Thursday, August 1, 2013

How would you secure your Digital-You



WE KNOW HOW TO SECURE IN REAL WORLD (ADT, anti theft, close circuit camera etc.), HOW ABOUT IN CYBERSPACE

We all are aware on how to keep ourselves secure in this real world – we install ADT home security to secure our home, we have smoke detector and carbon monoxide detector to detect fire or smoke, we install anti theft system in our car to alert us when something goes fishy with our car, some people install close circuit camera in and around the house to monitor continuously for any suspicious acts but what about our new home in cyberspace? Are we aware of the threat that we are exposed to in cyberspace? What are the measurements that we can take to secure ourselves in the cyberspace?
BIGGEST BANK HEIST IN HISTORY COST $45 MM (Indian bank, ATMs, Visa/Mastercard)
In May 2013, the US Secret Service has uncovered the biggest bank heist in history and arrested 9 people in New York who are part of a cyber-hacker ring spread across 26 countries in the world. In two occasions they’ve hacked into an Indian bank, withdrew money from ATMs around the world, and then hacked into a Master and Visa card processor in the U.S. totaling $45 million. A few days ago, I watched in the PBS Newshour that as of now the total loss has exceeded $350 million. Now days everything is so connected that any small breach in security causes the victim a very high cost.
EVEN IT HAPPENS WHEN YOU’RE SITTING AT HOME NOT CONNECTED TO INTERNET
It even can happen when you’re sitting at your home. Do you know that Google had gathered home WIFI data while driving about photographing the world with its street view camera cars. It’s like someone is getting into your home and taking whatever one is able to pick. The catch is Google did only gathered data that’s unencrypted. So it more like you’re keeping your valuable stuff at the roadside and allowing anyone to grab that.
GEN. KEITH ALEXANDAR (DIRECTOR OF NSA ) - "CYBERCRIME COSTS $1 TRILLION WORLDWIDE"
General Keith Alexander, the director of National Security Agency (NSA) has warned in an address at the American Enterprise Institute in Washington D.C., that cyberattacks are causing “the greatest transfer of wealth in history”. He mentioned, citing McAfee’s estimation, that the global cost of cybercrime is $1 trillion.
KNOW YOUR RISKS – MALWARE (VIRUS, WORMS, TROJAN HORSES, SPYWARE), PHISHING, SOCIAL ENGINEERING, IDENTITY THEFT
So how you keep yourself and your property secure in this cyber world? First you need to know the threats you have in this cyberspace. Let me tell you some of the ways through which your privacy in cyberspace can be compromised:
Malicious software, in short known as - malware, is used or programmed to by attackers to disrupt computer operation, gather sensitive information, or gain access to private systems.  There various kind of malwares like Virus, Worms, Trojan Horses, Spyware etc. I'm not going to define them here as you can google it if you're interested to go into that detail but in short: Viruses and Worms are kind of program that are downloaded or copied from one machine to another to harm your computer and compromise your security. Trojan horses claims to do something but end up doing something else that's not in your best interest like sending to the intruder what you type on your keyboard. Spyware is usually used for marketing purpose but again can do more harm then it may seems.
Phishing means sending an email that falsely claims to be a particular enterprise (e.g. you bank) and asking for sensitive information like SSN, bank account, password etc. In some cases, if you recall the Nigerian scam, where it was pretended as the Nigerian central bank and promising you millions of dollars to be sent to your bank account but asking you to send you some processing fee upfront. 
 Social engineering is the type of attack relies on trusting nature of people and the art of deception. Social engineering attacks try to manipulate people into divulging confidential information.
Identity theft occurs when someone uses or exploits the personal identifying information of another person to commit fraud or engage in other unlawful activities. Your identity could be name, email address, social, user name and password etc.
SO HOW YOU PROTECT YOURSELF
As you now know the threats, let's look into some of the tips that will help you to reduce your exposure in the cyberspace's security vulnerabilities:
  1. Reset your password periodically: it’s recommended to at least change your password once in a year – you can keep this kind of your new year’s resolution
  2. Keep at least two sets of password: for financial and non-financial purpose. And never use password that’s used in any of your financial accounts for any online free sites.
  3. Keep at least two sets of email addresses: for financial and non-financial accounts. There are repeated number of events every day when a company apologizes for loosing your user information due to some hacking or software glitch. Last month, Facebook announced that 6 million user’s email address or phone numbers were leaked due to a bug
  4. Be aware of phishing: you should always verify the legitimacy of any email that asks you to click on a link or ask you to send over personal/financial information
  5. Always keep your antivirus updated: it may be an extra cost as you’ve to renew it each year but it’s worth it if you’re connected to internet all the time
  6. Protect your wireless network with authentication password: unprotected WiFi can no way let your neighbor know whether you forgot to keep your network protected or is intended as a public hotspot. Not to mention the security threat of your home computer being accessed by a digital thief
  7. Turn off your WIFI at home when you’re not using them or not at home or at least out on a vacation. The longer an intruder gets time to attack your system the easier for them to break it
  8. There are so many technical ways you can prevent your identity theft like using biometric security using fingerprint, voice, retina scan, face etc., or use of digital signature but you should be aware of this threat at the first place. So don’t disclose your personal information on the web or to anyone you don’t have trust relationship and periodically check your credit report, bank account transactions etc. to keep monitoring if you’re the victim of an identity theft
  9. Now with the proliferation of smart phones and tablet, keep your digital device password protected and make the settings to lock it automatically after few seconds of inactivity
  10. When you type in the password on your smartphone or tablet in public, specially in a jump packed subway or bus, watch out for digital perpetrator who watch on what you type in. You may think what's the big deal as that person isn't going to get hold of your device but how are you so sure. How about you leave your device by mistake and the same person pick that up or in worst case, what if that person is a real bad guy and snatch it from you after you get off
Finally, as the cyberspace is new to all of us we’re all learning and evolving on its security. We should accept the reality that we’ve assets not only in our real world but also in the cyber world and that need similar or more protection compare with what we put forth for our real world assets.