IT Security Engineer Discusses How to Prevail as a Cyber Survivor - 10/28/10

For Week No. 4 of National Cyber Security Awareness Month 2010, Nathan Heck, IT security engineer for Purdue’s IT Networks and Security, discusses “Prevail,” the third and final term highlighted in the University’s theme, “Be a Cyber Survivor: Predict, Prevent and Prevail.” In the following Q&A, Heck talks about practical and proven ways computer users can prevail by keeping their electronic personal data safe from cyber predators.

Q: How would you define the term “Prevail” as it applies to cyber security?
I think to prevail when it comes to cyber security means that you need to stay current with the trends and be vigilant with your security routines. Face it, none of us can read a cyber criminal’s mind. You can’t actually predict their every move, but you can take proactive measures to fend off possible attacks. Along those same lines, it is so important that you stay vigilant in your endeavor to be security-conscious and protect yourself.

Constant diligence is the cost to prevail. This means that if you want that new tech gadget that everyone is getting, you need to do research to use it securely; just like you would learn how to operate the new TV or A/V receiver you bought. You have a tendency to see what you will gain from the new gadget but don’t often think about the vulnerabilities you are exposing yourself to or underestimate the risk you are taking.

Q: What is the best way for computer users to prevail over dangerous new websites and spam du jour?
Think before you click. If you don’t recognize the email address, just delete the message. Really, the best way a user can prevail over daily threats is to be educated and to adopt good security practices.

Q: Considering the speed with which new forms of online attack are evolving, how can computer users remain confident that they will continue to prevail?
In addition to adopting a day-to-day security-conscious attitude and educating yourself, you can also demand better security from your employer, service providers, and government. The more managers at your work hear you voice your concern about the need for security in the projects or daily tasks you are involved with, the more likely management will start to make security a priority. The same goes for service providers such as your bank. Tell them security is important to you and that you want better security options. This is the case with government as well. Contact your local, state and federal representatives and let them know information security is important to you and that you think they need to do more to catch and punish cyber criminals or protect the national electric grid, for example. The more the people who are in charge hear that you are concerned about information security, the more scrutiny the topic will receive.
Q: How does a user prevail in a world where it’s so difficult to know whom to trust and where the threats are essentially imperceptible?
Some of the best ways you can prevail are to:
• Educate yourself.
• Adopt a security-conscious mindset.
• Keep up-to-date on the latest security threats and how to protect yourself.
• Follow the “trust but verify” mantra.
Q: In the Oct. 5, 2010, Business @ Purdue News article about cyber security, Scott Ksander, Purdue’s chief information security officer, says vigilance in practicing safe Internet behaviors and continually assessing risks and threats will ensure that users will prevail. What is a good source for up-to-the-minute information, tips, tools and techniques for safe Internet behaviors, and risk and threat assessment?
If you are a beginner or intermediate computer user you will want to check out the following sites:
• OnGuard Online
• Get Net Wise
• Stay Safe Online
• SecurePurdue

And if you are an advanced user or want more up-to-the-minute security news, which is usually of a very technical nature, you should consider checking out these sites:

• STEAM Advisories and Handler’s Log
• SANS Internet Storm Center
• Bruce Schneier’s blog
• Secunia
• Dark Reading
• Security Focus
• McAfee Threat Center or other anti-virus manufacturer’s websites

There are so many of them to choose from. I would suggest that you explore the different sites and find the ones you like and visit them regularly. If you use RSS, take advantage of the site’s RSS feeds and aggregate all of them into one place. Then take a few minutes first thing in the morning before you get started working to check for new and interesting things that may affect you.

With the number and complexity of cyber attacks escalating, it is virtually impossible to go through life without being affected by a cyber crime. So remember: Defense is the best offense. “Cyber Survivor: Predict, Prevent and Prevail.”

*   *   *

More information about cyber security is available on the SecurePurdue website. The site also offers a three-video training series about prudent Internet practices for social networking, password security, and proper handling of spam.

Nathan Heck is an IT Security Engineer with Purdue University working for IT Networks and Security. His duties include developing new security solutions, performing incident response and computer forensic investigations and advising other departments on security-related matters. He graduated from Purdue University in 2000 with a bachelor of science degree in computer technology and psychology. He is currently working on a master of science degree in computer technology.