Daily you are at risk. Spammers, hackers, phishers, pirates, and cyber-terrorists and vandalists are accessing the internet and possibly thousands of corporate and privately owned computers in search of information. Information that will give them access to likes, dislikes, research habits, account data and even potentially enough personal information to know where you live, what you ate for breakfast, and what you were wearing when you made it.
This seemingly Orwellian scenario is happening in homes and businesses across the globe. According to the College of Southern Maryland’s computer gurus Michael Conte and John Wilson, learning how to protect your business, your family and your personal information may be one of the most important resolutions you can make this year.
“The number of internet security breaches in 2006 is staggering,” says Conte, a systems administrations manager in CSM’s information technology services department and instructor of the college’s information security basics training program for employees. “If you look at colleges and universities alone, you see the University of Alaska Fairbanks lost 38,941 student and faculty names, social security numbers and email addresses; Ohio University lost 137,000 social security numbers and 60,000 health records; and the University of Texas Austin lost 197,000 student names and social security numbers and these are just some of the ones that made the national news. In the corporate world, Aetna lost 130,000 health insurance client records and the Veteran’s Administration recently announced that an employee’s stolen laptop contained 382,000 veteran’s social security numbers and information. This is just the tip of the iceberg,” said Conte.
More than 100 million information security breaches have occurred since the Choice Point breach of February 2005 according to Privacy Rights Clearing House, a nonprofit consumer information and advocacy clearinghouse. For the most current figure see http://www.privacyrights.org/ar/ChronDataBreaches.htm ). In addition, the Better Business Bureau (BBB) notes that while every state has been affected by information and internet security breaches, only 23 states currently have breach notification laws. In 11 of these states notification only occurs when the breach may adversely harm the consumer. Currently, Maryland does not have a security breach law on the record but it does allow citizens to check credit reports once a year, which is important according to security experts because it gives consumers the ability to verify existing accounts and check for fraudulent applications and accounts.
But, a once-a-year credit check can only accomplish so much. A better approach, according to CSM’s Information Technology Services Instructor John Wilson is to prevent personal and business security breaches in the first place through vigilance, persistence and training.
“Eighty percent of personal computers are infected or affected by some sort of spybot, adware and or viruses,” said Wilson. Personal computers in particular, or those that are shared by multiple users, are particularly at risk to scanning by hackers and internet pirates because they may be set up for ease of use rather than security.
Wilson suggests the following quick tips to easily increase the security of any computer:
- Install a two-way firewall: “Windows contains a one-way firewall,” says Wilson. “The problem with a one-way firewall is that it only prevents other computers from accessing your network; it doesn’t stop your computer from talking to the initializing computer or to the computers of all your friends and work associates and passing information, viruses, etc. along.”
- Second, know what you (and your employees) are downloading. “Downloads can be dangerous. In addition to the software, files and images you want, you may be inadvertently downloading spyware, spybots, viruses and even Trojans. Know what you are downloading and download it from a trusted, known source. This includes email attachments,” said Wilson.
- What’s the password? “Passwords may be annoying but they are a great way to install an instant and easy layer of protection, especially if you set up an administrator password on certain files and programs. When setting up a password, most people break the number one rule which is to avoid personal dates or combinations of their name. For ultimate security, you want a password that is a combination of upper and lowercase letters, numbers and in some case symbols,” said Wilson. An example of a high security password would be “1stKisXSquare2006” (First kiss Times Square 2006)
- Vigilance. “Most people wouldn’t dream of leaving the house without locking their door but they often leave personal information readily accessible on the computer,” said Conte. “Confidential and personal information needs to be handled with the greatest of care, whether it is your information or someone else’s. This means establishing passwords, locking files and allowing only qualified handlers to have access. Turning off your computer when you are not using it also increases security by establishing an additional barrier between the computer and the information seeker, plus it will save you money on your electric bill,” Conte continued.
- Maintenance. “Your car needs a periodic oil change, your air conditioning unit should be checked every spring, and your computer needs weekly maintenance for optimum security,” said Conte. “I suggest not only a virus scanner but multiple spyware and adware scanners because one product generally will not meet all of your security needs,” adds Wilson.
For those interested in increasing their business and corporate security levels or just expanding their computer skills and knowledge, Conte and Wilson suggest registering for one of the many computer technology and security classes available at CSM.
“We have a variety of computer classes for a range of skill levels. Entry-level computer users can learn how to use basic applications like Access and Excel, while intermediate users can earn certifications in tech support, web programming and basic security. Advanced users can take courses such as “computer skills for managers,” which is a certificate program for computer managers and administrators, or they can explore one of our newest classes like cyber ethics or certified information system security professional (CISSP) prep,” said Wilson.
According to Jeff Tjiputra, Chair and Professor in the Technical and Industrial Studies Department, the college’s security related courses can help military and Department of Defense (DoD) contractors meet new information and security requirements such as DoD directive 8570.1.
“Information security is ultimately everyone’s concern, whether you work for the government, a business, a school or just want to secure your own personal information,” said Conte.
For more information on internet security or computer training classes contact the following:
For computer related degree and certification program options call 301-934-7565 or 301-870-3008, Ext. 7565 for Charles County; 240-725-5499, Ext. 7565 for St. Mary’s County or 443-550-6199, Ext. 7565 for Calvert County or visit http://www.itc.csmd.edu/tec/index.htm.
For internet technology and Microsoft certification information call 240-725-5477 or visit http://www.csmd.edu/mcse/.
For office technology options call 301-934-7845 or 301-870-3008, Ext. 7845 for Charles County; 240-725-5499, Ext. 7845 for St. Mary’s County or 443-550-6199, Ext. 7845 for Calvert County or visit http://www.itc.csmd.edu/tec/oft/.
For CSM’s corporate training options call 301-934-7651 or 301-870-3008, Ext. 7651 for Charles County; 240-725-5499, Ext. 7651 for St. Mary’s County or 443-550-6199, Ext. 7651 for Calvert County or visit http://www.corporatecenter.csmd.edu/.
Sidebar
What you need to know about DoD Directive 8570.1
Under DoD Directive 8570.1, all full-time and part-time military service members, contractors and foreign employees with privileged access to the DoD Information System (IS) need to obtain training and certification in computer security and information assurance (also known as information security). Personnel are required to have at least one certification per job level classification, but may need to maintain their certification status as required through continuing education each year. Certification classes must meet American National Standards Institute (ANSI) or equivalent ISO/IEC Standard 17024 certification requirements.
Residents of Southern Maryland can now receive training in preparation for technical and management information assurance certification at all three levels (level I, level II, and level III) at the College of Southern Maryland, starting summer 2007. Information assurance certification testing will also be available for technical levels I and II and management level I, starting summer 2007. See graph below:
|
CSM Certification Opportunities |
|||
|
for DoD Directive 8570.1 |
|||
|
Certification Category Levels |
|||
|
Information Assurance Technical Levels |
|||
|
IAT Level I |
IAT Level II |
IAT Level III |
|
|
A+ 1,2 |
GSEC |
CISA |
|
|
Network + 1,2 |
Security + 1,2 |
CISSP 1 |
|
|
SSCP |
SCNP |
GSE |
|
|
SSCP |
SCNA |
||
|
Information Assurance Management Levels |
|||
|
IAM Level I |
IAM Level II |
IAM Level III |
|
|
GISF |
GSLC |
GSLC |
|
|
GISLC |
CISM |
CISM |
|
|
Security + 1,2 |
CISSP 1 |
CISSP 1 |
|
|
1 Denotes Classes Available at CSM Starting Summer/Fall 2007 |
|||
|
2 Denotes Testing is Available at CSM Starting Summer/Fall 2007 |
|||
For more information on DoD Directive 8570.1 internet security certifications or certification training classes call 301-934-7556 or 301-870-3008, Ext. 7556 for Charles County; 240-725-5499, Ext. 7556 for St. Mary’s County or 443-550-6199, Ext. 7556 for Calvert County or visit http://www.itc.csmd.edu/tec/index.htm.