Cyber Security
Gun Owners think about Security but not always the physical kind.
By Mudinyeri
Lincoln, NE –-(Ammoland.com)- Most NFOA members and AmmoLand readers are very focused on security … physical security.
What about cyber security?
Do you spend as much time thinking about cyber security as you do physical security? Granted, you’re unlikely to lose your life as a result of poor cyber security but you may well incur financial costs as well as reputational damage.
Much like physical security, one needs to be aware of the risks related to cyber security and the way in which those risks can be mitigated. Again, much like physical security, once you are aware of cyber security risks, you must remain ever vigilant. You will be safest when these cautionary guidelines become second nature.
Think before you click. Be cautious of images and links with invitations to click on them. Whether they’re in an e-mail or on a website, “spoofed” links and click-through graphics are one of the easiest ways for hackers to infect your PC with viruses, key-loggers or Trojans. Even if you receive an e-mail from someone you know the links in the e-mail can be dangerous. Use caution! Is it really worth risking your cyber security to watch the YouTube video of the long-tailed cat in a room full of rocking chairs? Be especially cautious of links and graphics from strangers or from people you know who don’t normally send you the type of information related to the links.
Use strong, unique passwords. Good passwords are one of the best defenses against hackers. If a hacker can’t guess or decode your password, they won’t be able to access your account. Passwords should be at least eight characters in length. Strong passwords contain uppercase letters, lowercase letters, numbers and symbols. For example, rather than using “Password”, one could use “Pa$$w0rd”. An even stronger password would be one not based on an actual word.
Utilizing unique passwords is also important. If you use the same password for every secure site, you run the risk of a hacker discovering a single password and accessing all of your online accounts. At a minimum, use unique passwords for online banking sites and any other online account that involves financial transactions.
Changing your passwords on a frequent basis adds another layer of security that makes it difficult for hackers to access your protected information.
Recognize and deal appropriately with Social Engineers. Social Engineers use seemingly ordinary interactions as well as other tactics to manipulate or trick people into divulging sensitive information or performing tasks that can lead to compromised cyber security. Social Engineers are essentially con artists who play on human tendencies to manipulate their victims. Following are the seven most common tendencies Social Engineers most commonly exploit:
- Authority: The Social Engineer may pretend to represent someone in authority. “I’m a system administrator” or “I work for a government agency and I need this information now!”
- Likeability: People want to help people they like. The Social Engineer may pretend to have the same hobbies or background as the victim or mimic the victim’s behavior. Once a common bond is established, the Social Engineer may weave cyber security-related questions into the conversation. “It sounds like we’re both Ruger fans. Do you use Ruger as a part of your password?”
- Reciprocity: The Social Engineer may promise a gift or favor to the victim or convince the victim that the Social Engineer is doing him/her a favor in order to get the victim to comply with the request.
- Commitment: People tend to be more compliant after they have made a commitment. A Social Engineer may ask the victim to make a commitment – to follow a password policy, for example – and then ask him/her for the password to make sure that it complies with the policy. “Are you using an eight-character password with uppercase, lowercase, numbers and symbols like I recommended?”
- Social Validation: A Social Engineer might convince a victim that other similarly situated individuals have already complied with a request in order to gain compliance with the request. The Social Engineer attempts to make the victim feel like they are holding up a process or feel safe providing information because others have complied. “We’re validating all NFOA members’ profile information and you’re the last one on my list ….”
- Scarcity: If people think they are competing for something, or that their access to something is limited by quantity or time, they may be more likely to comply. For example, a Social Engineer may send an e-mail stating that the victim’s account will be closed in twenty-four hours if he/she doesn’t “validate” his/her account information immediately.
- Sympathy: It’s normal to want to help someone going through a difficult time. Social Engineers use this normal human response quite frequently to elicit information, goods or money from their victims. A common scheme involves a theft or robbery. “All my gear was stolen. Can you help me?” I’ve seen variations on this theme in a number of online communities. Often, the sympathetic members of the community will go so far as to set up a PayPal account where members can donate funds to help the scammer get “back on their feet” after the “horrible events” they’ve experienced.
- Avoid phishing scams. Phishing is a form of identity theft in which the intent is to steal your personal information. Credit card numbers, passwords, account data and other personal information are the typical targets. Do not reply to e-mails that ask you to “verify” your information or “confirm” your user ID or password. Do not click on links or graphics in e-mails requesting this type of information. If you receive an e-mail that appears to be from a service provider, eBay or PayPal for example, open your browser, type in the URL for the service provider and log into your account to check on its status. Frequently, the link in a phishing e-mail that appears to be from a legitimate service provider will redirect you to another site that looks very much like the service provider’s site but is not. As a general rule, do not click on links in e-mails.
- Shop safely. Everyone loves a bargain. Sometimes, what looks like a bargain is actually a cyber security trap. Shop online only with retailers that you know. Look for the padlock icon in your web browser when submitting personal information like account numbers. Use an account with a company like PayPal that allows you to pay with a credit card, debit card or bank account without exposing your account information. If you pay by credit card, you have more recourse if you are a victim of fraud than if you use a debit card, check or cash.
- Protect your identity. As you browse the web, it’s important to realize that many websites collect information about you. Usually, this information is contained in your Internet browsing history on your PC. While most of this information is used for legitimate purposes – customizing your Internet experience or providing you with targeted offers in banner ads – there are websites that sell the collected information to anyone willing to pay the fee. Pretty much any legitimate website will have a privacy policy that informs you of what data they collect and what they do with that data. If you don’t want to share any information, there are a number of programs and browser plug-ins that will protect the information stored on your computer.
- Dispose of information properly. Before discarding your computer or portable devices, you need to be sure that the data contained on the device has been erased. Simply deleting the data will not do the trick. In most cases, data that has merely been deleted is easily recovered. Before disposing of any device that stores data, the device should be “wiped” utilizing software that is compliant with the Department of Defense’s 5220.22.M standard. Alternatively, one can physically destroy the device or its hard drive.
- Protect your children online. Discuss and set guidelines for computer use with your child(ren). Post these guidelines next to the computer as a reminder. Make sure computers used by children are in open areas – not behind closed doors. Let your children know that their activities on the computer are tracked, that you will periodically review the information and, if you find that information has been deleted, they will lose computer (or other) privileges. Consider using parental control tools that limit what children can do while on the computer as well as tracking software outside of the computer’s Internet browser. Discuss the risks outlined in this article with your children. Educate your child(ren) so they are prepared to be a part of your family’s cyber defense team. Computers used by children are often the biggest hole in a family’s cyber security.
Mission:
Nebraska Firearms Owners Association (NFOA) is organized for the purpose of voicing the opinion of its membership to the Nebraska Legislature and other law making bodies within the state as well as Federal level, as it pertains to firearms. NFOA members will also make it a priority to educate residents on firearms related issues. Visit: www.nebraskafirearms.org