(MICROSOFT-CMG) by S.E. Slack - CNET.COM WRITER - Surprisingly, basic safety is often ignored by people using the Web to research information quickly and efficiently. If you use the Internet for research of any kind, you could be exposing yourself and your company to hidden dangers such as the unauthorized transfer of confidential information. And no one wants to be the person responsible for a companywide computer network shutdown.

Whatever your reason for using the Web, there is a smart way to conduct research on it: with an alert eye and a vigilant approach. Use these four tips to help protect yourself and your company from prying eyes and malicious programs.

1. Update, update, update! Microsoft continually provides enhancements and security updates to all its products, including Internet Explorer. No program is completely safe from harm but as threats are discovered, Microsoft makes fixes, upgrades, and service packs for its products available. To maintain the highest level of security on your computer, you or your IT department must make sure to apply all service packs.

Before you venture onto the Web, make sure you are using the latest version of Internet Explorer. At the time of this writing, the latest version is Internet Explorer 8.0.7. To see what version you are using, follow these steps:

In Internet Explorer, on the Help menu, click About Internet Explorer. There are three items you should notice in the window that is displayed:

Version: Internet Explorer 8.0.7 is the latest version.

Cipher Strength: This is the level of encryption that the browser can support. If you are going to be sending any confidential information over the Internet, you must make sure the cipher strength is 128-bit. If it is less than this value, it will be possible for a hacker to crack the encryption code and view confidential information.

Update Versions: Keep your version updated to ensure the balance between security and functionality is correct.

Use latest version of Internet Explorer

Click OK to close the window.

If your browser needs updating, go to the Microsoft Update Web site, where you can download the latest version of Internet Explorer.


2. Get into the zone (Tools menu/Internet Options/Security) By setting up Internet zones to meet your personal needs, your computer can help protect you as you surf the Web. A zone is a logical region or grouping of Web sites, based on where they are physically located and how well you trust the source. These default zones are available in Internet Explorer 8.0.7:

Local Intranet — Web sites located on your local network. These sites do not have to communicate over the Internet to be accessed.

Trusted Sites — A list of Web sites that you trust not to harm your computer, such as sites you have identified as properly encrypted.

Restricted Sites — A list of Web sites that are known or suspected to be harmful to your computer.

Internet — All other sites that don't fall under the other three categories.

You can indicate how Internet Explorer should behave when it accesses a Web site within each of these zones. In Internet Explorer, on the Tools menu, click Internet Options. In the Internet Options dialog box, click the Security tab.

Internet zones can help protect you

When you select a Web content zone, you can change the security levels. For all but the Internet zone, you can add specific sites to a zone based on your personal requirements. And Custom Level allows you to enable or disable a variety of options based on personal preference. For example, you may want to allow automatic logons only to Web sites that are located in your Intranet zone instead of everywhere on the Internet. The User Authentication section of the Custom Level zone allows you to set that preference. Or, you may want to ensure your Pop-up Blocker is enabled. Custom Level is where you can ensure your security settings allow your blocker to operate.

Follow the prompts in the Internet Options dialog box in the zone you want to customize by either clicking Sites or Custom Level.


3. Limit your intake of cookies Cookies are small files stored on your computer that contain information needed on certain Web sites. A cookie can be used to store user ID, password, preferences, personalization, or other information that is helpful to enhance your experience on that site. For example, suppose you visit a Web site that allows you to select a preferred language. So you don't have to choose the language preference each time you enter the site, a text file on the site stores language preference directly on your computer as a file, or cookie.

Here's the catch: you don't know what the cookie has been programmed to collect. You don't know if the cookie is malicious or not. If it's malicious, you could quickly end up with a spiteful little program stored directly on your hard drive. A malicious cookie can collect and store almost any information that you may not want it to, such as your name, credit card information, address, or more. Cookies make it possible for unwanted information to be stored and accessed repeatedly when you visit a Web site.

By default in Internet Explorer, cookies are allowed for all zones except the Restricted Sites zone. However, if you want to limit cookies for a particular zone, here's how you do it:

In Internet Explorer, on the Tools menu, click Internet Options. In the Internet Options dialog box, click the Privacy tab.

In the Settings section, move the slider up or down to adjust the settings.

Select settings for Internet Zones

Moving the slider up incrementally increases the Internet security on your computer, so that cookies are not accepted. Moving the slider down incrementally decreases the security, so that cookies are accepted. Check with the IT department for your organization if you are not sure which settings are appropriate to use.

Also in the Settings section, click Sites to explicitly set a cookie policy for individual Web sites. Here, you can specify which sites you want to allow or not allow to use cookies. Enter the desired Web site address in the Address of Web site text box. Click the Block button to block all cookies for the entered site, or the Allow button to allow all cookies for the entered site.

Continue entering settings for each specific Web site for which you want to set a cookie policy.

Click OK to return to the Internet Options dialog box. Click OK.

If you are concerned that you may already have cookies on your computer that contain personal information, you can delete cookies and other temporary Internet files by following these steps:

In Internet Explorer, on the Tools menu, click Internet Options.

Make sure the General tab is selected. (This is the default.)

In the Temporary Internet files section, click the Delete button. You will be prompted for confirmation before continuing.

The Temporary Internet files that you can delete are listed and selected for deletion by default, including Cookies. Clear the check box beside any temporary Internet file types that you do not want to delete.

Click OK.

Delete Browsing History

Get more information on privacy features in Internet Explorer 8.


4. Check for encryption before entering information on a site While surfing the Internet is less dangerous than finding an abandoned bag in an airport, security should still be taken seriously. Encryption is a method that Web site owners use to help protect sensitive information, such as user names, passwords, addresses, phone numbers, and credit card numbers. If a Web site you visit does not use encryption, any sensitive information you place on it is easily accessible to hackers who want that information for unsavory purposes.

There are two ways to ensure you are viewing an encrypted site.

Make sure you are using the latest version of Internet Explorer as outlined in Tip 1 ("Update, update, update!") above.

Make sure that a Web site uses encryption when you are entering or viewing sensitive information. There are two ways to see whether a site uses encryption. One is a small yellow "lock" icon on the status bar of Internet Explorer. The other is in the Web address itself. If it begins with https:// (note the "s"), then the site is secure. If you ever visit a Web site without either of these encryption indicators, do not click a Submit, Save, or OK button, because sensitive information will be transmitted without being encrypted.


Author Bio: S.E. Slack S. E. Slack specializes in simplifying complex topics so the masses can both understand and apply difficult concepts.

She is a co-author of Breakthrough Windows Vista: Find Your Favorite Features and Discover the Possibilities and CNET Do-It-Yourself Digital Home Office Projects.

She has written five other books.


Tips and Tricks to Secure Your Email

1. Find a safe ISP.

 The most reputable ISPs employ industrial-grade filters that prevent the bulk of spam from hitting their customers’ inboxes. You can save hours of work by researching ISPs and doing some legwork to determine which ISP filters the most, ultimately saving you hours of grief.

2. Turn on spam filters.

Most email, including freebie Web services, has spam filtering that can be turned on or off. Spam filters are not 100 percent accurate, so you should make a habit of visually scanning your spam folder to ensure you haven’t missed anything important. But that inconvenience is still worth leaving the filter on. This supplements the spam filtering that you’ll get from your hosted email provider, and you may also want too turn on server-side filtering for your in-house email server. Use anti-virus software.

3. All employee desktops should be equipped with anti-virus software that scans the system regularly for spam.

If a desktop is compromised, anti-virus software can help you recover quickly. This supplements anti-virus filtering that you’ll get from your hosted email provider, and you may also want to turn on server-side anti-virus filtering for your in-house email server Respect email laws and regulations.

4. Some countries have very specific rules about bulk emailing.

If you or your team uses email to promote your business, you need to know the laws for not only your country but probably for other countries that you might send email to. It’s a tall order, given the global village of the Internet, but its importance cannot be overstated. The best solution is to outsource your email campaigns to a service that has deep expertise in managing opt-in/opt-out and national polices. Don’t just delete — destroy.

5. When you upgrade and recycle old systems, don’t just format hard drives from the command line.

If you don’t trust erasure programs that overwrite sectors multiple times, you might consider a metal chipper shredder; if you’re on a tight budget, you might also take a sledgehammer to the platters. If you’ve outsourced to hosted email, you won’t need to worry about this. continued www.itsecurity.com Keep your staff email addresses off your Web site.

6. Company email addresses should only be known to other employees and a few close family members, in case of emergency.

If you advertise email addresses on your Web site, you invite spam, as well as creative phishing scams. If you must publish email addresses on your Websites, code the address so it is mangled but still recognizable by a human. For example, if your email is bob.loblaw@mycompany.com, then try something like “bob-dot-loblaw #at# mycompany-dot-com. Spambots are getting smarter, so be inconsistent and clever. Use a variety of punctuation marks. One option is to create generic addresses (such as jobs@mycompany.com or pr@mycompany.com) and turn the spam filters to an extra-aggressive setting for these addresses. Use a contact form.

7. Let Web visitors contact you using a coded Web site form that forwards messages to the appropriate employee addresses.

Then your staff can filter any incoming spam from genuine tech-support requests or sales queries, and the addresses can be changed at any time without altering the site. Since email is often the primary method of communication in the workplace, you can only place so many restrictions on its usage, but you can help your staff navigate the system appropriately. Setting up an official employee Email Usage Policy will make your staff aware of the issues regarding email usage and give them the information they need to use email safely.

EMPLOYEE BEST PRACTICES: Here are some tips you can add to your policy to help keep your network secure: Restrict personal email to a freebie email account.

1. Gmail or Yahoo! Mail are ideal for non-work-related communications and subscriptions because they will protect the privacy of your emails, make them available remotely, and secure the network from all that unwanted spam. Be very clear in your email policy that company and customer information should never be sent through freebie accounts. (In some industries such as financial services, it may be necessary to block all freebie accounts to assure that customer information is not being misused.) It’s also best to set up a separate email account for your mobile devices.

If you plan to be away from a laptop or desktop for an extended period, you can redirect your regular email, with full filters on, to direct subscriptions and other large regular emails to your main account. Use BCC to protect your recipients.

2. If you must send a group email to people who do not know each other, do not add their addresses to the form’s CC field, because spammers can harvest the addresses. Instead, use the BCC option in your email program for their addresses and put your own email in the form’s “To” field. Use secure file types.

3. Microsoft Word files (.doc format) are susceptible to some macro viruses, and employees may send or share compromised files without even being aware the file is corrupted. Safer word processing options include sending Word documents saved in the RTF (rich text file) or PDF format. Another option is to use OpenOffice.org, the free, open-source alternative to Microsoft Office programs that allows users to create spreadsheets, text documents and diagrams: the applications can also output its XML files to the appropriate MS Office format. Beware of spammer tricks.

4. Opening spam can direct floods of it to your inbox. Beacons are embedded in spam, typically clear and one-pixel GIF images sent from a machine controlled by the spammer advertise that you opened the email and that your address is both valid and responsive, an ideal target for future attacks.

Here are some common techniques that spammers use to entice you:

Nigerian Fraud:• In this scam, a fictional Nigerian government employee with access to untold riches just needs a chunk of cash from you so he can escape the country. This was known in the 16th century as the Spanish Prisoner Letter. In 500 years, no one foolish enough to send money ever received a cent or centavo back from the criminals behind these scams.

Phishing Email:• Beware of messages purporting to be from PayPal, Western Union, e-gold or other financial companies that threaten to close an account or forfeit an account balance unless a user clicks links to verify or confirm account details. The links look legitimate, but instead they direct the worried recipient to a look-alike site set up to collect login and password information, credit card and/or bank account details, and so on. Never click links in email of this variety. Instead, physically type the URL of the company’s Web site into your browser if you are concerned about your account. Honest companies will tell you up-front that they never send this sort of email; that is, they will never send an email where they tell you to click on an enclosed link to save your account from being shut down.

Bounced Email:• Spammers can send an email that mimics a message claiming that an email has bounced.

Sweepstakes and Lottery Promises:• Regardless of what that email says, you did not win the Irish Sweepstakes. Neither did you win the Yahoo Lottery. In fact, there is no Yahoo Lottery. Typically, one has to purchase a ticket to win a lottery. Also, legitimate lotteries don’t ask you to send $550 to Nigeria.

Unsubscribe Promises:• Don’t unsubscribe blindly. If you start receiving “subscription” emails from some source to which you didn’t subscribe, don’t use their “unsubscribe” link. If you do, you might just find yourself getting even more emails. You’re better off just adding the email address (or the entire domain) to your inbox blacklist.

5. Don’t just delete the spam — add senders to your email client’s block list so they can’t spam you again. Companies should provide an easy way for employees to mark emails as spam and automatically add senders to companywide black lists. Use attachments carefully.

6. Attachments are often used by spammers as malicious files that can install malware, and even well-intentioned attachments can take up company resources and eat up bandwidth unnecessarily. For files to be shared with a few people or an entire department, employees are best advised to use shared network folders or secure online collaboration resources that can be accessed remotely. These solutions have the benefit of being editable and shared continuously, rather than lost in an inbox, and employees need not worry as much about malicious attachments. Employees also should be aware of the risks of receiving attachments. If you receive an attachment that you are not expecting, first read the email and verify its legitimacy. If in doubt, call or IM (instant message) the sender to make sure it is work-related and safe.

Chief News Editor: Sol Jose Vanzi

All rights reserved