Saturday, February 7, 2009

How to safeguard our personal and financial data?


Nowadays, computer and internet are very common to everyone. We will rely on computer to save our personal data and using online financial services to do financial transactions such as online banking in order to safe time. Therefore, the safeguards that you make are not sufficient enough to protect your confidential data. Other than that,in the dynamic financial sector, people have to differentiate themselves with innovative technologies that improve customer service, streamline back-office operations, and strengthen risk management. Unfortunately, these same technologies often open doors to a variety of malicious attacks.
Today’s threats are significantly more dangerous than those of just a few years ago.
Financial institutions have become prime targets for cyber attacks by organized crime
with the sole objective of profiting at customers’ expense.

Here have few tips to keep your personal and financial data safe:

Encryption

Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext, providing privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form. The key is the trigger mechanism to the algorithm.
Until the advent of the Internet, encryption was rarely used by the public, but was largely a military tool. Today, with online marketing, banking, health care and other services, even the average householder is aware of encryption.
As more people realize the open nature of the Internet, email and instant messaging, encryption will undoubtedly become more popular. Without encryption, information passed on the Internet is not only available for virtually anyone to snag and read, but is often stored for years on servers that can change hands or become compromised in any number of ways. For all of these reasons encryption is a goal worth pursuing.

Firewall

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

intrusion detective system

Intrusion detective system tries to identify attempts to hack or break into a computer system or to misuse it. IDSs may monitor packets passing over the network, monitor system files, monitor log files, or set up deception systems that attempt to trap hackers. While a firewall should always be your first line of defense, an IDS should be next.
For example:Think of your network as a prison. The outside is protected by a large wall (firewall), while the inside is protected by cameras and corrections officers (an IDS). There are several types of IDSs, the most common types work the same. They analyze network traffic and log files for certain patterns. While a firewall will continually block a hacker from connecting to a network, most firewalls never alert an administrator. An IDS will flag the events and alert an administrator. The administrator can then see what is happening right after or even while the attacks are still taking place. This gives an administrator the advantage of being able to analyze the techniques being used, source of attacks, and methods used by the hacker.

Biometric security

It is the automated methods for uniquely recognizing humans based on one or more intrinsic physical or behavioral traits . There are 2 characteristic, physical (fingerprints, irises,retinas, facial partterns, and hand measurements) and behavioral (gait, signature, and typing patterns)
Biometric system have the potential to identify individuals with very high degree of certainty. Physical attributes are much harder to fake than identify cards. Biometric system are personal recognition based on "who you are" as opposed to conjunction with "what you know" (pin) or "what you have" (ID card). Recognition of a person by his body, then linking that body to an externally established “identity”, forms a very powerful tool for identity management


*

How safe is our data?

Nowadays, many viruses and destructive data methods are being made every single day. The cyber world has become a battle field with no end to stopping the online security threats. Here we can take a look at some of the latest online security threats.

Insider threats are the highest-ranking IT security concern. Insider misuse and unauthorized access by insiders are considered the top two IT security threats by our survey respondents.

Spam follows closely behind insider threats as a category of concern. This may be attributed to the prevalence of spam, the fact that spam is highly visible to everyone in the organization and that spam serves as a vector for many other types of attacks.

Malware such as computer viruses, worms, trojans, adware, and spyware still ranks highly in the list of concerns. There is significant variation between organizations in terms of the frequency of malicious code attacks, most likely due to variation in how well organizations defend against such security events.

Besides that, unauthorized access by outsiders is ranked only slightly behind malware in terms of seriousness. It is quite possible, however, that in some organizations, hackers have obtained unauthorized access without the awareness of the organization. Hence, the number of hacking incidents is likely underreported in the statistics.

Another point is that IT security professionals take the threat of physical loss or theft of computer hardware and storage somewhat seriously, a significant number think it is only a minor threat.

Although many organizations are experienced in fighting electronic fraud, survey respondents rank fraud in the middle of the list of security concerns. These results most likely reflect the fact that many high-risk organizations, such as banks and financial institutions. IT security professionals are not sufficiently worried about the threat of pharming attacks. Similarly, we do not find very high levels of awareness of the threat of phishing, at least among respondents outside of the financial services sector.

Most IT security professionals and managers do not view electronic vandalism/sabotage as a serious threat. Such computer crimes in the past were motivated by a desire to gain bragging rights among hackers.

IT professionals vary considerably in their perception of the seriousness of denial of service (DoS) attacks. This disparity is most likely due to the variation in the "attractiveness" of the organizations in our sample as targets.

Extortion by electronic means ranks last in the list of IT security concerns. This is most likely because of the infrequency of such attempts. Therefore, it is not surprising that most IT security professionals do not consider extortion a serious threat.






Related Links:
http://www.readwriteweb.com/archives/top_online_security_threats_for_2009.php
http://www.computereconomics.com/article.cfm?id=1214
http://www.entrepreneur.com/technology/techtrendscolumnistpeteralexander/article78616.html