, 2014, 4:53 am
  7. Like you said, you can’t legistlate for stupidity.

    Posted by MichaelLapy | December 22, 2014, 5:37 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: