US-CERT Cyber Security Tip ST06-008 -- Safeguarding Your Data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          Cyber Security Tip ST06-008
                            Safeguarding Your Data

   When there are multiple people using your computer and/or you store
   sensitive personal and work-related data on your computer, it is especially
   important to take extra security precautions.

Why isn't "more" better?

   Maybe there is an extra software program included with a program you bought.
   Or perhaps you found a free download online. You may be tempted to install
   the programs just because you can, or because you think you might use them
   later. However, even if the source and the software are legitimate, there
   may  be hidden risks. And if other people use your computer, there are
   additional risks.

   These risks become especially important if you use your computer to manage
   your personal finances (banking, taxes, online bill payment, etc.), store
   sensitive personal data, or perform work-related activities away from the
   office. However, there are steps you can take to protect yourself.

How can you protect both your personal and work-related data?

     * Use and maintain anti-virus software and a firewall - Protect yourself
       against viruses and Trojan horses that may steal or modify the data on
       your own computer and leave you vulnerable by using anti-virus software
       and a firewall (see Understanding Anti-Virus Software and Understanding
       Firewalls  for  more  information).  Make  sure to keep your virus
       definitions up to date.
     * Regularly scan your computer for spyware - Spyware or adware hidden in
       software programs may affect the performance of your computer and give
       attackers access to your data. Use a legitimate anti-spyware program to
       scan your computer and remove any of these files (see Recognizing and
       Avoiding Spyware for more information). Many anti-virus products have
       incorporated spyware detection.
     * Keep software up to date - Install software patches so that attackers
       cannot  take  advantage  of known problems or vulnerabilities (see
       Understanding Patches for more information). Many operating systems
       offer automatic updates. If this option is available, you should turn it
       on.
     * Evaluate  your  software's settings - The default settings of most
       software enable all available functionality. However, attackers may be
       able to take advantage of this functionality to access your computer. It
       is especially important to check the settings for software that connects
       to the internet (browsers, email clients, etc.). Apply the highest level
       of security available that still gives you the functionality you need.
     * Avoid unused software programs - Do not clutter your computer with
       unnecessary software programs. If you have programs on your computer
       that  you  do  not use, consider uninstalling them. In addition to
       consuming system resources, these programs may contain vulnerabilities
       that, if not patched, may allow an attacker to access your computer.
     * Consider creating separate user accounts - If there are other people
       using  your  computer,  you  may  be worried that someone else may
       accidentally access, modify, and/or delete your files. Most operating
       systems (including Windows XP and Vista, Mac OS X, and Linux) give you
       the option of creating a different user account for each user, and you
       can set the amount of access and privileges for each account. You may
       also  choose  to have separate accounts for your work and personal
       purposes. While this approach will not completely isolate each area, it
       does offer some additional protection. However, it will not protect your
       computer against vulnerabilities that give an attacker administrative
       privileges. Ideally, you will have separate computers for work and
       personal use; this will offer a different type of protection.
     * Establish guidelines for computer use - If there are multiple people
       using your computer, especially children, make sure they understand how
       to  use  the  computer and internet safely. Setting boundaries and
       guidelines will help to protect your data (see Keeping Children Safe
       Online for more information).
     * Use passwords and encrypt sensitive files - Passwords and other security
       features add layers of protection if used appropriately (see Choosing
       and  Protecting  Passwords  and  Supplementing  Passwords for more
       information). By encrypting files, you ensure that unauthorized people
       can't view data even if they can physically access it. You may also want
       to consider options for full disk encryption, which prevents a thief
       from  even starting your laptop without a passphrase. When you use
       encryption, it is important to remember your passwords and passphrases;
       if you forget or lose them, you may lose your data.
     * Follow  corporate  policies  for handling and storing work-related
       information - If you use your computer for work-related purposes, make
       sure to follow any corporate policies for handling and storing the
       information.  These  policies  were  likely established to protect
       proprietary information and customer data, as well as to protect you and
       the company from liability. Even if it is not explicitly stated in your
       corporate policy, you should avoid allowing other people, including
       family members, to use a computer that contains corporate data.
     * Dispose of sensitive information properly - Simply deleting a file does
       not completely erase it. To ensure that an attacker cannot access these
       files,  make  sure  that you adequately erase sensitive files (see
       Effectively Erasing Files for more information).
     * Follow good security habits - Review other security tips for ways to
       protect yourself and your data.
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2006 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
   
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST06-008.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSZx8AHIHljM+H4irAQJGfwf/erk8bbw0nWZIzn/pZUPY4giX/Y/ET4+1
/ypQ6yjE3IZPBRfUCP87Qp6vP1zf6I/L+8gNx2lDYUS8Psom6tspFEinfpT6Cwcr
lzvpSdXcIyQF1JXZkmQSi8LAQDBBiTIYnRY361FkIu6GnvNMvfxjC3WkwjVh2XNQ
uARNe0ScN53hkZKlUTMOGFWxd3fP5+VJoxS14xfypZdOwMxrgwpTfHrm7hP7NOGV
GpJWzLQKcIuUUeF7maCqtove+hHb57tvKZ+22FHoq1PO+xylqm/E0mm59HwN9Jg3
hx/FMbUlfrsAbH+h6FKvvdpPuJVVPXNG5ibtbNls/ioNikLosLughQ==
=XuKl
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux