You can hardly look at any news source anymore without being bombarded by articles about security incidents, privacy breaches, worms, viruses, zombies, botnet's or a host of other Information Security related headlines. The media really eats this Information Security stuff up.
This week’s news continues this trend.
Get ready for the “Conficker.c” worm that has already infected 5 to 10 million computers worldwide and is waiting for April 1, 2009 to awaken. The experts predict that the payload, which is what the worm will do when it is activated, will somehow involve people being separated from their money. This assumption is based on the knowledge that many of this worms predecessors have been targeted at convincing their helpless victims to purchase what they think is "anti-virus software" to protect their computers from the very worm that they are already infected with.
It really is all about money these days. Microsoft has even jumped in and offered a $250k reward for information leading to the capture and arrest of the worm writer.
Over the last few months the news has been filled with companies getting "hacked" and loosing their customer privacy related information (SSN & Account numbers, etc...). There have also been several companies that have just simply lost information through carelessness and bad security practices.
And over the next few months I am sure that we will continue to hear about more about companies losing information, more virus and worm scares that threaten society and more about victims who have lost money due to identity theft, phishing attacks or more worms.
I have been in the Information Security profession for a long time and while Information Security threats are ever changing, fast paced and have grown to ever increasing scales, there are some simple and basic things that companies and people can do to significantly reduce their exposure to these threats.
Not surprisingly, they are really just common sense, don't change much over time and you already know how to do them.
Patch your systems and do it all the time. The Conficker.c worm exploits a vulnerability that a patch was released to mitigate in October 2008. New patches are being released all the time. I guarantee viruses and worms will be written to exploit them. Have basic protections in place like a personal firewall that blocks nonstandard traffic and antivirus software that is regularly updated and is configured to regularly scan your computer. We hear this all the time. Are you doing it? Don't download and run pirated software or software that does illegal things. This includes peer-to-peer file sharing as well as pirated versions of your favorite tax software. Be suspicious of everything. And even more so if someone or something is trying to help you or give you something for free. Nothing is free. Come on, you know that don’t you?
The bottom line is simple. Protect the information on your computer the same as you would protect your physical property. Lock your doors and windows. Don't let strangers in your house even when one comes to the door and wants to give you $100 dollars. Change your locks if you think that someone has been inside your house. Don't accept (or seek out) stolen property. If you receive a recall notice for your car because of failing brakes, make a point to get them fixed as soon as possible.
Security is security. Use the same logic with computers and information that you use to determine what you should and should not do with your valued physical possessions. Applying this logic will avoid the majority of the Information Security problems that you hear about in the news.
the Conficker worm seems to have failed to live up to it's apocalyptic reputation, but that's obviously a good thing
Posted by: Computer Support | 05 October 2009 at 02:41