AN iNdepeNdeNt SUppLeMeNt froM MediApLANet

Cyber seCurity

Learn how to protect your information data and money.

ARe you pRepARed?

No.1/June 2010We make our readers succeed!

3tips Cloud Computing

Learn the benefits and the drawbacks

Web wise talk with your kids about internet safety

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

stay safe online

Take a minute to think about how much of your life relies on the internet.

think about school (enrolling in classes, paying tuition), work (sending/receiving e-mails, making pay-ments), transporta-tion (booking flights,

requesting quotes on cars), and even entertainment (online shopping, downloading music).

Now, think about what might hap-pen if the security of all of these activities was compromised. Someone may have hacked into your university account because you used a public computer, or someone may have got-ten a hold of your credit card infor-mation because you used an untrust-worthy site to buy something.

So, you might be asking yourself, “What can I do to protect myself, my business, and my children from this phenomenon that has become such a large concern in the information world?” The first step to solving a problem, or better yet, preventing one, is knowing your enemy. Breaches in cyber security occur because, some-how, someone was able to access your information.

There are so many ways to equip yourself with the information that will motivate you to take any steps you can to navigate safely online at home and at work, protecting your business’

information, data, and money.

protecting your businessCompanies are at risk of any type of cyber attack, and businesses can be victims of “people who break into computer systems for criminal finan-cial gain, espionage or politically motivated reasons.” Stay Safe Online.org advises businesses to assess any possible risks, monitor possible threats to the business, and draft a cyber plan.

Home business owners are also at risk, where just as much, if not more, damage can be done. Aside from keep-ing up-to-date on all software, it is important to choose passwords for online accounts that don’t contain dictionary words or clues that could be found from other obtained personal information.

photos for saleWe all learned something about Face-book recently, most commonly by word of mouth, that shocked and dis-mayed. It seems that any photos you post on Facebook are now and forever the personal property of Facebook. This can cause major problems with models and photographers trying to market their work. Yes, it is an outrage, but Facebook hasn’t broken any laws… we just never read the fine print.

Here’s what it says: “By posting User Content to any part of the Site, you automatically grant... an irrevocable, perpetual, non-exclusive, transfer-able, fully paid, worldwide license... to use, copy, publicly perform, publicly display ... such User Content for any purpose...”

It’s things like this that we need to be careful about- things that might be a minor inconvenience to one person, or a career-killer for another. In this case, knowledge is power.

the future of the web The worry doesn’t end there. Your kids are also becoming well-versed in how to use the Internet, but do they know about all of the possible ways they could be at risk? Most children learn to not share their passwords and to not give out personal information to strangers in chat rooms. However, problems can reach much deeper than that. There’s also spam and sexual exploitation. In fact, “one in seven youths receive a sexual approach over the Internet.”

If we’re too late and a problem has already occurred, contact The Cana-dian Cyber Incident Response Centre (CCIRC) at www.publicsafety.gc.ca/prg/em/ccirc/index-eng.aspx for information and help.

password protection

1 Don’t choose obvious passwords for any online accounts and sites.

Update your software

2 When your computer gives you the option to update your anti-

virus software, do it! Think about it as your fire alarm. You’d never let the bat-teries die because if they do, your house and everything in it, including your family, could be at risk. Your files need protection, too.

spread the word

3 Take everything you learn about Internet safety and spread

the word- to family, friends, and coworkers.

my best tips

“it helped the investigation that Mafiaboy had bragged about his attacks in online hacker chat rooms.”

Mafiaboy hackermakes amendsMichael Calce shows his redeeming qualities.

We recommend

pAge 4

Up in the clouds p. 5the pros and cons of cloud computing

protecting your kids p. 7facebook. twitter. MySpace. your kids are on them 24/7—protect them.

Cyber SeCUrity1St editioN, JUNe 2010

responsible for this issue publisher: chris Vassallochris.vassallo@mediaplanet.com1 416 977 7100

Contributors: Kevin richards, boyan tsolov, cassandra AlexpoulousDesigner: missy Kaykomissy.kayko@mediaplanet.com

Country Manager: Gustav Aspergrengustav.aspergren@mediaplanet.comEditorial Manager: Jackie mcdermottjackie.mcdermott@mediaplanet.comproduction Manager: carrie reaghcarrie.reagh@mediaplanet.com

Distributed within: the Vancouver sun, June 2010this section was created by mediaplanet and did not involve the Vancouver sun or its editorial departments.

pHotoS: iStockphoto.com unless otherwise indicated.

We make our readers succeed!

Mediaplanet’s business is to create new customers for our advertisers by providing readers with high-quality editorial content that motivates them to act.

When i use the computer, i almost forget the important safety rules to follow. But i am an elephant and i never forget. Do you remember all the important rules when you use the computer?

Let’s look at them together again.■■ i do not give out personal

information online without my parent’s permission. This means that I never give my name, phone num-ber, house address, e-mail address or

location of my home or school. I don’t post photos of myself unless my par-ents say it is OK to share with a friend or family member by e-mail.

■■ i create a personalized nick-name. This safety rule is fun. I have to choose a name that does not say whether I am a boy or a girl. My friends will know that it is me.

■■ i have a password. This safety rule is also fun. I have to create a pass-word that is unique and hard to guess, but easy for me to remember. No one except my parents, know what it is… not even my best friend.

■■ i will only “chat” with people i know. When I am old enough and start to e-mail and use chat messages, I will only communicate with peo-ple that I know and that my parents approuve of.

■■ i will tell my parents when something makes me feel uncomfortable. This is not so fun. Sometimes, things are written or shown on the computer that makes me feel uncomfortable. I know to tell my parents right away.

■■ i will have good “Netiquette”. Good “Netiquette” is good etiquette

on the Net. This means that I will treat others with respect. I will not send rude or mean messages and I will not post things such as words or photos from someone else.

■■ Finally, i will not believe every-thing that i read or see on the internet! I will know to check it out and ask my parents about it.

If you remember to follow these Internet safety rules, you will be smart and be safe.

elmer the safety elephant advice

provided by www.elmer.ca

editorial@mediaplanet.com

ChalleNges

password safetyA strong password is the lock on the door that secures personal informa-tion at countless web sites, yet mil-lions choose combinations that are child’s play for hackers. Two favorites are “1234” and the word “password” itself. Many people choose the name of their computer monitor. Others select the name of their pet—which they also post on their Facebook page.

Following a few simple rules can greatly enhance password—and online—security. Don’t use words found in the dictionary. Hackers have automated programs for those. Avoid personal information. The longer and more complicated the password, the better. Use the whole keyboard.Don’t forget to use upper and lower case letters, numbers and symbols. Each additional element vastly increases the potential permutations and com-binations. Don’t use passwords on public computers. If you need to write a password down, keep it in a secure place. Above all, don’t share passwords with others.

Graham Cluley, senior technical analyst for Sophos, an IT security firm, recommends starting with a phrase you can easily remember then reducing it to a meaningless string of characters. For example, “Don’t be late for staff meetings Tuesday mornings at 9:00” becomes “Dbl4smTm@9.”

Never use a single password for more than one website. Several online applications will do the work of remembering multiple passwords for you.

Password practice is more time and trouble but a modest price to pay for the enhanced security that results.

don’t miss!

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

ChalleNges NeWsCyberCriMe

New capabilities present concernspredicting the future is always filled with fault, but a few things seem certain in cyberspace. For one, the bad guys aren’t going away. Cybercrime and the resulting need for security will continue to evolve along with the Internet. For another, as computing moves to the cloud, businesses and individuals alike need to grapple with new security issues.

“Security is becoming more of a business than a technical issue,” says Dr. Boaz Gelbord, who recently estab-lished Security Scoreboard, the first web site to catalog and provide user ratings on online security firms. “The question you have to answer is, how much money is at risk and how much are you willing to spend to protect it?”

As cyberthreats evolve, “the least expensive aspect of most security solutions will continue to be capital purchase,” according to David Lesser, president and chief technology officer of network security firm Nexum, Inc. “Ongoing operations will be the most expensive.”

Lesser and other experts believe many companies make a major mis-take when they assume migrating to cloud computing—where data and applications reside on the Inter-net rather than on a company’s own servers—obviates security issues. In fact, the traditional security risks still exist—now often outside the com-pany’s direct control—and the cloud introduces new concerns to the mix.

For example, what security infra-structure and procedures does a cloud vendor have in place? Where is data stored? (It’s not necessarily in the Canada, by the way.) Cloud computing means shared IT environments. Your data will be stored next to other com-panies’, perhaps even next to a com-petitor’s. What happens if your vendor encounters financial difficulties? How is your data—and your ability to con-duct business, affected in the event of a disaster or prolonged downtime?

Similar concerns face personal users of cloud-based services, such as email, photo sharing sites or social networks. They can easily expose themselves to the potential for misuse, manipula-tion, theft or blocked access of per-sonal information.

Moving forward, the benefits of using the cloud will continue to be compelling. Users need to develop a clear view of the issues involved.

bUSiNeSS

Model secures peace of mindImplementation of more technology develops a logarithmic degree of risk with software, breach points, and connectivity to a wide range of digital assets. With each layer it requires its own unique and specialized resource to secure, manage, update and pro-vide the security needed to protect your information.

To mitigate the security risk and reduce the total cost of ownership related to technology, the best method is to leverage the business model known as managed services. A man-aged services provider would enable your organization to leverage highly skilled talent, at a fraction of the cost while taking advantage of enterprise grade solutions the company uses to help manage your technology infra-structure.

While some companies choose to build their own internal solutions and systems, the problem they often face is building a team that can scale with the organization’s needs. Because a man-aged services organization supplies services and monitors many clients, it becomes affordable for that organiza-tion to hire and train security experts. This also allows managed services organizations to afford the best tools, and have their staff managing the needs of your business 24/7.

In this global digital economy, threats are constantly appearing. With the growing complexity and evolving threats to security, managed services is a solution that provides lower costs, expert resources, and peace of mind.

easy steps keep online transactions safeit still pays to play it safe when transacting business online. Online business and finance has held up well in the current recession.

According to a new study by Javelin Strategy & Research, e-commerce grew 10.8 percent in 2009 and nearly two-thirds of American consumers say they buy things online. estimates put the number of Americans using online banking as their preferred method at more than 50 million. Online criminals remain active, too. Retailers expected to lose 1.2 percent of sales to fraud in 2009, according to an annual survey late last year by cyberSource corp. This repre-sented the lowest loss percentage in 11 years, but still a cost of $3.3 billion.

According to Statistics Canada, 80 per cent of Canadians aged 16 and older, or 21.7 million people, used the Internet for personal reasons last year.

Doing business—retail or financial—

online can be safe. Experts agree on a few simple steps we all can take to pro-tect ourselves:

Only transact business from a com-puter you know to be secure preferably your own. never enter personal infor-mation—credit card or bank account numbers, PIns or passwords—into a computer with public access.

Keep your protection up to dateMake sure you are running the most current anti-virus, spyware and mal-ware screening programs.

Know where you’re doing businessOnly conduct transactions with web

sites you know or have strong general reputations. Look for the designation “https” in the URL window (as opposed to just “http”) which indicates the site is using SSL (secure socket layer) encryption.

Be smart about passwordschoose passwords that incorporate let-ters, numbers, symbols and cases, use different passwords for different web sites, and don’t share passwords with anyone else.

Use credit cardsTheir issuers employ sophisticated anti-fraud detection programs for online shoppers. Even if someone steals your credit card number, many issuers have consumer protection policies in place that eliminate consumer liability for fraudulent transactions.

david duffy

editorial@mediaplanet.com

It still pays to play it safe when transacting business online. Online business and finance has held up well in the current recession.

ChOOsE passWOrDs CarEFULLy

ChOOsE

1tip

First, cyber security must be based on redundancy. Consider the ways thieves can steal financial data. They can “dump-ster dive” for discarded paperwork, hack computer systems or send phishing emails and text messages. There is no single solu-tion for this multiple-front war. Instead, the electronic payments system had to develop an approach based on layers of security. These can range from the simple require-ment that merchants mask card numbers on paper receipts, to sophisticated, real-time scoring technologies that analyze every Visa transaction for fraud, and most

recently, mobile transaction alerts that empower cardholders to monitor their own accounts for fraud. These measures have helped the payments industry stay a step ahead of the criminals and keep fraud at low levels.

Second, every industry or government agency has its own unique needs and challenges. This requires flexibility. Rather than mandating specific, regimented tech-nology, the payments industry advanced comprehensive security best practices in the form of Payment Card Industry Data Security Standards (PCI DSS). To date, 77 percent of

the world’s largest merchants have validated compliance with the industry standards. This, combined with other industry security efforts, has resulted in fewer and less severe card data compromises at large merchants over the past few years.

Finally, the electronic payments industry has learned that security requires a coop-erative approach that includes financial institutions, processors, merchants and cardholders. Cardholders can play a role in their own security by reviewing statements and notifying their financial institution of any suspicious transactions, by memorizing PIN numbers rather than writing them on their card and by treating with suspicion any unsolicited e-mail requests for financial information or other personal data.

But over the past two decades, card fraud rates have dropped by more than half and are near historic lows. This reinforces the success of applying the key principles of overlapping security, adaptability and collaborative commitment that together can help shape a strong foundation for securing our national cyber systems.

Redundancy, Flexibility and Partnership Key to Cyber Security By Ellen Richey, Chief Enterprise Risk Officer, Visa Inc.

As the country seeks to strengthen our cyber security capa-bilities, the electronic payments system is providing an example of effective partnership. Over the past two decades, payment networks have collaborated with technology companies, financial institutions, merchants and cardholders to make the payments system increasingly secure. Through their successes and failures, useful lessons about what it takes to fight cyber criminals have been learned.

500243_Visa_Advertorial_VanSun_bw.indd 1 6/23/10 4:55:03 PM

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

Question: What kind of mastermind hacker could gain access to top company websites?answer: Fifteen-year-old Michael Calce, or better known by his nickname, Mafiaboy.

Mafiaboy hacker makes amends

iNspiratioN

The fear of a hacker gaining access to a company’s files, or even having any unau-thorized control whatsoever, is just about as scary for a business as a masked thief breaking into the building. On February 7, 2000, Yahoo! experienced their own virtual break-in.

At this time, Yahoo! was considered the second most popular website and, for about three hours, was knocked offline. What kind of mastermind hacker could have performed such a task? None other than the infamous 15-year-old Michael Calce, or better known by his nickname, Mafiaboy. Yahoo! wasn’t the only victim of Michael’s hacking- there was also Dell, CNN, Amazon, eBay, and other Internet giants. It was such a big deal that it even raised concern with the White House and financial markets.

Crime and punishmentIt had taken a few months of press coverage for the Royal Canadian Mounted Police to show up at Calce’s door. Authors of Creating a Winning E-business stated that “it helped the investigation that Mafiaboy had bragged about his attacks in online hacker chat rooms.” He eventually pled guilty in court to these hacking charges and 56 counts of mis-chief.

What was so bad about this for his vic-tims? After breaking into these websites’ Internet servers, he used them to com-pletely deny service. And this cost them a lot of money in revenue- hundreds of millions of dollars, in fact. His punishment was to serve time in a group home, where he expe-rienced a more legal form of grounding. He had to spend most of his time in his room with, of course, no computer access, but was able to attend school and have a job.

However harsh the experience was, not

being able to see much of his friends or family, it seems to have actually made a difference. Calce used this time to think about how something good could come from this incident, how he could possibly use his knowledge and power for good instead of evil.

At the young age of 12, Calce’s best friend died in a car accident, and this changed him and the way he saw the world. Even-tually, he took the knowledge he gained from the EFnet Internet Relay Chat network to find attack codes. Calce says in his book Mafiaboy: How I Cracked the Internet and Why It’s Still Broken, “With these tools in hand, I began to feel like I was in control of the internet, rather than the other way around. The sense of power and possibility was intoxicating.” It is very rare that someone is able to cross over after being captivated by the dark side.

Mafiaboy’s redemptionThe Mafiaboy book’s website affirms the positive evolution of Calce’s intentions where “in 2005, he began writing a com-puter security column for Le Journal de Montreal to help educate people about online threats and offer advice for staying secure online.” He also uses his expertise to advise businesses how to protect their sys-tems and information online.

Essentially, this is a classic case of a young thinker with big ambition. It’s easy to tell yourself that you wouldn’t make the wrong choice, especially not as wrong as the one Mafiaboy made. However, if you have the power sitting right there in your hands, it’s easy to make mistakes. It’s easy to forget how grave the potential consequences could be, like angering the top dogs of the net.

chAnGe

oNLiNe SeCUrity

cassandra alexopoulos

editorial@mediaplanet.com

“With these tools in hand, i began to feel like i was in control of the internet, rather than the other way around. the sense of power and pos-sibility was intoxicating.”

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

Question: What is Cloud Computing?answer: It’s the methodology of processing something over many machines spread across a network.

professioNal iNsight

stOp, BLOCK, tELL.

stOp,

2tip

the rise of cloud computingCloud Computing is the methodology of processing something over many machines spread across a network. the idea is that you ‘outsource’ the processing that your computer would normally do itself to another computer(s) on a network.

You do not necessarily know where this computer resides in the world or how many computers are being used. That is why it is called a ‘cloud.’

In short, the processing is out-sourced to a third party and the result is returned to you.

Out of this “service” comes three ways to provide cloud computing:

saas: software as a service

1 In this type of computing, the software is offered online

through a browser. It is hosted on the provider’s servers. The users do not need to install the software on their machines. The provider manages the servers that host the software, they update the software at their conve-nience and they fix bugs on it directly.

paas: platform as a service:

2 In this type of computing, the provider has exposed a means for

writing applications on their servers. This is possible because the third party company has provided their own APIs (Application Programming Interface) for you to program with. When the developer programs their components, these components then run on the servers, in the cloud. The developers don’t need to worry about hosting them on a website; the pro-vider takes care of that.

iaas: infrastructure as a service

3 In this case, companies provide a means for their users to use an

entire computer ‘in the cloud’ as if it is in your office. This means that you do not need to buy new machines and set

them up with a network in your office. You can ‘create’ a new machine through the provider and then log into it using common software like remote desktop. If you feel that you need more machines to run your website, you can add more at the click of a button.

Benefits■■ Maintenance: The provider

maintains the computers, meaning the users need not know anything about computers—they just need a connection to the internet.

■■ security: The providers are responsible for this, instead of the users if the software/website was on their own machines.

■■ reliability: When something is in the cloud, it is usually very reliable in terms of up-time.

■■ scalability: You can grow the computing power at an instant.

■■ Location: As you add more com-puting power, it can appear anywhere in the world. However, ideally you would like the location to be as close to you as possible.

■■ Cost: Since you are paying per machine or per resource (e.g. per CPU, per GB used, per software feature) it is cheaper to afford as much computing power as you need. Small businesses can use this to get started because they might not have money to buy big servers to place in their office from the get-go.

Drawbacks■■ Data privacy: The provider has all

of your data on their servers.A hacker can get to it.The company might go bankrupt.Negligence on their part can lose

your data.You have less control of the software

and the data.■■ security: Just as it is a pro because

you don’t have to worry about it, if the provider is not careful they might expose a lot of your data.

“As you add more computing power, it can appear anywhere in the world.”

boyan Tsolov

editorial@mediaplanet.com

Boyan tsolovit Specialist

questionnAire

parry aftab executive director, WiredSafety

■■ Our simple definition is the use of digital techniques as a weapon to hurt, embarrass or intimidate someone else.

What can parents do to prepare their children?

■■ First, recognize your child can be the bully as well as the victim. That’s hard to accept, but the progression online from disagreement to flaming to bullying happens quickly. Often it’s the last click of the mouse that decides. Second, don’t keep kids off the Internet. Lots of kids who don’t even have Internet connections have been victims. Third, teach kids to turn to a trusted adult (preferably parents) and realize that as parents, we have to earn that trust, primarily by not over-reacting. Fourth, on a very practical level, teach your kids never to share passwords. Surveys show most kids do. When friends fall out, those kids are vulnerable to all kinds of online attacks.

What do i tell my son or daughter to do if they are bul-lied online?

■■ Three things—stop, block, tell. The first is the most important. Don’t react to the initial provocation. Put down your mouse, go offline, do something else you love for at least five minutes. (We call that “Take 5!”) Second, block the bully or the message. Third, tell your parents (or another trusted adult) what happened. Let them help.

■■ Gaining awareness of what’s going on in their IT environments. The big-gest failure is assuming that because no alarms are going off, your envi-ronment is safe. Over the last two decades, the security industry has relied almost exclusively on signa-ture-based products—security tools that look for electronic signatures or patterns of known bad behaviors. For the last three to five years, our adversaries, both nation-state and organized crime, have professional-ized and customized their means of attack. They’re no longer using generic attack methods for which well known signatures exist.

What do organizations need to do?

■■ On a practical level, tighten con-trol of your IT environment. Restrict access, lock down the infrastructure and maintain good hygiene. These actions won’t keep advanced-threat actors out, but they will start reduc-ing the volumes of system compro-mises so that you can identify the sophisticated threats. Use automated means to leverage threat intelligence. Apply forensic rigor in your analytic processes. Prepared organizations can identify and respond to incidents effectively and minimize loss.

Amit Yoran served as director of US-CERT (Computer Emergency Readiness Team) and the National Cybersecurity Division of the Depart-ment of Homeland Security. He is now CEO of Netwitness, a cybersecu-rity firm with both public and private sector clients.

What constitutes cyberbullying?

What’s the biggest cyberthreat organizations face?

amit yoran Ceo, Netwitness

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

NeWs

Changing landscape of cybersecurity

questionnAire

James Mobley president and Ceo, Neohapsis

■■ Cybersecurity is one of the most critical challenges that our world will face during this decade. Infor-mation security experts, armed with advanced technologies, will play a key role in our ability to meet this evolving challenge. How-ever, while acknowledging that we will never be 100 percent secure, most in our industry agree that an effective solution for securing cyber space must focus not only on response but, more importantly, on prevention. Central to a preven-tion strategy is developing a risk aware organization at every level of the enterprise. Simply stated, the best performing companies and organizations anticipate and navigate risk better than the laggards.

■■ The pursuit of risk management excellence is accelerated when a Governance, Risk and Compli-ance, or GRC framework is in place. Effective GRC systems leverage a single software platform to moni-tor and enforce rules and proce-dures. These systems also bring visual clarity to the relationships between business objectives, risks and operational controls. When the impact and interdependen-cies of each risk is known, priori-tized and managed holistically, an organization is best prepared to avoid the downside of risk, as well as capitalize on the opportuni-ties that risks also present. Secure principles embodied within a comprehensive GRC framework is a winning combination.

if you look up the term “cybersecurity,” you’ll find the definition “…measures taken to protect a computer or computer system (as on the internet) against unau-thorized access or attack.”

“This definition has now become outdated. The future of cybersecurity transcends far beyond protecting computers, and is focused squarely on protecting companies, customers, and families. Technology has been inte-grated into seemingly every aspect of our day-to-day lives—the way we communicate, the way we work, and the way we interact with the world around us. In many cases, it is indis-tinguishable when the human ele-ment leaves a process and technology picks up. With all of the technological advances, though, new challenges have arisen. Whether through error or malicious exploitation, technology, and the way we use technology, has uncovered flaws—sometimes with severe repercussions. These errors have caused devastating results—mil-lions of personal identities have been lost or stolen, the power grid has come

under attack, and, to the extreme, it has cost people’s lives. In response to the challenges, the future of cyberse-curity cannot revolve around a com-puter; it must evolve to protecting the people and companies impacted by the exposures in the technology.

A major challenge of cybersecurity is the continually changing landscape of what we are trying to protect. Our information is seemingly every-where—on laptops, smart phones, USB jump drives, “in the cloud”—and it’s ever on the move. Add to the equa-tion that the corporate definable and protectable logical perimeter has all but eroded, and the result is seem-

ingly an infinite amount of critical information being stored and shared on a growing and moving array of computing environments.

The other side of the equation is a motivated, aggressive and organized attacker community. Data is big busi-ness, and these groups have hired some serious talent. Through exten-sive botnet networks and bleeding-edge “zero-day” attack strategies, there is a new landscape of informa-tion warfare. These exploits span mul-tiple vectors—phishing, application vulnerabilities, social engineering —and thrive in an environment where a security strategy is defined by legacy

platforms and IT general controls. The future of cybersecurity needs to consider a data centric model rather than a perimeter based strategy to defend against the next generation of attacker.

Whether through chat, texting, or social networking, the way we com-municate and collaborate has changed dramatically as well—140-character bursts have become common inter-action. The future of cybersecurity needs to embrace these new medi-ums, teaching users appropriate ways to interact in these venues, while still achieving corporate risk management goals. This education needs to extend well beyond the corporate landscape as well to reach our children, helping to defend against cyberbullying and cyberhazing.

As we move into this new decade, the definition, and practice, of cyber-security must extend beyond the pro-tection of a computer to be considered successful. Anything less will leave us well short of protecting the things we hold most dear.

“A major challenge of cybersecurity is the continually changing landscape of what we are trying to protect.

Kevin richards, Cissppresident of the iSSA international, director of risk and Security Services for Neohapsis

Kevin richards

editorial@mediaplanet.com

AN iNdepeNdeNt SUppLeMeNt by MediApLANet

protecting yourself against the web

■■ Question: When you’re shopping online for the perfect father’s day gift, is your credit card information safe? When you’re accepting a friend invitation on facebook from a person you’ve never heard of, are your personal data and pictures secure?

■■ answer: Not necessarily. in fact, all it takes is one weak link for your information to be used or made public.

Cyber security battles against a spec-trum of issues, both minor and severe, that we should all be aware of. Cyber security is breached when we become victims of something life-changing like identity theft. Or, we can be annoyed and inconvenienced by receiving spam mail every 15 minutes, even humiliated if an embarrassing video or photo has leaked.

“This is dangerous because the Internet is becoming less and less anonymous, meaning we are becom-

ing accountable for what we say and post,” says Ashley Huffman, online communications manager at Kiwi Commons, creators of videos and edi-torials to build a line of communica-tion between youths and adults when discussing Internet safety.

Bad publicityThe sad truth is that we are so com-fortable with posting personal infor-mation for social and entertainment purposes, we remain unaware of the

fundamentals of the Internet—that once it’s out there, it’s out there for good.

Be careful of the nature of photos you post on your social networking sites. Risky and embarrassing photos include those that contain alcohol or a person who is clearly under the influ-ence of alcohol, provocative poses, and even wardrobe malfunctions!

Buyer bewareOnline shopping has become a wide-spread activity with many obvious

benefits: lower prices, more variety, and, best of all, convenience. However, if you’ve found that iPad for half the retail price on an unknown website, your information and money are both at risk. Chances are if it seems too good to be true, it probably is.

Don’t be afraid to take a few min-utes and read reviews that users have posted on online shopping sites. These will usually help you determine the legitimacy of the site.

This isn’t to say that online shop-ping, along with creating a Facebook account or sending pictures to your friends via e-mail, can’t ever be safe. The main thing to remember is: trusted friends only. Shop with famous and reputable websites, accept friend invitations from people you recognize, and open e-mails from e-mail hosting services you are familiar with.

Continue to enjoy the Internet for all that it has to offer, but don’t ignore those red flags.

cassandra alexopoulos

editorial@mediaplanet.com

shoWcAsefActs

■■ court orders to remove embar-rassing photos from the internet do not mean that the photos won’t still be circulating the web remaining accessible to all, including your fam-ily members and current or future employers.

■■ identity theft can occur by obtain-ing information as simple as your full name and location. your information could be used for obtaining pass-ports, accessing the funds in your

bank account, and applying for new credit cards.

■■ someone has their identity stolen every four seconds in the united states and affects thousands every year in canada.

! read more on the web:

www.kiwicommons.comwww.media-awareness.cawww.safeonlineoutreach.com

MALWAre

phishing, pharming and bots“Lions and tigers and bears—oh my!” Dorothy and her companions chant to ward off their fears in The Wizard of Oz. Internet users might try, “Tro-jans and rootkits and bots!”

Dorothy’s fears were mostly imag-inary, but the threats online are all too real—and growing. Malware, malicious software, has become a leading online scourge, evolving in a short decade from so-called worms and viruses conceived principally to vandalize, to sophisticated spyware and crimeware designed to steal—money, information and identities.

Kaspersky Lab, a security firm specializing in combating mal-ware, collected nearly 34 million malicious programs by year-end of 2009—including some 15 million each in 2008 and 2009. In its Secu-rity Bulletin 2009, the company says “programs became signifi-cantly more complex in 2009 and targeted new platforms such as mobile operating systems.”

Symantec, a leading online secu-rity company, says on its web site, “The threat landscape once domi-nated by the worms and viruses unleashed by irresponsible hack-ers is now ruled by a new breed of cybercriminals.”

Malware has long been delivered hiding inside trojans—innocent-appearing emails or software. In an irony only a cyber criminal could appreciate, 2009 saw big increases in rogue antivirus software used as malware delivery vehicles, accord-ing to Kaspersky. Once launched, rootkit programs keep the invasive software concealed.

phishing is a favorite techniqueEmails that use fear or enticement to encourage recipients to click on a link or visit a web site that steals or cor-rupts their data. Pharming programs are even more insidious—they redi-rect unsuspecting users to fraudulent web sites, even if the user types in a correct URL. The bad guy’s goal is installation of spyware on your com-puter or network—programs that log your keystrokes, steal usernames and passwords, or enable access of your bank or credit card accounts.

Yet another set of applications can turn your computer into a zom-bie or bot—essentially a dedicated slave used by cyber criminals to launch anonymous spam assaults or distributed denial of service (DDoS) attacks against the online presence of a company, organiza-tion or entire nation. Estonia, Geor-gia, South Korea and the United States have been targets of DDoS attacks in recent years.

The complexity and sophistica-tion of cyber crime grows quickly, but—fortunately—some of the best defenses remain straightforward and based in common sense. Don’t open (and do delete) unsolicited emails. Don’t click on unfamiliar links, even if sent by someone you know (their computer could be being used as a bot). Don’t down-load software from a strange web site (no matter how enticing the deal)! Scan all emails and files with a recognized antivirus security pro-gram. Keep all security patches up-to-date.

Online threats are real. You need more than a catchy chant to protect yourself.

NeWs

We’ve come a long way since 60s’ parenting scare tactic “it’s 10:00 pm. Do you know where your children are?”

The reality is that you’re probably quite trusting of your children if they have their own computer with the ability to post videos on YouTube or photos of the party they attended Sat-urday night on Facebook.

While the Internet has its obvi-ous benefits of being educational and entertaining, there are also a lot of troublesome situations your children could encounter online.

Firstly, remind your children that anything they put up on the Internet is public and could have serious con-sequences in the near and far future, potentially costing them their dream

job or an athletic sponsorship.Ashley Huffman of Kiwi Commons

says, “More and more employers are using social media profiles as part of their decision process when hiring (sites like Facebook, Myspace, Linke-din).” These sites are also a conve-nient gateway for online predators to communicate with children under a pseudonym.

Cyber bullyingAnother online concern is cyber bullying. Children have the oppor-tunity to anonymously embarrass or threaten a classmate on the Inter-net. If you find out that your child is a victim of a cyber bully, tell him or her to keep a record of everything that was said, because it could be helpful when the child feels com-fortable enough to speak to an adult

about it.Parents should also ensure that

they “don’t overreact if their children have a negative experience online (research has shown that youth often don’t report being the victims of cyber bullying because they’re afraid

their parents will cut off their Inter-net access),” says Matthew Johnson, media education specialist at Media Awareness Network.

how to talk to you kids about internet safety

cassandra alexopoulos

editorial@mediaplanet.com

hELp KiDs BE saFE

hELp KiDs

3tips

don’t miss!

24/7/365service