How to deal with Spam

Spam is a big problem that anyone with an email address has to deal with. Although I title this post about spam, I am going to discuss any unwanted email. Spam can be defined as unwanted electronic mail or disruptive messages. There are several reasons to spam including advertising, obtaining information, or being destructive. Spamming is also a multi-million dollar business. It is estimated that spam takes up about 80 to 90 percent of the total email sent today.

Here are some of the types of spam.

• Commercial spamming is the most common type of spam. It is simply meant to get attention to a product. 
• "Phishing" attempts are another type of spam. These are emails that are meant to scam or trick you into providing some kind of information. 
• Malicious spam are emails that try to spread viruses or get you to go to a malicious website.

So what do you do about it? Spammers are good at getting past filters so sometimes a spam email can get into your inbox and it's obvious spam. If you see these, simply do not open it and delete it. If  you receive an email from someone you do not know and you weren't expecting it, it is usually junk. Next, do not give out personal information in response to emails. Spammers have many methods to trick you and are professional scammers. Information spammers want are your name, position, address, phone number, passwords, credit card numbers, and much more. When in doubt, do not reply with this information.

Another thing to know is that even though an email may come from someone you know, it can still be malicious. If something looks out of the ordinary, it may indicate your friend has a comprised email address.

Malicious emails are very difficult to deal with. Once again, if you know it's spam, just delete it. Some other things to keep in mind are attachments and links. If you were not expecting an email with an attachment, do not download it. Executable files (.exe) are the most dangerous, there is almost no reason to send an exe file except to send a virus. Microsoft Office files (Word and Excel for example) can also be dangerous. As for links, don't click them. Simply going to a website can give you a virus.

If you do get spam at work, this can be more serious. Workplaces usually have some kind of enterprise spam filter. Therefore, if you are getting spammed a lot, telling your IT staff about it is a good idea. If you suspect a phishing attempt where they are trying to get confidential work information, you can let your manager know.

If you want any more information on this topic, please feel free to ask.

Password Management Made Simple

I felt it appropriate to make my first blog posting on passwords. Password exploitation is one of the most common techniques hackers use. Today, you can hardly go to a website without it asking you for a username and password. While this is a good thing for security, it can make things very inconvenient for you. The problem is, if your password is easy to guess, and used on multiple sites, a hacker can quickly have access to everything about your life. 

As an example, lets say you commonly use your dog's name as your password. You make a log in on a site that you use once and completely forget about. Little do you know that this site does nothing to secure customer information. A year later, a hacker steals the password file for this site. He starts to examine yours and realizes you use it for everything, including your banking website. Next thing you know, there's money missing off your account and you have no idea how. 

This happens more often than people may think.

I have a few simple steps you can use to protect yourself from a situation like this.

1. Don't make your passwords easy to guess.
• Don't use things like your pet's name, your child's name, or your favorite sport. 
• Don't use individual words for your passwords. There's an attack called a "dictionary attack" where a hacker will try every word in the dictionary as your password.
• Your passwords should, at a minimum be 8 characters long with one capitol letter, one lower case letter, one number and one special character.
2. Don't reuse passwords
• As described in the example above, if you reuse passwords, a hacker only needs to compromise one site to have access to many of your other accounts.
• Remember, if someone gets a hold of your email account, they can probably reset most of passwords pretty easily.
• If you forget it, you will lose access to many sites.
3. Don't tell others your passwords. Ever.
• Your boss, IT, or important sounding person on the phone do not have any reason to know your password. Social Engineering is a common technique hackers use where they may call or email you pretending to be one of those people. Even if you know for sure that the person is who they say they are, they still do not need your password.
• When you log in and do something, that something gets logged and this leaves an audit trail. If someone does something malicious with your credentials, you will have a hard time proving it wasn't you.
4. Change your password every 3 - 6 months.
• If your password does get compromised without you knowing it, changing it on a regular basis can suppress some of the damages.
• Don't just change a "1" to a "2" when changing your passwords. Hackers know all about this technique. 
5. Consider using a password manager.
• A password manager keeps track of your passwords. The advantage is you only have to remember one master password, all your passwords can be different, and all your passwords can be more secure.
• There are many available from open source KeePass http://keepass.info/ to in the cloud LastPass https://lastpass.com/. 
• The initial set up may take a some work (maybe 10 minutes) but in the long run, this will save you a lot of time. 

As you can see, at first glance, password management looks intimidating but there are many things you can do to protect yourself and keep the process simple. There is more to lose than you may realize and you can be targeted. I hope this helps keep you more secure and gives you better peace of mind.

Introduction to my blog

The purpose of this blog is to give advice and educate everyday computer users about how to protect their computers and even sensitive data. The reason this is important is because most people think it is the job of IT to keep computers and networks secure. While this is true, it is everybody's duty to protect the things they own or are responsible for. A common example I use is that even though most people aren't physical security experts, they still lock their doors at night. Often times, hackers take advantage of the weakest link in the computer security chain, the non-technical people.

Organizations give sensitive information to almost every employee they have. The amount of ways to get to that information has increased also. Smart phones, email, WiFi, and much more. I would like to give the knowledge to people to secure this information and fight back. The best part about this is that you do not need to have technical knowledge to accomplish these tasks.