Anyone can use the internet \u2013 it\u2019s very different from, say, driving a car, which requires authorization from a governing body, familiarity with the rules of the road, and standard automotive safety procedures. A lot of security issues occur because of general lack of knowledge. We hope you use this guide wisely, to protect yourself, your data, and make the internet a safer place for everyone.<\/p>\n
It\u2019s a dangerous world out there. The virtual world holds information about everyone and everything it seems, and where there\u2019s information, there\u2019s people attempting to profit from it, by any means necessary.<\/p>\n
You may think \u201cWhy would I be a target? How is my information worth so much?\u201d Consider this \u2013 in addition to bank account and financial information, every aspect of what you do online could be considered valuable. For example, if you attend a university and you have a digital transcript, with your name, password, email address, contact information, school information, subjects, and grades – that information would be valuable to marketing companies to add you to mailing lists without your consent. Identity thieves could use your information to spoof their way into financial transactions using your credentials and negatively affect your credit.<\/p>\n
If you are a college student, don\u2019t have much credit history, or are a parent, you should be especially aware of cyber security. The most valuable information hackers can get is PII (Personally Identifiable Information) from someone who has no or very little credit history, since there\u2019s little data that would bring up red flags to lenders or creditors.<\/p>\n
If you\u2019re using a computer or smartphone that has malware, a keylogger might be recording your keystrokes and web sites, sending that information back to hackers. If you have a Trojan virus, hackers could be accessing your files directly or launching programs on your computer directing it to spam others. If you open a phishing email, a virus could download that re-sends out that malicious email to everyone on your contacts list.<\/p>\n
Lists of passwords and IDs can be bought and sold on the black market, and you may not ever find out about this until you want to buy a house, or take out a loan, and the bank turns you down. When you use a credit or debit card to purchase goods and services, companies keep a digital record of your purchase, and if their security has been compromised, that information may be available to anyone who wants to buy it.<\/p>\n
So, should you start storing money under the mattress, shut down the computer permanently, and withdraw from society? Of course not \u00a0\u2013 but you should take active steps to make sure you are aware of what information you\u2019re giving out, where, be aware of signs that you may have been compromised, and have a plan on what to do if you are compromised.<\/p>\n
Personally identifiable information (PII)<\/strong> is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. This includes your name, address, date of birth, social security number, user ID, password, or even information about your family or life. Basically, this information is what\u2019s most valuable to criminals, because it sets you apart from everyone else in the world.<\/p>\n Don\u2019t give out PII to just anyone who asks \u2013 you will need to make a determination if it is for a legitimate or malicious purpose. For example, when you want to take money out of an ATM, you put in your credit card, and you are asked for your PIN number \u2013 that PIN number is PII, and it is being given for a legitimate purpose. If you call a doctor\u2019s office to make an appointment and they ask for your date of birth and address \u2013 that\u2019s a legitimate reason to give PII. If you receive a call from a company and they ask for your full social security number \u2013 that is NOT a legitimate purpose to give PII \u2013 treat this and similar situations with caution.<\/p>\n Valuable PII would be:<\/strong><\/p>\n If you are asked to give PII, ask yourself first \u201ccan I trust the other person with this information?\u201d and \u201cwill this information be kept secure?\u201d This doesn\u2019t just apply to in-person exchanges, but also includes information expressed over the telephone, or anything you type in an email or type in online. Make sure to mind your PII!<\/p>\n Just like in the real world, where coughing on another person could give them a nasty head cold, computer viruses and other malware can be passed on by physical contact. This doesn\u2019t mean touching your screen to an infected iPad will give it a Trojan though \u2013 this type of exchange can occur when you plug in an infected USB, CD, Smartphone, or other media device to your machine.<\/p>\n While read-only Optical media like CDs and DVDs usually have verified contents on them, read\/write devices such as USB plugs (and the devices that can plug into them) may act as an unintentional spreading ground for malware. There\u2019s a lot of malware today that scans for input devices, and when they are detected, copies itself to the device \u2013 and then when that device is plugged into another machine, infects the new machine. Even completely new USB storage devices have been found to occasionally have malware loaded into them.<\/p>\n So, if you have a virus on your phone, don\u2019t plug it into your computer to charge (and vice versa) \u2013 even if the virus is not compatible with that device\u2019s operating system, it\u2019s still there, and can be transferred to other devices that use it.<\/p>\n The best practice is to make sure to include media devices when you\u2019re running virus and malware scans, and to make sure they\u2019re clean before using them.<\/p>\n Years ago, cell phones couldn\u2019t really do much besides make calls or send texts. Now, almost everyone has a smartphone, and while technology is rapidly increasing the amount of new features they can use, and people are adding more and more data to their mobile devices, hackers are developing more sophisticated malware targeting Smartphone operating systems.<\/p>\n If you get emails or use the internet with your smartphone, be mindful to use the same level of security as if you were on a computer \u2013 don\u2019t open suspicious links or download suspicious applications. Smartphone apps can be Trojans or contain malware as well \u2013 make sure when you download an app it is verified and trusted by a recognized publisher \u2013 make sure you check out the ratings and reviews. If you see a popular app you want to get that has low ratings or is free (but should be for pay) \u2013 avoid it!<\/p>\n On your smartphone, also be aware of the networks you\u2019re connecting to and your connection settings. Make sure you only connect to secure, encrypted networks, and be wary of connecting to public Wi-Fi. A lot of smartphones and mobile devices have a setting that allows the phone to act as a modem \u2013 make sure if you have this setting, it is only enabled to accept devices that you allow, and set a password.<\/p>\n Getting internet no longer requires you to plug into a wall \u2013 you have the power of freedom. But with great power comes great responsibility. Wireless networks are a prime target for hackers, especially in urban areas which encounter a lot of foot traffic. If you are broadcasting a wireless signal from your home router or mobile device, make sure that it\u2019s encrypted, and use a strong password. If you are attempting to connect to a wireless network, make sure you connect to a secure network as well \u2013 hackers can and will set up networks and steal data from your wireless devices when you connect.<\/p>\n In addition to stealing information from you, having an unsecured network could lead to data leeching, which may also be used for malicious purposes. If you are running an unsecured wireless network in your house, someone with malicious intentions could connect to your network, and download illegal software or conduct criminal activities \u2013 and when authorities trace the activities back to the source, it\u2019ll appear as if it came from you, since they were on your network!<\/p>\n Social media and chat networks are awesome. You can friend people that you forgot about years ago, find old classmates, and make new friends across the globe. However, amidst all the pictures, sharing stories, and posts about cats, if you don\u2019t protect your PII, there\u2019s a danger lurking. A popular technique used by hackers is to set up spoofed accounts of people on social networks such as Facebook, Skype and Linkedin, and attempting to friend you or have you \u201cadd\u201d them. Once you do this, you\u2019re giving them access to all the PII you\u2019ve created on that social network \u2013 names, photos, family information, and more.<\/p>\n Be careful about who you friend \u2013 they may become your worst enemy!<\/p>\n While there\u2019s a lot of malicious software out there, there\u2019s also a lot of valuable tools and resources to refer to and use for your own security purposes. Many internet browsers now are designed to automatically update on new releases, and patches for security loopholes are often documented and resolved.<\/p>\n Even the most secure websites can be compromised and are, every day. Make sure you go out there with the proper equipment.<\/p>\n So you think you have malware on your machine. Maybe you clicked a phishing link by mistake, or went to a new website that had strange popups, and now your computer is slow, programs are crashing, odd new software is appearing, or you can\u2019t connect to the internet anymore. Don\u2019t worry, happens to the best of us. There\u2019s a few important things you need to do:<\/p>\n ‘Malware’<\/strong> is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.<\/p>\n Phishing<\/strong> is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. A phishing attempt could be an email that appears to be coming from a reputable source (say, a cousin, or a teacher, or a company) that has a link or attachment in it that usually discreetly downloads a virus or a keylogger into your system. Phishing emails usually have an \u201curgent\u201d tone, stating that you need to open the attachment or follow the link immediately, and more often than not, contain grammatical miscues. Phishing can also come via phone, by people pretending to be from the government, a company, or IT \u2013 if you get a call that asks you for PII, make sure you can trust the caller. If you are unsure if you are being Phished, make sure you contact IT services right away!<\/p>\n A Trojan horse<\/strong>, or Trojan<\/strong>, in computing is any malicious computer program which misrepresents itself as useful, routine, or interesting in order to persuade a victim to install it. These could be installed on your machine by other malware or compromised websites. A lot of Trojans attempt to pass themselves off as games, or security software, and while they slow your computer down, prompt you to run the \u201csecurity\u201d software, which leads to further damage. \u00a0Trojans usually do one (or more) of the following:<\/p>\n Adware<\/strong>, or advertising-supported software, is any software package that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. While adware is not necessarily malicious, it is intrusive and can be used to collect data and PII if you are not careful. This can generally be found in \u201cfree\u201d* software downloads.<\/p>\n *remember, nothing is ever truly free \u2013 there\u2019s always a price to be paid!<\/em><\/p>\n Keystroke logging<\/strong>, often referred to as keylogging<\/strong> or keyboard capturing<\/strong>, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. While there are several legal uses for keyloggers, their malicious use is prevalent and can capture your passwords and entered information on web forms.<\/p>\n A computer virus<\/strong> is a malware<\/a> program<\/a> that, when executed, replicates<\/a> by inserting copies of itself (possibly modified) into other computer programs<\/a>, data files<\/a>, or the boot sector<\/a> of the hard drive<\/a>; when this replication succeeds, the affected areas are then said to be “infected”. Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk<\/a> space or CPU<\/a> time, accessing private information, corrupting data, displaying political or humorous messages on the user’s screen, spamming their contacts, logging their keystrokes<\/a>, or even rendering the computer useless. However, not all viruses carry a destructive payload or attempt to hide themselves\u2014the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without user consent.<\/p>\n A rootkit<\/strong> is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. These are typically very difficult to get rid of, as they consist of multiple components.<\/p>\n A computer worm<\/strong> is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.<\/p>\n Ransomware<\/strong> is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).<\/p>\n DDoS<\/strong> is a type of attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. This slows down or can halt bandwidth completely.<\/p>\n A Compromised Computer<\/strong> is defined as any computing resource whose confidentiality, integrity or availability has been adversely impacted, either intentionally or unintentionally.<\/p>\n These resources are great for providing information on cyber-security, offer resources and help, and give a good picture of what to be aware of:<\/p>\n Google\u2019s Digital Attack Map:<\/strong> https:\/\/www.digitalattackmap.com\/ Bleeping Computer:<\/strong> https:\/\/www.bleepingcomputer.com\/ US-CERT:<\/strong> https:\/\/www.us-cert.gov\/ Common Vulnerabilities and Exposures (CVE):<\/strong> https:\/\/cve.mitre.org\/ Microsoft Malware Protection Center:\u00a0<\/strong>https:\/\/www.microsoft.com\/security\/portal\/mmpc\/default.aspx Cloud Security Alliance (CSA):\u00a0<\/strong>https:\/\/cloudsecurityalliance.org\/ Secunia: <\/strong>https:\/\/secunia.com\/ Breach Level Index (BLI): <\/strong>https:\/\/breachlevelindex.com\/ SecureMac: <\/strong>https:\/\/www.securemac.com\/ SecTools: <\/strong>https:\/\/sectools.org\/ VirusTotal: <\/strong>https:\/\/www.virustotal.com\/ 1. Know your enemy, know yourself. Anyone can use the internet \u2013 it\u2019s very different from, say, driving a car, which requires authorization from a governing body, familiarity with the rules of the road, and standard automotive safety procedures. A lot of security issues occur because of general lack of knowledge. We hope you use […]<\/p>\n","protected":false},"author":12,"featured_media":0,"parent":1193,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-1296","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/pages\/1296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/comments?post=1296"}],"version-history":[{"count":3,"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/pages\/1296\/revisions"}],"predecessor-version":[{"id":1368,"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/pages\/1296\/revisions\/1368"}],"up":[{"embeddable":true,"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/pages\/1193"}],"wp:attachment":[{"href":"https:\/\/www.saintpeters.edu\/its\/wp-json\/wp\/v2\/media?parent=1296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
3. Hold that\u00a0USB!<\/h3>\n
4. Be smart about smartphones!<\/h3>\n
5. The high-wireless act<\/h3>\n
6. Social media \u2013 friend or foe?<\/h3>\n
7. Monitor your monitor<\/h3>\n
\n
8. Uh-oh…what do I do now?<\/h3>\n
\n
9. Common terms and their explanations:<\/h3>\n
\n
10. Bank on these tips<\/h3>\n
\n
11. Passwords \u2013 Common sense saves cents (and dollars!)<\/h3>\n
\n
12. Resources<\/h3>\n
\n<\/a>A project that emerged from Google Ideas <\/a>in 2013, the Digital Attack Map<\/a> is essentially a clever front end placed on global DDoS attack data fed to it by Arbor Networks\u2019 Atlas monitoring nodes on the Internet. Then as now the strength of the concept is that it offers data on DDoS attack trends in real time; a limitation is that significant attacks are often had to spot amidst the flood of other packets.<\/p>\n
\n<\/a>One of the best help resources out there <\/a>for ordinary computer users coping with malware infection, particularly recent infection types such as ransomware, screen lockers and aggressive adware. Excellent range of technical \u2018how to\u2019 features and a good place to hear about the latest threats and security gossip before security software firms have mentioned anything. Predominantly Windows but covers all platforms.<\/p>\n
\n<\/a>After years when nothing changed on the homepage, the site now covers recent vulnerabilities and attacks in modest depth. Offers weekly vulnerability summaries.<\/p>\n
\n<\/a>The Common Vulnerabilities and Exposures (CVE) database<\/a> is the definitive public software flaw repository (searched through the US National Vulnerability Database), maintained by Mitre Corporation as a system for identifying software flaws. CVEs are the way to find and study the background to any vulnerability and are used across the industry for that purpose. Flaws are also scored for severity using the using the Common Vulnerability Scoring System (CVSS).<\/p>\n
\n<\/a>Devoted to Windows (of course) but still an increasingly useful resource<\/a> for troubleshooting a range of security issues. Explains the inner depths of Microsoft\u2019s evolving approach to security better than any of the other public sites and offers a jumping off point to the firm\u2019s full gamut of security-oriented blogs and tools.<\/p>\n
\n<\/a>Not a security website in the conventional sense but the first place to visit<\/a> to understand the considerable complexities of the new and sometimes unfamiliar model of computing. Although partly aimed at its vendor members, there is plenty on this site for anyone looking for technological context and explainers.<\/p>\n
\n<\/a>A commercial firm selling data but Denmark-based Secunia<\/a> offers excellent retrospective reports analysing the top software flaws reported using its free-to-download PSI tool. Also extends the raw data fed into public systems such as CVE.org with useful statistics on the software reporting the most flaws and the most serious zero days. A great sanity check. Secunia was acquired by Flexera Software in September 2015.<\/p>\n
\n<\/a>Now under the auspices of Gemalto (which bought security firm SafeNet in early 2015), the BLI<\/a> is currently the best public, near real-time database of reported data breach across the world. Allows researchers to search for breaches according to country, sector, breach type, organisations and also applies its own risk score of severity.<\/p>\n
\n<\/a>Not that long ago there wouldn\u2019t have been enough to talk about and little user interest. But as a previous Techworld slideshow attests, the Apple world is not firmly in the sight of hackers and criminals. This is now essential reading<\/a> for anyone with an Apple deice of any kind who no longer wants to take threats for granted. The list of threats is now surprisingly busy.<\/p>\n
\n<\/a>Notable for its listing of the best free security tools, always a handy point of reference<\/a> when considering paying money for software. Updated often and pretty comprehensive, also lists tools by use as well as popularity and features user reviews \u2013 useful background if you still think TrueCrypt is kosher.<\/p>\n
\n<\/a>Encountered an unusual or suspicious file? The VirusTotal industry website<\/a> is the best place to submit it to a clutch of anti-virus engines to see if it checks out or has been marked bad. Crowdsourcing at its best and can also be used against suspicious URLs. Often used a point of reference for the time it takes engines and specific vendors to add malware signatures to their products.<\/p>\n","protected":false},"excerpt":{"rendered":"