There are really only two steps involved in protecting yourself against social engineers who try to charm, intimidate, or trick you into giving them information or against phishers who try to steal your personal information :
Being aware of what is going on
You should be suspicious of people who ask you for your account name and password, computer name, IP Address, Employee ID number, or other information that could be misused. You should be espcially suspicious if they attempt to charm you or intimidate you. Refer them to the IT department. If they claim to be from the IT Department or check it out with your supervisor.
If they claim to be a manager or officer in your organisation and you do not recognize their name, voice, or face, explain that you are concerned about protecting the security of the network and that you need to verify their identy before you can give them sensitivie information.
If you receive E-MAIL that claims to be from your bank, ISP, or an organisation with which you do business that requests information about your account, do not respond via E-mail or a web page. Instead, call the organisation and ask if the E-mail request is legitmate (do not use any telphone number listed in the e-mail; look up the number separately). Most organisation do not use e-mail for such correspondence. Do not click on links contained in e-mail to visit an organisation’s website. Instead, manually type in the url for the organisation’s home page and navigate from there to your account logon site.
Hackers who know your password do not have to resort to technological exploits; they can log on and do anything that you can do on the computer or network. Keeping your password secret is one of the most important things you can do to protect against security breaches.
After you create a strong password, you must keept it secure. Tips for keeping passwordsecure include the following :
Being aware of what is going on
You should be suspicious of people who ask you for your account name and password, computer name, IP Address, Employee ID number, or other information that could be misused. You should be espcially suspicious if they attempt to charm you or intimidate you. Refer them to the IT department. If they claim to be from the IT Department or check it out with your supervisor.
If they claim to be a manager or officer in your organisation and you do not recognize their name, voice, or face, explain that you are concerned about protecting the security of the network and that you need to verify their identy before you can give them sensitivie information.
If you receive E-MAIL that claims to be from your bank, ISP, or an organisation with which you do business that requests information about your account, do not respond via E-mail or a web page. Instead, call the organisation and ask if the E-mail request is legitmate (do not use any telphone number listed in the e-mail; look up the number separately). Most organisation do not use e-mail for such correspondence. Do not click on links contained in e-mail to visit an organisation’s website. Instead, manually type in the url for the organisation’s home page and navigate from there to your account logon site.
Protecting your Password and logging on Security
Hackers who know your password do not have to resort to technological exploits; they can log on and do anything that you can do on the computer or network. Keeping your password secret is one of the most important things you can do to protect against security breaches.
- Do not use personal information for your password. Social security numbers, driver’s license number, phone numbers, birth dates, spouse names, and pet names are all factual information that can be found out by others.
- Do not use words that are in the dictionary, including words in foreign languages, Dictionary attacks try these words and combination of them.
- Do use a combination of uppercase and lowercase letters, numbers and symbols.
- Do not substitute numbers for letters to make a words (for example, s0ph1st1cated). Hackers are aware of this tricks.
- Do not use sample passwords that you see in security articles or books, even if they are exceptionally complex.
- Do use a combination of letters, numbers, and symbols that have meaning to you so you — but no one else – will be able to easily remember the password. For example, mfc!rB&G might mean — my favorite colours (!) are blue and green ||to you, but to anyone else it looks like a random combination of characters.
- Do select a password that you can type quickly, to minimize the chance of some discovering it by watching over your shoulder when you type it. However, do not use common key sequences such as qwerty.
Keeping Password Secure
After you create a strong password, you must keept it secure. Tips for keeping passwordsecure include the following :
- Never share you password with anyone else.
- Do not write your password down. this the reason why you need to create a password that is easy for you to remember. If you disregard this advice and do write it down, keep the written in a locked off-site container.
- Do change your password on a regular basis, even if your network policies do not require you to do so. Always change your password if you suspect it might have been compromised ( for example, if someone was standing over you when you typed it ).
- Do not use the same password for multiple purposes. For example, some people might use the same number combination for their ATM PIN, network logon password, E-mail password, and for all protected web sites. If this password is cracked, all of your accounts and activities will be compromised.
- Do not save your passwords in a file on your computer that can be read by others. Do not use features that allow you to remember passwords for critical applications or senstive web sites.
No comments:
Post a Comment