IEEE reached out to its security expert members around the globe this month to assess the current state of online security. All of the IEEE security experts polled cited malicious software, referred to as malware, and botnets, a group of automatic robots that infect a group of computers, as the chief security concerns for internet users. Malware includes things such as spyware and adware applications, as well as viruses and worms. These applications, once embedded in a computer, can track surfing habits of users and redirect searches, as well as send personal information, including passwords and credit card numbers, to a third party.
"The best rule when it comes to opening email attachments is if you don't know the user, don't trust it," said Prof. Matthew Bishop, IEEE member and author of the textbook, Computer Security: Art and Science. "If you have any uncertainty, contact the sender offline to verify that the email and its attachment are both genuine. Even if your trusted friend sent you the email, they could unknowingly include a virulent attachment."
Additionally, the experts agreed that the best place to provide your personal and financial information is on a secure, encrypted, password-protected website versus over email. "Exercise caution in how and where you provide your information, especially if requested to share this information in response to an email," said Prof. Steven Furnell, senior IEEE member and head of the Centre for Security, Communication & Network Research at the University of Plymouth (UK) where he specializes in computer security. "Phishing and other social engineering scams are increasingly creative, and users can no longer rely upon being able to spot them simply from unprofessional and unconvincing appearances."
Unfortunately, it's impossible to be completely safe from fraud or identity theft online - or offline - today, but adopting some basic measures can reduce the risk when working online. It is important to ensure that your computer is updated with the latest software security fixes, both for the operating system and applications such as your antivirus tool, web browser and email software. Additionally, it's imperative to know how to react if personal information is compromised.
"You need to think about what could happen if the information you provide to a merchant is stolen," said Ulf Lindqvist, IEEE Computer Society member, and head of SRI International's support for the U.S. Department of Homeland Security's Cyber Security Research and Development Center. "For example, make sure you know how to report fraudulent charges to the issuer of your credit card, debit card, etc., and always check your statement at least once a month and preferably every week, to ensure that there are no questionable purchases included. If you see something suspicious, report it immediately."
As social media sites continue to grow in popularity, they are also becoming breeding grounds for fraud. Malware and botnets are oftentimes disguised as a friendly exchange from someone in a person's network, but can unknowingly have malicious information attached to otherwise genuine online personal communications. However, the main concern with sharing information on social networking sites is that it is impossible to know where the information is going to end up - regardless of its original destination.
"People need to realize that once information is uploaded to a social networking site, it never goes away," said Edward Delp, IEEE Fellow and chair of the Information Forensics and Security Technical Committee of the IEEE Signal Processing Society. "Never put anything on these sites that you wouldn't want your family, prospective employers or community to see - for years to come."
As technology changes at an exponential rate and becomes more sophisticated, it is of paramount importance that security technologies keep pace with this development. Security protocols need to stay one step ahead to thwart attacks on potential system vulnerabilities. As an international organization of the world's most prominent thought leaders on this topic, IEEE is working to bring these influential leaders together to help prevent, detect and solve security issues.
If you are looking for resources and experts to provide insightful commentary about security issues, please contact IEEE at [email protected]
IEEE (Institute of Electrical and Electronics Engineers, Inc.), the world's largest technical professional society, is commemorating its 125th anniversary in 2009 by "Celebrating 125 Years of Engineering the Future" around the globe. Through its more than 375,000 members in 160 countries, IEEE is a leading authority on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Dedicated to the advancement of technology, IEEE publishes 30 percent of the world's literature in the electrical and electronics engineering and computer science fields, and has developed nearly 900 active industry standards. The organization annually sponsors more than 850 conferences worldwide. Additional information about IEEE can be found at http://www.ieee.org.