Rules to Follow in Information Security

Rules to Follow in Information Security

1. Say to yourself I am vulnerable”, I am a potential Target “,  I am at Risk Always.
Never ever assume or believe you are Secure. 100 % Information Security is a myth. The
defender needs to be perfect all the time. The attacker only needs to succeed once.
2.Passwords: They are like your undergarments, not meant to be shared.
Always make sure you stick to basic password complexity, minimum 10 characters with
special characters, numbers.
Try to come up with an acronym which you can only relate to like " I went for holiday to
Kenya in 2018 so password could be Iw4h2K!2o18”.
a) Never use the same password for multiple sites.
b) Update password periodically.
3) Make use of password management freeware’s, like https://keepass.info/
a) Patching: Keep your Operating System, applications and programs up to date with
latest patches and security updates.
b) Enable "Automatic Updates" on your OS.
c) Avoid installing untrusted software’s or downloading software from untrusted
sources.
d) Make use of simple to use " Personal Software Inspector" from Secunia
https://secunia.com/vulnerability_scanning/personal/ (link is external). This
tool identifies programs that are insecure and need updates.
4.Smart Clicks: Be Vigilant Netizen. Beware of what you click on websites. Avoid
visiting unknown/entrusted websites, as one of the most common vector for spreading
Malware is Drive by Downloads. These are malware’s that unintentionally gets
downloaded when you click some ads or links on websites.
Try to use simple browser extensions which offer secure browsing functionality, freely
available on Chrome and Mozilla, make sure it is rated properly and authentic. Never
click links you don’t trust and don’t invite danger with careless clicking. E-mail can
serve as a medium for e-mail viruses and other malware attacks. Unsolicited e-mails can
lower productivity. Furthermore, un encrypted e-mail may lead to information leaks that
can disclose proprietary information or lead to litigation and negative publicity. To
lower the risks inherent in e-mail:
a. Do not open attachments unless absolutely necessary, especially if they are sent by
someone unknown to the recipient.
b. Do not open EXE, BAT, VBS, and SCR type attachments ever, since they are common
vectors for virus/malware infections.

c. Always scan attachments manually with antivirus software before opening them, if
they must be opened.

d. Open up scanned attachments, such as a DOC files, from within the program rather
than simply double-clicking on an attachment. If a document is in question, such as a
DOC file, it can be opened up in a program like Word Pad to view the text contents
without the risk of a macro virus infection.
5.Phishing /Social Engineering: Social Engineering is manipulating/exploiting the
human element of security.
Phishing is a type of social engineered attack carried out in order to steal usernames,
passwords, credit card information, Social Security Numbers, and other sensitive data
by masquerading as a trustworthy entity. Phishing is most often observed in the form of
malicious emails pretending to be from credible sources which you trust. So again a
simple tip here would be to make your brain work like a spy. Never trust anything when
computer systems are involved. Do the research before opening any links in email,
check it against virus total; If visiting any website specially banking websites make sure
HTTPS is being used and a green padlock icon is visible. Check the authenticity of
certificate, can it be trusted?
a) Social Engineering attacks comes in different variety and being aware is the key
to defend against it.
Read here for more info: https://resources.infosecinstitute.com/common-social-
engineering-attacks/#gref
6. Backup: No matter how much security you apply there is always risk to your data
being lost due to several factor.
By following the below simple rules you can make sure the data is available.
a) Always follow 3-2-1 strategy for backup, it means having at least 3 total copies of
your data, 2 of which are local but on different devices or medium, and at least 1
copy offsite (email, drop box, different site, data centre or office location.)
b) Make copies of your data regularly. Automate the backup making process. There
are lot of free and commercial tools available.
7. Simple Tools Great Security: Though we have a lot of advance security tools
available nowadays and almost everything comes tagged as “Nextgen” but I recommend
installing below tools:
a) Anti-virus: It is like a headache pill you keep handy in case needed. It will
eliminate the common attacks. Make sure the AV program is from a known and
trusted source. Keep virus definitions, engines and software up to date to ensure
your anti-virus program remains effective.
b) Personal Firewall: Many freely available are good and most OS comes with a built
in Firewall as part of OS.

8. Secure Mobility: Mobile devices stores a lot of sensitive data, both personal and
business-related. Therefore, it is a must to have proper security and awareness about
using mobile devices properly. Keep below in mind about how we can use these devices
securely.
a) Lock your mobile device with a strong password or use biometric protection. If
your mobile device support 2 factor authentication enable it.
b) Keep your software updated.
c) Be App Aware: Make sure you install apps that you need regularly and set auto-
update on them, many times apps are not updated and often we tend to not use
many apps regularly. They might store sensitive information, which you be at
risk. Delete unwanted apps. When installing check the apps rating and install
them from trusted app stores.
d) Most mobile devices are capable of employing data encryption – use it, but
wisely.
e) Use Apple ; Find my iPhone or the Android Device Manager tools to help prevent
loss or theft.
9.Physical Security: If you need to leave your laptop, phone, or tablet for any length of
time – lock it up so no one else can use it.
a) If you keep sensitive information on a flash drive or external hard drive, make
sure to keep these locked as well.
b) For desktop computers, shut-down the system when not in use – or lock your
screen.
10. Smart Surfing: When shopping online, or using online banking or other sensitive
transactions, always make sure that the site’s address starts with “https”, instead of just
“http”, and has a padlock icon in the URL field. This indicates that the website is secure
and uses encryption to scramble your data so it can’t be intercepted by others. Also, be
on the lookout for websites that have misspellings or bad grammar in their addresses.
They could be copycats of legitimate websites. Use a free safe search tool such as
McAfee Web Advisor (https://www.siteadvisor.com/) to stay away from of risky sites.

Blog by RNS Guest Authors: Mr. Mustafa Aamir

Leave a Reply

error: Content is protected !!