[IS&T Security-FYI] Newsletter, September 21, 2007
Monique Yeaton
myeaton at MIT.EDU
Fri Sep 21 13:22:58 EDT 2007
In this issue:
1. Mobile Workers Say "Security is Not My Job"
2. Schools in the News: 10 Data Leaks in Just 3 Weeks
3. Tip of the Week: Risky Search Engines
---------------------------------------------------------------
1. Mobile Workers Say "Security is Not My Job"
---------------------------------------------------------------
A study released last month by an independent marketing firm
commissioned by Cisco Systems and the National Cyber Security
Alliance (NCSA) shows that most mobile workers entrust their security
solely to IT. The survey covered seven countries including the United
States.
According to the study, 73% of mobile workers are not aware of
security threats and best practices. 28% admit "hardly ever"
considering security risks and some even said they "never" consider
them.
In a world where mobile workers are increasing and where businesses
are entrusting their workers with access to corporate information
anywhere outside the office, IT has an important role to play. These
situations require proactively protecting and educating mobile
workers in order to prevent them from undermining the security of the
business they work for.
The past year has shown that roughly 73% of all sensitive data
breaches occur because of unsafe human behavior, not because of
software vulnerabilities or other "computer glitches." While it is
difficult to mandate, and while busy workers prefer to get their work
done rather than deal with taking extra steps for the sake of
security, this isn't any different from how we have adopted other
security habits in our lives, such as locking our houses and cars,
putting valuables out of reach, and avoiding dark streets at night.
If you are concerned with the security of the information you work
with, or even if you aren't concerned but want to find out if you or
others in your area are doing enough, MIT offers a free awareness
seminar on Computer Security. The next offering occurs on October 17,
noon - 1 p.m., in N42 demo center. For more information on the
seminar or to have the seminar presented to your team or department,
contact <security at mit.edu>.
------------------------------------------------------------------------
--
2. Schools in the News: 10 Data Leaks in Just 3 Weeks
------------------------------------------------------------------------
--
You may have noticed the recent addition to Security FYI of the
"Schools in the News" feature. According to incidents compiled by the
Adam Dodge Report, just in the past three weeks there have been ten
possible data breaches reported by U.S. universities. Seven of these
have been inadvertent data disclosures while three were due to theft
of property.
Read the Adam Dodge Report: <http://www.adamdodge.com/esi/>
While these types of incidents are not new, the high number of them
should be a worry to all higher education institutions, because
eventually they will have a breach of their own. I believe the
numbers show a general lack of concern and awareness of the risks.
What is unfortunate about this is that often the damage could have
been prevented. It would be unfair to suggest that universities be
100% safely guarded against these types of occurrences. However,
even one leak can be damaging to not only the privacy of individuals
affected, but also to the reputation of the institution.
--------------------------------------------------------
3. Tip of the Week: Risky Search Engines
--------------------------------------------------------
Be careful what you search for, you may end up at a risky site loaded
with adware or spyware. Over the summer, McAfee released a report
showing that more than 276 million searches by U.S. consumers per
month lead to risky sites. McAfee studied the five major United
States search engines -- Google, Yahoo!, MSN, AOL, and Ask -- which
account for 93 percent of all search engine use. To conduct the
study, McAfee analyzed the first 50 search results returned by each
search engine for 2,300 popular keywords.
The most risky sites were found to offer adware, spyware, viruses,
exploits, spammy e-mail, excessive pop-ups or strong affiliations
with other risky sites. Good news is that search engines have
somewhat reduced the problem of risky sponsored links through better
vetting.
What can web surfers be aware of or do to make sure they don't
stumble upon these types of sites?
* Adult search terms are twice as likely to lead to unsafe results
as non-adult search terms -- keep your searches "clean."
* Reduce spam by avoiding e-mail signups.
* Even with search engine improvements, 1 in 12 sponsored links
still leads to a risky site -- avoid clicking on these in search
results.
* If it sounds too good to be true, it probably is -- queries
containing the word "free" are particularly likely to lead users to
sites with unsavory practices.
* Of the Google search terms analyzed, the most dangerous category
is "tech toys," examples of which include "ipod nano," "mp3 music
downloads," and "winmx" -- 23 percent of these led to risky sites.
* There are tools like McAfee SiteAdvisor and others to make
searching safer.
* IE 7 and Firefox 2.0's improved security features help to keep
personal data safe from fraudulent websites and online phishing scams
by warning you when you visit a risky site.
Read more about the report here: <http://www.mcafee.com/us/about/
press/corporate/2007/20070604_181500_u.html>
Thank you for staying aware of security issues,
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20070921/1617d4a5/attachment.htm
More information about the ist-security-fyi
mailing list