I’ve been teaching IT security awareness for several years and I try to get those in attendance of the classes to learn some basic IT security skills. These basic skills build on each other and there is some cross over, but ultimately this blended set of security skills can help anyone stay safe online.
As with any sport. you always start by learning the fundamentals, and while no one skill can get you into the game or keep you safe online, they can definitely make you ready for either.
With free Wi-Fi available just about everywhere I constantly see people leaving their devices unattended and this lapse can allow someone to walk off with the device unnoticed. Think about your device and the amount of data it may contain.
The device may have your whole world stored on it! If someone takes your laptop, tablet, or phone it is so much more than having the device stolen, but the data it contains. Besides this Wi-Fi example other scenarios like going through airport security or leaving your device in the car can expose the device to being stolen, so physical security is a great starting point and a must have skill for overall IT Security.
Don’t Accept the Defaults
One of the most basic rules of security, but at the same time one of the most abused is not changing settings from the vendor defaults. The excitement of getting a new device and wanting to use it as soon as possible can cause people to rush through the setup and accept defaults with the promise to return later to change the settings.
Unfortunately the promise to return and change the settings never happens and wanting to use the device before setting it up properly has created a security risk. For example just plugging in a wireless router with its default settings is like forgetting to lock the door when you leave the house.
Many wireless routers administrative guides can be downloaded from the manufactures web site and these guides include default settings for the admin password or encryption key settings. Another action related to accepting the default settings is not checking for or applying updates.
Either during the initialization phase or during the life of the device not applying these updates can render the device vulnerable to the security holes the updates were meant to patch. Many devices are insecure out of the box so take the time to secure them.
Sense of Urgency
When I teach email security awareness a common theme with scams is the sense of urgency being portrayed in the emails. Many of these don’t think just click type scams also show up in social media sites and text based scams.
The sense of urgency scams will try to get people to click or react without thinking about what they are doing. Some scams will have an emotional pull of someone you care about being in trouble, or you could lose access to your bank account, or even to let you know you won a prize. Before you know it your judgment is clouded and you clicked and responded.
There was a great awareness campaign started a few years ago called STOP THINK CLICK and those three words can make a big difference when responding or better yet not responding to these types of scams.
It won’t happen to me
I hear “it won’t happen to me” or “I would not fall for that trick” all the time, and I have even said those same statements myself! Online scams are always evolving and new scams show up all the time, so always be alert and never let your guard down.
If something seems out of place start asking yourself some questions; does this person typically send this to me, why does my bank need me to verify my password, should I be logging into my email on unsecured Wi-Fi, why does this app need access to text messages and phone calls, etc…
After asking some questions you can make an informed decision, and if something just doesn’t feel right trust your gut that it isn’t right!
There is no such thing as private on social networks, and anything you post your friends can share with the world!
Everyone doesn’t have to be an IT security expert to be safe online, but knowing some basic skills and practicing the skills can help anyone protect themselves. So after learning and practicing your IT security skills go outside and practice throwing, fielding, and hitting because the Yankees are looking for a new stop short after this season!
About the Author: Dale Rapp currently works for a large school district in the St. Louis area, has been involved in network support, project management, and IT security for 10+ years. Rapp has worked on projects upgrading hardware and software systems, designing and installing wireless networks, and initiatives to secure systems and data. Dale earned his CISSP certification in 2011 and the CWSP certification in 2013, and is currently planning to sit for the CEH exam in 2014. Rapp has a passion for computer networking, especially anything to do with wireless security, and also writes for his own security and wireless networking blog.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Wireless Network Security for the Home User
- Empowering More Women to Embrace Information Security
- Non-Disclosure: The Unforeseen Threats
- Christopher Burgess on Senior Online Safety
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock