Do your part in supporting the sprint by educating yourself about cybersecurity. The “Insight Partner Views on Cybersecurity” e-book can help. By addressing security from multiple viewpoints, the e-book reinforces the need for society to build a culture that embraces information risk management.
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
Dell Security e book--_v.5-pg
1. Insight Partner Views on
Cybersecurity
A Compilation for Personal and Corporate Education
2. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
Contents
2
Introduction.............................................................................................3
The CISO role in cybersecurity: Solo or team sport?................................4
Security attacks and countermeasures………………………….……………………….7
Mobile device security: A new frontier for hackers.…………………………....11
U.S. Department of Defense sets its cloud security guidelines..............14
The emerging science of digital forensics……………………..……………………..17
Why fear the hackers? First invest in IT security change…………….....20
Take the next step..................................................................................22
3. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
Introduction
Data security breaches and hacker attacks on
private businesses, health organizations and
government agencies in the U.S. have grabbed
headlines with increasing frequency, it seems.
There is zero doubt about the damage these
events cause. Cybercriminals and hackers walk
away with customers’ payment card information
and employee data while companies and federal
authorities investigate the source of the leaks and
spend millions of dollars to repair the harm.
Some see these breaches as a threat to national
security, and, in response, government has
launched a “30-day Cybersecurity Sprint” as a
tactic designed to beef up cybersecurity
protocols.
Do your part in protecting information by
educating yourself about cybersecurity. The
“Insight Partner Views on Cyberecurity” e-book
can help. By addressing security from multiple
viewpoints, the e-book reinforces the need for
society to build a culture that fully embraces
information risk management.
3
4. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
officers. With the support of social media
campaigns from Dell cybersecurity and the
International Information Systems Security
Certification Consortium, also known as ISC(2),
NCI was able to collect a statistically significant
number of responses across eight industry
verticals. Although a formal analysis of the data is
still being conducted, some important early
revelations have already been identified.
While the overall survey broadly covered the
domain, one of the most interesting insights for
me came from a high-level response from just
three questions:
The average length of time in the commercial
sector between a network security breach and
when the detection of that breach is more than
240 days, according to Gregory Touhill, deputy
assistant secretary of Cybersecurity Operations
and Programs for the Department of Homeland
Security. What could happen to your company
during that eight-month period? Could your
company survive?
This alarming statistic is just one of the reasons
why the National Cybersecurity Institute at
Excelsior College (NCI) undertook the task of
surveying the nation’s chief information security
4
The CISO role in cybersecurity: Solo or team sport?
Kevin L. Jackson, CEO, GovCloud Network
5. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
5
• What are the top three items/resources you need to accomplish your
job?
• Which of the following are the top five sources of application security
risk within your organization?
• Which of the following five skill sets best prepares someone to become
a chief information security officer?
The survey designers worked hard not to focus just on the technical aspects
of the CISO role. To that end, respondents had to choose from nine job
resources, 10 security risk options and 11 specific skill sets. They also
enjoyed the option of writing in a response. Although every option on each
of these three questions had some takers, the most predominant answers
were:
• The top resource needed to accomplish the CISO job is the support of other management leaders.
• The top source of application security risk is a lack of awareness of application security issues
within the organization; and
• The best skill set for preparing someone to become a CISO is a statistical tie between business
knowledge and knowledge of IT security best practices.
Some may find it surprising that neither technical knowledge, technical skills nor the technology itself
is an overwhelming favorite for the surveyed professionals. So with that observation, what truths can
we learn from this answer set?
6. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
To be sure, additional analysis and rigor are needed, but from a personal point of view this early data
hints that technical knowledge is not the primary CISO skill requirement. It also tips a hat toward the
need for robust internal education as well a focus for reducing application security risks. For me, it also
shows that a good CISO must also be a collaborative and communicative teacher across his or her
organization. Is it me or do these traits describe a team leader or coach?
If you are a CISO, do these traits describe you? Are education and collaboration a core part of your
company’s cybersecurity plan? Have you enabled management to give you the support needed for your
own success? Can you describe yourself as the cyber team coach?
6
7. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
credit card records of customers from every
store.[2] The Open Security Foundation’s (OSF)
data loss database[3] contains information on data
security breaches, including recent and large
incidents. Recent breaches include 3.65 million
records stolen from the United States Postal
Service on November 10th and 2.7 million stolen
from HSBC Bank A.S. on Nov. 12, both of this
year.
Cyberattacks are on the increase, with six of the
top 10 largest incidents occurring in 2013 (402
million) and 2014 (469 million to date).[1] A diverse
set of industries is targeted. A mid-year breach
report from Risk Based Security and the
OSF[4] cited that 59 percent of reported attacks
were in the business sector, followed by 16.1
Cybersecurity is rapidly becoming a significant
issue in the C-suite as well as the population at
large. The results of Dell’s Global Technology
Adoption Index (GTAI)[1] show that security is a
top concern for most of the 2000 global small
and medium businesses surveyed. The outcomes
further noted that such concerns create barriers
to the adoption of critical technologies that drive
value and growth: mobility, cloud and big data. In
fact, many businesses are unprepared to address
their potential security issues.
In addition, several large data breaches have
raised the awareness of cybersecurity in the
consciousness of the general population. For
example, the Target security breach in December
2013 resulted in hackers accessing 40 million
7
Security Attacks and Countermeasures
Sandra K. Johnson, CEO, SKJ Visioneering, LLC
8. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
8
percent from the government. Other reports show a data breach focus
on the Finance & Insurance and Manufacturing industries (IBM),[5] and
the Electronics Manufacturing and Agriculture and Mining industries
(Cisco).[6]
The majority of these attacks are due to hacking, fraud and social
engineering. For example, in the first half of 2014, 84.6 percent of
cybersecurity incidents were due to external hacking, with an increased
percentage of events exposing passwords, usernames and email.[4] The
resulting breaches occur primarily through malware, including Trojan
horses, adware, worms, viruses and downloaders.[6] Moreover, the
overwhelming majority (95 percent) of security events evaluated by IBM
include human error as a contributing factor.[5]
Data breach sources
Let’s examine these primary sources of data breaches and high-level
methodologies for minimizing such events. Malware is malicious
software created for egregious objectives. It is designed to disrupt IT
and other computer operational environments and to gain access to
sensitive data, such as personal records. Access is precipitated through various communication
methodologies, such as email and instant message (IM) attachments, endpoints in an IT environment,
applications and other vulnerabilities within such infrastructures as discovered by the attacker.
Malware is intended to be quiet and hidden as it enters environments and is executed. There is a
plethora of various types of existing malware; however, presented in Table 1 is a summary of the most
active and effective malware[6]today.
Social engineering is a methodology that enables a perpetrator to persuade or induce an individual to
provide sensitive information or access to the unauthorized perpetrator. The attacker is typically able
9. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
to do this by exploiting the fact that most people
want to be helpful and avoid confrontation. By
leveraging social media, face-to-face contact,
telecommunications and other communication
mechanisms, attackers are able to obtain information
and access, either piecemeal or holistically, that
permits their access to data, networks and other
infrastructure.
Minimizing or averting attacks
The best protection against malware includes anti-
malware and Internet security software. Such
software can find and remove the overwhelming
majority of the known malware prevalent today. Lists
of the best antivirus and Internet security software,
according to PCMag.org[7][8], are included
inTable1 and Table 2, respectively, on the next page:
It is important that you keep your anti-malware and
Internet security current, as new malware is
introduced on a regular basis.
In addition, regular education is crucial for
minimizing the impact of social engineering related
attacks. The knowledge of how attackers can
aggregate bits of information into a comprehensive
9
MALWARE DESCRIPTION
Trojan Deceptive code hidden
inside software that
appears to be safe
Adware Advertising-supported
software that can collect
user information when
executed (also known as
spyware)
Worm Standalone software that
replicates functional copies
by exploiting vulnerabilities
in targeted systems
Virus Code that can corrupt or
remove files, spread to
other computers (e.g., via
email) and attaches itself
into files and other
programs
Downloader Software that downloads
executable malicious code
without the users
knowledge or consent
Figure 1. Most active malware today
10. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
collection of sensitive information is important in preventing
individuals from sharing such information or providing access to
‘friendly’ people.
Finally, it is paramount that users remain diligent regarding their
passwords. The data shows that the majority of information
obtained by attacks relates to sensitive personal information,
including passwords. Also, programs that crack passwords or
obtain them from other sources are readily available. Various
lists of what to do, and not do, regarding passwords are readily
available and is not included here. However, while it is difficult to
remember all passwords for all of the authentication and access
entry points used by an individual, one rule of thumb can be
helpful. Make your passwords long, include digits and symbols,
and use the first letter of a phrase you are most likely to
remember. For example, from a line in the poem “Phenomenal
Women” by Maya Angelou, who died this year, “I’m a woman
Phenomenally, Phenomenal woman, That’s me”, one can create
the password, “Iawp,pwtmMA14”. This includes the first letter of
the words in this line, the poet’s initials and the year of death.
Moving forward, cyber attacks will be more prevalent, even as
infrastructure growth, including network bandwidth,
applications, mobile devices and other endpoints become more
prolific. It is important to always be mindful of your activities,
and know that education, due diligence and the relevant anti-
malware and Internet security software can address the majority
of security threats.
10
ANTIVIRUS SOFTWARE
Webroot Secure Anywhere
Antivirus (2015)
Norton AntiVirus (2014)
Kaspersky AntiVirus (2015)
Bitdefender Antivirus Plus
(2015)
F-Secure Anti-Virus 2014
INTERNET SECURITY
SOFTWARE
Bitdefender Total Security
(2014)
Norton Internet Security
(2014)
Webroot SecureAnywhere
Internet Security (2014)
Kaspersky Internet Security
(2014)
McAfee Internet Security
(2014)
Figure 2.. Top Antivirus Software [7]
Figure 3. Top Internet Security Software [8].
11. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
While mobile device security attacks are relatively
small, they are the new frontier for
hackers. Listed below are highlights from several
mobile device surveys:
• The four top threats to mobile
devices include: 1) lost and stolen phones; 2)
insecure communications; 3) leveraging less-
secure, third-party app stores; and 4)
vulnerable development frameworks.
• One in 10 U.S. smartphone owners are victims
of phone theft.
• Mobile malware attacks are increasing, with
2014 exhibiting a 75 percent increase in
Android malware attacks on devices.
• The use of mobile devices to access enterprise
resources introduces significant security risks.
Recent security breaches have heightened our
awareness of cybersecurity issues. The
Staples hack and other security breaches have
resulted in unprecedented damages. However,
the majority of mobile device users have yet to
be sensitized to their personal and corporate
security risks.
For example, a security study found that 69
percent of users store sensitive personal
information on their mobile devices. Examples
include banking information, confidential work-
related items and provocative videos and photos.
In addition, 51 percent of mobile device
consumers share usernames and passwords with
family, friends and colleagues. This in spite of the
fact that 80 percent of such devices are
unprotected by security software.
11
Mobile device security: A new frontier for hackers
Sandra K. Johnson, CEO, SKJ Visioneering, LLC
12. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
12
Cyberattackers are typically attempting to obtain access to sensitive or
personal data, and then use it to access financial accounts. Some
methodologies used include social engineering, distributing and executing
malware, and accessing data through public Wi-Fi networks.
A recent survey found that phishing and scams for winning free stuff were
the most popular SMS attacks. Unsolicited SMS messages attempted to trick
users into providing detailed, sensitive information about their financial
accounts at major banks. The mobile malware StealthGenie secretly
monitors calls, texts and videos on mobile phones. Bitdefender has been
able to break the secure communications between a Samsung watch and an
Android device with ease, using brute force sniffing tools. (See “5 New
Threats to Your Mobile Device Security” for more information.)
These are a sampling of the numerous cybercriminal methodologies for accessing user finances and data.
Listed below are some user actions for reducing or minimizing a successful attack:
• Always enable password or PIN protection on your device.
• Run scans using a respected security and malware program on a regular basis (see the best antivirus
software for Android devices).
• Subscribe to managed mobile device services such as anti-malware and mobile device locator
services; also lock the device and wipe all data in the event of device theft.
• Encrypt mobile device data.
• Install/run the latest versions of your device OS and all mobile apps.
• Upgrade to the most recent firmware for your mobile device.
• Do not access secure or highly sensitive information while using public Wi-Fi networks.
• Avoid clicking on ads on your mobile devices.
13. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
• Do not configure phones to allow the installation of apps from unknown sources, e.g., only
download from well-known and trusted app stores (although they are not foolproof).
• Observe all corporate bring-your-own-device (BYOD) and related policies.
In addition, ISO lists some common sense advice regarding mobile devices, as included below:
• Do not openly display a device — keep it in a pocket or handbag.
• If possible, avoid using it in crowded areas.
• Properly mark your phone with your ZIP code.
• If the phone is lost or stolen, report it immediately to the police and to your service provider.
• Be aware of your surroundings and the people near to you.
• Do not leave it unattended – keep it with you at all times.
• Make a note of your phone’s IMEI number.
• Do not leave a device in view in an unattended vehicle.
13
14. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
(CSP). A CSP can have multiple CSOs, all with
different security postures.
This has always been the case. However, by
making this distinction, DISA has reduced some
areas of common confusion. This distinction
should also make it clear that utilizing a
compliant infrastructure as a service (IaaS) or
platform as a service (PaaS) at a CSP does not
make the resulting offering compliant. The CSO
itself has to be fully evaluated for the Federal Risk
and Authorization Management Program
(FedRAMP) compliance.
Compliance responsibility is on the
prime CSP. Expanding on the last point I made:
Everything you put in a CSP environment is not,
Those watching federal cloud security in the
defense space were pleased to learn the Defense
Information Systems Agency (DISA) released
the DOD Cloud Computing Security
Requirements Guide (v1) (SRG) last month. This
152-page document outlines the security
requirements that Department of Defense (DOD)
mission owners must adhere to when procuring
cloud-based services. While the document is very
thorough and is required reading if you currently,
or intend to provide, cloud-based services to the
DOD, I wanted to cover some of the things that
stood out to me.
CSPs are not compliant, but their offerings can
be. The requirements guide makes it clear that
there is a distinction between a Cloud Service
Offering (CSO) and the Cloud Service Provider
14
US Department of Defense Sets Its Cloud Security Guidelines
Jodi Kohut, Government Cloud Computing Professional
15. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
15
automatically compliant. The SRG states that, “While the CSP’s overall
service offering may be inheriting controls and compliance from a third
party, the prime CSP is ultimately responsible for complete compliance” (p.
3). This language gives me the sense that if mission owners want to work
with a federal integrator (prime contractor) to move an application to
a FedRAMP-compliant or soon-to-be-FedRAMP-compliant platform or
infrastructure — and that integrator will be performing Operations and
Maintenance (O&M) — they will also be responsible for the compliance of
the solution and the underpinning platform or infrastructure services from
a commercial cloud service provider.
In essence, the solution enabler becomes the prime CSP. This is perhaps an
important nuance that may have important ramifications for the integrator
and those who provide what DISA dubs commercial cloud service
providers. Keep in mind that the SRG also recognizes the existence of
DOD-owned and operated CSPs.
FedRAMP + controls. Because DOD systems are categorized differently from other
federal government systems, the SRG lists additional security controls and enhancements that are
necessary to implement for DOD systems. These controls are over and above the FedRAMP
moderate baseline, and as such are called, “plus” controls. The SRG has dealt with privacy and
security requirements as “overlays” to all of the FedRAMP and FedRAMP plus baseline controls.
Expanded CSP roles and responsibilities. (Appendix C-1). The SRG denotes that it is the CSP’s
responsibility to provide Computer Network Defense (CND) services (all tiers) for its infrastructure
and service offerings. CSPs must be willing to provide their own CND services and to be able and
16. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
willing to contract for more advanced security services as required by a mission owner. Here
again, a prime CSP must be willing and able to provide complete compliance, including
Computer Network Defense Service Provider (CNDSP) services.
A few takeaways
While this is not an adequate summary of the SRG, this long-awaited guide has provided some
clarification around DOD’s expectations from Integrators, CSPs, and DOD mission owners.
The DOD has clearly laid out for Integrators and CSPs the expectations for inclusion into the
DISA Cloud Service Catalog. It will be interesting to see how and if the definition of a prime
CSP evolves and how the industry and government alike adapt to that distinction.
My initial reaction to the SRG is that it limits the playing field of prime CSPs that are able to
comply with these requirements today. For small integrators trying to migrate applications to
the cloud on behalf of the federal government, it makes the proposition riskier. For example, if
small integrators move something to an Amazon Web Services or Microsoft IaaS solution, they
are now responsible for the security of the application and that underlying environment. The
way this is currently written, I believe that integrators will have to decide whether or not they
will take the risk to take responsibility for the application and the underlying environment.
16
17. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
In its SecureWorks “The Next Generation of
Cybercrime” executive brief, Dell cites a study
conducted by the Ponemon Institute, which
found that “the average cost of a data breach was
$7.2 million in 2010.” The rate of cybercrime and
the impact of cyberbreaches have exponentially
accelerated since then. This has resulted in the
emerging science of digital forensics.
Without question, the rise in cyberleaks, nation-
state cyber terrorism and the beach of consumer
data across multiple industry domains has led to
a heightened awareness of the enterprise and
personal responsibilities associated with
cybersecurity. The consumerization of IT and the
adoption of cloud, mobile and social media by
enterprise organizations is opening a new threat
landscape and new threat vectors. Everyone is
affected and everyone is talking about it, from
senior executives to teenagers.
17
The Emerging Science of Digital Forensics
Melvin Greer, Managing Director Greer Institute
18. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
18
Digital forensics can be described as the science of preserving and
analyzing digital evidence useful in the development of legal cases
against cyber criminals. This new and growing field includes high-tech
crime investigation and computational defense across traditional IT like
hardware, servers, operating systems and networks, as well as the new
digital environments of social, mobile and cloud. The emerging science
of digital forensics and cybercrime investigation has become very
important for national security, law enforcement, and information
assurance. This convergent science combines law, computer science,
finance, telecommunications, data analytics, and policing disciplines.
There are a number of companies that are responding with new digital
forensic processes, methods tool and solutions. In its digital forensics
solution, Dell cites the use of a six-step digital forensic life cycle
designed to leverage cloud computing and data center operations in
the processing of digital evidence. Chief information security officers
are using these new frameworks to:
• Improve incident response
• Develop new digital forensic techniques
• Drive new investigatory standards
19. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
The cybersecurity landscape is constantly evolving, and it’s up to business and technical leaders to
evolve their cyberdefenses in response. Here are key recommendations leaders should consider:
• Update and complete an enterprise-wide security risk assessment. Identify security gaps and
emerging threats
• Link strategic technology investments in security with robust and flexible processes for incident
response
• Develop real-time monitoring and automated response techniques that provide real-time threat
analysis
• Move from cyberdefense to cyberthreat intelligence. Develop a cyber toolkit which is more
proactive than reactive
Given the continued growth of cyber activity, the emerging science of digital forensics is sure to grow
along with the sophisticated frameworks required to gather, analyze and investigate evidence that
leads to an increased level of cybersecurity.
19
20. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
because when you pull back the curtain on many
of the recent breaches, you’ll likely see a mirror.
In a recent case, sensitive data — including
passwords — seem to have been stored in the
clear, which is against all recommended best
practices. There also may have been significant
involvement from a company insider. Focusing
on application hacks, some of the most
devastating have been due to a failure of the
application developers to follow some basic best
practices for application development. Most of
these breaches were not on cloud service
providers. These successful attacks were on
enterprise-built and managed IT infrastructures.
With all the news these days about
cyberterrorism and hacking, the cloud may seem
like the last place you would want to put your
precious information. Pew Research has even
suggested that cyber attacks are likely to
increase. Some 61% of over 1,600 security expert
respondents to a recent Pew Research
survey said that a major attack causing
widespread harm would occur by 2025.
The cold hard fact, however, is that fear of the
cyberterrorist and hackers, while definitely valid,
is mostly misplaced. I hold this contrarian view.
20
Why Fear the Hackers? First invest in IT security culture change
Kevin L. Jackson, CEO, GovCloud Network
21. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
21
Our failure to protect our information and data is mostly due to our less than
focused attitude toward cybersecurity. Policies, procedures and processes play an
important part in preventing security incidents, but more is needed.
Organizational employees must realize that they could be an entry point for
hackers and be aware of their individual actions. IT professionals must follow
industry standard best practices for application development, network
configuration, system configuration, etc. Many of which have gone through
multiple iterations over the years. Everyone must also be proactive in his or her
identification and response to cyber threats. What I am describing is the need for
a cultural change.
Creating a risk-conscious and security-aware culture is key to protecting an
organization’s information infrastructure and data assets, risk management expert
John P. Pironti wrote in a 2012 ISACA Journal article. Business leaders must begin
viewing information security as a benefit, rather than as an obstacle, and employ
threat and vulnerability analysis – rather than fear and doubt – to drive adoption
of points of view and controls.
22. This eBook was written as part of the Dell Insight Partners program, which provides news and
analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own
and don’t necessarily represent Dell’s positions or strategies
Now, take the
next step in
enhancing
your own
cybersecurity
posture!
22
Computer Tips
• Stay up-to-date. Use a firewall as well as cybersecurity
software, such as antivirus and antispyware, that will scan for
computer security threats and uninstall them.
• Shop with care. Before submitting credit card information
online, look at the URL to ensure you're on a HTTPS
(Hypertext Transfer Protocol Secure) site.
• Laptop security. With the proper software installed, stolen
laptops can be tracked to a physical location if they are
connected to the Internet. Other software gives you remote
access for computer security with the ability to erase your files
or send them to a secure data center for recovery via the Web.
back to top
Email & Social Networking Tips
• Avoid spam and scams. Always question the legitimacy of
emails and social networking messages that ask for money or
personal information. Spear phishing attacks mimic
communications from a business to persuade you to divulge
personal information.
• Network below the radar. Public profiles on social networking
sites put you at risk by exposing information, such as your full
birth date, hometown, employment history, etc., that a
criminal could use to pose as you. Use privacy settings to
ensure your personal information isn't public knowledge.
• Just don't. Don't open unknown attachments, don't click on
unknown links, and don't share too much information online,
That's a lot for don'ts but when your identity and computer
could be at risk, it's better to play safe. The rewards aren't
always worth the risks.