Today is Safer Internet Day and Microsoft released the results of its second annual Computing Safety Index (MCSI), a survey of consumer online safety behaviors of more than 10,000 PC, smartphone, and tablet users in 20 countries. The MCSI measures 22 individual protective behaviors. Sadly, it seems that few consumers change their online habits, despite being aware of the risks. Microsoft added a mobile component to the study this year, Mobile Microsoft Computing Index (Mobile MCSI), which measures an additional 14 protective behaviors when using mobile devices; it also allows for comparisons between how people handle PC online safety and mobile safety.
Tomorrow, we are going to delve into the MCSI and Mobile MSCI "scores," since being safe on the Internet is a daily habit to get into, as opposed to one day of the year. On this, Microsoft's 10th anniversary of celebrating Safer Internet Day, I had the pleasure of talking with and interviewing Microsoft's incoming Chief Online Safety Officer Jacqueline Beauchere. She is currently the Director of Trustworthy Computing at Microsoft. We discussed Safer Internet Day and the MSCI results, which we will look at tomorrow, but below are some of the questions I asked her today as well as her answers.
Interview with Jacqueline Beauchere:
Besides using a VPN for security and privacy reasons, do you recommend encrypting hard drives, files stored in the cloud and email? Do you consider that part of being Internet safe?
Jacqueline Beauchere: We don't include the specific activities in the index. I personally am very skeptical, have a healthy dose of cynicism; I always do more than most people would do. I would recommend those things, but it's not necessarily going to be right for everyone. Anything that puts you over the top, and really shows you are exercising the safest and most secure practices that you can, I absolutely endorse it.
Regarding mobile browsing and using a smartphone to pay bills, do you advise people to use a firewall? How about other "safety" tips on mobile devices?
Jacqueline Beauchere: We are trying to encourage people to use as many habits in the mobile platform as they are able to on the PC platform. When you are talking about conducting sensitive transactions like paying bills, banking and shopping, I say save those for the home computer. I would not personally go and borrow Wi-Fi in a public hotspot and pay my bills, for instance. There's a reason those pops come up and tell you "this information could be exposed," "you are in a public setting, do you really want to do that?" Save those sensitive transactions for the home computer.
Seniors usually have more money than teens, so it would seem probable that they might be targeted by social engineers. We hear a lot about cyberbullying and teens, but not much about seniors being bullied or social engineered. Is that because seniors don't report it?
Jacqueline Beauchere: I think there are plenty of scams that seniors need to watch out for. One in particular is the so-called "Granny Scam." They are typically perpetrated over the telephone where the caller calls up his or her grandparents and says, "Please wire money because I'm traveling and I lost my luggage," or "I've lost my wallet. Oh, and don't tell mom and dad. It'll all work out; I just need you to wire me this money."
Sometimes these are fortuitous high school hoaxes for the scammer, but they could be potentially piecing together lots of different information that has been shared online. And seniors are online, as you said. There was a recent study by Pew that said nearly half of Internet users between ages 50 - 64 are on social networking sites. One in four of those over age 65 are on social networking sites. We need to make sure that seniors are in fact aware of these kinds of scams that are out there. Like their grandchildren, they need to be equally cognizant of what kind of information they are sharing online.
With that Granny Scam, for instance, you have someone call you up and they are pretending to be your grandchild. And again they might be either putting pieces together or getting lucky, but you are giving away information because you are hepped up and very emotional, you're in a state, and you are giving away information on the call when you don't even realize it.
Microsoft did research to coincide with National Cybersecurity Month; we looked at all the different types of social engineering scams out there and just how exposed people have been to those scams. Any particular individual on average has encountered 8 different types of scams.
The top scam was "lottery" types or "Congratulations you've won!" How do you know you won when you haven't probably even entered? That should really say something to you. These scams that promise the free things like coupons...really be cognizant of those. That was nearly 44%, so nearly half of the people have encountered that scam. Another one is the fake anti-virus alert where they are imitating a real program; that was about 40%. Of course, the old school phishing scams, the fake emails that look like those official messages from our trusted provider of services. That was another top one. Then, of course, the advanced fee fraud where the foreign prince is coming to you and saying, "Oh I have invested my millions, please pay all these fees and taxes and so forth and then I'll give you a share of my wealth."
It sounds so simple, and I don't mean for it to sound simple, but people really need that healthy dose of common sense. So if somebody says "Congratulations you've won," so what did you enter to win? Probably nothing. Is some foreign prince really going to give you his wealth? Probably not. So we really need to be on our guard and be cognizant and be really vigilant about what is being said to us.
Do you have key phrases or other "red alert" signals that might suggest that a private individual or business employee may be dealing with a social engineer? (We discussed different scenarios such as how a social engineer could pretend to be a child or pretend to be a close online friend.)
Jacqueline Beauchere: Unfortunately, there's really nothing. We're putting together a profile here. Years ago at Microsoft, I used to work in the anti-spam and anti-phishing team. That was when phishing—although it had been popular for a number of years at least among the technically sophisticated—it was still fairly new to the average consumer. These emails that were supposedly coming from the bank or other organizations that you deal with, they were littered with typos, they were littered with grammatical errors, they had misspellings, they referred to you as "Dear Valued Customer" instead of your full name; all those types of things were those red alert signals.
But I think over the past seven or eight years, almost a decade, we've been giving out good advice. And people are a little bit sharper now, a little bit smarter, and they know to look out for those things like typos or grammatical errors. And what have the criminals done? They've cleaned up their act; they've gotten better English skills or whatever the case is. Effectively, there really is no profile for what one of these scams is going to look like.
With hindsight, like you said, it might be a little bit easier, but especially coming from one of these so-called Internet friends? I know a lot of people who communicate with people whom they've never met in person. That, right there, again, you don't know these people. When we grew up, we knew the people in our immediate circle. You knew their parents and their grandparents and their aunts and uncles; you had history with them. I think today we are too eager to form these close bonds and so-called close relationships when we don't really know these people. And we really need to keep that in mind.
The Internet offers us a great array of contact and communication and even valued friendships that we want, and that's what the Internet is for, but that doesn't mean that you should just jettison your common sense and healthy dose of reality.
Tomorrow, we'll look at the survey, the results, and the scoring based on foundational basics, technical tools and behavior. We'll also look at some of Beauchere's advice to get safe online. I enjoyed the interview too much to wait; Beauchere seemed cool, funny and very wise. If you haven't done so, please take the online safety assessment for yourself, so you can be ready to see how well you did compared to countries or the worldwide average.
Like this? Here's more posts:
- Exploiting Universal Plug-n-Play protocol, insecure security cameras & network printers
- DARPA’s unblinking, all-seeing 1.8-gigapixel camera stare on PBS Rise of the Drones
- Testing The Privacy Company Mega: 50GB free storage, 2048-bit encrypted protection
- Bugged guesthouse: Eric Schmidt's daughter reveals North Korea trip details
- Data Privacy Day 2013: Microsoft releases privacy trends study and video series
- Oracle releases emergency Java patch; experts warn flaws may take 2 years to fix
- Open letter to Microsoft calls for Skype transparency reports
- 20 Seconds to jailbreak Windows RT
- Chinese hackers use compromised USA university computers to attack us
- Unpatched TRENDnet IP cameras still provide a real-time Peeping Tom paradise
- Meet Red October, the latest cyber-spy malware for digital espionage
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited