Welcome to Watchmen Inc

Common Sense and Cyber-Security

Say the words "Cyber Security" and most people have pictures in their mind of racks of high tech servers and armies of nerds diligently slaving away at flat screen monitors. However, online security is as much about your behavior and your thought processes as physical security is. The same reasons why you wouldnít go into the Bronx in the middle of the night or hang out at Burnside and MLK Blvds in Portland in the middle of the night are the same reasons why you avoid certain areas and certain behaviors on the internet. While a large portion of the cyber-security industry is focused on the latest tools and gadgets to fend off attacks from cyber-criminals they often lose sight of the fact that the tools are just tools. Forgetting to deal with people and the behavioral aspect of security would be like buying the best, most expensive, guaranteed to almost never miss gun and then forgetting to put the bullets in or leaving it at home on the shelf. In this article Iíll address four main areas where people get themselves into trouble online.

Where you go ---

There are always places where common sense would tell you not to go. Iran and Mogadishu would not be good places to plan to go to for your next family vacation, for example. Most metropolitan cities, including in the US, have areas that should generally be considered off-limits to the average person. Itís the same thing with the internet. Pornography and gambling sites are often run by organized crime. Frequenting these sorts of sites is going to eventually lead to you getting a virus. Your best bet is to stay away from them. Gambling sites are not going to help you get rich quick and you may end up losing more than just your money. Pornography will not really satisfy you and in the end will destroy your sex life instead of helping it. Add to that the risk of viruses and malware and it becomes really apparent that these are the types of sites you want to stay away from. For more information and resources on these issues check out Mark Gungor'sinformation on this subject. If you have a real addiction to any of these areas, get help. Itís not worth the risk from both a security and a personal standpoint.

What you click on ---

A large percentage of viruses and malware are delivered through web page advertisement. Unfortunately, the criminal class has gotten very, very smart about how they deliver ads. Since a large portion of ads are managed by third party providers, legitimate sites often can have malware laden ads. A little bit of knowledge and common sense will go a long way towards protecting you from these sorts of attacks. One of the more famous ones in recent years is the fake antivirus scam. Visit a site and a banner pops up telling you that your computer has a virus and that to get rid of it youíll need to click on the link and install their software. In reality, a banner ad would not have the capability of scanning your computer. You would first have to install software for it to actually scan. Criminals used this ploy (called scareware) to frighten unsuspecting victims into buying worthless software that would cripple their computers instead of removing the virus it claimed was there in the first place. I recommend to people that they turn off banner ads if at all possible. If not, donít click on banner ads even if you are interested in a product or service. I recommend that if you want to visit an advertisers site go there directly. It will save you much hassle and grief and youíll still be supporting the advertising that keeps the web so low in costs.

What's in your inbox ---

Spam isnít just annoying.....itís often very dangerous. The criminal class plays on human weaknesses, such as curiosity, greed, and even a desire to be helpful to trick people into becoming their victims. Typical scams you can receive in your inbox are 419 (scams which promise the victim large sums of money to help someone in another country move or invest an inheritance or unclaimed account), fake resumes, and spreadsheets or other business type reports that look like they got sent to you accidentally. The best rule of thumb is that if itís not from someone you know, send it to the junk folder or to the trash bin. Criminals will also often utilize the addresses within a personís email contacts to send out viruses. Your best bet is not to open links from an email by clicking on them, but to type in web address in your browser window. It will keep you from the headaches associated with attempting to remove viruses.

What you just posted ---

The advent of Social Media has been huge....but itís also been a huge nightmare for security professionals. Let me illustrate this with a story. A couple joined a Facebook group for their area and soon became friends with one particular man. They felt they were fine with this because they both had this man as their friend. One day the man talked the wife into meeting him somewhere. When she did he talked her into getting into his truck. When she did, she discovered that the inside door and window controls had been removed. The man drove her to a remote location, sexually assaulted her, and then showed her pictures of her children. He knew where each one of them went to school, because of their Facebook pages. He threatened to kill her children unless she helped him in some scams that he was pulling.

This story is true, but it is repeated on an almost daily basis all around the US. Those of us tied in to security news and publications see this happen regularly. The best way to avoid this is to be smart about what you post on social media sites. Here are some practical tips:

  • 1. Wait to post those awesome vacation pictures until after youíve returned from your vacation. Thereís no sense in telling every low-life criminal that youíre not going to be in your home for two weeks. Even security professionals have made the mistake of tweeting how theyíre at such and such a conference. This is a bad idea. Wait until after the conference then do all your tweeting.
  • 2. Be wary of joining large networks of unknown people. Criminals often prowl these groups looking for someone weak and vulnerable to target.
  • 3. Donít post or let your family post information such as your address, phone number, or what school they go to. The more information a criminal has the easier it is for them to make you a victim.
  • 4. Regularly check your security settings. Sites such as Facebook will often update their code and as a result all of your security settings go back to the defaults. These defaults usually equal poor security so make sure that you are constantly updating your settings.
  • 5. Make sure that you are "friends" with your kids in their Social Networking apps. Also make sure that they give you and keep you up-to-date with their passwords so that you can log in any time and see what they are doing on those sites. Itís not an invasion of their privacy, itís protecting their lives.
  • 6. Understand that Social Networking is a tool that can be used for both good and evil. Just like a hammer can either build something or kill someone, Social Networking is subject to the intents of their particular users. Being aware and careful is the best way to protect yourself.

There is a lot more I could say on this subject so if youíre curious about any of this, or if youíd like to setup a consultation for your company on how to train employees to recognize and avoid these security pitfalls please email me.