Security+Signs


 * Artifact #4: Security Signs and Explanation**

In a network, a computer technician can set up an elaborate security system to prevent every security breach known to man. However, one person on the network could easily undo that work whether through carelessness or ignorance. It is therefore essential to educate network users on security issues that relate to them. After our discussion in class, I’ve selected three topics to educate my hypothetical network users about in order to create a more secure computer lab.

First, I want to inform users of the importance of a strong password. For years, I’ve used the same password at every opportunity. It is a simple word with no extraneous letters, numbers, or punctuation. This made it easy for me to remember and I did not concern myself with the security of it. I believe many people do the same. After our discussion in class and the readings, however, I’ve become aware of the importance of creating a strong password. Using a mixture of letters, numbers and symbols in upper and lowercase prevents computer programs from guessing the password. Many computer programs can quickly test every word in the dictionary, so creating made-up words is ideal. It is relatively simple to create a stronger password and is therefore an easy step people can take to secure their identities and our network. I also chose this topic because the information is clearly and easily conveyed through the sign format. Most users understand that they should use a strong password – they just don’t understand why. By communicating the danger of automated password-guessing programs as well as providing a reminder of the importance, I believe they would be more likely to use more secure passwords.

My second sign concerns the necessity of considering where your sensitive information is distributed. On-campus, Martin offered the example of a business traveler who simply threw away his business itinerary. This easily could be picked up by an identity thief and used to track further information. As a computer user, I was simply not aware of the danger of throwing away seemingly trivial information. I would like to educate my network users of this danger and teach them to shred important (or even seemingly unimportant!) documents. This sign would be hung above the shredder, which I would provide for all the lab users to use. Especially in a computer lab environment, where many people share one space, disposing of personal information must be done securely. I chose this topic because it is a comparatively simple idea, yet it is just important as any of the more complex security risks. By providing a shredder and clearly indicating the importance, my users will be more apt to guard their personal information.

Finally, I would like to demonstrate the perils of phishing and demonstrate how to avoid it. Several years ago, I fell for a phishing attempt by someone claiming to be eBay. When an unexplained charge showed up my account, I contacted eBay and they removed it. Since then, I’ve been extremely careful with phishing attempts; however, I know many people around me are not so vigilant. My elderly grandmother does not understand how someone could pretend to be someone else, no matter how many times we explain it to her. For users like her, I would like to explain the concept of phishing, then present how you can avoid falling victim. Presenting the information about the act is important here, as many casual computer users do not know the term or the meaning behind it. Thus, providing signage to explain it is must more beneficial than simply preaching caution against it. I envisioned my grandmother as I created this sign – I want it to convey the dangers but still be clear enough for her to understand. Armed with this information, she, and users like her, would be able to appropriately question emails from suspicious sources.

The on-campus session on security was eye-opening to say the least. Martin’s demonstrations of what can happen and how demonstrated how easily thieves can access our information. I’ve often thought “who would want to look at my personal Yahoo emails?” when justifying an unsecure email password. However, my emails contain much information about me that thieves could use to gain more valuable information, such as bank numbers or dates I will be away from home. Martin discussed our willingness to provide credit card information willy-nilly on the internet and compared it to giving such information to any person off the street or a suspicious looking server at a restaurant. I had never considered this before as I have often provided my credit card information to whichever online merchant offers the lowest price. Discussing this has changed my habits and I’m now much more likely to search for verification that a site is legitimate before providing my credit card number. Finally, his anecdote about a would-be thief lying in wait outside our homes or apartment building, stealing information from our wireless network, was worrisome. After you do so much to protect yourself, how can you guard against things you don’t even know about? Even security programs cannot guard against all threats. It is therefore important to approach security, as everything, in moderation. As computer technicians, we should do everything within our power to protect the network. However, there’s truly only so much you can do, and excessive worrying is fruitless. Therefore, it’s important to educate yourself and your users, take the steps you can, and then relax. You don’t have to turn off your computer and network entirely to be safe. You just have to inform yourself, take the necessary precautions, and hope for the best. With careful consideration of the best security practices, vigilance of new threats, and an informed group of network users, computer technicians can breathe easily knowing they’ve done everything available to secure the network against potential threats.