another example of the Credit Card industry's deceptive advertising targeting children
cartoon of the month

Friday, May 20, 2005

Cyber security expert tips

10 steps against security breaches
Captain Raghu Raman

The PC revolution and the Internet boom in India have introduced new elements to cyber crime. Elements that make cyber crime one of the most dangerous issues facing modern society. Children and innocent netizens are now being subject to unprecedented barrage of innovative cyber attacks.

For example, rising number of 'phishing' attacks have emerged as a new, big threat of cyber security. According to Anti-Phishing Working Group statistics, approximately 5 per cent of users fall prey to Phishing scams. Spam, viruses, worms and other malicious code account for global losses of several billion dollars.

These simple 10 steps could cover people against more than 80 per cent of all causes of information security breaches:

1. Instal the latest anti-virus software on your computer and never ever turn it (anti-virus) off, instal a personal firewall and spyware checker (all are available for free). To find them just Google using the keywords anti-virus & free.

2. Never download or open attachments, whose source you are not certain about. Even if the source is trusted, see if the content is relevant, if not, don't open attachment. Create another E-mail ID which you use exclusively for subscription to sites. That will prevent spam from coming to your main ID. Some accounts like Yahoo! allow you to create topic-specific E-mail IDs that you can delink.

3. Avoid checking mail or using credit card details online in cyber cafes. It's next to impossible to be sure that it's safe. Even reputed cafes such as those in international airports and 5-star hotels have known to be key-logged. Matter of fact, open an additional debit card with a limit if you do want to transact online. In a worst case scenario your damage is limited.

4. Do not give away your residence or cell number. Be especially careful when you are filling in contest forms, coupons, free gift vouchers. More often than not, these are gimmicks to obtain your personal details. Don't believe it when they say the data will not be given to others - it most certainly will be. Don't print these numbers on your visiting card.

5. Get into the habit of destroying documentation regarding credit cards, such as receipts, bills, invoices or any documents that contain personal details.

6. If you are using broadband or working from home, ensure that your PC is hardened professionally. You can do this yourself if you follow the next step.

7. Information is a reality of modern life. Just like health or transport or communication is. Point is, you need to know something about it, even if it's just some basics. Read about information security breaches by subscribing to some newsletters. In case of many breaches, the only defence is knowledge. For instance, no technology could have prevented the phishing attack (wherein victims got mails seemingly from legitimate banks asking them to confirm their passwords and IDs)

8. Use two different passwords. One for mail, work and other important access and the other for routine proposes such as subscribing to sites. But remember to switch between them when you start doing transactions after mere browsing.

9. Create a difficult to guess password by taking the first alphabet from each word of a phrase. For instance a password like 1at*eomc is constructed using a phrase "I am the star employee of my company".

10. Educate your children about the dangers of cyber crime. Children with their unbound curiosity and unmonitored access are the single most common victims of cyber crime apart from the enterprises. Ensure that the home PC is kept in a common place so that you can monitor what is going on.

(Capt Raghu Raman is the CEO of Mahindra Special Services Group (MSSG), a company focused on providing enterprise derisking solutions to organisations worldwide. He is an information security veteran with over 18 years of consulting experience. In addition to several government agencies, he has served the United Nations, where he was responsible for securing information flow between UN HQ and Mission Control HQ in Africa. His merits have been recognised with several awards including one by the UN Secretary General for services rendered in the UN.

Raman has been trained at the College of Telecommunication Engineering and specialised in missile guidance systems [Armored Corps Center and School] and secure communication links. In addition, he has been trained at Foundstone & SCIP [US] on advanced hacking techniques and protection against competitive intelligence respectively.

In his earlier avatar, Captain Raghu was the CEO of, a leading auto company. Raghu is currently on the panel of RSA [Singapore, San Jose], Forum Engelberg [Belgium, France], MDI [Delhi], ITBT forum [Maharashtra] as an authority on information security. He has published several papers on the subject in Indian and international publications. In addition to the Central government agencies, he has also conducted training sessions for police and state Intelligence agencies.)

R Rangaraj


Post a Comment

<< Home