IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
February 8, 2011

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Don’t let your guard down: Webroot issues advice on Safer Internet Day

The advice comes on Safer Internet Day, a date set aside every February to raise awareness of the importance of using online and mobile devices securely.

To coincide with the campaign, which is part-funded by the European Union, Webroot has urged consumers to review security across all devices and ensure protection against “escalating threats”.

“While traditional anti-virus software is important, users now need to think about the bigger picture, ensuring personal information and reputation are also protected,” said David Bennett, senior director for America and the EMEA region at Webroot.

“From address details, phone numbers, banking information or even photos, all this information can be used by criminals in an attempt to conduct malicious activity.”

Action plan for Internet safety

Bennett added: “Safer Internet Day is a great initiative that allows users to become more aware of the online dangers they are faced with that could put their private information at risk. Most importantly, it highlights the initiatives and steps users can take to ensure that they are better protected in the future and that information is secure – irrespective of how, when or where a user is online.”

Webroot has published a five-step action plan designed for safety-conscious web users:

Disable geo-tagging
Thieves are increasingly using geo-tagging information to target victims. This is becoming more prevalent with the growth in smartphones and mobile devices, such as iPads, which have advanced camera facilities.

Geo-tagging automatically links images to a location, causing a huge security risk. Users must disable this function as soon as they buy a device.

Secure traditional platforms
e-mail, SMS and IM are still big business for criminals, with the majority of information being sent across these channels.

That being the case, it’s critical to secure these digital platforms and never send any personal information or financial details via these methods.

Improve password protection
Passwords are an easy target for hackers. Most unsophisticated criminals can download free software to crack passwords on public systems like Facebook and, with many people using a single password for multiple platforms, significant havoc can be wreaked.

Choose a combination of upper case, lower case and numbers that form the beginning letters of a short, memorable sentence to guarantee passwords keep you secure.

Check social networks
Default settings on social networks, such as Twitter and Facebook, often just provide basic protection, enabling potential strangers to access sensitive information.

It’s critical that these are regularly checked and updated.

Be aware of links
Avoid clicking on links. Whether they have been sent to you in an e-mail or even posted on your Facebook page, always be suspicious (particularly when those links come from a source you don’t know, and point to a site you’ve never heard of).

This is an ideal method used in social engineering and targets people of all ages. Don’t let your guard down for a second!

Safer Internet Day: the role of security within social networks

Last week, researchers unveiled a “dating database” consisting of 250,000 users, writes Amichai Shulman.

This was not just any ordinary dating site where one registers to and agrees to post their information.

Rather, the dating profiles were based on public information that the researchers gathered from Facebook profiles.

Many people at this point cried out “Privacy!” However, let us take a step back and remind ourselves that it’s these users who were not concerned about publishing their data in the first place!

By consenting to Facebook’s rules, they are actually agreeing to relinquish their information to a public website.

With this in mind, it may be safe to say that if a user indicates their religion or ethnicity on Facebook, they do so because they want other users to know this information and are willing – even implicitly – to take the chance that a (hypothetical) racial classification application will have access to it as well.

It may also be safe to say that people who post a named defamation of their boss on their wall – or their friend’s wall – are willing to take the chance that their boss may see the post.

That’s the essence, or rather lack thereof, of privacy.

Security and the social network

In terms of social networks, it’s security of which we need to be wary. Security controls the way in which people use the information of others.

It’s a way to ensure that people cannot invoke functionality on behalf of other users, and that delinquents cannot use the system to distribute malware.

It’s also a way to make it difficult to hack into someone’s account using a brute force attack. Security enables us to integrate social networking applications into our business environment without affecting the integrity and confidentiality of business data.

In today’s social networking platform, security is the threat. Web 2.0 vulnerabilities are quickly translating into massive worm outbreaks.

One such example is the notorious Koobface worm which is still propagating even though researchers have been attempting to contain it for the last few years. Even basic Best Practices, such as the use of SSL for authentication purposes, are not closely followed.

Nevertheless, we are starting to feel the winds of change. Recently, Facebook made changes to account security to reduce account hijacking incidents.

Just a few weeks ago, a new authorisation scheme was put in place that requires one to identify friends in case of an alleged account takeover.

Improvements to security

As social networks attempt to increase their user base, penetrate the business environment and roll-out new services (such as Facebook’s new webmail) we should expect social platforms to invest more resources in improving the security posture of the platform.

These measures will provide improved protection against application layer attacks, stronger authentication and account control features and better malware detection systems.

Amichai Shulman is CTO and co-founder of Imperva

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments