To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.
Watch this Blog
Notify me by e-mail any time a new post is made to this blog.
Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.
January 2009 Posts
The other day I received a voicemail message from somebody claiming to be from the federal government, asking for me to call him back. All he wanted was to verify some statistical information about my business. It sounds innocent enough, right?
But I became concerned because the person left a 1-800 phone number, and there was no way to verify that the caller's number actually belonged to a legitimate government organization. It could easily have been a fraudster, trying to collect personal information, or sensitive information about my business. Setting up a fake 1-800 number is pretty easy.Sounds paranoid, I know. But what's the first thing an organization will do when you phone them about something personal or sensitive? They ask a few "security questions" to verify who you are. This is fine, if YOU are calling THEM, based on a publicly verifiable phone number, listed in the phone book or on an official website. But if THEY called YOU, and you thought they were a representative of a legitimate authority, they could easily collect your birthdate and social insurance number. So, in fact, YOU should be asking THEM a few "security questions". If somebody calls you from any organization, asking to verify their information, or for some urgent information to complete their records, first ask them to give you their PUBLICLY LISTED client service number.
Then, after they've given you the number, tell them you will call them back on that number. This way, if it is a fraudster, they will not be able to intercept your call to the legitimate organization's service line.Sadly, it turns out that the call I received was actually legitimate. This is not the first time I've had calls from legitimate organizations that should know better, and did not provide a means of easily authenticating themselves to me.Don't give any sensitive information to people who try to reach you by phone, email, fax, instant messaging, texting, etc. without first verifying exactly who they are. Ask them if you can get back to them through a publicized contact point. If they don't like it when you ask that, you should ignore them. No legitimate organization should handle sensitive information without being able to authenticate themselves.If you have a comment on this article, please visit The Streetwise Security Zone, log in and let me know what you think.
The Streetwise Security Coach
Phone: 1-613-693-0997Email: email@example.com
To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.
As most of us know, no Anti-Virus solutions catch 100% of the threats they face. Some don't even come close. I've heard that it can be a good strategy to use more than one anti-virus product. However, in my recent experience, it's hard to find any that will coexist on a system. Most of them usually want you to uninstall any other Anti-Virus solution before they will install themselves.
So, I have been rethinking my strategy for virus protection.
I posed the following question to the Linked In Q&A forums...
It's generally accepted that no single AV product is able to completely protect against all viruses. Some people say to use multiple A/V products simultaneously. Some won't work well, or won't install with others present. Does anyone have good facts or references on how well different A/V products work to complement each other's strengths without interefering with each other?
Some of the good suggestions/comments I received included:
For the full set of responses posted on Linked In click HERE.