October is National Cybersecurity Awareness Month

In a world of infinite endpoints, the security-aware employee may be the best defense against cybercrime

October 2010 marks the seventh annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. Professionally and personally, Americans can follow a few simple steps to keep themselves and their businesses safe online. Doing your part will not only help secure your personal assets and information--it will also help to improve the overall security of cyberspace. And that benefits all of us.

Following are just a few suggestions from the DHS cybersecurity website. Extensive guidance is also available on the U.S. Computer Emergency Readiness Team (CERT) website.

• Know who you're dealing with online.
• Keep your web browsers and operating system up to date.
• Back up important files.
• Protect your children online.
• Use security software tools as your first line of defense.
• Use strong passwords or strong authentication technology to help protect your personal information.
• Learn what to do if something goes wrong.
• Educate employees in cybersecurity policies and best practices, and continue that education.

The US-CERT site offers an excellent description of what happens during a website visit, when a certain amount of information is automatically sent to the site--which may include:

• IP address - Each computer on the Internet is assigned a specific, unique IP (Internet Protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the Internet—this is a dynamic IP address. You can determine your computer's IP address at any given time by visiting www.showmyip.com.

• Domain name - The Internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of a URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA).

• Software details - It may be possible for an organization to determine which browser you used to access its site, including the browser version. The organization may also be able to determine what operating system your computer is running.

• Page visits - Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often available to the organization operating the website.

If a website uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're visiting is malicious, you may be risking the files on your computer, as well as passwords stored in the temporary memory.

To download tips for securing your mobile communications, click on the PDF button above.