- Create a report outlining good security practices for email and discuss the technology used to protect users from spam, phishing, and attachments.
To be able to prevent yourself from security issues related to email, it is important to follow security practices and use specific technologies. In this report, I have outlined some strategies of how can we be able to safeguard our emails from spam, phishing and attachments that can potentially cause harm to our computers and are a threat to our privacy.
Prevention from Spam and Viruses
Spam emails are a great source of spreading viruses over the internet. We often get emails with links to click. These links might tell us about a reward waiting for us. When the link is clicked, it results in the transfer of malicious software getting downloaded to our computer and causing harm to it. The links might sometimes ask for our private information. Such threats can be stopped. To prevent against emails with viruses, antivirus software can help. Also email service providers like Google Mail, Yahoo, Hotmail and AOL have inbuilt automatic antivirus protection and using these mail engines can help greatly against viruses (Contributor, 2017).
Contributor (2017) has defined spam as unsolicited bulk email. To prevent against you should never forward chain messages and always avoid publishing your email on public websites.
Prevention against Phishing
Phishing attacks are designed to steal consumer’s personal information. These types of emails may try to look like legitimate organizations and require you to input your personal information in pre developed forms. For example you might get an email to update your bank account information while the sender of the email claims to be your bank. They might use legitimate logos of the organizations they claim to represent. If any email seems to have any of these properties, avoid responding to them and it’s better to call the organization about it.
Email attachment may consume a great amount of your hard drive space. They may also consist of malicious content which is intended to harm you. To handle attachments properly, do not send huge amounts of attachments via emails and always delete emails with attachment after the attachment has been downloaded. Unexpected attachments should either never be opened or opened only after it is made sure that they are safe.
- Research and discuss several hardware encryption devices. What are advantages and disadvantages of using a hardware device vs. software encryption?
Hardware security devices are the devices that use different types of encryption techniques to encrypt and decrypt data to safeguard it from attackers. One of the hardware security device is called HSM or hardware security module which is a piece of hardware with a software inside it as its firmware and is used as a part of a network server or a computer (Attridge, 2002). The different functions of a HSM include hashing, decryption, key generation and encryption.
Self -encryption drives or SEDs are also a type of hardware security devices which has the encryption placed on the physical drive and an encryption key (DEK) is used to encrypt and decrypt data at both ends of communication (Brecht, 2015). These encryption devices can help greatly in the protection of the confidentiality, integrity and genuineness of data. They can add a protection layer to the security of data. Following is a comparison between hardware and software encryption techniques.
Hardware vs Software Encryption
Hardware based encryption utilizes a dedicated physical location and may use a random generated key for each user that uses the encryption routines with the help of the hardware encryption module. The key used to encrypt are safeguarded inside the hardware module and hence there is a less probability of it being stolen. They are cost effective and scalable. They have their desired software already installed on the hardware module and does not need supporting software.
Software based encryption on the other hand are less safe compared to hardware based encryption. They encrypt data with the encryption software that is installed on the computer, therefore, the utility is dependent on the security of the computer itself. These types of encryption programs require constant updates as well.
- Compare and contrast the privacy polices of popular social media services such as: Facebook, Twitter, Instagram, or Snapchat. Explain which social media services provide the highest amount of personal privacy.
I have discussed the privacy policies of Facebook and Twitter in the following because they are the two most widely used social media platforms of the present age.
According to Twitter privacy page (Twitter, 2016), they have stated and I quote “Most of the information you provide us through Twitter is information you are asking us to make public.” Most of the information they collect is primarily just like Facebook but the quotation provided above on Twitter’s privacy page makes me curious. I think that this makes a user vulnerable as Twitter has already assumed that the information that is provided by the user to Twitter is not confidential. Therefore, I would suggest that users remain skeptical of Twitter privacy policies.
Social media platforms have to provide a high amount of personal privacy because their users use these platform to share almost any information that is of highest privacy to the users and may not be shared anywhere else. These platforms can easily study the behaviors of their user and may use it as a manipulation source to get desired outcomes by the social media platforms or the people or organizations who get their hands on to the user’s private data.
- Explain mobile device security best practices such as smartphones and laptops.
Tittel (2014) has discussed several best practices for mobile devices. Some of these have been mentioned in the bellow.
Users of mobiles need to install antimalware software on their devices. Users usually does not realize that their mobile firmware like iOS or Android may also be at a threat and may not install any software to counter the potential threat.
The security of mobile communication is another hot issue of great information. Its security is something that cannot be ensured by the user. Organization and Applications which provide communication services should do their best to ensure communication. One of the example is the end to end encryption by WhatsApp.
Strong authentication measures should be taken by users when login in to their devices. One of the strongest authentication that can be used by users is finger print authentication that is provided by most of the latest mobile phones and laptops.
The efficient control of third party software is another measure that should be taken by users. When you install a third party software, it may provide an option about which parts of the device they want to access. If the software is not from a credible organization, it’s better not to install it or give it full access to your device.
Apart from the above, there are many more measures like creating a separate secured mobile gateways, choosing secure mobile devices and performing regular mobile security audits can be taken to ensure the safety and security of a mobile device.
Attridge, J. (2002). Cite a Website – Cite This For Me. Sans.org. Retrieved 7 January 2018, from https://www.sans.org/reading-room/whitepapers/vpns/overview-hardware-security- modules-757
Brecht, D. (2015). Tales from the Crypt: Hardware vs Software. Infosecurity Magazine. Retrieved 7 January 2018, from https://www.infosecurity-magazine.com/magazine- features/tales-crypt-hardware-software/
Contributor, G. (2017). 10+ e-mail best practices to share with your users. TechRepublic. Retrieved 7 January 2018, from https://www.techrepublic.com/article/10-plus-e-mail-best-practices-to-share-with-your-users/
Privacy, F. (2016). Facebook. Facebook.com. Retrieved 7 January 2018, from https://www.facebook.com/legal/FB_Work_Privacy
Tittel, E. (2014). 7 Enterprise Mobile Security Best Practices. CIO. Retrieved 7 January 2018, from https://www.cio.com/article/2378779/mobile-security/7-enterprise-mobile-security- best-practices.html