by Andrew Pilling

I get many emails from customers asking me what measures they can employ to keep their computers and their bank balances safe when they are shopping online. Keeping your data safe on your computer can be broken down into a few golden rules.

Use an official copy of Microsoft Windows.
Turn on automatic updates. Microsoft Windows will update itself automatically when new security updates are available.
Get some anti virus software. A free version is available from AVG.
Update your anti virus software daily this is a very simple task. The AVG anti virus software updates itself when you switch your computer on.
Make sure the windows firewall is turned on
Don’t use illegal copies of software, a lot of illegal copies contain spyware and hidden executables that will attempt to log your computer activity, recording keystrokes etc.
Run Spybot Search and Destroy regularly it’s an excellent piece of software, that’s easy to install and use. It is also free.

Shopping Online

Shopping online can be a far more relaxing experience from the chair in front of your computer. Who wants to be repeatedly bashed in the back of the legs with a shopping cart or stand in a long checkout line that never seems to shorten?

Shopping online also saves you money I probably save hundreds of pounds a year by doing my grocery shop online. It is far easier to find the best bargains and special offers just by clicking on the search button.

Basic Online Shopping Security:

Try to use a credit card or even better use your credit card through a middle agent like PayPal or Google checkout. These methods of payment will give you an excellent chance to get your money back if on one of those very rare occasions something goes wrong.

Before entering your payment details or password always check for the padlock and make sure it’s closed. Click on this padlock and you will be given more information about the sites security certificates etc. Also check your browsers address bar, the sites address will begin with https, the s on the end of the http denotes that any information transferred between your browser and the site is encrypted and cannot be read if it is intercepted. (PayPal’s address is an example of a secure address https://www.paypal.com/)

A lot of computer users also seem to be wary of purchasing digital products on the internet. They tend to panic and get a little confused when they are redirected to a merchant. When purchasing software online through an agent like BMTMicro, Swreg, PLIMUS, RegNow, share-it, etc. These merchants also give you an extra level of protection and in all the years I have been purchasing digital products on the internet through a merchant I have never had any problems with security; or getting a refund if I felt the product was not fit for purpose.

Never ever click on a link you have received in an email, unless you have been expecting the email as part of a sign up process to a subscription list etc. Remember banks don’t send emails asking you to confirm your details.

Use Roboform or some other password manager to securely store your encrypted login data. Roboform offers an extra layer of security by verifying sites as it retrieves the login data required. The free version allows you to store up to 10 passcards

Educational Adventures supply special needs software to LEA’s and parents.
Download Roboform: Click Here
Download SpyBot SD: Click Here
Other Infomation: Click Here

Article Source: Article Directory<

By Gale Yocom

Financial Institutions can look to more in-depth examinations this year since the FDIC issued FIL-105-207, which updated the IT Examination Officer’s Questionnaire. The FDIC wants to make sure that insured depository institutions have security programs that guarantee the confidentiality of customer information in addition to anticipating and protecting against security threats and unauthorized access of customer information. To ensure that these issues were addressed, there are five sections on the questionnaire, which includes Risk Assessment, Operations Security & Risk Management, Audit/Independent Review Program, Disaster Recovery/ Business Continuity Management and Vendor Management/Service Provider Oversight. Parts 1 and 4, namely Risk Management and Disaster Recovery are much the same as the 2005 questionnaire, with some minor changes. The other sections have a number of significant changes; one of the most important is that the 2007 questionnaire has included an entirely new section that focuses on questions about Vendor Management. One particular topic of concern addresses the FIL, because most institutions do not have standard security awareness training programs in place.

Training Awareness Using Non-Conventional Methods

With so many new complex threats going beyond the standard pharming, phising and vishing attacks, assaults are now focusing on the end user or client side exploits. These attacks are exploiting and affecting mail readers, Internet browsers and third party applications such as Adobe Reader. Because of these more sophisticated attacks, it is more important than ever to educate users/employees about these risks, which can be achieved by making sure IT Managers have compliant training sessions in place. What we at Covetrix discovered is that most security awareness training programs are simply not enough. They are usually done annually or only when the employee is initially hired. Even with extensive training, the level of absorption of these topics is often forgotten in just a matter of weeks, usually because of a lack of interest or because of the approach of the material presentation. After a while, employees almost get the feeling of someone crying wolf when it comes to phishing / pharming / vishing attacks, which for future reference we will refer to social engineering. The training programs must be adapted so that the critical level of importance remains high. We believe by providing non-conventional, educational and real world examples, a financial institution will not only be able to educate employees with increased absorption, but they will also be able to understand how these scams work thereby being able to spot a scam and then quickly catching it before it impedes on the customer’s privacy.

Tracking Employee Review is Critical to Retention

As our clients are eager to improve on their security levels, we believe it is vitally important to build strong teams, teams that can provide a quick response to potential threats, keeping security risks from causing havoc in the financial institution. At Covetrix, we see a need to track employee reviews of the security training material. The reason? It has been proven that more often then not, an individual may watch security awareness training videos, read e-mail messages, or review computer use handbooks with the best of intentions, yet their level of retention and absorption of the security knowledge is often limited. Covetrix has designed IT training videos that keep interest high and retention longer. The way they work is the video pauses and asks the viewer questions about the previously viewed content before continuing. This information is also reported to IT staff for compliance during examinations. Trained individuals must be ready and prepared to make quick decisions so that nothing threatens the security of the financial institution. Yet even with willing participants, individuals are sometimes overwhelmed with too much information. Despite the idea of ensuring that videos are watched and questioned and then asked about their understanding of content, we need the information to stick. To ensure that training methods stay in the minds of the users/employees, new ways of implementing the information must be enforced, which means it is necessary to implement non-conventional techniques.

How Non-Conventional Methods Work

In the event of identity theft scams, placing untrained people in security roles is not going to keep security risks away! What will keep them away is giving individuals the proper training, continually expanding on knowledge through effective training programs. As a well-qualified technology expert and experienced security specialist, it has become very obvious that when individuals are properly trained, they retain and absorb information more readily. And based on my years of experience, one of the best ways to help retain and absorb information is through non-conventional strategies. What do I mean by non-conventional strategies? In most training programs, the user is given a direction of lists which may include things like the following:

1. Don’t open bad mail
2. Don’t go to a bad website
3. Report all phishing emails

The problem stems from the user’s actual understanding of this information. Our videos are using non-conventional training by actually showing a user exactly what is a bad mail, how they are created, or how a hacker creates a phishing site and attacks their institution. Combined with the employee’s review of the information and non-conventional training, the knowledge transfers information in a far more effective manner.

The Outcome

As a result of implementing these innovative awareness training video strategies, we have seen a high level of success during our third party penetration testing and audits. Equally important are the individuals who are able to understand and retain information more efficiently. It’s very clear that even the most effective training program requires periodic testing to ensure that the training program is serving the ever-changing needs of the financial institution. And just as technological challenges continue to change and grow, so too must training programs grow and change as well. With non-conventional training strategies, financial institutions have a far better chance of keeping customers safe from scams and unauthorized access to private information.

About the Author

Mr. Gale Yocom is a recognized technology expert and President of the Dallas-based security specialist company Covetrix. For the past ten years his company has provided full service networking and security solutions to government entitities, financial institutions, and commercial businesses across the U.S. Performing security audits, penetration testing and implementation of security controls, he brings a wealth of knowledge and information to Internet security. Mr. Yocom is known for effectively uncovering weaknesses in institution’s security practices and has impressively strengthened the security posture of many financial institutions. Mr. Yocom can be reached by contacting him at gale(at)covetrix.comor by visiting him on the web at www.covetrix.com

Article Source: http://EzineArticles.com/?expert=Gale_Yocom
http://EzineArticles.com/?Why-Using-Non-Conventional-Security-Awareness-Training-is-Crucial!&id=958079

Cyber Insecurity vs Internet Security

by OSAuthority
Pandora ’s box has been opened and the explosion of information both personal and non-personal seems to be limitless and increases exponentially. And according to the National Opinion Poll taken in January of 2007 half the UK harbors a “deep mistrust” due to security concerns. Not only is there a deep public mistrust but, the House of Lords Select Committee on Science and Technology are inquiring into the need for personal Internet Security because of the growing use of home computers, expansion of broadband, internet banking and commerce (Brent MacLean “A new look at Internet Security” Monday September 10, 2007).

Every one is talking extensively ( ISP Associations, Richard Clayton of the Cambridge Security Lab, John Carr of the Children ’s Charities Coalition on Internet Safety, as well as Johnathan Zittrain of the Oxford Internet Institute and many others), gathering evidence of information and compiling it all for what? Sadly, most businesses and citizens still do not take the threat posed by cyber-insecurity seriously.

You would think with dependency of economies relying on certain infrastructures involving the Internet and information exchange between key service providers, that a disruption would certainly result in loss of lives, loss of property, and the collapse of public confidence globablly. Today simple domestic hacking is not the issue that will bring on devastating destruction like those designed by terrorist activities directed at nuclear plants, banking systems, hospitals, air traffic control as well as domain name servers, the possibilities are limitless. However, it is imperative to remove these personal and public computers from the arsenal of cyber terrorists as well as cybercriminals. With 225 million Internet users in North America (Nielson-Netratings), the personal computer dominates the Internet and at the same time is the most vulnerable. Millions of PCs are under the control of “zombie masters”. Red Herring, the technical business journal, estimated that in 2005 a 172,000 computers were hijacked and taken over each day and became “zombies” and under the control of a hacker. By 2007, Secure Computing, which tracks the Internet landscape, identified more than 500,000 new zombies per day that were hijacked and under the control of “bot” herders. Triple the level only two years earlier. The FBI says that because of their wideley distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

The total number of compromised computers on the Internet is not known; however, Vince Cerf, Father of the Internet, estimates that about 150 million PCs currently connected to the Internet and are part of botnets. Based on FBI reports and other independent researchers the aforementioned number may be significantly higher. The typical home computer is attached to “always on” broadband facilities, severely compromised with malware (viruses, spyware, Trojans, keyloggers, etc.), usually without degradation of their ordinary capabilities and doing the bidding of their “zombie master”. Hacking, virus dissemination, denial od service (DoS), theft of personal data, ID fraud, keyloggers, spamming, distribution of pornography, spying through webcams, click fraud and many other cyber exploits are all now almost wholly orchestrated via zombie networks.

Computers weren’t designed for security; they were designed to perform complex work. As complex as computers are, each computer has 65,000 open ports (doorways) to the Internet; a simple element that leaves them vulnerable. You might wonder why an individual would want control of a herd of zombies, there are several reasons. For exploits whether it ’s a denial of service, to bring down the servers of banks, major corporations, or a competitor. Inherently, whenever a computer says “hello” to another computer, that computer must respond with a “hello” back. A “bot herder” with tens of thousands of computers under their control has all of them say hello at the same time to your computer or a network of computers, what do think happens. Most likely the responding PC or server is overwhelmed and crashes, it simply can’t respond to that many hellos. A botnet can be purchased on the black market to carry out attacks. Zombie-making virus kits can be purchased on the net, requiring little or no technical knowledge and which provides the breeding ground for future international cybercriminals and the training ground for cybergangs (terrorists).

What are we to do? Implementing new laws when it ’s already difficult to pursue and in some cases unenforceable and with cross-border criminal investigations not to mention the resources needed are vast and costly with little results.

How do we secure the Internet now? One idea is to improve administrative, regulatory, and technical solutions to produce a safer Net and then apply resources to fortify banks, airports, power plants from the insecure internet we have allowed to develop. It begins with securing the end-user and creating an awareness that we are all responsible for the safety of the Internet and we all need to “Become Responsible Cybercitizens”.

We the people have to make an effort to make sure our machines run clean and free of malware (viruses, spyware, trojans, etc.). That involves current patches, updates, upgrades, and professional software technologies. It also obligates everyone of us to make sure that we have not been compromised by having our computers serviced by a security technician and assured that there is no malware present. There is a service, the Invisus PC security service, that will provide a fully managed computer security service including unlimited security technical support plus several additional benefits that will earn you the title of a “Responsible Cybercitizen”.

Requiring ISPs to scan data traffic going to and from computers attached to their networks for unusual patterns of traffic and then deny them Internet access until it has been determined they are not zombies. We can also ask the ISP to provide remote patches, updates and software updates. However, the ISPs will bulk at the cost, liability, autonomy, support, and delivery. Or have our ISPs provide a value-added service similar to subscription-based services offered by the Invisus PC security service which not only provides for a hassle-free computing experience but, is a total security package locking down the end-users computer for a minimum monthly fee.

In order to succeed we must meld security and convenience. The consumer doesn’t want to be responsible for their security. All they want to know is how to turn their computer on and off. Unfortunately, we can’t have our cake and eat it too. The time has come to learn how to maintain a safe and healthy computer (saving the consumer both time and money) void of infections that keep spreading and infecting other computers. It ’s not necessary to be technically savvy to operate a computer, like your automobile there ’s no need to be a technically savvy mechanic but, it is important to make sure your car is in good operating condition not only for its performance but, for the safety of others. We have laws to assure us the security of cars and their owners are safe. Those who are ignorant of how to maintain the safety of an automobile are required to perform certain responsibilities to insure the safety of their vehicle for others as well as the owner of the car. To insure the safety of others we require a certain level of education and knowledge of the rules of the road. You can’t drive without insurance or a drivers license, which means that you have undertaken and understand some level of instructions.

You may disagree but, unfortunately as impossible as it may be practically, politically, and ethically, to require every consumer… including the ignorant, the poor, and even the wealthy, to be legally responsible for keeping their computer in a state of reasonable security, the fact is you are guilty until proven innocent. So, the next best approach might be to offer to try and educate them but we probably cannot impose a “computer-driving license”. Again, we may be able to offer an alternative by requiring the consumer to take necessary steps to assure that their computers are serviced and up-to-date with professional security software and that they are checked and given a clean bill of health; free of malware.

About the Author

Bill Wardell the Senior Editor, Creator and Developer of Online Security Authority, the Author of “Don’t Take Candy From Strangers” NSM Director, ASC Certified Coach. Speaker and Radio Show Host, Publisher, Researcher and National Radio Guest! The CyberHood Watch

Article Source: Content for Reprint

Browsing Safely – Guide to Types of Computer Viruses & Malware

By: JR Lang

Computer security is an essential part of protection for your PC from the dangers lurking on the Internet, in fact, surfing the net without Malware Security is like walking through a hospital without an Immune System.

There are zillions of threats, from minimal nuisances to severe Malware that can completely and permanently disable vital functions to where the entire operating system needs to be reinstalled and all programs and data lost.

What is Malware: Malware is short for malicious code software (mal-ware), which includes any and all forms of code designed with malicious intent. Malware is the umbrella under which all security dangers exist, such as viruses, worms, spyware, phishing, adware, tracking cookies and rootkits.

Viruses: Threat Level – Intermediate to Severe. What is a computer virus? A computer virus is a malicious code that adds itself to other programs that exist on the computer (host), including operating systems. Many computer viruses spread quickly and wreck havoc on the system host, including potential destruction of operating systems and data.

There are different types of viruses and they range from being a nuisance that constantly displays pop-ups to severe dangers that delete system files, attach to registries, destroy the user’s ability to log into the Internet and even destroying the computer’s operating system along with all the data that is on it. Unless you have completely backed-up the data on your PC, recovering that data will be impossible if you have to re-install the operating system after a virus infection.

While there are many different viruses, the Trojan Horse is one of the most severe and all though threat severity levels vary within the different types of Trojans, basically they are all dangerous and should always be protected against. Unfortunately some Trojans infect computers and cause such damage that it becomes irreversible and a reinstall of the entire operating system becomes necessary.

The best protection against computer viruses is prevention, early detection and removal. A good anti-virus or Malware security software can protect your computers and provide peace of mind when surfing the net.

P2P File Sharing and Virus Dangers: One of the easiest ways to get a virus is by downloading unsafe freeware, shareware or person 2 person (P2P) from file sharing sites. Specifically those sites that provide P2P free music downloads. Some of these sites are Limewire, Bearshare and Morpheus. Users create a free account on these sites, download the software (which is sometimes full of Spyware/Adware on its own) and get access to millions of other peoples files through what is called the Gnutella Network. Users can search for MP3 music files and download them from other people’s computers through this Network.

First, this is illegal, but that’s a whole other topic. With these types of downloads there is no way of knowing what is actually on these files and it is easy to download a serious viruses and especially a Trojan. These P2P sites should be avoided to ensure computer security. For a few bucks you can get legal and safe music downloads at sites like Napster and Rhapsody. Play it safe, paying the few bucks is well worth it, as it can save lots of money, not to mention the hassle of having to fix a damaged computer.

Worms: Threat Level – Severe. A computer Worm is a a type of especially nasty Malware that is a self-replicating computer program, which at one point almost brought the entire Internet to its knees. Unlike a virus, it doesn’t attach itself to an existing program and does not infect computer files, instead it wrecks havoc on systems as it creates endless copies of itself, with the goal of taking up as much space as possible on the PC and creating program problems.

Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Internet worms are most prevalent today in the form of email attachments. Two of the worst worms ever were Mydoom and Morris.

Worms are usually sent via email by attachments, you should never open an attachment in your email from an unknown source. Also, when deciding on an anti virus security program it is important to make sure that the email scanner is activated and that the software covers protection, detection and removal features for worms.

Spyware: Threat Level – Low to Severe. Spyware is one of the most common types of Malware and often slows computer performance. Spyware spies on your web browsing activities and comes in forms of keyloggers (where your keystrokes are monitored), recording/sending your web browsing habits to a third party, causing unwanted pop-up adds, hijacking home/search pages and making changes to them, as well as, redirecting browsing results.

A Spyware infection can be caught in several ways. One way is by clicking on a bad link from a bad site. Two, through small windows of advertising that pop up during web browsing (pop-ups). Third, there is what is called a drive-by type download and that is where Spyware infects computers without the user noticing, just by visiting a bad web page. Tip: All web browsers allow you to check a “block pop-ups” selection which can be accessed from the browser toolbar under options.

Adware: Threat Level: Low to Intermediate. Adware is Advertising Display Software that delivers ads in a manner or context that is unexpected, unsolicited and automatically loaded. Many adware applications also perform tracking functions, and therefore may also be categorized as Tracking Technologies. Adware causes pop-up windows with advertisements in the browser based on the information it collects from the user’s browsing patterns. Sometimes adware may be installed in conjunction with a companion Spyware program.

Phishing: Threat Level – Severe. Phishing is a form of Internet fraud that aims at identity theft. It’s purpose is to steal valuable information such as credit cards, social security numbers, user IDs and passwords.

A phishing site is a duplicate of a legitimate site and it is created to dupe users into logging in and therefore stealing private information. Many phishing scams are perpetrated via mass emails which alert the customer to some problem with your customer account or some other hook, usually from a bank, or Paypal or some other institution and it lures people into entering their private data by following a link to the phishing site of a real site.

The recent IRS rebates spawned a phishing scam, where mass emails were sent with IRS logos informing taxpayers that they are due a rebate check but they must first follow the IRS link and input their information to receive the rebate. The link, of course, leads to a phishing site where unsuspecting people enter personal information, like social security numbers which are then hijacked by identity thieves.

It is important to realize that most reputable companies do not usually send emails soliciting private data. In fact, Paypal explicitly lets its users know that they never solicit customers via email in any way. The IRS has a fraud alert on their homepage advising taxpayers of such phishing scams. If you get emails like this just hit the SPAM button and run for your life or at the very least check with the institution that sent the email in some other way.

There is also the danger of running into a phishing site while web browsing, it is important to have computer security software that will alert to phishing sites with real-time protection.

Phishing security is NOT standard on all anti virus software and Malware removal programs. When considering a security program make sure to look for phishing protection.

Drive-By Downloads: Threat Level – Low to Severe

Drive-By download is where all types of Malware can infect your computer via a visit to a web page. The Malware codes are embedded in these bad sites and looks for users computers to become hosts to attach itself to. It is important to look for drive-by or real time protection when considering security software. Drive-by or real time protection should be included on the anti virus software that is on the computer.

Rootkits: Threat Level – Severe. Rootkits are really bad because they can hide their existence from operating systems and users and cause major destruction. Because Rootkits create stealth program codes that run at a lower level than can be detected with all normal anti virus software and Malware removal programs, it is crucial to make sure that the security software explicitly protects against rootkits.

Cookies: Threat Level – Low. Some cookies are positive and really do not harm to your system in anyway, they simply temporarily store your log-in information so that you do not have to enter it again when you return to that site. Plus, many sites will not run properly without cookies enabled and so they are a necessary element. And these temporary cookies can be cleared from within your browser at any time you.

On the other hand Tracking Cookies are a form of Tracking Technology. Tracking Cookies are used to track the surfing habits of users in order to manage, analyze advertising data, and they may be used with the more malicious intent of monitoring user activity more closely. Tracking cookies are usually easily detected and protection from them comes standard on most anti virus and Malware security software.

It can be more difficult to remove Malware if infection occurs than to protect against it and some Malware causes such damage that a complete operating system reinstall is required.

There are many Malware security softwares, including some great free ones, and firewalls, that offer various levels of protection. It is important to have a complete suite that protects from all Malware dangers.

Author Resource:-> Visit this comprehensive guide with details, features and reviews of free and paid Malware security software, including removers, and free firewalls: Computer Virus Protection Reviews – Free Malware Remover

Article From Article Directory