Online Safety – National Cyber Security Awareness Month – Tips 1-31 (Plus Bonus Tips)

Today ends the 2009 edition of National Cyber Security Awareness Month (NSCAM).  Throughout the month, I and many others have been posting guides, tips and advice on how to stay safe online and how to keep the online experience a secure and enjoyable one for you and your family. For my part, each day I tweeted a daily tip via my Twitter account @BurgessCT and attached the hash-tags #onlinesafety and #NSCAM for ease of compilation by others.  

I was heartened throughout the month so many asked, “Will you expound on these daily tips? Yes, I’ve already begun, see ( Online Safety – UserID’s and Passwords [October 25, 2009]) and I plan to continue.  Others have asked will you provide all of the daily tips in one comprehensive list? Yes, I provide these below (and I have tossed in a few bonus items).

Keep in mind, none of these are highly technical, some are behavioral and all are easy to implement.

National Cyber Security Awareness Month Tips 1-31:

1. Passwords:  Practice good cyber-hygiene – Passwords are like toothbrushes – you don’t share them with others and you change them often.
2. Passwords: Passwords should be used for one site only. For strong passwords, use symbols, numbers and letters – never a word from any language dictionary.
3. WI-FI: Home or Business wireless networks (WI-FI) – Enable WPA2 encryption with strong passwords. If your router does not support WPA2 encryption, time to upgrade that router to new technology.
4. WI-FI: Configure your router to suppress the broadcast of your Service Set Identifier (SSID)
5. Guidance & Direction: Guide your young. The internet is to receive information only and not to be used to share information. Only Mom & Dad share information over the internet.
6. Browser Settings: Web-based email (e.g. Gmail, Hotmail, etc.) configure your browser log-in to HTTPS (S=secure) and avoid having your password sniffed and grabbed when connecting via an open (not secure) network connection.
7. Software Settings: Does your family use Peer-to-Peer (P2P) file sharing? Know your settings. Tips from the FTC’s OnGuard OnLine 
8. Computer Settings: Disable Auto-Run and scan all USB/CD/DVD even if you received it from a trusted source, their USB/CD/DVD may be ill from having visited a machine with malware/crimeware prior to visiting yours.
9. Software Settings: Software auto updates – DO IT. May be inconvenient but updates close previously unknown vulnerabilities.
10. Email: Phishing Scams – No replies or click-on-links of emails asking for personal or financial information.
11. Computer Settings: Administrator control? Who has control of your computer? Take control, set a unique password so that the computer settings can only be changed by the administrator, you?
12. Anti-Virus Software: Have it and use it! Auto update both the engine and the data. Don’t ignore warnings. Train your family to call out and alert you when a warning presents itself – don’t ignore these warnings.
13. Anti-Spyware Software: Have it and use it! As with Anti-Virus don’t ignore the warnings – Spyware can capture your data at the point of entry or harvest from your hard drive.
14. Data Backup: Regular data backup(s) should be a part of your security regime. Data includes, but not limited to photos, videos, music, documents, etc. If your device (laptop, pda, etc.) goes down, your data is safe.
15. Malware/Crimeware: Be wary of ‘scareware’ pop-ups which announce your computer’s compromise and offering you a “free” software to remove – a tried and true technique to have you install malware. (NB: FTC v. Innovative Marketing, Inc., et al – an excellent read of the FTC’s Complaint taking down a purveyor of “scareware”)
16. E-mail: If a retailer or vendor asks you to “email your credit or debit card data” – Say “Absolutely Not” and don’t do it. 
17. Browser Settings: Do enable the “Pop-up Blocker” and “Redirect Disable” settings on your browser – this puts you in control of your internet experience.
18. Firewalls: Have it and use it! Think of the firewall as your computer’s guard force – blocking attempts to communicate with your computer which you haven’t authorized.
19. System Scans: Security checks for your computer – a list of free scan software from reputable vendors, courtesy of http://www.staysafeonline.org/ 
20. Public Computers: Use an internet connection at the library, airport, etc? Clear the browser’s history and cache’s when you are finished to remove “easy” accessibility to the websites you visited. 
21. Electronic Media: Recycling or discarding media? Reformat or degauss your electronic media prior to recycle or discard. This will prevent inadvertent sharing of your personal or business data.
22. Computer Settings: Do visitors use your computer? Create a guest account with separate log-in for your guests so they have their own environment on the computer w/o access to your personal data or browser history or cookies.
23. Computer Location: For families, PC’s to be used in a central place – not behind closed doors. All can keep an eye on activities.
24. Online Friends: Talk to your children about the need to talk to Mom or Dad prior to meeting online friends face-to-face.
25. Parents Online: Go where your children go online. Browser history will guide you; if history doesn’t exist or has been selectively deleted – time to pay attention.
26. Chat rooms: Chat rooms are great for learning and sharing, children should obtain Mom or Dad permission and review first
27. Data Security: Consider encryption, with a robustly strong key phrase, for your important data (i.e., medical, personal, financial and private). Extend this protection to your data backups.
28. Chat rooms: Select user-ids which are age and gender neutral, as filter userids is a methodology used by online predators: “Pineneedle” not “Seattle1084”
29. Laptop Security: Do you travel with your laptop? Protect it, it may be the gateway to your online presence and accounts, and hosts ur data – see the FTC’s Onguard Online which has some great laptop tips.
30. Internet Connectivity: Know how your children are getting online – home, school, mobile phone, friends, library and craft rules/boundaries
31. Reporting: If you believe you have passed your personal identifying information (PII) to a criminal do file a complaint with the FTC (http://www.ftc.gov/) .

Bonus: Think of online safety and security practices as a basic extension of your family security plan – no less important than smoke detectors, alarm systems, and how to interact w/strangers.

Bonus: Do your children wear their Name & Address on the back of their jacket? Then why post it on a website’s profile.

Bonus: Some good advice on how to avoid being hooked by phish from FTC’s Onguard Online

Bonus: Do you know where your data is stored? Knowing allows protecting. It is important to clear your temporary files and caches as you save and store your data.

Bonus: You, the individual may not have the resources of a company to protect yourself, don’t let that deter you.  Select your ISP w/care – some ISP’s leverage their access to security vendors to provide you with:

• SPAM filters for your email;
• CONTENT filters for your browsing;
• ANTI-VIRUS and ANTI-SPYWARE scanning for all the data passing through their pipe; and
• WEB PAGE scanning for malware, crimeware, pop-up and redirect protection.

You can focus your individual budget to those areas you need “enhanced” coverage and capability.

I hope the above are of use and you and your family will continue to be safe online.

Thank you for your time
All the best,
Christopher