Wednesday, June 22, 2011

Managing Your Identity and Cyber Security

As an IT professional, I have witnessed an explosion in Internet use since its inception. As people become more and more connected with computers and mobile devices, the responsibility of managing passwords and one’s identity becomes more complicated. Attacks on corporate systems have steadily increased over the years, and these help to realize the pitfalls of heavy reliance upon computer systems. The attacks are becoming less common from rogue hackers as much as they are coordinated state-sponsored or criminal efforts. The government can only do so much to encourage standards of cyber security because the ultimate responsibility lies with the companies, IT departments and people to implement proper strategies. Everyone has to realize what types of threats there are and how to manage systems in order to mitigate these threats. For cyber security strategy, there are three aspects that we must consider 1) password management and online presentations, 2) hardware and software infrastructure, and 3) secure application development. Of the first two, everyone can do a part while the third is primarily the responsibility of developers.

Let us review some threats to cyber systems and Internet communications. Viruses, worms and spyware have played important parts to disabling networks and doing mischievous activity with various computer systems. Phishing and spam emails have been used to decoy potential threats as legitimate requests. Today, threats are more than just the annoying viruses and spyware issues. Attackers simply “sniff’ unsecured communications, such as unencrypted or unsecured Wi-Fi networks, for information. Anyone using a mobile device (e.g. iPhone, Android, Blackberry, Windows Phone) or laptop that connects to an unsecured Wi-Fi network risks having information stolen. Today, attacks are more coordinated efforts toward systems like utilities, banks, and government resources. IT departments are on the defensive to keep attacks from gaining access to critical information or from disabling systems. The recent issues with Sony PlayStation systems, as well as the infamous Stuxnet attacks on Iran, provide a glimpse of how well these attacks are evolving and how damaging the results can be. Most utilities and banks know that those probing for security holes and attacks are often rooted in foreign countries.

The first part of a good cyber security strategy is proper password management. The make-up of the password is important as well as how you manage passwords. Passwords should be strong (e.g. a mix of characters, numbers in different cases and symbols if allowed). A computer program can match a simple character-only password by brute force within minutes whereas a strong password can take much longer such that attackers may desire to look for easier victims. People should get in the habit of having different passwords (instead of using one over and over) as well as routinely changing those passwords. There is software that can help 1) generate strong passwords and 2) keep a record of those passwords so that you do not have to necessarily remember them.

Password management is important, but this is not the only part of cyber security to manage when protecting your identity. Criminals are interested in aspects of your identity so that they might attempt to open accounts, to access corporate networks, and to use victim’s finances without the person’s knowledge. Consider the information that people share on Facebook, Twitter, or other social systems, and consider that many firms now ask for personal data in the event someone forgets their password (e.g. “what was your first pet’s name”). Everything that one posts online, regardless of privacy settings, can be used to create accounts or to gain access to online accounts and financial records. Consider what happens if one loses a thumb drive with saved documents and records. Postal mail, if not disposed properly, can also be used to open new accounts (with or without your knowledge). Be mindfully wary of random requests for “friending” or for other information and avoid clicking on links included in emails.

Protect your communications through software and hardware. Many people can remember the “I Love you” virus that spread wild and caused people to get ridiculous and destructive email messages. Most of this can be mitigated by having updated anti-virus and pop-up blocker software today, but one should always be wary of messages with attachments or messages from unknown sources. Be careful of what websites you visit when using unsecured connections because plugins and tools are available for people to easily scan those communications. You might consider purchasing SSH or encryption services to protect Internet connections or using virtual private networks that limit ability to sniff communications. Computers should have an active and updated firewall installed running always, and any routers in your home should be password protected. Change default passwords for these devices.

Our computer systems have grown much simpler to use over the years, and we have been able to access information in increasingly different ways. This has also raised number of different ways that people can attack or steal information. Everyone must be diligent in following proper procedures to protect against attacks and to be disciplined with what and when information is shared. Even when a product is released with the latest protection, there is someone somewhere learning how to circumvent the security. Awareness by everyone will help make better decisions about sharing information online and will help to prevent people from needlessly taking advantage of you.