CLLB Information Security Newsletter – Cyber Ethics

September 2009 Volume 2, Issue 9
Cyber Ethics

From the Desk of David Badertscher

What is Cyber Ethics?

Cyber ethics refers to the code of responsible behavior on the Internet. Just as we are taught to act responsibly in everyday life, with lessons such as “Don’t take what doesn’t belong to you,” and “Do not harm others,” — we must act responsibly in the cyber world as well.

What are Responsible Behaviors on the Internet?

Responsible behavior on the Internet in many ways aligns with acceptable behavior in everyday life, but the consequences can be significantly different. For example, verbal gossiping is generally limited to the immediate audience (those within earshot) and may well be forgotten the next day. However, gossiping on the Internet can reach a far wider audience. The “words” are not forgotten the next day, but may live on the Internet for days, months or years and cause tremendous harm.

Some people try to hide behind a false sense of anonymity on the Internet, believing that it does not matter if they behave badly online because no one knows who they are or how to identify them. That is not always true. Computers, browsers, and Internet service providers may keep logs of their activities which can be used to identify illegal or inappropriate behavior.

The basic rule is do not do something in cyber space that you would consider wrong or illegal in everyday life.

When determining responsible behaviors, consider the following:

Do not use rude or offensive language.
Don’t be a bully on the Internet. Do not call people names, lie about them, send embarrassing pictures of them, or do anything else to try to hurt them.
Do not copy information from the Internet and claim it as yours. That is called plagiarism.
Adhere to copyright restrictions when downloading material including software, games, movies, or music from the Internet.
Do not break into someone else’s computer.
Do not use someone else’s password.
Do not attempt to infect or in any way try to make someone else’s computer unusable.

We were taught the rules of “right and wrong” growing up. We just need to apply the same rules to cyber space!

For more information on Cyber Ethics visit:

– U.S Department of Justice:– MS-ISAC:

– Symantec:
– Cyber-Ethics Champions Code:

– StaySafeOnLine:


LIVE NATIONAL WEBCAST A Strategy for Promoting Cyber Security Awareness – October 8 – 2:00pm-3:00pm EDT

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to


Information Security News, Tips and Trends from Janus Associates*

European cyber-gangs target small U.S. firms, group says
The Washington Post 08/25/2009

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States , setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions. A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud.

“In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses,” the confidential alert says.
Businesses do not enjoy the same legal protections as consumers when banking online. Consumers typically have up to 60 days from the receipt of a monthly statement to dispute any unauthorized charges. In contrast, companies that bank online are regulated under the Uniform Commercial Code, which holds that commercial banking customers have roughly two business days to spot and dispute unauthorized activity if they want to hold out any hope of recovering unauthorized transfers from their accounts. Read More

7 easy ways to protect PC based information from theft

The proliferation of Personal Storage Devices (thumb drives, iPods, USB external hard disks, etc.) and simple remote access has created unprecedented levels of convenience and at the same time a substantially increased risk of data loss. Pocket sized external USB storage devices can put hundreds of Gigabytes of data storage at your fingertips which is easily enough space to house an industrial-strength database or thousands of documents, spreadsheets, photos and other sensitive information. With the right software installed, these devices can be configured to automatically transfer data off any machine into which they’re plugged. This can be a convenience for the owner of the data, or for the Bad Guy an easy way to potentially access and steal your data. Exploiting this type of threat is very inexpensive and does not take expertise.

Securing your environment is very easy and involves a multi-tiered Best Practices approach including:

Creating and enforcing sound policies and procedures thatlock down the system BIOS on all computers processing, storing or transmitting data.

Creating a logon requirement that uses password and / or biometric authentication every time the PC is turned on.

Requiring the use of strong passwords that contain a minimum 7 character combination of both alpha and numeric symbols.

Never sharing or writing down your passwords.

Automated forced changing of passwords every 60 days.

Locking the PC after 10 minutes of inactivity to prevent unauthorized access to the machine and its data when the user steps away.

Turning off the PC when it is unattended for long periods of time. This one is an often overlooked critical step. A turned off PC means that someone who gains unauthorized access to the network has no access to the hard drive of that specific machine. If the PC is infected and part of a Bot network shutting it down will prevent its use as a zombie for mass spamming or D.o.S. attacks. Think about it; how many people do you know who leave their pc’s at work or home on 24/7? If it’s on it can be accessed remotely.

Securing your PC and data isn’t rocket science. It’s simply a matter of common sense and best practices. Cases in point; would you leave your house unlocked when you go to work for the day or leave your keys in the car and walk away? Of course not. So why would you leave your PC unlocked when you aren’t there? Easily implemented precautions that cost you nothing beyond a few minutes of your time can help minimize the risks associated with data loss and identity theft.
________________________________ * JANUS Associates provides a full range of information security and business information solutions including risk analysis, penetration testing, Payment Card Industry and regulatory compliance assessments including HIPAA, disaster recovery and business continuity planning and testing, eDiscovery, data forensics and data breach crisis management.

In business since 1988, JANUS has the longest tenure of any independent IT security firm in the nation and has been in the forefront of providing quality IT centric services.

JANUS is an independent, woman-owned vendor neutral company with deep skills and strong credentials in the government, commercial and Not-For-Profit sector.

Contact Information