Safety and Security Recommendations in the IT Field

Today, information security in computer systems is considered one of the important issues and should be viewed not as a product but as a process. Undoubtedly, informing about threats, attacks, and how to deal with them holds a special place in the information protection process, and it is essential to keep oneself updated with the latest available information in this field. For this reason, and given the importance of information dissemination in this area, a brief overview of information security, security warnings, tools for dealing with attacks, and security threats will be presented.

Necessary operations for data security

Proper use of passwords: Always try to use passwords to access information on portable devices. When entering a password, do not select options that allow the computer to remember passwords. Do not use passwords that can be easily guessed by unauthorized individuals.

Separate storage of important data: Various devices and options can be used to store data. CD, DVD, or portable disks are recommended. Information on portable devices (such as laptops) should be stored on portable storage media in different locations. This way, in case of theft or a computer malfunction, data accessibility and usability will still be intact. The storage location must meet suitable security conditions.

File encryption: By encrypting files, only authorized individuals will be able to access and view the information. If unauthorized individuals gain access to the data, they will not be able to view the information. When encrypting data, adequate measures regarding password protection and memorization must be taken.

Installation and maintenance of antivirus software: Protecting portable computers against viruses is similar to protecting other computers, and it is essential to ensure that such programs are always up to date.

Installation and maintenance of a firewall: When using multiple networks, the necessity for firewalls increases. By using firewalls, necessary protections and initial prevention against unauthorized access to the system will be established.

Backing up data: A backup should be created for any valuable data on a computer. This way, if the computer is stolen or encounters issues, there will still be access to the at-risk information.

B - How to choose and protect passwords: Passwords serve as a method for user authentication and are the only safeguard between the user and the information on a computer. Attackers can use various software programs to guess passwords or "crack" them. By selecting appropriate passwords and keeping them safe, guessing them will be difficult, and consequently, unauthorized individuals will not be able to access your personal information. One of the best methods of protecting information is to ensure that only authorized individuals can access it. The process of authenticating and validating users in the virtual world has its own specific conditions and characteristics and can be argued to be significantly more complex than in the non-virtual world. If you do not choose your passwords correctly or do not take proper care of them, the potential will certainly lose its effectiveness and real utility. Many systems and services face challenges solely due to insecure passwords, with some viruses managing to achieve their malicious goals by guessing and identifying weak passwords.

Most people use passwords based on their personal information, as these are easier for them to remember. It is evident that in the same measure, attackers will also find it easier to guess and crack these passwords. These types of passwords are prone to "dictionary" attacks. To define a password, the following recommendations are made:

•    Do not use passwords based on personal information, as they can be easily guessed and identified.

•    Do not use words that can be found in any dictionary or language.

•    Implement a specific system and method for remembering passwords.

•    Use both uppercase and lowercase letters when defining a password.

•    Use a combination of letters, numbers, and special characters.

•    Use different passwords for different systems.

•    Avoid sharing your password with others.

•    If your Internet service provider places the responsibility of choosing the authentication system on you, try to choose one of the Challenge/response or Public encryption key options instead of simple passwords.

•    Never write your password on paper and place it on your desk, near the computer, or stick it on the computer. Those who have physical access to your workplace can easily guess your password.

•    Never respond to requests for your password from individuals who call or send letters to you under various pretexts.

•    After choosing a password that is difficult to guess, necessary measures for their safekeeping must be anticipated. In this regard, the following recommendations are made:

•    Avoid sharing your password with others.

•    Avoid writing your password on paper and placing it on your desk, near the computer, or sticking it on the computer. Those who have physical access to your workplace can easily guess your password.

•    Never respond to requests for your password from individuals who call or send letters to you under various pretexts.

•    If your Internet service provider places the choice of the authentication system on you, attempt to choose one of the Challenge/response or Public encryption key options instead of simple passwords.

Many programs offer password storage; however, some of these programs do not have adequate security levels for data protection. Some programs, such as email client software, store data as plain text (unencrypted) in a file on the computer. This means that individuals who have access to your computer can uncover all passwords and access your information. Therefore, always remember to log out when using a public computer. Some programs utilize a suitable encryption model for data protection, which may offer valuable features for password management.

The information age individual must, alongside utilizing various technologies, adopt certain desirable habits and actions, continually repeating them to minimize the chance of data or computer failure. Gaining access to a computer can occur in two ways: physically and remotely. You can easily identify individuals who have physical access to your system. Is identifying those who can connect to your system remotely also straightforward? The answer to this question is no, and identifying individuals who connect to your system remotely is much more complicated. If you have connected your computer to a network, you are certainly at risk of threats and attacks. Computer users and network users (especially on the Internet) can enhance the resistance and security of their systems by adhering to certain practices that should become habits. Here are some of these practices:

Locking the computer when you are away: By locking your computer, you restrict access for those who would sit behind it and attempt to gain unrestricted access to your data.

Disconnect from the Internet when not in use: Technologies such as DSL and cable modems have enabled users to remain constantly connected and "online". This advantage also comes with its unique security challenges. Given that you are continually connected to the network, attackers and viruses have more opportunities to find their victims. If your computer is always connected to the Internet, you must deactivate the connection when you do not intend to use it. The process of disconnecting from the Internet depends on the type of connection established. If your data holds significant importance, avoid connecting the system to the Internet.

Reviewing security settings: Most software, such as browsers or email applications, offer various options for customizing configurations to suit the conditions and desires of users. In some cases, enabling certain options may make using the system easier, but it may also increase your vulnerability to attacks. In this regard, you should review the security settings available in the software and select options that not only meet your needs but also do not increase your system's vulnerability to attacks. If you install a new patch or version of software on your system, it may alter the previous settings, so you should review the security settings again to ensure the system is adequately protected against threats.

Avoid downloading software from the market and installing pirated software on your system.

To enhance system resistance against data loss and damage, attention must also be given to other dimensions. Sometimes, data threats and exposure to harm arise from sources other than individuals; these depend on natural or technical factors. Although there is no definitive method for controlling or preventing such incidents, some measures can reduce damage.

- The consequences of neglecting information security

Intrusion into networks and access to classified information

Destruction and tampering with existing information in systems and software

Bandwidth occupation and wastage

Educational, financial, administrative, and other abuses through intrusion into the relevant systems