HOUSECALL information technology

We all have information that we wouldn’t want shared with strangers. Keeping your personal information and passwords private is essential to avoid identity theft, protecting bank accounts – basically maintaining your personal privacy. You wouldn’t leave your bank statements lying in public view, so how can you prevent people from seeing your personal data stored on the Web, your personal computers and computers at work?  The best way to prevent unwanted eyes from seeing your sensitive data is to know where and when it is safe to digitally store your personal information.

Social Networking

First off, social networks are inherently insecure.  Posting to Facebook and other social networks is not necessarily private – even if you keep your account private, people can still view comments you made on your friend’s pages (if their pages are not private). It is not hard to get around the flimsy protections put in place on these sites. Many employers use social networks to gather information about potential employees or partners. Youtube videos are not always private even though you set them as such. Although anonymous account are allowed on many websites, you are not anonymous to the web server hosting your data. Each time you visit a website, your computer’s connection information is stored in the server which can then be traced back to you. Even if you are aware of how to change privacy settings, it is best to err on the side of caution and not post personal information. Overall, the internet, and social networking in particular, is not private. Do not post private information, pictures, or any other type of data that is not meant to be seen by all.

Email Safety

Recently, there have been increased attempts by malicious companies and individuals to get through spam filters.  You may have seen emails from friends or family that contain advertisements. In the past few weeks, Yahoo, Hotmail, and Gmail account credentials have been stolen and then used to send spam emails to the contact lists of those accounts. This is a innovative way to get you to open spam mail, as you will see the message as coming from a trusted source.

If your email account is compromised you will need to take swift measures to protect yourself.  First and most importantly, change the password to your email account and make sure you use a secure password (we recommend a minimum of 8 characters containing letters, numbers, symbols, and capitals).  Next run a malware scan program (like Malwarebytes) on the computers you use to access the compromised account. Malware is often designed to harvest passwords and personal information from your computer, so if you don’t get rid of it the attackers will be able to compromise you again.  While there is certainly cause for alarm, there is no need to panic; most often passwords are compromised by hackers stealing them main authentication database of your email provider.

Do not open attachments in emails unless you know the source and know that it is not malicious. It never hurts to email the sender back and confirm that the attachment is legitimate. Also be careful of links that you receive in emails. If you hover the mouse over a link such as this http://google.com you will notice that the link may not be what it seems. The true link is the one displayed when you hover your mouse over the blue text.

What Can Be Done to Protect your Information?
Be careful supplying personal information to anyone on line. Unless you trust a site, don’t give your address, password, or credit card information. Look for indications that the site uses SSL to encrypt your information (if they do the URL will start with https:// – notice the s). Although some sites require you to supply your social security number (such as those associated with financial transactions for loans or credit cards), be especially wary of providing this information online. A final method of attack is through browser cookies which temporarily store data so that you don’t have to keep typing in your info over and over. If an attacker can access your computer, he or she may be able to find personal data stored in cookies. However, you can limit the use of cookies with just a few simple changes to your browser settings. Be careful which websites you visit; if it seems suspicious, leave!  The longer you linger the more time malicious individuals have to compromise your computer.   Finally be diligent about keeping your virus definitions up to date, scanning your computer for spyware regularly, and make sure you have the latest security patches from the manufacturer.

Blackberries are small which makes them easy to lose. Having your blackberry lost or stolen is worrisome enough without being concerned about your emails, notes, schedule, and contacts in the hands of others. Password protection is the best thing you can do to keep your information from being used maliciously.

If you currently do not have password protection enabled on your blackberry it’s very easy to do.

• Instructions for a blackberry Tour or blackberry Curve 2
• Instructions for an 8830 World Edition blackberry or a blackberry Curve
• More password options

Instructions for a blackberry Tour or blackberry Curve 2

1. Go to the options on your blackberry. This icon usually looks like a wrench.

2. Scroll down and select Password.

3. Click the menu button on your blackberry and select Set Password.

4. You will be prompted to choose a password. We suggest making passwords that are at least four characters long. You can use numbers, letters, and symbols in your password.

NOTE: When creating a password, you automatically use the letters on the blackberry keyboard. If you want the password to be numbers, you must hold down the “alt” key when you type the numbers you want. If you hold down the capital key, the letters will be capitalized, and passwords are case sensitive! It may seem like it doesn’t make a difference, but it will make a huge difference when you sync your blackberry with your computer!

5. Enter the password you just created a second time.

6. Hit the menu button and click save when you’re finished.

Instructions for an 8830 World Edition blackberry or a blackberry Curve

1. Go to the options on your blackberry. This icon usually looks like three controls in green, red, and blue, as shown below. Sometimes it looks like a wrench.

2. Scroll down and select Security Options.

3. Select General Settings.

4. At the top you should see the word Password followed by the word Disabled. Click where it says Disabled and change the option to Enabled. Click the menu button and select save.

5. You will be prompted to choose a password. We suggest making passwords that are at least four characters long. You can use numbers, letters, and symbols in your password.

NOTE: When creating a password, you automatically use the letters on the blackberry keyboard. If you want the password to be numbers, you must hold down the “alt” key when you type the numbers you want. If you hold down the capital key, the letters will be capitalized, and passwords are case sensitive! It may seem like it doesn’t make a difference, but it will make a huge difference when you sync your blackberry with your computer!

6. Enter the password you just created a second time.

7. Hit the menu button and click save when you’re finished.

More Password Options

You can change your password options in the password tab on the blackberry Tour and blackberry Curve 2 and in the general settings tab on the 8830 World Edition blackberry and the blackberry Curve:

Number of Password Attempts: This selects how many incorrect attempts you are allowed before the blackberry wipes itself. We suggest allowing for 10 attempts. It’s easy to make typos on the blackberry’s small keyboard.

Security Timeout: This is how long you can go without using your blackberry before it prompts for your password again. Keep it at 10 minutes at most.

Prompt on Application Install: Selecting “yes” will tell your blackberry to ask for your password anytime you try to install a new app.

Lock Handheld Upon Holstering: This will turn on password protection as soon as you put your blackberry in its holster regardless of how long it has been since you used it.

Allow Outgoing Calls While Locked: If you have phone service enabled on your blackberry this setting determines if you can make calls when the blackberry is locked. Keep this set to No. You do not want someone else using up all your minutes or calling your contacts!

Be sure and hit the menu button and click save when you’re finished.

Having a password on your blackberry may seem annoying at first, but having someone with malicious intentions accessing your information is much worse. You will get used to putting your password in soon enough. Your fingers wont even have to think about it!

Organizations with whom we work have assured us that the patch necessary to  protect against CONFICKER/DOWNADUP has been updated to computers we support.  Antivirus software that is deployed and managed by the organizations we support should also further protect your computer.

Despite the protection that has been deployed, one potential vulnerability found is when staff introduce infected USB keys or external hard drives and iPods to the network.  If they do not have necessary protections on their home computers and they are infected, there is a chance the virus can be transferred to a removable hard drive and that hard drive could infect a work computer when it is plugged in.  We strongly encourage staff to be careful on their home computers, especially if there is a data thread that can link the home computer with a work computer by way of a removable storage device.  Please recommend your staff install the patch below on their home computers if the are Windows-based and to be careful with what they put on removable data drives.  I recommend that a removable drive only be plugged in when it is needed, to save or transfer a file from the computer to the device; then remove it immediately.  This won’t completely protect you, but it could minimize exposure.

Ideally, staff should consider not using removable drives with computers that are not on their work network or have not been configured to comply with their organization’s security, wherein we have a controlled environment. The exception is if they have assurances that the non-work computer is completely protected with bellwether antivirus, antispyware and firewall products.  At this time, even work laptops should be considered a risk unless they are on the organization’s network often enough to update remotely.  If you have any laptops at staff homes, may I suggest you ask them to bring them in so we can make sure they are up-to-date?

Patch for home computers: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx