Cyber Safe: Protecting Your Digital Life in an Interconnected World

1

Securing Your Devices

When we're extremely familiar or comfortable with something, we can sometimes take it for granted, which can lead us to become complacent. We get into the habit of not paying close attention, of not remaining quite so alert. When we're hardcore fans, for example, of a sports team or movie franchise, we tend to think that we understand or know everything about our beloved subject, and as a result, we might not notice anything else. Unfortunately, context-aware adversaries can take advantage of our complacency or of our blind sides. Suppose an email message were purported to announce an important upcoming game, round, leg or season, or that a link or attachment was labeled as being a song by our favorite artist, or as being a movie about our favorite characters. Might we quickly or carelessly click, download and open? How about a message that told us that we owed even more money and that we needed to confirm our account, and click or open to do so? Would we stop to consider why we were given these just-in-time messages? In-game or real-time notices and popups would be successful because they'd coincide with our current activity.

Best Practices for Computer Security

User training on off-site backup and rapid data recovery (facts) Based on a content analysis of 84 specific security incident investigations, data recovery was the most costly consequence of attacks recently faced by system administrators. Data recovery was cited as a concern more than 50% of the time. Data recovery activities were labeled as disaster recovery or damage control in 93% of the incidents. Data compromises fell into five different non-mutually exclusive categories. The five categories were sabotage, unauthorized use and access, damaged by critical programs, information unavailable, and other concerns. 24% of the incidents resulted in recovery of 4 percent or less recoverable data. Five incidents resulted in recovery of 100% reduced data.

This dissertation has focused on the need for education in the area of computer security. What should be emphasized in the development of educational materials? The following recommendations are based on an analysis of specific security incidents, interviews with professional system administrators, previous research in the areas of user training and management practices, and personal experience. These tests include a combination of user training on offsite backup and efficient data recovery, user training on avoidance of intruders, user and consultant training, full board management, and computer security