wombatsecurity | July 18, 2012

Technologies cannot compensate for poor security practices

Technologies such as anti-virus, safe browsers, and firewalls cannot help if the user clicks on the wrong link or visits the wrong website, warns security firm Wombat Security Technologies.

“A lot of people have focused on infrastructure over the last couple of years. I think slowly but surely [security personnel] are realizing that the least covered and most overlooked area is the human behind the keyboard”, commented Joe Ferrara, Wombat’s president and chief executive officer.

Wombat is offering the following tips to help users stay safe on the internet by avoiding risky behavior and common traps.

The company recommends that users not rely on their browsers to protect them from malicious websites. Browsers only warn users about sites but cannot stop them from going there. Even if users have high security settings and anti-virus software, visiting a risky website can result in the downloading of viruses and spyware, the company noted.

“Many people don’t understand the risks of using a browser and surfing the internet”, Ferrara observed.

In addition, the company cautions users to beware of windows or pages that prompt you to click a link to run software. Malicious websites can create prompts that look like messages from the browser or computer. If users see pop-ups they think are risky, they should go to the company’s website for scans and downloads.

Wombat cautions users not to provide personal information to get something free online. Criminals may use this data to break into personal or work accounts.

The company advises users to watch for shortened URLs, as well as numbers, hyphens, or special characters in a URL. Users should be wary of URLs posted on Facebook or sent via email and should use a search engine to identify the actual URL.

When using a search engine, users should be careful of the result they click on. Hackers use legitimate looking topics to trick users into clicking. Users should scrutinize the URL to ensure they are going to a legitimate website, the company explained.

Wombat cautions users never to trust free content. Free movie, music and video downloads often include pirated content, and this content often contains viruses and malware.

Users should vary their passwords from site to site. When they employ the same password across many sites, it makes it easy for criminals to hack all of accounts. Users should also employ more complex and varied passwords for sites with personal information such as banking sites, Wombat noted.

The company advises users to be cautious of convenient features such as autocomplete for forms or “remember your password”. Websites can use hidden fields to steal the data from forms. Also, criminals can hijack browsing sessions and steal information if users stay logged into a site.

In tandem with offering tips for safe web browsing, Wombat released its new safer web browsing training module to defend against current risks associated with internet browsing in the enterprise.

“We are trying to provide a level of information that allows the security officer to understand who is vulnerable and where they are vulnerable. For the end user, it is about teaching them about security concepts and principles and having them retain the information. When it comes to the security officers who are actually buying our modules and training packages, it is about providing them the data to proactively monitor their security posture”, Ferrara concluded.

Read more