Incidents of cybercrime via malware and exploits are on the rise, but if this recent poll is to be believed, people are still too blast about their Internet security. The Unisys Security Index: Global Summary report 1 revealed the following:
Concerns over security in everything from online shopping and banking to safety from computer viruses, as well as national security along with personal and financial security, were significantly down over what was recorded half a year ago for populations in the United States, the United Kingdom, Germany, Belgium, Brazil, Netherlands, Spain, Australia and New Zealand. More than 8,000 people were surveyed.
Have they all fallen down an Alice-in-Wonderland-type hole? According to statistics quoted by Jeff Debrosse in his 4-part series entitled Navigating the New Cybercrime Threatscape, 2 approximately $3.2 billion US is lost annually to phishing schemes, and spam-based fraud netted a total of $43 billion US in 2008.
Debrosses articles offer a concise overview of the history of cybercrime and I highly recommend reading all 4 parts. But if time is short and you want to cut to the chase, skip to Part 3 where he gives a rundown of Best Practices both for end users and businesses. The 4th part concludes with a list of resources, again for both users and businesses.
I have a few more items to add to the best practices section:
1. In late August, Microsoft released a patch to disable the Autorun feature for USB drives for Windows XP, Vista, Windows Server 2003 and Server 2008 (it’s automatically disabled in Windows 7). The fact that USBs load automatically when inserted into a Windows computer was exploited by the Conficker worm, the Taterf trojan, and 17% of malware infections in the latter half of 2008. This patch was not pushed via Microsofts Automatic Updates or Windows Update, so you must download and install it manually. Microsoft has an update to get the appropriate version for your Operating System.
2. If you use a wireless router in your home, DO enable the security features, but DO NOT use the default administrator password “ change it! And make sure that every Internet-connected device in your home, from your laptop to Xbox or PS3, etc., uses a password-protected connection to the wireless.
3. If businesses or users have any personal and/or financial information stored on computer, encrypt the disk where the data is stored.
I’d love to hear if readers have other best practices items to contribute, and we can compile a full list.
Sources:
1-http://www.networkworld.com/news/2009/111009-security-online-users.htm
2-http://www.technewsworld.com/story/68067.html
For a very useful encryption software, I would recommend TrueCrypt. It is a really robus freeware application that runs on many platforms. (http://www.truecrypt.org).
Wireless router users should not only enable security features, but they should also ensure they enable the highest level of security. WPA2 is the best encryption method for the wireless router, and should be used. WEP is flawed and outdated, and takes a few seconds to crack (especially 64-bit WEP). See here for WEP cracking using aircrack
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks