Consider how much of your personal information is stored either on your own computer or on someone else’s system. How is that data and the systems on which that data resides (or is transmitted) kept secure?

Confidentiality: Information that is private or confidential must remain so and is shared only with appropriate users.
Integrity: Information has not been altered or destroyed from its intended form or content.
Availability: Information is accessible, functional and usable when needed by authorized users.

Different types of data and systems require different levels of appropriate security. For example, your confidential medical records should be released only to those individuals or organizations (i.e., doctor, hospital, insurance company, government agency, you) authorized to see it (confidentiality); the records should be well protected so that no one can change the information without authorization (integrity); and the records should be available and accessible to authorized users (availability).

These are just a few examples of the threats facing us, and they highlight the importance of cyber security as a necessary approach to protecting data and systems.

Malware, worms, and Trojan horses: These spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.

Botnets and zombies: A botnet, short for robot network, is an aggregation of compromised computers that are connected to a central “controller.” The compromised computers are often referred to as “zombies.” These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

Scareware – fake security software warnings: This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

Social Network Attacks: Social networks can be major sources of attacks because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone’s page, which could bring them to a malicious website.

• Properly configure and patch operating systems, browsers, and other software programs.
• Use and regularly update firewalls, anti-virus, and anti-spyware programs.
• Use strong passwords (combination of uppercase and lowercase letters, numbers and special characters) and do not share passwords.
• Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.
• Do not open email or related attachments from un-trusted sources.
• Allow access to systems and data to only those who need it, and protect those access credentials.
• Follow Citywide Information Security Policies and Standards and report security violations and issues to the Citywide Service Desk at (718) 403-8888.

• Free Security Checks:www.staysafeonline.info/content/free-security-check-ups
• Malware: www.onguardonline.gov/topics/malware.aspx
• Spyware: www.onguardonline.gov/topics/spyware.aspx
• Social Networking Privacy – A Parent’s Guide: www.ftc.gov/bcp/edu/pubs/consumer/tech/tec13.shtm
• US-CERT–Staying Safe on Social Network Sites: www.us-cert.gov/cas/tips/ST06-003.html

Citywide Information Security Policies and Standards are available at http://cityshare.nycnet/infosec.