While there is a lot of talk lately about protecting assets across mobile devices and cloud computing environments, security veteran Eric Geier insists PC security cannot be forgotten. Considering all of the bills being paid, holiday gifts being bought and sensitive documents being trafficked online, desktop security fundamentals may be more important now than ever.
"You should fully protect yourself to lessen the chance of cybercriminals infiltrating your computer and your online accounts, capturing your personal information, invading your privacy, and stealing your money and identity," Geier wrote in a recent guest post for PCWorld. "You need to guard against viruses, of course, but not all antivirus programs catch all threats, and some do better than others. You have to watch for many other types of threats, too: Malware invasions, hacking attacks, and cases of identify theft can originate from email, search engine results, websites, and social networks such as Facebook."
Timing is everything
Patching is the first and most obvious area that businesses and consumers alike must look to when shoring up security, as there are countless strains of malware out in the wild waiting to exploit vulnerable networks and machines. With slow or inconsistent operating system update schedules proving so dangerous, Geier advised users to leverage automation to their advantage.
But aside from the base operating system, browsers and other frequently used utilities should be regularly checked for updates as well. Users may want to pay particular attention to ubiquitous Java and Adobe applications.
The last few months have seen a near constant stream of Java vulnerabilities being brought to light. Security researchers uncovered one flaw that could have potentially affected 1 billion plug-ins, as the loophole was observed in Java versions 5, 6 and 7. What's more, these exploits were persistent across five different web browsers tested on a fully-patched Windows 7 platform.
Adobe has had to answer its share of tough questions as well. After addressing critical flaws for Flash, Reader and Acrobat in August, the company was forced to issue a security bulletin regarding 25 new Flash Player patches last month.
Cybercriminals feeling social
Another important consideration for securing personal and professional assets relates to social media websites and other rarely regulated corners of the Internet. If a company does not have a policy or education program to convey best practices, now may be the time to bring one in. Companies should be alerting their workers to be careful of hoaxes, phishing attempts and the implications of vague or non-existent privacy policies on these websites.
"Although security and privacy features vary across social networks, they can help to protect you and your account data," Geier wrote. "You must set them up, however, for them to work effectively. For instance, both Facebook and Twitter allow you to encrypt your connections so that other people can’t hijack your account when you’re connecting from public Wi-Fi hotspots. And Facebook offers a feature to monitor and track the computers and devices that log in to your account, to help identify unauthorized logins."
PC Advisor said social media websites are currently the trigger point for a growing number of data leaks, but these popular platforms have also drawn attention to critical issues and inspired considerable progress in some cases. One security professional told the news source that Twitter, Facebook and similar websites have been doing a respectable job keeping up with pressing security demands. The website reports that the Online Trust Alliance only had 12 percent of social media websites on their security and privacy honor roll in 2011, but that figure shot up to 52 percent in 2012. Even still, companies and workers need to be mindful of the sensitivity of information they're sharing on these websites.
It may seem obvious, but looking at the long list of threats on the "best practices for computer security" page of Indiana University's website, there are a lot of risks that people may not even realize are there which could end up being extremely dangerous. The university gave some advice for which threats to avoid, telling students to:
- Never download unfamiliar software from the internet, especially from file sharing programs
- Always be wary of email attachments, even if they seem to be from a familiar source
- Don't click a random link without scanning it to make sure there are no viruses contained on that particular website
- Log out of computers when work is done, as accounts that are left open are more frequently compromised
- Be extremely careful when handling any kind of sensitive data, whether it is on a hard drive, email client or removable media
- Delete data that is no longer needed and make sure it is completely off of the computer so no one else can get to it
Data Security News from SimplySecurity.com by Trend Micro