By Sam McQuade
Have you ever been the victim of a cybercrime that resulted in some amount of data loss or other types of harm?
In this time of increasingly complex computer viruses, phishing scams and identity theft, as well as many other types of IT-enabled crimes, it is critically important to routinely and systematically protect your computer data from prying eyes, damage, manipulation and loss.
Results from an RIT Computer Use and Ethics survey administered to 873 randomly selected students reveal that one out of three students had been victimized by some type of computer-enabled crime, and that one out of four students were victimized two or more times in the 12 months preceding the survey.
Fortunately, a person does not need to be majoring in computer science, software engineering or IT administration to employ effective information security measures. Nor does effective information security necessarily cost a lot of money. By following these procedures you can prevent the vast majority of abuses and crimes that threaten you and your data:
1. Password management: Use strong passwords consisting of eight or more randomly selected alpha-numeric characters that do not spell a name or word in any language. Change your password about once per month. Never use the same password. If you use several passwords for various purposes, employ effective and secure password management using special software or particular methods designed to help you remember and/or conveniently access passwords when needed.
2. Anti-virus: Purchase, install, regularly use and update anti-virus, Trojan and worm software. RIT makes the popular antivirus software McAfee 8.0i available to all RIT students, faculty, and staff. Whatever antivirus software you choose to use, make sure the virus definitions are updated automatically so new threats are kept at bay. You should also run a full antivirus scan of your system’s disk drive at least once per week.
3. Scrutinize e-mail: Never open
e-mail attachments from strangers, regardless of how enticing the subject line or attachment, because you are probably being socially engineered (i.e., manipulated into doing what a computer criminal wants). Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person’s knowledge via an infected machine. If your e-mail program can be set to not download pictures, enable this setting to help prevent your computer from accidentally downloading spamming, spyware or adware intelligence-gathering tools or other exploits not readily detectable. Many users now help those with whom they communicate by digitally signing their e-mail using verification software products such as Thawte and Comodo, which are available online for personal use at no charge.
4. Personal firewall: Install a software and/or hardware firewall before connecting to the Internet, and routinely use it to monitor and repel attacks against your system. Some firewalls can be configured to allow e-mail and IM messages from trusted sources to get through while screening out all sorts of suspicious content and spam.
5. OS and application patches: Unfortunately, software is often released with bugs that can jeopardize the performance and security of your computer, especially given the reality that many cybercriminals continually develop new “malware” and exploits that are quickly propagated on the Net. In addition to updating virus definitions weekly, you should also update your computer’s operating system, as well as periodically check for and install applications software updates.
6. Spyware/Adware: Spyware and adware is often surreptitiously installed on computers. These malware programs are notorious for bogging down operating efficiency and enabling identity thieves to capture your personal and financial data. To guard against this form of computer abuse you should install and regularly update reputable spyware/adware software, such as Spybot Search and Destroy, and Lavasoft Ad-Aware, both reputable products available in basic versions for free online.
7. Backup data: Backup all your data often, systematically and using different media or networking systems. In this way, if one method fails for some reason, a backup of your backup will still be available. Keep the backup media in more than one location, and ensure that storage media is periodically checked for viruses.
Good online sources of information security tips include the SANS Institute (www.sans.org); the International Information Systems Security Certification Consortium (www.cissp.org); and the CERT Coordination Center of Carnegie Mellon University (www.cert.org). For members of the RIT campus community, many additional information security tips can be located online, through the RIT Information Security Office and RIT Information Technology Services.
However, by adopting the above practices into your lifestyle, most if not all IT-enabled abuse incidents, cybercrimes and associated loss of data can be averted.
is RIT Assistant Professor of Criminal Justice. He teaches courses
in computer crime, criminal justice/ security technology, and related
topics. Prior to joining RIT, he served as a computer crime program
manager with the National Institute of Justice of the U.S. Department
of Justice, as a study director with the Committee on Law and Justice
of the National Research Council, and as a deputy director for
research and resource development with the Metropolitan Police
Department of the District of Columbia. His new textbook, Understanding
and Managing Cybercrime, is scheduled for publication in late 2005
by Allyn & Bacon Press.