Friday, May 7, 2010

Prevention of Cyber Crime

General Guidelines on Cyber Safety:
Do not give out identifying information such as your name, home address, or telephone number in a chat room. Even vital details like age, gender should never be divulged to anyone.
Do not send your photograph to any one on the net unless you know the person well enough.
Do not respond to messages or bulletin board items that are obscene, belligerent or threatening.
Take a test before opening an e-mail attachment
Is the e-mail from someone that you know?
Have you received e-mails from this sender before?
Were you expecting an e-mail with an attachment from this sender?
Does the e-mail from the sender with the contents as described in the subject line and the name of the attachment(s) make sense?
Does this e-mail contain a virus? To determine this, you need to install and use an anti-virus program.


Use strong password
For each computer and service you use (for example, e-mail, chatting, online purchasing), you should have a password.
You shouldn’t write them down not should you share them with anyone, even your best friends.
Computer intruders use trial-and-error, or brute-force techniques, to discover passwords.
Use alphanumeric characters and special characters in your password.
The length of password should be as long as possible (more than eight characters).
Do not write it on some place where it is visible to someone else.
Protect your Website
Stay informed and be in touch with security related news.
Watch traffic to your site. Put host-based intrusion detection devices on your Web servers and monitor activity looking for any irregularities.
Put in firewall.
Configure your firewall correctly.
Develop your Web content off-line.
Make sure that the Web servers running your public Website are physically separate and individually protected from your internal corporate network.
Protect your databases. If your Website serves up dynamic content from database, consider putting that database behind a second interface on your firewall, with tighter access rules than the interface to your Web server.
Back up your Website after every update.
For Corporate Companies:
Setup an e-security program for your business.
Ensure your security program facilitates confidentiality, integrity and availability.
Identify the sources of threats to your data from both internal and external sources. Examples: disgruntled employees - leaving bugs behind in your system, hackers looking to steal confidential information.
The security program that you create for your business must have provisions to maintenance and upgrades of your systems.
Administrators have access to all files and data. Therefore, one must be mindful of who is guarding the guards.
Roles for security should be defined, documented, and implemented for both your company and external contractors.
Establish a security awareness program for all users. Content should be communicated in non-technical terms. This could include briefings, posters, clauses in employee contracts, security awareness days etc.
Implement security training for technical staff that is focused on the security controls for their particular technical areas.
Maintain logs of all possible activities that may occur on your system. System records must note who was using the system, when, for how long, deletions etc.
User accounts should not be shared. User authorization should be mandatory. Employees should only be able to see information that they are authorized to see.
Employee user accounts must be disabled or removed when no longer needed. Example: in case an employee leaves the company.
Ensure network security from external sources by installing firewalls and intrusion detection systems.
Allow remote access to employees only through secure communication channels like SSL or VPN.
Install antivirus software on all desktops and servers. Buy Anti-Virus software solutions that allow real time upgrading of systems with anti-virus patches.
Create a data backup and disaster recovery plan in case of unforeseen natural calamities.
Ensure back-up procedures are in place and tested.
Ensure back-up procedures include all your critical as well as back office data such as finance, payroll etc.
Incident response is the ability to identify, evaluate, raise and address negative computer related security events.
In case of an incident, do not panic, and continue to save logs.
Incident response - Take a backup of the affected system and notify the authorities.

No comments:

Post a Comment