According to a CSI/FBI Computer Crime and Security Study, cyber crimes cost the United States economy an estimated $67 billion in damages(i), which is comparable to the U.S. federal government's estimated information technology (IT) spending for fiscal year 2008(ii).

Corporations and governments have long known an effective IT security program requires dedicated resources - people, processes and technology. Investing wisely in cyber security is a fundamental cost of doing business in the relatively new wired world.

"The big business and government approach to cyber security contrasts sharply with many small business and home computer users who can unsuspectingly be the 'back doors' to a full-scale cyber attack," said Dave Morrow, EDS chief security and privacy officer. "This weakness at the grassroots level requires all users to be responsible citizens in the collective online world with equal time and energy spent to protect these computers. Everyone must practice safe computing habits and good personal computing hygiene."

In honour of National Cyber Security Awareness Month, EDS security and privacy experts have identified EDS' eight tips to help consumers secure their part of cyberspace:

1. Know the threat. The online world is a dangerous place. Just like any city or town, there are "good" neighborhoods and "bad" ones. Likewise, the Internet community has an overwhelming number of good, decent people mixed in with a few "bad guys." The bad guys can be right next door or across the globe, but both can be equally harmful to you and your personal data.

2. Use the tools. Every home or small business user should install commonly available security tools such as anti-virus software, anti-spyware software and a personal firewall. It's also important these programs and the computer's operating system must be maintained with the most recent patches or updates. Probably the most common -- and most easily remedied -- security problem in home or small business computers is out-of-date software.

3. Be smart online. Like the physical world, cyberspace has its "con-artist side" typified by bogus e-mails advertising "get-rich-quick" schemes, "can't-miss" stocks and come-ons from the opposite sex who "can't wait" to chat. All too often, these are teasers drawing users to Web sites with viruses, bot programs or other cyber risks. In many cases, anything goes and relatively few rules apply. Remember, if it is too good to be true, it probably is.

4. Never respond to unsolicited requests for personal information. Be wary of e-mails from organizations or individuals asking for your personal information. Always ask or look for contact information on unsolicited requests and be sceptical. No reputable bank, for example, will e-mail you asking you to provide personal information for "account verification." If you believe the content may be suspect, contact the company directly to verify.

5. Beware of "phishing" e-mails. Phishing is one of the fastest-growing forms of online fraud for identity thieves. Phishing e-mails appear legitimate, often addressing you by name, which makes them even more convincing. Thieves sending these e-mails usually ask you to click on a link in the email that takes you to a phony Web site -- if you are interested, it is best to go to the site yourself by typing the Web site name directly into your browser rather than clicking on the link provided in the e-mail. A skeptical attitude toward unsolicited e-mails is always the best policy, especially if you have never done business with a company before receiving an e-mail solicitation from it.

6. Do not use personal information for passwords. Using information such as Social Security numbers, birth dates, names, e-mail addresses or telephone numbers as passwords can make you an easy target. Be sure your passwords contain at least eight characters and include numbers or symbols. To avoid misuse, do not write down passwords.

7. Review privacy and security policies for the companies you do business with online. All reputable companies post a privacy and security policy or statement on their Web site. This should tell you what information the company collects, how it is used and what is shared. If you are concerned about your information being shared with other companies, make sure there is an option to keep your information confidential.

8. Monitor online activity regularly. If you conduct business online, review your account statements regularly and consider using a separate credit card for online purchases or payments to ensure all transactions are in order. By reviewing online statements and transactions frequently, you could detect a theft and limit its damage. Identity thieves typically use stolen information for only a short period of time to avoid being caught. If you suspect a security breach, act quickly by contacting the companies you do business with immediately.

Corporations and governments, while certainly not perfect, devote a lot of effort to foster a safe online world -- it is simply good business and sound government. This same thinking has to exist everywhere, with everyone. The power of the Internet comes with a great shared responsibility of cyber security.



(i) 2005 CSI/FBI Computer Crime and Security Survey
(ii) Nick Wakerman, "Report: Fed IT spending to top $67 billion in 2008," Washington Technology, October 18, 2007.