[download] CLICK HERE TO DOWNLOAD THE PDF[/download] or

Share this Image On Your Site

Please include attribution to www.InfoSecInstitute.com with this graphic.


’Powerful


Transcription When thinking about the IT industry, we have this picture of servers, consultants, hackers … But we forget that it’s made by people who are thinking out of the box and who sometimes express themselves that way. In this article, we will present a collection of powerful, insightful and sometimes funny quotes. Status quotes “Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information.”— U.S. Department of Homeland Security (Internet Hoaxes) ********* “Securing a computer system has traditionally been a battle of wits: the penetrator tries to find the holes, and the designer tries to close them.” — Gosser ********* “A security researcher examining the website of North Korea’s official news service, the Korean Central News Agency, has discovered that the site delivers more than just the latest photo spread of Democratic Peoples’ Republic of Korea leader Kim Jong Un inspecting mushroom farms. There’s a little extra surprise hidden in the site’s code—malware. The news site appears to double as a way for North Korea to deliver a ‘watering hole’ attack against individuals who want to keep tabs on the ‘activities’ of the DPRK’s dear leader.” — Sean Gallagher, Ars Technica ********* “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” — John Perry Barlow ********* “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” — White House Cybersecurity Advisor, Richard Clarke ********* “We have only two modes – complacency and panic.” — James R. Schlesinger, the first U.S. Dept. of Energy secretary, in 1977, on the country’s approach to energy. *********  “Amateurs hack systems, professionals hack people.” — Bruce Schneier ********* “The problem of viruses is temporary and will be solved in two years.” — John McAfee, 1988 (founder of McAfee Antivirus) ********* “There are risks and costs to a program of action—but they are far less than the long range cost of comfortable inaction.” — John F. Kennedy ********* “Passwords are like underwear; you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers” — Chris Pirillo *********  “The online truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford ********* Actionable quotes “Practice the principle of least privilege. Do not log into a computer with administrator rights unless you must do so to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar Internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access.” — Indiana University (Best practices for computer security) ********* “A password manager is a secure storage location for all your different passwords. It integrates with your web browser and automatically enters your username and password for you when you are logging in to a website. A good password manager will also generate secure passwords for you when you register with a new site or change a password. The password manager protects its contents by using a special ”master“ password. Needless to say, it is critical to choose a very strong master password. Some password managers allow you to add multi-factor authentication in addition to your master password to give you an extra layer of security. There are plenty of good password managers to choose from (far too many to mention here) and many of them are free. I often recommend LastPass, KeePass or Password Safe.” — Dave Herrald, GTRI (Five Cyber Security Tips for Computer and Online Safety) ********* “Social engineering scams are a particular concern. With these scams, attackers present a post intended to get the target user to click on a link. That link usually leads to the user downloading some malicious code that has the potential to steal information on the user’s computer or mobile device. These scams are sometimes also called phishing and baiting, as well as click-jacking. Whatever they’re called, just know that not every post on social media is safe to click on. You should take special care to treat every link with suspicion, especially those that look like click bait.” — Rick Delgado for the National Edition, Tech Cocktail ********* “Two-factor authentication is coming soon to Twitter, but it’s not likely to happen overnight. And it won’t solve the world’s online security woes when it does roll out. Phishing attacks — like the one that may have been behind the recent Twitter AP hoax — will persist because they work. Social engineering scams will grow more creative in their efforts to con people into coughing up bank account info, network credentials and other sensitive data. And social sites — all of which are predicated upon words like sharing and connecting — will be a prime breeding group for such activity, even with tighter perimeter defenses such as two-factor authentication. We’re still human, after all, and therefore susceptible to making mistakes.” — Kevin Casey, InformationWeek Network Computing ********* “Malware (for ‘malicious software’) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission.” — Margaret Rouse, TechTarget ********* “‘Spoofing’ means duplicating a legitimate website, by including familiar logos and by using a nearly identical website address or domain name, to solicit the user to submit personal information. While the website address may appear similar to that of a legitimate company, it was actually created by a copycat. Criminals often lure customers to ‘spoofed’ websites using “phishing” type emails.” — William Francis Galvin, Secretary of the Commonwealth of Massachusetts ********* “Software updates often fix security problems, so download updates as soon as they become available. To make this easier, more software programs–including Windows, Office, Flash, Java and Adobe Acrobat—now offer options to download and install updates automatically; these can generally be accessed through ‘Settings’ or ‘Preferences.'” — California SBDC (10 Tips to Computer Security for Your Small Business – June 2012) ********* “This might seem like a ‘duh’ tip, but it surprises me how many people I meet who don’t have a lock screen enabled. Your password is the first line of defense in keeping your data secure, and is the easiest security feature to set up. Of course it’s also worth noting that newer phones on the market like the iPhone 6 and Samsung Galaxy S5 have a fingerprint sensor for locking your phone.” — Brian Burgess, Gizmag (Essential Tips to Keep Your Smartphone Secure) ********* “Your computer operating system may allow other computers on a network, including the Internet, to access the hard-drive of your computer in order to ’share files.’ This ability to share files can be used to infect your computer with a virus or look at the files on your computer if you don’t pay close attention. So, unless you really need this ability, make sure you turn off file-sharing. Check your operating system and your other program help files to learn how to disable file sharing. Don’t share access to your computer with strangers!” — CyberSmart.org (Internet Safety Tips for Elementary and Middle School Students, Educators and Families) ********* “Most people still use Internet Explorer or Safari for browsing. They’ve come on in recent years- especially Internet Explorer. Still, my personal recommendation is to use Google Chrome as your browser, as it’s been hailed as the most secure of browsers again and again.” — Ian Anderson Gray ********* “Your Windows login password is not encrypting your computer (surprise!). Full-disk encryption (used by very few people) is a good step, but by itself it still will not completely protect your data from prying eyes, overzealous governments, or your own mistake of leaving your company’s crown jewels at the local coffee shop.” — Brandon Gregg, CSO Online (Three steps to properly protect your personal data) *********