Myths Surrounding ISO27001 Information Security
This week I am carrying the series of myths forward and this time surrounding Information Security (ISO27001).
- Information Security is for big companies
False Most small companies (and individuals) are targeted at
some time. - My computer has virus control software so I am safe.
False Anti-Virus software is only one area of protection. - I have turned off the Microsoft Automatic Update to protect my computer.
False Auto-update provides security patches to help protect your computer. - I always tear up sensitive paper information before putting it in the dustbin to
protect myself.
False tearing up paper is never as secure as shredding. - Cutting a credit card in half makes it useless to a thief.
False Shred any non required credit cards as a thief can copy the detail and your signature. - Email is a secure method of communication.
False Unless you encrypt your email, it is visible. - I can't remember complex passwords so I use my dog's name, but that is secure.
False A hacker will run a dictionary test to find easy passwords like this. - My company insists on 8 digit passwords so I have to write them down – but this is safe.
False Writing down passwords is a bad idea and is full of risk. - In my company we all share a generic password but this is secure.
False If there is s problem with a generic password is it almost impossible to find out who is responsible. - When we get new computers we always format the old hard disks to ensure they cannot be hacked.
False Hard disks should be physically destroyed otherwise data can be recovered, sometimes by simply un-formatting.
Information security is everyone's responsibility.
Labels: Information, ISO27001, security, Systems
Posted: Sunday, 28 October 2007
Security of Credit Cards
The criminal fraternity are again turning their sights on credit cards, not just in the UK where face to face sales and chip and pin have made considerable reductions in fraud, but in 'Customer not present' transactions, often on the internet where fraud has risen.
The real growth area for fraud has been in overseas transactions, particularly where chip and pin has not been fully implemented. These transactions use the magnetic stripe on the back of the card and a signature for evidence of card ownership. There are a great number of counterfeit cards doing the rounds and these net the thieves a considerable bounty.
We all pay the costs of these frauds in card charges and interest rates, so it is in all of our interests to combat this fraud wherever possible.
There are various systems which can help to prevent these frauds but most rely on cardholders taking responsibility:
Taking these sensible precautions could help stop these unscrupulous people from taking your money.
Protect your Cards from Fraud
The real growth area for fraud has been in overseas transactions, particularly where chip and pin has not been fully implemented. These transactions use the magnetic stripe on the back of the card and a signature for evidence of card ownership. There are a great number of counterfeit cards doing the rounds and these net the thieves a considerable bounty.
We all pay the costs of these frauds in card charges and interest rates, so it is in all of our interests to combat this fraud wherever possible.
There are various systems which can help to prevent these frauds but most rely on cardholders taking responsibility:
- Ensure that your card does not get taken away for scanning (it could be copied)
- Always shield the keypad when entering your four digit pin (opportunists can see your pin)
- Never tell anyone your pin number (that is just plain stupid
- Never lend your card to anyone else (that is worse)
- Take receipts for ATM transactions away and not put them in the bin provided by the ATM owner (the information contained on these slips could be useful to thieves)
- If you are suspicious about a transaction tell the card issuer (common sense)
- Tell your card issuer if you are going abroad so they don't suspend your card for unusual transactions (prevents embarrassment)
Taking these sensible precautions could help stop these unscrupulous people from taking your money.
Protect your Cards from Fraud
Posted: Sunday, 14 October 2007
Laptop Data Safety
Basic levels of password protection on laptops are easily overcome by the experienced thief and this is causing considerable concern within the industry.
There are two things you should do:
That takes some account of security for the laptop, but with attached devices such as SD cards and USB pen-drives the situation is different:
Anyone stealing the SD Card or Pen-drive can read the data on any computer loaded with similar software. This is clearly a point of vulnerability; the best method to protect this type of device is to encrypt it so that it is useless without the decrypt key.
This protection is not the expensive option it used to be, with open source software freely available. The best of these encrypt and decrypt on the fly and are transparent to the authorised but render the device useless to the thief and in may cases appear to be a blank device.
ISO27001 and Laptop Security
There are two things you should do:
- Physical security - Don't let your laptop out of your sight. Never leave it unattended in a public place. Never leave it in the boot of your car overnight at hotels. Always use a steel cable to attach it to a firm structure when in use outside your normal environment.
- Electronic security - Don't have sensitive data on a hard disk in the first place. Use a complex password and if possible second level authentication, such as a token or other device. When the laptop is on but is not being used, use the electronic lock facility to activate the password entry facility. Use a password on any screensaver.
That takes some account of security for the laptop, but with attached devices such as SD cards and USB pen-drives the situation is different:
Anyone stealing the SD Card or Pen-drive can read the data on any computer loaded with similar software. This is clearly a point of vulnerability; the best method to protect this type of device is to encrypt it so that it is useless without the decrypt key.
This protection is not the expensive option it used to be, with open source software freely available. The best of these encrypt and decrypt on the fly and are transparent to the authorised but render the device useless to the thief and in may cases appear to be a blank device.
ISO27001 and Laptop Security
Posted: Thursday, 21 June 2007
0 Comments:
Post a Comment