Introduction
It is commonplace that modern users of computers encounter a myriad of challenges in the course of their endeavors. This calls for increased vigilance and awareness by these users, to protect the confidentiality and their data and personal information. It is noteworthy that organizations are also susceptible to such attacks, highlighting the necessity of intervention and protective measures. In view of this, several organizations have introduced security training as a mandatory segment of their orientation procedures (Newman, 2009).
Phishing Tricks
Phishing infers a structure of social engineering that deceives credulous computer users to offer private information to third parties feigning legitimacy. The information varies greatly, and can include basic details; including a person’s complete name and address. Some request for social insurance details. A majority of the Phishing frauds involve fiscal resources, thus ask for bank account and credit card details. Initially, swindles were limited to select groups of computer users. Presently, they are extensive and have copious delivery techniques. Most of the rip offs propagate through e-Mail, and assume the individuality legitimate brands or depository institutions. Other vectors used for attacks gaining popularity include Instant Messaging services.
A fraudulent message delivered through e-mail ensures that unwary users receive a specially crafted correspondence from what appears as a bank or any other credible on-line service. These statements often refer to procedural concerns with the recipient’s account, thereby requiring them to provide the necessary updates. This is achieved by following an attached link for prompt admittance (Stewart, Tittel & Cha, 2005). In most cases, the links lead to duplicates of authentic sites and require the unsuspecting clients to fill certain forms, disclosing their personal information in the process.
Mitigating vulnerability:
Ensuring they respond to personalized correspondence only.
Clients should avoid providing personal information and responding to forms included in e-mails.
They should also make certain to be over safe networks whenever they reveal their fiscal details, including credit card information.
Subscribers should check into their virtual accounts regularly to ensure their integrity.
Experts also recommend that clients install protective tool bars in their browsers that can offer protection from Phishing sites. Most importantly, clients should ensure their browser applications have updated defense patches, which are renewed at regular intervals.
Network Scans and Attacks
Scans happen with the aim of determining open ports or service areas. The vulnerability of services running on a system is directly proportional to the amount of open ports. Vulnerable systems are often exploited for different reasons. Some include; crashing the running service and rendering it inoperable; unlocking a gateway with system administrative rights and connect to the attacker; carrying out functions embedded in its payload by launching scripts or programs; incorporating the attacked system into a network of distributed denial of service, embedded on a website of the attackers choosing. This makes it a functionless system. Lastly, they carry out espionage missions by recording and relaying confidential or significant information to the sender (Stewart, Tittel & Cha, 2005).
Mitigating vulnerability:
Computer users should obtain and use firewall products with their computer systems, whether they are software or hardware based.
It is advisable to have up to date operating systems, which function properly and have all their security patches in place.
Lastly, users should disable all unnecessary services within their systems.
Eavesdropping
This threat entails spying on other persons while they relay personal information over the internet. It is notable that this vice often targets persons revealing fiscal or other personal information. Prime targets are users of systems located in public places, since these persons cannot monitor the individuals standing at their backs; neither can they prevent strangers from looking at the keyboard or monitor. The availability of minute monitoring devices has propagated this offense, because they can be mounted on a targets body (Stewart, Tittel & Cha, 2005). The powerful zoom technology allows the offenders to monitor activities on the keyboard and monitor of the targets computer from a distance.
Mitigating vulnerability:
Persons should avoid personal computing in public places and areas that are easily accessible.
Computer users should embrace the use of password enabled screen savers.
Persons connected to a network should log out whenever they break from their engagements on the computer.
Using privacy screens for monitors also helps, persons viewing from an angle wider than 30 degrees will be obstructed.
Most importantly, users should avoid revealing private information in public places. They should note down private details whenever they wish to communicate classified details.
Computer Theft
It is notable that present day personal computers are smaller than they were several years back and store more information than the earlier models. Laptops, net books and tablets are in the mainstream, while PDA’s and cell phones constitute technological waves. This implies that confidential information can be stored different locations within the computer and carried from one place to another with the user. On many occasions, the data includes commonly saved data files and private information. The latter often exist within the cache files of internet browser applications. On many occasions, they include mail inbox details and other customized settings governing third party applications. This implies that well-informed thieves may access crucial information stored in the device they stole (Stewart, Tittel & Cha, 2005).
Mitigating vulnerability:
People should be conversant about the location of their devices.
People should install tracking devices in the machines for activation in case of a loss.
The use of security cables for small computers slows down the activities of thieves.
Keeping the appliances in hidden spots reduces risks of theft
Ensuring that all computers have Boot level passwords
Using software that encrypts data present in the hard disk
Ensuring crucial information is removed from the computer at regular intervals.
Viruses, Worms and Trojans
An increase in the use of internet applications, including peer file sharing increase the replication and spreading rate of malware to minutes or hours. Advanced programming techniques and the advent of scripted utilities further increase the danger posed by these programs. Some malicious activities include; obliterating operating system and personal records; recording personal information and monitoring system traffic flow (Stewart, Tittel & Cha, 2005).
Mitigating vulnerability:
Ensuring the antivirus commences operation automatically upon system boot.
Scanning through all incoming mail attachments before accessing them
Conducting downloads from reputable sites only
Updating the operating system regularly by installing vendor availed patches
Spyware and Adware
Adware programs spread with browsers as part of their scripting codes, appearing as download links or vending sites. Most spyware applications embed themselves on these programs and other peer applications. Free programs, including screen savers and other utilities also propagate these spyware applications (Newman, 2009). Most of them are installed without prior consent, mostly hidden in end user agreements. Some of their operations are enumerated below.
Mitigating vulnerability:
Abstain from free downloads, especially unknown plug-ins and other system utilities.
Use licensed antivirus software an regularly scan for spyware.
Obtaining and using popup killers with browser packages.
Restricting the use of unnecessary applications and cookies
Avoiding peer-to-peer networks
Scanning mail attachments before opening them
Ensuring the operating system is patched and up to date
Refraining from accessing SPAM and mail from pornographic and other un-trusted sites
Downloading updates of the operating system and patching whenever necessary.
Social Engineering
It refers to manipulating trust to obtain confidential information from others as part of an espionage mission. This makes the threat more pronounced internally, since interested parties in the organizations can trick subordinates to reveal confidential information. Perpetrators gather information about their target from various sources, including dumpster diving and corporate websites. While the vice is not rampant, an occurrence often has grave repercussions (Newman, 2009).
Mitigating vulnerability:
Ask for return contacts to verify the identity of callers
Deny all requests incase of intimidation
Shred papers with confidential information
Erase magnetic media after use or use physical destruction when erasing fails
References
Stewart, J. Tittel, E & Cha, M. (2005). Certified Information Systems Security Professional Study Guide. California, CA: John Wiley and Sons.
Newman, R. (2009). Computer security: Protecting Digital Resources. Massachusetts, MA: Jones & Bartlett Learning.