April 18, 2011
A newly released Symantec Internet Security Threat Report shows the company recorded over 3 billion malware attacks in 2010, and found that these threats not only skyrocketed in volume, they had also made substantial advances in their level of sophistication.
According to the report, the 5 biggest threats are:
- Targeted attacks against companies attempting to steal information.
- Social networking threats in which information about individuals is collected through the internet and social networks and leveraged to earn victims trust or masquerade as friends.
- Zero-Day exploits that exploit vulnerabilities within operating systems and services.
- Attack kits that bring advanced technical exploits to common crooks that otherwise wouldn’t have the skills to create online exploits – think of these like attack-in-a-box packages.
- Mobile threats that extend the basic business model behind cybercrimes to mobile devices as phones reach the capability and mass adoption necessary to make the exploits profitable. Learn more about mobile threats in my blogs: It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, and McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks
The Report Made Easy
For consumers, Symantec’s report can be easily be understood through two great tools:
- A nice info-graphic they put together to illustrate 2010’s year in numbers:
What this means to you
Here’s a 12 point checklist to get you started on the road to Internet security and safety. If you want more detail, look to http://ilookbothways.com for straightforward practical advice on how to steer clear of Internet hazards whether you’re sending e-mail, dating online, making purchases or socializing – and whether you are on a computer, or your phone.
- Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.
- You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
- Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
- Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
- Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
- Review the privacy terms and settings. This needs to be done for every social site you use. Create an environment of safety for yourself by understanding how any website you use treats your privacy and information. That fine print may tell you the company can own, resell, rent, or give your information to anyone they want. If it does, find a more respectful site.
- Discuss online safety with your family and friends. Decide together how you will help protect each other’s privacy online and set rules that reflect your personal values. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here https://ilookbothways.com/?s=bcc.
- Be selective about who you interact with online and what information you make public.
- The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
- Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
- Pay attention to messaging risks.
- Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
- Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
- Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
- Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’, ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
- Don’t trade personal information for “freebies.” Online freebies come in two forms:
- The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
- Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
- Periodically review your internet contacts, and online activities. Internet housekeeping is important. Review who you have as contacts, and who can see your online profiles periodically to prune out everyone you no longer have a close relationship with. Review any images and content you’ve posted online to see if collectively these tell more about you than should be known.
- Check your credit reports. Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax.
- Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through AnnualCreditReport.com.
- You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
- Block people you don’t want to interact with. You don’t have to accept invitations to be friends with people just because they ask. Women in particular can find it difficult to turn someone down – and creeps and crooks count on this very thing. If you don’t want to be friends, delete the request. If you are already connected with someone you would rather not be, block them from your social sites. You can also block their email account so they can never contact you through email, and block their phone number from calling or sending text messages to your phone. YOU get to choose who, how, and when you are contacted.
- Trust your instincts. Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
- If you are exploited, it is not your fault. Following the fourteen steps outlined above can go a long way to keeping you safe, but bad things sometimes do happen. If you fall victim to a scam, fraudster, abuser or criminal, don’t blame yourself. The only person guilty is the abuser or criminal. You didn’t cheat, scam, lie, threaten, harm, steal, or abuse yourself in some other way, so don’t lay a burden of guilt where none belongs. Don’t let the abuser or criminal shame you into silence. Speak out and get the help you need.