Skip to main content

3 posts tagged with "research"

View All Tags

· 8 min read
Rus

 

Scam Me If You Can

"Cybersecurity For Dummies" covers a lot of topics on security, like a solid encyclopedia and from the beginning the author mentioned DDoS attacks, botnets and even cryptocurrency miners. That's where my mom will close the book. Probably "Dummies" series come with hydrant of information on the topic and I can't complain. Curious to know if people buy this book after they've got online into troubles. Malware or some privacy issues. I am not sure if my mom will be able to use this book in practice or understand anything beyond theory. Should a book on security be more practical? Should an author lead a reader towards the goal or its up to that reader to research and decide what to do to stay safe online. Is it enough to say "use a difficult password" instead of leading the way to help and point out where their password could be changed?

✅ Set a strong, unique password. Where is that?

Account → Settings and Privacy → Settings → Security and Login

* Practical example. Changing password in Facebook app. Even this isn't enought without a picture and next steps.

Here is a saved table of contents mostly for myself to remind how many topics might be covered and need to avoid overwhelming a reader.

Table of contents

Part 1: Getting Started with Cybersecurity  

    Chapter 1: What Exactly Is Cybersecurity?  
        - Cybersecurity Means Different Things to Different Folks 
        - Cybersecurity Is a Constantly Moving Target 
        - Looking at the Risks That Cybersecurity Mitigates 

    Chapter 2: Getting to Know Common Cyberattacks
        - Attacks 
        - That Inflict Damage 
        - Impersonation Interception 
        - Data Theft 
        - Malware 
        - Poisoned Web Service Attacks 
        - Network Infrastructure Poisoning 
        - Malvertising 
        - Exploiting Maintenance Difficulties 
        - Advanced Attacks 
    
    Chapter 3: Bad Guys and Accidental Bad Guys: The Folks You Must Defend Against  
        - Bad Guys and Good Guys Are Relative Terms 
        - Bad Guys Up to No Good 
        - Cyberattackers and Their Colored Hats 
        - Monetizing Their Actions 
        - Dealing with Nonmalicious Threats 
        - Defending against These Attackers 
        - Addressing Risks through Various Methods 

Part 2: Improving Your Own Personal Security  
    
    Chapter 4: Evaluating Your Current Cybersecurity Posture  
        - Identifying Ways You May Be Less than Secure 
        - Identifying Risks 
        - Protecting against Risks 
        - Evaluating Your Current Security Measures 
        - Privacy 101 
        - Banking Online Safely 
        - Safely Using Smart Devices 
    
    Chapter 5: Enhancing Physical Security
        Understanding Why Physical Security Matters 
        Taking Inventory 
        Locating Your Vulnerable Data 
        Creating and Executing a Physical Security Plan 
        Implementing Physical Security 
        Security for Mobile Devices 
        Realizing That Insiders Pose the Greatest Risks 

Part 3: Protecting Yourself from Yourself  
    Chapter 6: Securing Your Accounts  
        - Realizing That You’re a Target 
        - Securing Your External Accounts 
        - Securing Data Associated with User Accounts 
        - Securing Data with Parties That You’ve Interacted With 
        - Securing Data at Parties That You Haven’t Interacted With 
    
    Chapter 7: Passwords  
        - Passwords: The Primary Form of Authentication 
        - Avoiding Simplistic Passwords 
        - Password Considerations 
        - Creating Memorable, Strong Passwords 
        - Knowing When to Change Your Password 
        - Changing Passwords after a Breach 
        - Providing Passwords to Humans 
        - Storing Passwords 
        - Transmitting Passwords 
        - Discovering Alternatives to Passwords 
    
    Chapter 8: Preventing Social Engineering  
        - Don’t Trust Technology More than You Would People 
        - Types of Social Engineering Attacks
        - Six Principles Social Engineers Exploit 
        - Don’t Overshare on Social Media 
        - Leaking Data by Sharing Information as Part of Viral Trends
        - Identifying Fake Social Media Connections 
        - Using Bogus Information 
        - Using Security Software 
        - General Cyberhygiene Can Help Prevent Social Engineering 

Part 4: Cybersecurity for Businesses and Organizations  

    Chapter 9: Securing Your Small Business  
        - Making Sure Someone Is in Charge 
        - Watching Out for Employees 
        - Considering Cyber Insurance 
        - Complying with Regulations and Compliance 
        - Handling Internet Access 
        - Managing Power Issues 
    
    Chapter 10: Cybersecurity and Big Businesses  
        - Utilizing Technological Complexity 
        - Managing Custom Systems 
        - Continuity Planning and Disaster Recovery 
        - Looking at Regulations 
        - Deeper Pockets — and Insured 
        - Considering Employees, Consultants, and Partners 
        - Looking at the Chief Information Security Officer’s Role 

Part 5: Handling a Security Incident (This Is a When, Not an If)
    
    Chapter 11: Identifying a Security Breach  
        - Identifying Overt Breaches 
        - Detecting Covert Breaches 
    
    Chapter 12: Recovering from a Security Breach
        - An Ounce of Prevention Is Worth Many Tons of Response 
        - Stay Calm and Act Now with Wisdom 
        - Bring in a Pro Recovering from a Breach without a Pro’s Help
        - Reinstall Damaged Software 
        - Dealing with Stolen Information 
        - Recovering When Your Data Is Compromised at a Third Party 

Part 6: Backing Up and Recovery  

    Chapter 13: Backing Up 
        - Backing Up Is a Must 
        - Looking at the Different Types of Backups 
        - Exploring Backup Tools 
        - Knowing Where to Back Up 
        - Knowing Where Not to Store Backups 
        - Encrypting Backups 
        - Figuring Out How Often You Should Backup 
        - Disposing of Backups 
        - Testing Backups 
        - Conducting Cryptocurrency Backups 
        - Backing Up Passwords 
        - Creating a Boot Disk 
    
    Chapter 14: Resetting Your Device  
        - Exploring Two Types of Resets 
        - Rebuild Your Device after a Hard Reset 
    
    Chapter 15: Restoring from Backups  
        - You Will Need to Restore 
        - Wait! Do Not Restore Yet! 
        - Restoring from Full Backups of Systems
        - Restoring from Incremental Backups 
        - Dealing with Deletions 
        - Excluding Files and Folders 
        - Understanding Archives 
        - Restoring Using Backup Tools 
        - Returning Backups to Their Proper Locations 
        - Restoring to Non-Original Locations 
        - Never Leave Your Backups Connected 
        - Restoring from Encrypted Backups 
        - Testing Backups 
        - Restoring Cryptocurrency 
        - Booting from a Boot Disk 
        
Part 7: Looking toward the Future  

    Chapter 16: Pursuing a Cybersecurity Career  
        - Professional Roles in Cybersecurity 
        - Exploring Career Paths 
        - Starting Out in Information Security 
        - Exploring Popular Certifications 
        - Overcoming a Criminal Record 
        - Looking at Other Professions with a Cybersecurity Focus 
    
    Chapter 17: Emerging Technologies Bring New Threats  
        - Relying on the Internet of Things 
        - Using Cryptocurrencies and Blockchain 
        - Optimizing Artificial Intelligence 
        - Experiencing Virtual Reality 
        - Transforming Experiences with Augmented Reality 
        
Part 8: The Part of Tens  

    Chapter 18: Ten Ways You Can Improve Your Cybersecurity without Spending a Fortune
        - Understand That You Are a Target 
        - Use Security Software 
        - Encrypt Sensitive Information 
        - Back Up Often 
        - Do Not Share Passwords and Other Login Credentials 
        - Use Proper Authentication 
        - Use Social Media Wisely 
        - Segregate Internet Access 
        - Use Public Wi-Fi Safely 
        - Hire a Pro 
    
    Chapter 19: Ten Lessons from Major Cybersecurity Breaches  
        - Marriott 
        - Target 
        - Sony Pictures 
        - Office of Personnel Management 
        - Anthem 
    
    Chapter 20: Ten Ways to Safely Use Public Wi-Fi  
        - Use Your Cellphone as a Mobile Hotspot 
        - Turn Off Wi-Fi Connectivity When You’re Not Using Wi-Fi 
        - Don’t Perform Sensitive Tasks over Public Wi-Fi 
        - Don’t Reset Passwords When Using Public Wi-Fi 
        - Use a VPN Service 
        - Use Tor 
        - Use Encryption 
        - Turn Off Sharing 
        - Have Information Security Software on Any Devices Connected to - Public Wi-Fi Networks
        - Understand the Difference between True Public Wi-Fi and Shared - Wi-Fi

While many books have been written over the past couple decades on a wide variety of cybersecurity-related topics, most of them don’t provide the general population with the information needed to properly protect themselves.

Many cybersecurity books are directed toward highly technical audiences and tend to overwhelm noncomputer scientists with extraneous information, creating severe challenges for readers seeking to translate the knowledge that they acquire from books into practical actions. On the flip side, various self-published introduction-to-cybersecurity books suffer from all sorts of serious deficiencies, including, in some cases, having been written by non-experts and presenting significant amounts of misinformation. Anyone interested in cybersecurity often shouldn’t trust these materials. Likewise, many security tip sheets and the like simply relay oft-repeated clichés and outdated advice, sometimes causing people who follow the recommendations contained within such works to worsen their cybersecurity postures rather than improve them. Furthermore, the nearly constant repetition of various cybersecurity advice by media personalities after news stories about breaches (“Don’t forget to reset all your passwords!”), coupled with the lack of consequences to most people after they do not comply with such directives, has led to cybersecurity fatigue — a condition in which folks simply don’t act when they actually need to because they have heard the “boy cry wolf” one too many times.

I wrote Cybersecurity For Dummies to provide people who do not work as cybersecurity professionals with a foundational book that can teach them what they need to know about cybersecurity and explain why they need to know it. This book offers you practical, clear, and straightforward advice that you can easily translate into actions that can help keep you and your children, parents, and small businesses cybersecure.

· 3 min read
Rus

 

Scam Me If You Can

Next book from the list is "Scam Me If You Can" by Frank Abagnale (yes, its the same guy who inspired the 2002 film "Catch Me If You Can").

Introduction: Smart People Get Scammed

What’s Your Scam Quotient?

  1. The Playbook Exposed: Recognize—and Beat—the Con Artist’s Game

RULE #1 | PROTECT YOUR IDENTITY

  1. How Identity Thieves Work
  2. Tax Fraud and IRS Scams
  3. Sick: Medical Identity Theft

RULE #2 | SECURE YOUR FINANCES

  1. Protect Yourself Against These Bad Investments
  2. Small Business Shakedowns
  3. I’m (Not Actually) from the Government: Social Security, Government Grants, and Other “Official” Scams

RULE #3 | PRESERVE YOUR DIGITAL PRESENCE

  1. Fend Off Cyberattacks
  2. Passwords Are for Treehouses: Why We Need to Get Rid of Them

RULE #4 | SAFEGUARD YOUR HOME AND HEARTH

  1. The Calls That Just Keep Coming: Robocalls and Nuisance Calls
  2. Great Real Estate Ruses RULE #5 | SHELTER YOUR HEART
  3. It’s Personal: Fraud That Hurts More than Just Your Wallet
  4. Charity Scams: Giving Back, or Dodgy Donations?
  5. Love You Knot: The Wild World of Dating Scams

EPILOGUE: Fraud, Fast Forward

The book starts with a retired lady, meth addication and identity theft. Every year, millions of Americans consumers - nearly 7 percent of the population - are victioms of scams and fraud. This book is part of AARP's efforts to educate and arm readers of every age about as many scam techniques and prevention strategies as possible.

tip

Create a place where I and others can share descriotions of current/past scams and frauds. Database or wikipedia of online scams.

The book organized around five simple steps to scam-proof reader's life:

  1. Protect readers identity.
  2. Secure finances.
  3. Preserve digital presence.
  4. Safeguard home and hearth.
  5. Shelter your heart.

Next as I've seen already in security trainings or in a previous book goes a quiz which helps to identify vulnerability level to scams. Scam Quotient! After the quiz each chapter orginized around a real story (usually very bad and dramatic) and solution related to that. What I don't like about this approach is in this example:

Ten ways to avoid the triple threat: scarcity, urgency, and flattery

  1. Check you emotions.
  2. Give it twenty-four hours.
  3. Practice introspection.
  4. Keep it close to the vest.
  5. Get nosy.
  6. Don't fall for time limits.
  7. Do due diligence.
  8. Read reviews.
  9. Tell someone.
  10. Don't pick up.

Most of them are useful in theory, but it requires practice. Many examples to develop muscle memory on specific patterns around online deception.

This book lead me into the rabbit hole all the way to "Victimization of Persons By Fraud. January 1995". From 1995 till today nothing changes, only the scale of scams became much bigger with the internet.

Also found in Appendix. Survey instrument which might be useful for customer development.

· 2 min read
Rus

I've been consuming a lot of articles lately in order to understand the reader's expectations and many interesting sources are filling the creative well. New York Times writes extensively on this topic, I like these examples "Why You Need a Password Manager. Yes, You," "10 Tips to Avoid Leaving Tracks Around the Internet" or similar on privacy as well "How to Protect Your Digital Privacy". About two-factor authentication - "Protecting Your Internet Accounts Keeps Getting Easier. Here’s How to Do It.." Another older article from another source was about "9 internet scams we're still falling for in 2018."

When the coding backend of the book is in its progress I'm starting to lean towards research on currently available books on cyber security. Starting from "Hack-Proof Your Life Now!: The New Cybersecurity Rules: Protect your email, computers, and bank accounts from hacks, malware, and identity theft" I am going to absorb all these books and hoping to improve my vision on what should I write and how to present it clearly.

  • Boost your security (an unprecedented wave of cyber attacks and data breaches). While you can't stop hackers from sweeping up your data held by corporations and governments, you can prevent cyber criminals from using it against you.
  • Email address is the key to your digital life: it shouldn't be everywhere.
  • Love your passwords, lose weight, and beat the password paradox.
  • Rule #2: use mnemonic, goal-setting, or poetic passwords.
  • The two-step process that stops hackers. About enabling two-factor verification on your email and financial accounts.
  • Too many passwords and the unbreakable solution. Use a password manager for unbreakable protection.

That was the end of the free sample. I liked that idea with pre-story with real life examples for each chapter, action steps with what to do impliment for better security for each chapter, date of completion and score points for each step.