Five Farewell Cyber Security Month User Tips

October, now drawing to a close in spectacularly spooky fashion, is Cyber Security Awareness Month.

What does it mean? It means that a whole lot of organizations have been trying to get you to safeguard your data. More importantly, they want to help keep you from becoming a victim, getting your identity stolen and your bank accounts emptied.

That's very noble and heartening to know they're looking out for you, isn't it?

But what your employer really wants -- the people that sign your paychecks, remember -- is for you to keep their data safe: intellectual property, marketing plans, and other sensitive information that they don't need getting aired out in public, or worse, end up in the hands of competitors. What your bank and credit card issuers want is to not have to deal with claims and pour good money into rescuing your balances from fraudsters.

Luckily, there are ways you can help them and yourself.

Be Modest

Social networking sites are all the rage, and with good reason. They are a great way to connect both personally and professionally, and frankly, they can be a lot of fun. The downside is that instead of dipping their toes, many people overshare.

Not only can oversharing land you in trouble with your employer (so that is why you took a sick day) but it can also give hackers the ammunition they need to crack into your other accounts.

Take Sarah Palin's Yahoo email account debacle. In this case, it's not entirely her fault, she is a public figure and her life story is one Wikipedia entry away, rife with fodder for password recovery mechanisms. But for the regular Joes and Janes out there, keeping some of your personal information close to your chest is a good idea. That way, there's little chance of someone using your own valid data against you.

More importantly, don't devour every Facebook or MySpace app and widget that comes along. For now, they're mostly innocuous, but if you read the fine print, they can potentially end up collecting a lot of information about you. It might be OK for developers and organizations that you trust to use your data responsibly, but as their developer communities grow, so do the chances of a bad seed or two operating in their midst.

Trust No One

When you get an email, it's time to show your cynical side.

Combat spam by ignoring it. If you didn't sign up for it or if it's from someone you don't know or a company that you've never had dealings with, chances are that it's spam.

Fortunately, most email clients these days don't automatically download images. When you fetch an image from a server, it's a signal to spammers that there is a live person behind that account; a signal that they take to mean that you want more spam. If you're still using an old client that automatically displays images and other web elements when you open a message, it's time to consider getting a new one.

Another problem is phishing. Basically, a fraudster is trying to get you to log into a site, like your credit card's, your bank's or PayPal account. Don't fall for it. Your first impulse may be to *click here* to resolve some dire warnings about suspicious activity or to verify your account information. Don't.

Instead, remember this rule: When in doubt, type it out.

If you have lingering concerns, open your browser and manually input the site's address and log in. Don't copy/paste. Also look for the telltale lock icon and https://... in the address bar to denote that you've logged into a secure site and that your data is encrypted en-route.

This way you're guaranteed that a scammer isn't trying to steer you to a fraudulent site because all your actions are your own.

Encrypt Your Data

Sounds complicated, but it's not. Certainly, there are plenty of software options out there, but there's no need to feel overwhelmed.

Windows (Bitlocker in Vista) and Apple OS X (FileVault) both support built-in encryption. Options are a bit lacking, but when it comes to securing your information, it's a great way to keep your data private. In short, and without getting too technical, encrypting your drive renders the data within indecipherable, unless of course, you have the key.

There's a common misconception that establishing a login password will keep your data safe. Not so. If someone were to steal your machine, or even just the hard drive, they can still access your data, even if they don't know your login.

Why encrypt anyway? You've undoubtedly heard about laptops and data tapes containing scores of personal data getting stolen. The truth is that if they encrypted their data, you wouldn't even hear about it because they're under no obligation to reveal it. Encryption (128-bit at this stage in the game) is that safe.

Update Your Operating System

Like this past month has shown us, it is critical to update your operating system (OS) the moment a patch comes around.

Microsoft generally updates every second Tuesday of the month, a day that's affectionately called Patch Tuesday. This schedule serves everyone well for a couple of reasons. First, systems administrators can carve out a predictable time frame each month for updating Windows systems.

The other reason was illustrated this month: unpredictability.

When Microsoft issues a patch outside of the Patch Tuesday cycle, you can bet that it demands your attention. This means that there is a vulnerability out there -- usually with an exploit hot on its heels -- severe enough that it can't wait for the next Patch Tuesday to roll around.

Users basically have two patching options in Windows, set up automatic updates or download the patches manually. There's a middle ground between the two where Windows will notify you when an update is available and you accept them. Either way, it's critically important to update. Most of the malware code in circulation preys on operating system vulnerabilities (basically holes in the code) that were patched soon after they were discovered.

Mac users can use System Update to set a schedule that checks for updates. Although Mac OS X doesn't get patched nearly as often as Windows, important updates occasionally pop up.

In any case, and whatever your OS, update!

Use WPA to Secure WiFi

Forget WEP. Hacker toolkits have made it a trivial matter to crack and snag packets from the air. And while there may not be hackers lurking around every corner, why take the chance?

Lock your router down using the WPA option and settle on a lengthy, convoluted password. Linksys, D-Link... whatever make your router is, the option is buried in there somewhere. Use it and create a strong password. That means going nuts, getting random and dropping a healthy mix of upper and lower case letters, numbers and special characters so that it looks like comic book characters are cursing up a blue streak, like this: siW*^10P11^#@.

You'll have to do better, but you get the idea.

The best part is that you'll only really have to deal with it once. Both Windows PCs and Macs only require that you input it the first time. Nonetheless, write it down and keep it safe in case you get a new laptop or need to reformat. Changing it every so often doesn't hurt either.

One final word of advice: You know how after a night of (hopefully bountiful) trick-or-treating, you check to make sure that packages and wrappers are sealed, tossing out the dodgy-looking pieces of candy? Do the same online.

Most of your neighbors are good people, and the same is true of people online. But anonymity has given online crooks the run of the neighborhood. So think long and hard before downloading or accepting that freebie unless it comes from a well-regarded source.

This article was first published on EnterpriseITPlanet.com.