Untangled Conference - November 8, 2014 - Security Awareness
-
Upload
eric-vanderburg -
Category
Technology
-
view
5.524 -
download
2
description
Transcript of Untangled Conference - November 8, 2014 - Security Awareness
![Page 1: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/1.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved
November 8, 2014
Security Awareness
Untangled Church Technology Conference
Dr. Eric VanderburgDirector, Cybersecurity and Information [email protected]@evanderburg(216) 664-1100
![Page 2: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/2.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 2
Process
Technology
People
10%
90%
How Security is comprised
![Page 3: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/3.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 3
Things your mother probably told you
• Don’t accept candy from strangers– Infected devices
• It’s ok to ask questions– Challenge
• Don’t leave your things lying around– Clean desk and locked screen
• Be careful who your friends are– Social networking
• Avoid that area of town– Discretionary web surfing
![Page 4: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/4.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 4
Security goals
Three Goals
ConfidentialityEnsuring that confidential university
information is protected from unauthorized disclosure
IntegrityEnsuring the accuracy and completeness of information and computer software
AvailabilityEnsuring that information and vital services
are accessible for use when required
![Page 5: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/5.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 5
Malware
Detection
Defense
Computer seems slower than
usual, unexpected
restarts
Browser takes you to a
different site than you expected
Security software stops
working
Your hard drive is full
Antivirus software with updates and
regular scanning
Avoid unsolicited
email and links
Download from trusted sites Personal firewall
Increased number of
popup windows
![Page 6: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/6.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 6
Computer Use
• Secure browsing• Updates• Popups and warnings• Certificate errors• Suspicious links• Deleted files are not truly deleted
![Page 7: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/7.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 7
Remove the opportunity
•Location of office equipment– Printers & fax machines•Lock it down–Office doors– File cabinets, sensitive documents, personal items– Computers
• Windows OS: Ctrl-Alt-Delete [enter] or Windows L• Macs: Shift ( ) + Command ( ) + Q⇧ ⌘• Password-protected screensaver or Time-out• Don’t leave the computer unattended when logged into an account with
sensitive data (i.e., payroll, email, personal info)– Phones
![Page 8: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/8.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 8
It’s ok to discriminate against data
• You can’t treat it all the same– Personal information– Financial information– Member information– Public information
• Where is all the data?– Head, paper, computer, server, backup, email
• What if we got rid of it?
![Page 9: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/9.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 9
Data Protection
• Accessible only to authorized users• Physically locked down• Not out in the open• Encrypted• Password protected
![Page 10: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/10.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 10
Encryption
• At rest– Full disk encryption– File encryption
• In motion– VPN– SSL
![Page 11: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/11.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 11
Phishing
• Email• Text• Chat• Craigslist• Dating sites
![Page 12: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/12.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 12
Phishing markers
• False Sense Of Urgency - Threatens to "close/suspend your account”, charge a fee or talks about suspicious logon attempts, etc.
• Suspicious-Looking Links - Links containing all or part of a real company's name asking you to submit personal information.
• Not personalized – does not address you by name or include a masked version of the account number.
• Misspelled or Poorly Written – Helps fraudulent emails avoid spam filters
![Page 13: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/13.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 13
PHISHING
Subject: URGENT! Haiti Victims Need Your Help!
Subject: UPS Delivery Problem
Subject: You’ve received a greeting card
Subject: See Exclusive Photos of Michael Jackson’s Last Moments
![Page 14: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/14.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 14
Protect yourself against phishing
• Treat all email with suspicion• Never use a link in an email to
get to any web page• Never send personal or financial
information to any one via email • Never give personal or financial
information solicited via email
![Page 15: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/15.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 15
Passwords
• Passwords are THE KEYS TO:– Your bank account– Your computer– Your email– A server on a network– Many other things
![Page 16: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/16.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 16
Passwords
• Passwords are like underwear– Change them often– Showing them to others can get you in trouble– Don’t leave them lying around
• Use different passwords for different purposes
![Page 17: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/17.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 17
Passwords
• Length• Complexity• Passphrase• http://www.passwordmeter.com/
Length ComplexityStrong
Password
![Page 18: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/18.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 18
THE KEY TO PASSWORD STRENGTH
• 2NiteWeparty*likeits1999• HowdoU”spell”thatAGAIN?• Amishwish4fish2squish• OunceI$good#isbetter!
Use a phrase, sentence, question or random
statement (with a twist)
• Website (time4anewpwagain.com)• Email ([email protected])• File (passwords/make/me/crazy)• Address 4223westmyhouse
Use fake website, email, file, addresse
• Follow the yellow brick road to OZ = Ftybr2OZ• Why did the chicken cross the road? = Y?dtCxtR?• Wildthing = W!ld*7H1ng!• Red Jello = R3d-j3llo:)
Use a phrase, random statement or
compound word; then shorten it and make it
nonsensical
![Page 19: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/19.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 19
Email password theft - indicators
Receive a large number of rejected
messages
Find messages in your sent folder that you know you didn’t
send
Missing emailUnexplained changes
to your account settings
Spam Warning
Signs
![Page 20: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/20.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 20
Identity Theft
• Thieves will…• Go on spending sprees using your
credit card• With your name and Social Security
number they can:– open new credit card accounts– gain employment
• Give your name to the police during an arrest• Establish wireless service in your name
![Page 21: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/21.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 21
Identity theft – How it happens
• They may steal your mail, wallet, or purse
• Malware• Phishing• Social engineering– bribing or conning an employee
who has access to these records• Stealing personnel records or breaking
into your records electronically
![Page 22: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/22.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 22
Social engineering
Social engineering preys on qualities of human nature: The desire to
be helpful The tendency
to trust people The fear of
getting into trouble
![Page 23: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/23.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 23
Identity Theft - Indicators
• Bills that do not arrive as expected• Charges on your credit card that are not yours• Unexpected credit cards or account statements • Denials of credit for no apparent reason • Calls or letters from – Debt collectors– Businesses about merchandise or services you did
not make
![Page 24: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/24.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 24
Identity Theft - Defenses
• Limit the number of credit cards you carry• Keep a list of all credit cards numbers and the
numbers to call to report them• Shred Information• Be diligent about checking statements• Order and analyze your credit report• Watch for Shoulder Surfing
![Page 25: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/25.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 25
Identity Theft - Response
• Place a "Fraud Alert" on your credit reports• Close suspect accounts• Use the FTC’s ID Theft Affidavit• Keep Documentation about conversations• File a police report with local Law Enforcement• Report the theft to FTC– Online at Ftc.gov/idtheft– By phone 1-877-ID-THEFT (438-4338)
![Page 26: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/26.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 26
Social Networking (Cont’d)
• Networking sites: – Used to meet people online, stay in touch with
friends, connect on professional levels– Use privacy setting on your account to ensure
maximum security– Be careful about who you accept as a “friend” – Be careful about the information you provide on
these sites
![Page 27: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/27.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 27
What’s wrong with this picture?
![Page 28: Untangled Conference - November 8, 2014 - Security Awareness](https://reader036.fdocuments.in/reader036/viewer/2022062514/5583907dd8b42af07a8b4a81/html5/thumbnails/28.jpg)
© 2014 JurInnov, Ltd. All Rights Reserved 28
Q&A
Don’t be shy…