From banking online to using cells phones to instantly share vacation photos, cyberspace has become a part of daily life. The U.S. Department of Homeland Security marked October as National Cyber Security Awareness Month, and Alfred Barker, chief information security officer for the University of North Georgia, talks about internet security and how we can keep ourselves and our data secure.
How is data being kept safe by banks, government agencies, schools and other large institutions?
Keeping data safe is a huge task that involves many disciplines, numerous people, multi-layered processes, and appropriately placed technologies correctly configured to prevent, detect and respond to compromised data. All of these agencies and institutions find direction within regulatory compliance, best practices, and other forms of governance such as policies and standards. For example, Georgia has the Georgia Computer Systems Protection Act; the payment card industry has the PCI Data Security Standard (PCI-DSS); the health care industry has the Health Insurance Portability and Accountability Act (HIPAA); education has the Family Educational Rights and Privacy Act (FERPA); and banking has Financial Services Modernization Act of 1999 and the Sarbanes-Oxley Act (SOX), both of which address protection.
Governance is a great beginning, but is one of many responsibilities needed to protect data. Others include risk management, access control, cryptography, physical security, continuity, and disaster recovery preparations. Most important, a solidly trained, security-aware user is the greatest form of protection.
How can users keep their own data safe?
Use strong passwords, and keep them secret. Computer programs or hacking tools crack most passwords, not someone guessing your password. The best defense is to choose a password at least eight characters long; use upper and lower case and include a few special characters. Never share your passwords with anyone, not even your friends. Mobile devices can more easily be lost or misplaced, so password-protect your devices.
Use caution when you download and only download software from Web sites you trust. Gaming and celebrity sites and "free" music and movie file-sharing programs may bundle unwanted software, including spyware. Install file-sharing programs cautiously, too. Using these programs, also known as peer-to-peer or P2P, may leave an open back door into your computer when it's connected to the Internet.
Finally, use encryption. Data has two states – "in transit" and "in storage." Encryption can be used to protect both states – in transit use HTTPS when sending or receiving sensitive information and in storage make sure you have enabled your mobile device's data encryption capabilities.
How can we maintain privacy online? Or can we?
When you must share confidential information online – when you shop, join a group, or open an account – be cautious. Use a unique password for each instance. Be careful who you do business with online and read the privacy statement before you share any personal information. Check for signs the Web site protects sensitive data. Look for https ("s" for secure) in the Web address and for a tiny closed padlock or an unbroken key.
Make sure you are where you think you are – look closely at the URL. Unfortunately, the padlock (or key) can be faked. So, double-click it to look for a match between the name in the Web address and on the security certificate; if the name differs, you may be on a fake site.
To learn more visit http://www.dhs.gov/national-cyber-security-awareness-month.