Let me start this issue by making an apology for its late
delivery. At the same time the late delivery is associated with the subject of
this week’s theme: STAYING SAFE ON LINE. Even though I maintain relatively
rigid security practices, once again it was shown that NO SYSTEM IS 100% FOOL
PROOF!
I was confronted with a unusually high usage bill for my internet, with traffic
showing amounts which I would normally not be able to generate. There were
several potential causes identified but due to a lack of sufficient records on
the part of the service provider I was not able to identify which source
ultimately was the one that caused all this traffic and/or whether it might
have been a combination of sources. At the same time I realized how important
it is that to stay as safe and secure, not only to protect your information and
to protect your system against viruses and other malicious threats but also to
ensure that your connection is not being used by others. The latter can cause
unnecessary traffic that may as such not be harmful bit could lead your
registered usage to skyrocket past points considered to be fair use or as is
the case in New Zealand, past a data cap on your internet connection.
#1 Know what is
happening: viruses and malware is an industry
Too often when I hear people talk about the latest threats
they read about, things are played down to “a bunch of kids” trying to get
their kicks by spreading all kinds of malicious stuff around. Well think again,
you are talking about an industry that is after your money and information.
Nowadays it is all about money whether it means taking over a PC to send spam,
or stealing financial logins and credit card info, or even hacking game
accounts. There is a booming online black market through which everything is
sold and purchased from DIY software kits to make malware to spam services
using infected PCs to reams and reams of credit card data stolen by key logger
malware.
And remember, with this market going professional the old
tell tale signs like big pop ups and lost files have gone. Very similar to
professional organized crime and fraud: the crooks want to draw as little
attention as possible. Therefore it is more important than ever to be
pro-active and do not wait until it is too late. Besides that more and more
those with less noble intentions have been using means like breaking into email
accounts and social network profiles to entice contacts to hand over money, as
can be read on our blog.
For some reason there still appears to be this idea floating
around that a good virus scanner is the answer to all your potential problems.
WRONG! While a good anti-virus program will help a great deal it is far from an
end all. As far as I know there is no 100% catch all threats solution. While
antivirus companies are doing a great job trying to stay ahead, on a more than
incidental basis the malware writers are ahead of the companies. Hundreds of
new viruses are detected each month. In addition to that all too often I see that
virus scanners are not kept up to date with the latest definitions. Having good
antivirus software is a most important first start but not updating makes the
software obsolete in weeks rather than months or even years. And since they not
catch everything: consider running a second anti-virus program besides the
default one.
AVAST (http://www.avast.org)
offers a free alternative second virus scanner to complement the one you are
already using for free. I use it next to Norton AntiVirus. Another well known
alternative is AVG at http://www.avg.com.
On a regular basis new vulnerabilities and exploits are
identified in software an OS. Microsoft requires regular updates. The beloved
phrase "If it ain't broke, don't fix it" may be true in many
instances but I would say not in relation to you computer systems. Regularly I
hear that after applying a recommended patch for a piece of software, people
saw their updated software break or suddenly conflict with something else on
the PC. It is an almost natural reaction to not want to fiddle with a setup
that seems to be working and is seemingly stable. It needs to be remembered
that many if not most of the patches and updates are security related. Ignoring
these could seriously put your systems at risk. Many of these risks can be
taken care of if you enable built-in automatic update features for things like
Firefox and Windows. Some of the biggest risks come from things like old
ActiveX controls that don't update and more importantly do not indicate that
your system may be at risk and needs updating. It is a known fact that more
than 95% of computers have old or insecure versions of software installed.
Advcanced Windows Care, even the free version can scan for drivers that need
updating.
But besides that, there is this tool called Secunia http://www.secunia.com which offers free
online scanning of your PC as well as downloadable Personal and Corporate
versions of this scanner: definitely recommended.
# 4Don’t fall
for the social engineering trap
We regularly warn about email scams that either lure you to
malicious websites and have malicious programs attached in the form of e-card
and well anything imaginable. It is still common belief that it is at all times
easy to spot such scams: crappy layout, typing errors and the list goes on. But
at the same time it is noted that the scammers get better at it every day and
sometimes it is not as easy to recognize the scam from the real thing. Sites
may be hijacked and email attachments including the attachment may look very
convincing. Again, there is a good reason to keep your software up to date. And
for those that have concerns about certain attachments: there is a great web
service called Virus Total where you can upload files up to 10 Mb and have them
scanned by I think around 39 virus scanners at the same time! Check the award
winning application out at the Virus Total site: http://www.virustotal.com.
#5 Firewalls
and Routers
One thing not to forget is firewalls and routers (especially
of wireless networks). For a long time I have used Zonealarm which has a free
firewall available (see www.zonelabs.com)
but nowadays many of the antivirus providers offer so called Security Suites
which include a firewall. PC World has done a recent test and the Norton
Internet Security suite came out best. The test can be read here: http://www.pcworld.com/article/140127/top_allinone_security_suites.html.
While the article speaks of all-in-one security suites it
can jot be stressed enough that no one of these packages is 100% fault proof
and therefore I recommend additional programs and software as described above.
And then for those with wireless internet in the home and
office: make sure that neighbours or passer by scanners cannot steal your
wi-fi. As outlined previously: even if YOU don’t mind sharing with outsiders:
you may end up with incredible internet bills if it leads to your wi-fi being
used by others and you have a data-cap. In addition to that “loose” wi-fi
represents a serious information security risk if outsiders are able to access
your private data besides your network.
You can turn on your wireless router’s WPA- encryption which will often do a
great deal of the work, but if you have a human weak link in your organization
that spills the beans on the family/homebiz password you may still end up being
piggy backed (think children here). Instead you could turn on the MAC address
filtering in your router’s security settings. It is somewhat of a hassle entering
the MAC addresses of all your devices but it is probably the best option since
only known devices will be allowed to connect. Finding those mac addreses can
be done by running ipconfig in the windows command console.
FINALLY
A substantial internet usage bill reminded me once again how
important it is to keep your security up to scratch. And while I may have
gotten away with it because of several reasons and because I had my systems
well maintained, you may end up not being so lucky. As said before, many of the
malpractices going on nowadays are aimed at one thing only: your money or your
private information after which the money (identity theft) is the next target.
This article is not meant to scare you away from using the internet and in fact
I recommend anyone to may optimum use of all the opportunities available
online. At the same time: complacency about your computer and internet security
may turn these opportunities into a nightmare. The article provided you with a
range of options through which you can secure you computer and internet
activities. No system is fool proof but you can do your best to minimize your
chances of being hit by something malicious.
Secure you boundaries:
firewall and router security.
Antivirus alone is not
enough, see (#2, #3, #4) and remember that it oe not need to be expensive!
Some good free alternatives are available especially for for families and
small businesses.
Keep everything up to date
Use common sense
Don’t become complacent
and make computer and internet security part of your routines
If in doubt or not sure
about what to do GET HELP.
If you know someone that may be interested in receiving this
weekly email send it on and have them subscribe to the newsletter at http://www.arcisfdec.com.
The ARCIS Fraud Discovery & Exposure Centre Teams Up
with Bizlearn.biz
We are pleased to announce that we have recently started
partnered up with: Bizlearn.biz (http://www.bizlearn.biz).
Michael Taplin is the driving force behind bizlearn.biz.He spent the last 25 years as an independent
consultant, owning and running successful businesses that trained thousands of
people in large organisations. Bizlearn.biz aims to become the home for a
community of professional mentors, teachers and consultants who want to
contribute their hard earned knowledge to other business owners and managers. Bizlearn.biz
provides training on demand and is especially aimed at the small business
owners for whom institutional training often involves a too high commitment of
time, and cost, and where the result does not always justify the effort.
John Dierckx will be a contributor, trainer and coach within
the theme Risk Management: business system security, focused on fraud
prevention, detection for small and medium sized businesses.
If you enjoy and value what you are receiving for free in
this newsletter, and if you are serious about a pro-active approach to fraud:
you should consider subscribing to the INFORMANT. We have a special promotion
going on so don’t wait until it is too late and save yourself US$140 straight
away! We are currently offering a discount on yearly subscriptions. For a
limited time we have a special launch discount offer:
·Year subscription (12 issues plus a free copy of
the pre-lauch issue) delivered in your mailbox.
·Free copy (pdf) of the Special Report:
"Understanding Fraud and Fraudsters": a 50+ page introduction to
Fraud Prevention and Detection.
·This Free Weekly email.
·Access to our subscriber only network, where you
can post your questions and concerns and discuss those publicly or privately
with one of our experts or other members.
·Discounts on new products and services and the
first to be made aware of them.
As an extra bonus we will send you the February 2009 issue
for free! That is another US$39 gift.
With this subscription you support the work of the Fraud
Discovery & Exposure Centre to keep you and others safe from scam artists,
(internal) fraudsters and other rip-off artists.
I get a lot of leads about different stories and articles
through various newsletters and web sites, but the amount of relevant
information on the Internet is simply far more than anyone has the time to
monitor. If you encounter a news item about asset protection or related tax
subjects that may be of interest to other readers of this newsletter, please
send me an email with a link to any source that is not a restricted
subscription service. If you have a story you feel may be appropriate for this
newsletter, contact me. I’d appreciate not getting obvious advertising
material. Let me know if you want me to give you credit for the information tip
and whether you want your email address to be included. Absent your approval, I
won’t mention your name or contact information.
If you know someone that may be interested in receiving this
weekly email send it on and have them subscribe to the newsletter at http://www.arcisfdec.com or have them send
an email to john@arcisfdec.com subject
SUBSCRIBE TO WEEKLY.
Should you no longer wish to receive this newsletter please
send an email to john@arcisfdec.com,
subject UNSUBSCRIBE.
