A man walks on a floor advertisement for Sony Corp's PlayStation 3 game console at an electronic store in Tokyo April 27, 2011. REUTERS/Yuriko Nakao

Internet crime is on the rise and companies where you do business are reluctant to talk about it. There is a code of silence because victims want to avoid  embarrassment, public scrutiny and falling stock prices. However, it’s hard to hide when this effects 77 million people worldwide.

Be aware. The Reuters article on this topic mentions that a study done by MacAfee showed that the networks of 85% of some 200 power producing companies had been hacked and 1 out of 4 of those were victims of extortion. The 28 page PDF report In the Dark, Crucial Industries Confront Cyberattacks is available here. They are recommending that these industries move beyond passwords to tokens and biometrics indicators, use of network encryption and monitoring for anomalies, increased oversight of how the network is accessed, and effective partnerships with government. What should you do? Most of our clients and readers are not large corporations, however, there are lessons to be learned. One of the first things you should know is the biggest threat to security on the Internet today is insecure passwords. You must use strong passwords, and everyone on your network needs to do the same. To learn how review this security post on simple steps to security and creating strong passwords.

The next thing is to have a secure network. You should hire competent network security specialists to do this work. Contact us if you need advice on this.  Equally important, install all security updates on your computer for your operating system and software applications.

Do not install all the latest widgets for your blog or cool apps without investigating their security risks. If you do not know how to do that, we can provide that service. I was recently advised by  a reputable social media expert to use a widget for my blog. Of course, I asked my resident security expert, Gerard Gleeson. He said definitely not. Within the month, that very popular blog was down for a good part of the day.

Be aware of the new “spear phishing” threat. This threat targets small groups of people who have something in common and have a higher likelihood of clicking on the link because the perpetrators use enough personal information to make you think they are legitimate and asks you to click on a secure link to a site that looks like one of your banks or other vendors and enter personal information. Meanwhile they are downloading malware to your computer.

Here’s an excerpt from the full FBI article on spear phishing:

• Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).

• Use a phishing filter…many of the latest web browsers have them built in or offer them as plug-ins.

• Never follow a link to a secure site from an e-mail—always enter the URL manually.

• Don’t be fooled (especially today) by the latest scams. Visit the Internet Crime Complaint Center (IC3) and “LooksTooGoodToBeTrue” websites for tips and information.

Please add your comments and questions to this blog post and share it with your friends, family and colleagues.

One of the many data security seminars I attended this year to stay current as a computer security specialist  (I can’t remember which or I’d give credit) included a good story as illustration…

Imagine this is 1989 and you’re a foreign intelligence agent tasked with identifying potential “assets” in a US aerospace defense contractor. You target female senior engineers, divorced, in their 40s. It might take months of research to identify individuals, and months more to find their interests and daily habits. All of this would be quite costly. Fast forward to 2009: you could find all this data and much more in minutes through Facebook, Twitter, LinkedIn and similar sites. People tend to trust contacts they make through social networking sites so after a few dozen interactions, and almost no expense, they trust you. You know what their hobbies are, their likes and dislikes, and are well placed to recruit them. This is one of the many nightmares facing big business and government, and it’s one of the reasons the Department of Defense policy has been an absolute ban on all use of social networks.

Contrast this with a company like online shoe retailer Zappos.com which actively encourages employees to engage online, with 489 employees on Twitter. Or Starbucks, with over 360,000 followers on Twitter and over 4.5 million fans on Facebook.

Which policy is right? They both are. Weigh the risks and the benefits of computer information security versus social media marketing influence and choose what’s appropriate for you.

Simple Security and Privacy Steps

If you decide that a Social Media presence makes sense for you then take some basic precautions:

1. Be aware of the threats. These include cyberstalking, phishing, scams, and identity theft.

2. Choose a complex/unique password for your social media accounts. Using the same password on multiple services can leave all your accounts vulnerable if one site is compromised. Longer passwords are usually better. Use a combination of  letters (upper and lower case), numbers and special characters (such as +, *, $, @, !). Do not use your address, phone number, birthday, license plate, or social security number. Do not use any word that could be found in a dictionary. Do not give your password to anyone else.

3. Set privacy levels for each of your social media accounts. Each service has different defaults but generally your information will be public and easy to find. You can choose to restrict who can (easily) see certain information.

4. Be careful what you post online. Essentially everything you write and every image you upload should be considered public. Don’t assume that only your friends can read your messages and see your pictures, even if that’s how a service is supposed to work. Would you be comfortable seeing your comments and images on page one of the newspaper? If not then don’t post them anywhere online. Announcing that you are traveling can increase the risk of your home being burgled.

5. Be careful about accepting friend/follow requests. People may not be who they claim they are, and their intentions may not be good. Also, accounts can be compromised, messages may originate from someone other than the rightful owner of an account: be attentive for strange messages or behavior from friends, they may be trying to lure you into being compromised too.

6. Be careful installing third party applications. Facebook, MySpace and others make it easy to install third-party application in your profile. If these applications are maliciously coded, or just not programmed with attention to potential abuses, they can expose your private data to computer security issues. Of course you should also use anti-virus software and keep it up-to-date. Even more important, install all computer operating system and software updates. Most important of all, make sure the passwords you use to log into your computer, your email or any application or online service are secure.

You can read more on Staying Safe on Social Network Sites as well as general Cyber Scurity Tips at the US Computer Emergency Readiness Team website, US-CERT.gov.