Today is Computer Security Day, a day to celebrate having a safe experience on the computer, no matter where they are. . .whether on the internet, offline, or whether it is logged off–whenever and wherever! Computers have become faster and more advanced, so protecting their resources, the tools that go along, and the information on the computer protects the people who use them, too. The computer can be a large asset, but they require a lot of responsibility in keeping them secured and where its use is ensured. Therefore, instead of glamorizing the computer, of which I have been on since the year 1991–I am sharing some tools, education, and create awareness for safer computer usage nationwide for both kids and adults. . .including ransomware attacks, phishing, viruses, cyber-bullying, identity theft, fraud,  human trafficking, and even more! The internet becomes another whole avenue of security for computers, which can be a fun place as intended, but can lead to being in a frightening place. Let’s try to make sure your computer stays the place for freedom, and exercise care. . .

Computer Statistics:

• In the last decade, people using computers are in the 70 percentage of population
• In the last decade, people having had at least a computer are over the 80%
• In the last decade, people having a household computer are between 40% to 50%
• In the last decade, people people on the internet are between 60% to 70%

Internet Statistics:

• 2021 showed that there were 4.9 billion internet users worldwide
• Nearly 4 billion people use the internet by mobile connection
• 57% of the worldwide population use the internet
• There are near 1 million extra internet users each day
• Internet users spend between 6 to 7 hours per day online
• Of that time online, users spend over  2 hours per day on social media
• Google has the most worldwide visits on the internet
• YouTube and Facebook have a varying rank of 2nd and 3rd  most visited sites
• Some countries do not allow their citizens to use the internet, like China, Cuba, Iran, North Korea, and Syria. The governments either ban their citizens or limit freedom while using the internet.

Common Security Issues and How to Fix Them:

Ransomware Attacks: Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a sum of ransom to the attacker. There are thousands of vulnerabilities when it comes to ransomware attacks. No matter how careful, everyone is vulnerable to such attacks. Prevention is key! Here are some ways to prevent such attacks:

• Identify assets that are searchable via online tools and take steps to reduce that exposure
• Protecting Against Ransomware
• Good Security Habits
• Understanding Anti-Virus Software
• Understanding Patches and Software Updates
• Using Caution with Email Attachments.

Code Injection (Remote Code Execution or RCE): Code injection is also known as remote code execution. The malicious code is usually “injected” in the same language as the targeted application and then executed by the server. In general, applications that use invalidated input data may be vulnerable to code injection. Here are some ways to that perpetrators launch such attacks:

• The attacker scans machines over the internet for known vulnerabilities that may open the door to an attack.
• Once a suitable vulnerability is found, the attacker exploits it for entry and access.
• Once the attacker is in, they execute malicious code on the system to wreak the typical havoc: steal information, encrypt or destroy files, alter permissions, download more malware, etc., based on the vulnerabilities found, the state of the compromised machine (security patches applied or not, for example), and the tools available to the attacker.

Cross-Site Scripting (XSS) Attack: Cross-site scripting is a type of injection attack in which a threat actor inserts data, like a malicious script, into content from trusted websites. The malicious code is then included with dynamic content and delivered to a victim’s browser. XSS is one of the most common cyber attack types, because of the widely used script insertion, especially JavaScript. Here are some ways attackers use to install the XXS attack to a victim:

• To run malicious JavaScript code in a victim’s browser, an attacker must first find a way to inject malicious code (payload) into a web page that the victim visits.
• After that, the victim must visit the web page with the malicious code. If the attack is directed at particular victims, the attacker can use social engineering and/or phishing to send a malicious URL to the victim.

Here are some ways to prevent such attacks:

• Malicious JavaScript has access to all the objects that the rest of the web page has access to. This includes access to the user’s cookies. Cookies are often used to store session tokens. If an attacker can obtain a user’s session cookie, they can impersonate that user, perform actions on behalf of the user, and gain access to the user’s sensitive data.
• JavaScript can read the browser DOM and make arbitrary modifications to it. Luckily, this is only possible within the page where JavaScript is running.
  JavaScript can use the XMLHttpRequest object to send HTTP requests with arbitrary content to arbitrary destinations.
• JavaScript in modern browsers can use HTML5 APIs. For example, it can gain access to the user’s geolocation, webcam, microphone, and even specific files from the user’s file system. Most of these APIs require user opt-in, but the attacker can use social engineering to go around that limitation.

Data Breaches: Another type of attack, whereby secured information that is not publicly available becomes breached–or available without consent. Personally there is nothing an individual can do to prevent a company’s lists from becoming breached. A lot of peoples sensitive information is even available–even individuals who have never even been on the internet. The stored information on the business lists is compromised and then sometimes used directly or sold on the dark web. If you are a business owner, you really need to make sure that your cyber security is up to date, because a data breach when found out it stems back to your business can run into the million easy! Your business insurance really needs to know that capacity that the data being stored is up to date, or liability at your business can put you at total risk, putting not only your reputation at risk, but could put all your assets, personal and professional on the line! Here are some tips to protect your business from data leaks:

• Evaluate the Risk of Third Parties
• Monitor all Network Access
• Identify All Sensitive Data
• Secure All Endpoints
• Implement Data Loss Prevention (DLP) Software
• Encrypt All Data
• Evaluate All Permissions
• Monitor the Security Posture of All Vendors

Malware and Virus Infection: Putting programs and software on the computer can look safe on installation date, but where did the programmers start. At what angle? Was it to look like a nice program or really be a good program? You absolutely need to make sure the computer is safe before installing outside software. Especially software that can open up the communication ends on your computer, Nothing is worse than a program that can communicate unknowingly, and become some else’s remote control! Here are some ways to prevent such attacks:

• Install a Security Software: Install security software and make sure that it is up-to-date.
  Enable Firewall: Enable your firewall as this will prevent unwanted PC access from the Internet.
• Update Security Software regularly: Regularly update software installed in your computer. Programs on your computer need to be kept up-to-date as malware authors will always find a way to abuse software vulnerability. Loopholes in software’s security can become vulnerabilities. The best practice should be to visit your manufacturer’s website regularly or by contacting their support. There are a number of third party software out there that claim they can check for software updates for the programs installed on your computer. Be careful in installing these programs, specially the free ones, as they may come bundled with other unnecessary programs or worse malicious software.
• Refrain opening unknown emails: Do not open emails from unknown senders as they may have malicious attachments infected with viruses. If the email comes from a known sender but the email includes an arbitrary attachment, it is always best to contact the person who sent it in order to verify that the email and the attachment were legitimately sent.
• Be careful in visiting websites: Only open websites that you know. Never randomly click a link as it may direct you to a malicious website or trick you to download an infected file or program. Always check the address bar, or the URL, to see if you are loading the correct website.
• Install ONLY legally distributed software: Use only reputable and legally distributed software. Do not install pirated software as these may often times come in bundled with infected files.
• Scan removable drives before using them: When using USB flash drives, thumb drives or any other removable drives, make sure you scan them using your security software.
• Be aware of social engineering ploys: Be careful of social engineering ploys whose goal is to trick a user into willingly opening their systems for malware authors to free access. Be careful with online and social media “freebies” and “giveaways” that are just a trick to install worms, bugs, viruses, launch phishing attacks, and even more. The ploys also can come in a form of an email from your bank asking you to update your account information via a suspicious link or a seemingly helpful pop up from a website that is offering a free registry cleanup. Some malware distributors even keep themselves up to date with current events that would easily tap into an unsuspecting user’s curiosity.

DDoS Attacks: A Distributed Denial of Service (DDoS) attack is a malicious attempt to affect the availability of a targeted system, such as a website or application, to legitimate end users. Typically, attackers generate large volumes of packets or requests ultimately overwhelming the target system. The attacker uses multiple compromised or controlled sources to generate the attack. In general, DDoS attacks can be segregated by which layer of the Open Systems Interconnection (OSI) model they attack. They are most common at the network, transport, presentation and application layers. How can denial-of-service attacks be prevented?

• Perform a network vulnerability audit. In order to properly defend your network, you have to understand its weaknesses
• Secure your infrastructure
• Reduce the attack surface
• Create a DDoS response plan
• Know the warning signs

Credential Stuffing Attack: Credential Stuffing Attacks (CRA) are attacks to attempt to compromise a sites users who normally login, in order to obtain unwarranted access to the user’s account, putting all stored confidential information at stake. Sometimes it is a method that is used after a hacker either purchases or obtains access to data breach information. Obviously, sites usually have a limit to the amount of times before it logs an account out due to security risk, because it would not be wise to let an account be logged in with improper information over a modest amount of attempts. Preventing bots from gaining access to personal information of customers in paramount! Multi-Factor Authentication (MFA): Here are some specific circumstances where there is reason to suspect that the login attempt may not be legitimate:

• A new browser/device or IP address
• An unusual country or location
• Specific countries that are considered untrusted
• An IP address that appears on known block lists
• An IP address that has tried to login to multiple accounts
• A login attempt that appears to be scripted rather than manual

Alternative Defenses: Where it is not possible to implement MFA, there are many alternative defenses that can be used to protect against credential stuffing and password spraying. In isolation none of these are as effective as MFA, however if multiple defenses are implemented in a layered approach, they can provide a reasonable degree of protection. In many cases, these mechanisms will also protect against brute-force or password spraying attacks. As well as requiring a user to enter their password when authenticating, they can also be prompted to provide additional security information such as:

• Secondary Passwords
• A PIN
• Specific characters from a secondary passwords or memorable word
• Answers to security questions
• CAPTCHA: Although not perfect, simply requiring a user to solve a CAPTCHA for each login attempt can help to prevent automated login attempts, which would significantly slow down a credential stuffing or password spraying attack.
• IP Block-listing: Less sophisticated attacks will often use a relatively small number of IP addresses, which can be block-listed after a number of failed login attempts. These failures should be tracked separately to the per-user failures, which are intended to protect against brute-force attacks. The block list should be temporary, in order to reduce the likelihood of permanently blocking legitimate users. Additionally, there are publicly available block lists of known bad IP addresses which are collected by websites such as AbuseIPDB based on abuse reports from users. Consider storing the last IP address which successfully logged in to each account, and if this IP address is added to a block list, then taking appropriate action such as locking the account and notifying the user, as it likely that their account has been compromised.
  Device Fingerprinting: Aside from the IP address, there are a number of different factors that can be used to attempt to fingerprint a device. Some of these can be obtained passively by the server from the HTTP headers (particularly the “User-Agent” header), including:
  • Operating system
  • Browser
  • Language
• Using JavaScript it is possible to access far more information, such as:
  • Screen resolution
  • Installed fonts
  • Installed browser plugins

Brute Force Attacks: Brute force attacks are entirely preventable. You can keep brute force attacks at bay and drastically improve your data security by having a strong password policy, limiting login attempts, enabling two-factor authentication, using CAPTCHAs, and blocking malicious IP addresses. How to prevent a brute force attacks:

• Limit failed login attempts
• Make the root user inaccessible via SSH by editing the sshd_config file
• Don’t use a default port, edit the port line in your sshd_configfile
• Use CAPTCHAs
• Limit logins to a specified IP address or range
• Two factor authentication
• Unique login URLs
• Monitor server logs

Other Ways to Make Safety on Computer Everyday:
Always know that safety is most important. The computer needs to stay locked, just like your front door! Here are some everyday things to remember when it comes to computer safety:

• Enabling Windows Updates
• Installing and keep antivirus software up and running at all times
• Turning on the Windows Firewall
• Keeping all software updated
• Always using strong passwords
• Not sharing passwords and not writing them down anywhere
• A password being required to access the computer
• Removing unused programs
• Securing the wireless network
• Backing up critical data
• Using caution when browsing the internet
• Logging off the computer when not in use
• Keeping the browser’s security up to date and not relying on automation in the form of
• stored or remembered passwords for critical sites
• Periodically removing temporary internet files

Remember Safety on the Internet:
The Internet can turn into a danger zone if you do not develop safe practices while being online. Therefore I bring on awareness to lead out of any disguised safety zone, thinking “just because they can’t see and touch me”–that it is always a safe place to be on the internet. There are a lot of dangers on the internet that if attention is paid, can be avoided simply by being aware and exercising caution after you see signs of danger. The need for constant reevaluation of your internet usage and interaction safety being a great asset to you personally and also for your family. One of the primary purposes of ConnectSafely.org is to make the internet a safer place. The day brings both organizations and individuals together with a common purpose of reaching as many internet users as possible to provide them with awareness and the tools and resources to keep them safe. We all face the potential of becoming a victim of internet crimes, with or without being connected, so don’t think that just because you are never on the internet that you can’t be touched by the hands of criminal internet activity. Your name, numbers and information are all online somewhere whether you have an online account or not, in the form of business lists and all sorts of other means. The “dark internet” is a very dangerous tool in the wrong hands! However, there are means available in order to protect ourselves and our companies, plus ways that we can teach our children how to correctly use the internet that can make a difference. For more information visit ConnectSafely.org and SaferInternetDay.us.

Ways to Make Internet Safer:

• Teach your children about safer internet use.
• Never tolerate cyber-bullying.
• Start conversation concerning safer internet approach in all ways.
• Attend events, forums and seminars about improving online safety.
• Become part of a campaign in your school, organization, business, and home.
• Contact your U.S. House of Representatives, your United States Senate, and/or your state policymakers to urge them to pass legislation in order to make the penalties higher for cyber-crimes.
• Become active and speak about cybercrime. Activity grows in the dark and when the light turns on, criminals stalk an easier target.
• Never take on a criminal one on one. Always contact authorities for professional assistance.
• Visit SaferInternetDay.us for information to make for a safer internet experience and to join with others in making the effort.

Other Steps to Ensure Constant Security:
Here are more steps to make sure that your safe on the internet:

• Get identity theft insurance (Lifelock, IdentityGuard, your insurance company…).
• Regular homeowners insurance never covers ID theft without a rider!
• Identity theft insurance doesn’t cover titled property! Consult your broker for options.
• Always use the latest virus protection and a good firewall.
• Never use public or insecure WiFi – especially for logging into banking or shopping.
• If you login to any source other than your own private WiFi – Change your password!
• Always use a strong, unforgettable password phrase.
• Set up two-tier or double authenticized login procedures whenever available!
• Save your passwords on your devices at your own risk!
• Check your bank and credit card statements on a regular and timed interval.
• If your accounts are compromised, issue stop payment on any fraudulent purchases.
• Also if your accounts are compromised – Change your password!
• If there is suspicious activity, cancel your card and have a new number issued.
• Always check your credit from all three credit reporting agencies a minimum of yearly.
• Keep all your software up to date, so that computers are not vulnerable to hackers.
• Make sure all programming has the latest patches applied.
• Have the latest update for cell phones applied as soon as it is available.
• If you have a website or page, always make sure all plugins are kept updated
• Never give any personal information over the phone, email, or text.
• More. . .

Steps To Ensure Privacy:

• Take steps to secure all your digital devices. Consult with each one for tips on their site.
• Make a commitment to learn how to protect yourself.
• Maintain tech-savvy answers that protect you today and in the long run.
• Share your input including tips, tricks, and experiences with others. Knowledge is power.
• Attend an information exchanges such as forums and seminars–learning about protection.
• For more tips on keeping your data safe, visit the National Cybersecurity Alliance.

Safety, Tips & Pointers For Safe Online Experience:

• NEVER enter your passwords via an email, text, phone call or other communication, unless YOU initiated the attempt to login, and the site is trustworthy.
• Don’t respond to emails from suspicious destinations. Always use emails from reputable stores, shops, known bloggers, and from personal recommendations or good online reviews at a reputable internet rating site.
• Never give vulnerable information over the internet unless the 🔒 symbol is in the browser bar. Also make sure that the internet destination is “https://???.com” NOT “http://???.com“. The “s” which is the 5^th letter on the browser bar stands for “secured“. If you do not see this, cease doing a transaction at that site as it is not safe divulging information as the hypertext needs to be secured through encryption or anyone can see your personal information being transferred over the internet, including on a router system near where your Wifi is hooked.
• Make sure that you always use a secured and private connection, not a “public” or common connection when it comes to the Wifi you are using. Your cell phone is secured and encrypted while using a carrier for the transaction, but if the WiFi is activated, you must make sure that it is in the “OFF” position, unless you are at your home or on Wifi that belongs to someone that you know to be trustworthy. Doing a transaction on a workplace’s WiFi can be sketchy and your security can be compromised unless your workplace is self-employment.

Resources:
If you are ever party to being a victim of being compromised online or any cyber-crime, you can contact the following agencies:

• Report cyber-bullying to the proper authorities. If you believe it is criminal activity, report it to the police. Any bullying including cyber-bullying almost always gets worse by thinking that it will just go away by itself.
• Talk with your children. If you think that they have been threatened and/or just won’t open up to you, call on a professional counseling, mentor or mediator–even if you do it yourself without putting your child through the session. Being informed always assists in disposition.
• ConnectSafely.org and SaferInternetDay.us are both really great internet sites that contain tools to assist in reasonably being safer online.
• Your local police station if you are at any monetary loss online. If you use a credit card, you will need a report number to have any recourse to issue a claim, because they will need a police report number in order to initiate a claim. For more information, you can visit my article: Jan 27, 2022 – Happy Data Privacy Day + Resources – 2022

Hashtags:
#ComputerSecurityDay #ComputerSecurity #Security #MaliciousSoftware #Malware #DataBreach #Virus #Viruses #DDoSAttack #Credentials #Password #Passwords #PIN #CAPTCHA #InternetSafety #OnlineSafety #Internet #Password #VPN #WiFi #CyberSecurity #Data #Safety #Tips #Kids

DISCLOSURE: I had my identity stolen in the year 2018. A list of a business that I did business with had their intellectual property stolen by hackers. Next thing you know I had a store account hacked into and hundreds of dollars. Then my bank account had money wired to Poland. It could have been way worse. I did after a series of months get the money returned to me because the methods they chose had fraud guarantees, and with a police report number and the assistance of others, and doing all the formalities, this was possible in my case. Also, due to forensics, my computer was able to identify that the lists of the company I did business with were hacked at the computer’s security signature level, I was able to obtain a settlement of which I granted the company an Indemnity Form of Release. As I stated, my case could have been astronomically worse than it was. It is not an easy task to get out of the rut and go on with life, and the settlements are never worth the grief. I have experience at this, and would never want anyone have to go through what I had to go through. For these reasons–and because I care, I choose to share as many ideas to combat the crime before it happens. This is the reasoning that over the past few years sections I have featured articles concerning fraud and violence, including fraud watches and other usefully wise sections. I also never tolerate violence of any kind. I thank you for being my follower, and hope that this never happens to you!

Computer Security Day + Safety