The Mason Spirit

Anup Ghosh

Almost every week, a story appears in the news about a company being hacked into and personal data being compromised. There are ways you can protect yourself from this sort of online trouble, say experts Anup Ghosh and Steve Ward. Ghosh, chief scientist at Mason’s Center for Secure Information Systems, is a recognized authority on Internet security and has written three books on e-commerce security. Ward is vice president of marketing for Invincea, a software security company that markets a technology developed jointly by Mason and the Defense Advanced Research Projects Agency available to companies to provide protection against online threats.

1. Do not trust unsolicited e-mails.

You are a target. You need to understand that every time you connect to the Internet, a perpetrator is waiting to take advantage of you. Simply searching for popular and trending news items can land malware on your computer. Do not open unsolicited e-mails—and definitely don’t click on links or supply passwords if you aren’t expecting something from a trusted source. Understand that you infect your machine through your browser and by clicking on links in e-mails.

2. Don’t expect your antivirus suite to adequately protect you.

Your antivirus protection is not a security blanket. In fact in most cases, it provides a false sense of security. Unfortunately, today’s security technologies cannot keep pace with the rapid increase in threats. While you should maintain your antivirus and software updates, don’t expect they are sufficient to protect you. You’ll have to exercise good judgment on where to go on the Internet and which e-mails to open and links to click on.

3. Use a separate, clean machine for banking only.

For transactions that need to be secure such as banking transactions, use a clean computer that you use only for those transactions, not the computer you use for browsing the web and general-purpose use. Do not browse the web with your clean computer. If possible for secure transactions, use an operating system—Linux or Mac— different from your daily use computer system, such as Windows. Pay attention to emerging technologies, such as virtualization-based solutions, to isolate the browser in its own operating system separate from that of your desktop. These technologies are beginning to enter the market and provide the strongest protection available for Internet threats.

4. Be careful what you post on social media sites such as Facebook.

Information posted on these sites can be used against you in social engineering attacks. Do not blindly accept friend requests from people you don’t know. If you don’t know Sven or Svetlana, there is no reason to be their Facebook friend. Sure these guys and gals might look attractive, but seriously, when was the last time some supermodel friended you just because they thought your profile pic looked good?

5. Don’t give permission to programs to run that you did not intend to download.

Be careful about which apps you run on your computer and your smartphone. If a program wants permission to run, do not grant it if you did not specifically intend to download and install it. Likewise for your smartphone, do not download apps unless you know them to be reputable.