E N D
CYBER SECURITY October 2009
ARE YOU AWARE? • The Federal Trade Commission reports that: “For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006. Other categories near the top of the complaint list include shop-at-home/catalog sales; prizes, sweepstakes and lotteries; Internet services and computer complaints; and Internet auction fraud.” FTC News
Why should you be aware? • Websites can be disabled and unavailable • Office/home computers can be damaged by a virus • Hackers can break into our databases and steal identity information, not just our customers, but yours as well! • Malicious users could use our systems to attack other systems Cyber Security
DID YOU KNOW? • A unprotected computer connected to the internet can be compromised in less than one minute • A modern desktop computer can send 200,000 spam emails an hour • Networks of exploited computers can be rented for targeted attacks via web stores controlled by Bot Owners VITA BOTS CYBER SECURITY
WHAT IS SPAM? The simple definition of spam is it is an unsolicited email • Product offers • Misdirection to allow installation of malware • Misinformation (denial of access)
WHAT IS PHISHING? According to Microsoft: “Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, other account data and passwords, or other information.” Microsoft
TYPES OF PHISHING • IRS and Treasury scams • Credit Union and Banking scams • Major events (Elections, Holidays) • Social networking Web sites • Fake Websites • Websites that spoof your familiar sites using slightly different Web addresses Phishing Video
KEYLOGGER/KEYSTROKE SPYWARE • Keylogger is a software program (it can even be hardware) designed to monitor and log all keystrokes. • The biggest threats in this area are stolen password, confidental information, pin numbers, credit card account numbers, etc. VIRUSLIST
SOCIAL ENGINEERING According to Microsoft: “The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.”
TYPES OF SOCIAL ENGINEERING • Phishing • Spear phishing • E-mail hoaxes NIGERIAN EMAIL SPAM
PROTECT YOU PERSONAL INFORMATION • Don’t give out your name, email or home address, phone, account numbers, or SS numbers without finding out why it is needed and how it will be protected • Monitor your email- don’t respond to unknown or unsolicited email • When shopping online, take measures to reduce the risk- ensure lit lock or https: (secured) sites are used • Read the company privacy policy
LOGOFF OR LOCKUP • When leaving your desk, remember to logoff or CTRL-ALT-Delete to lock your workstation alt
EMAIL AND INSTANT MESSAGING • Avoid clicking on links in emails, type the URL in the browser bar • Don’t open attachments that appear to be suspicious • Delete emails that direct you to a website where you are prompted to fill out personal data • Delete hoax and chain letter emails
SENSITIVE DATA • Don’t store sensitive data on you hard drive (Social Security, Credit Card, etc.) • If you must store sensitive data, have it encrypted (see MIS for more Information) • If printing sensitive data, avoid printing on shared printers/copiers: ** If you have to print on a shared copier/printer, remove it immediately!
EQUIPMENT PHYSICAL PROTECTION • If you have a laptop/portable device, lock it up at night • If traveling with a laptop, never check it in at the airport • Use a surge protector • Portable devices need to be secured when not in use! • Don’t put laptops/portable devices on the seat of your car, not just for anti-theft but for climate control! • Remember flash drives/CDs are considered portable devices!
PORTABLE DEVICES • It is a COV Security standard that COV data not be stored on non-COV devices, so you will have to use COV portable devices when working away from the office • COV sensitive data should be encrypted before being moved onto your COV-portables • Scan, Scan, Scan- Portable devices are just like your hard drive, it needs to be scanned at least once a week
WHO IS IT? You don’t open your door at home without ensuring who is at the door, ….So why would you not take the same precaution online!
WORLD WIDE WEB, WWW Be watchful of sites that: • Redirect you to other sites • Request personal information • Appear to involve malicious activity Remember: • Block pop-ups and only enable them for trusted sites • Cookies are great, but third party cookies should be blocked!
SECURITY SOFTWARE Ensure your home and work PCs are up-to-date on the following programs: • Anti-Virus Software • Firewalls • Anti-Spyware and Malware Software • Email Scanning Windows XP Firewall Information
UP-TO-DATE • In order to protect yourself and your computer you need to ensure that you Operating System and Web Browser is up-to-date • Security patches are frequently updated, so check regularly! Microsoft
PASSWORD • Your password is the key to your computer, don’t make it readily accessible. Never place your password out in plain view. Keep it secured! • Avoid the option that allows a computer to remember any password • Never share your password. Your IT person should never ask for your password!
STRONG PASSWORD • Use at least nine characters, including numerals and symbols • Avoid common (dictionary) words • Don’t use your personal information, login or adjacent keys as passwords • Change at least every 42 days for work and 90 days for home • Use variety of passwords for your online accounts
PASSWORD TIPS • Use memorable phases, such as “I hate Mondays!” • Alter caps with lowercase, numbers, and use symbols: Example: 1h@teM0ndays! • Using this format gives you the opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password. F1shingisc00l!
BACKUP YOUR DATA • One of the biggest errors people make is not backing up their data! • Depending upon your use: • For work we back it up every night • For home you should strive to back it up at least weekly Windows XP Backup
IDENTITY THEFT • File a complaint with the Federal Trade Commission: Federal Trade Commission • Place a fraud alert on your credit reports, and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency • File a Police Report • Close the accounts that have been tampered with or opened fraudulently
HOUSTON WE HAVE A PROBLEM! • How to Recognize a Cyber Security Threat: • Slow or non-responsive system • Unexpected behavior, such as program pop-ups • Display of messages that you haven’t seen before • Running out of disk space unexpectedly • Unable to run a program due to lack of memory • Crashing! • Rejecting a valid and correct password
WHAT TO DO • Stop and unplug system from the LAN/Modem! • If unable to freeze the problem, take note about occurrence • Contact any of your MIS personnel and supervisor about any cyber security incident
THE BE’S OF CYBER SECURITY • BE ALERT • BE WATCHFUL • BE ON GUARD • BE CAREFUL WHERE YOU GO ONLINE! • BE SURE TO ASK FOR HELP! • BE SURE TO THINK B4 U CLICK!
CYBER SECURITY It is said a chain is only strong as it’s weakness link…. Don’t be the weak link! Cyber Security is everyone's responsibility!
Thanks! Thank you for going through the training today! Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics – you can click on the security link at the bottom of our MRC web pages to visit the VITA-NG security web site at any time. This information is provided to educate you on how to protect yourself at work and at home, but as always, it is required for you to understand and follow our agency security policy. If you need to review the policy again, you can go to the following link: Agency Information Security PowerPoint Please contact Erik Barth (x72262); Linda Farris (x72280) or your supervisor if you have any questions about this training or information security topics in general.
DON’T FORGET Please don’t forget to email, fax, or mail your acknowledgement for completing your cyber-security training!
References • FTC News • Microsoft • VITA • VIRUSLIST • Wikipedia • Stay Safe Online • OnGuard Online • Cyber Security