200 likes | 409 Views
Raising Your Security Awareness. Special Thanks to LOCKNET IT Solutions. IT Solution Provider based here in La Crosse The second part of the presentation will be presented by Tom Ezdon. Raising Your Security Awareness.
E N D
Special Thanks to LOCKNET IT Solutions • IT Solution Provider based here in La Crosse • The second part of the presentation will be presented by Tom Ezdon
Raising Your Security Awareness • “Today's malware can not only destroy data and files on your PC, but it can steal your personal information such as passwords, income tax, credit card or banking information and also let intruders use your PC for illegal or criminal activities. • “On average an unprotected Windows PC will not survive 20 minutes on the Internet before it gets infected.” • “Scams, fraud and identity theft is running out of control, email and the internet has pushed us to the breaking point. Nearly everyone has been a victim or will become a victim sometime soon”
Types of Threats • Malware • Crimeware • Computer Virus • Computer Worm • Trojan Horse • Spyware • Phishing • Spam
Types of Threats • Malware – Malicious Software designed to infiltrate or damage a computer system without the owner’s consent. Can be one of the following: Virus, Trojan, Worm or Spyware. • Crimeware – Class of malware, specifically designed towards financial crime, it is designed through social engineering or technical stealth. Can be one of the following: Virus, Trojan, Worm or Spyware.
Types of Threats • Computer virus – Same as Malware, but it can copy itself and infect other computers by attaching itself to another valid program. There are also many classes of viruses depending on how they attack and what they attack.
Types of Threats • Computer Worm – Same as a virus with one distinct difference. It does not need to attach itself to existing program to replicate. It can use the network or other nodes to spread itself. (Self replicating)
Types of Threats • Trojan Horse – Can be spread like a virus or a worm and will often give the appearance of a desirable software, but will have a malicious undisclosed feature that will allow unauthorized access and control of the infected computer.
Types of Threats • Spyware - Computer software that is installed on a personal computer by a stealthy or evasive manner. This intercepts or takes partial control over the user's interaction with the computer, without the user's informed consent.
Types of Threats • Phishing - A criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in some type of electronic communication.
Types of Threats • Spam - Uses electronic messaging systems to send unsolicited bulk messages indiscriminately. Most widely recognized form of spam is email spam, but it can also apply to other media: instant messaging, newsgroup spam, Web search engines, blogs, Online classified ads, mobile phone, Internet forum, fax transmissions, and file sharing networks. About 80% of all spam is sent by fewer than 200 spammers. Botnets, networks of virus-infected computers, are used to send about 80% of spam. • Botnet is a term used for software robots, or bots that run autonomously and automatically.
La Crosse County Stats • Spam – 6 million/month, 72 million/year • Viruses - 5,000/month, 60,000/year • Intrusion Detection – 10,000/month, 100,000/year • Content Filter – Per month • Web 6,000 • Email 5,000
La Crosse County Stats Cont • We receive 7 million emails per month, 84 million a year. Between Spam and Content filters, on average 5% are valid. • That’s 350,000 emails / 1000 employees at 22 working days in a month = 16 emails per day • Without spam and content filtering that equals 318 emails per day
So what can you do? • Password Scheme • Virus Protection • Use Firewalls when you can • Have Spam Protection • Educate yourself and understand the physical side as well as the human side.
Defend yourself • Buy and use a paper shredder. Shred any documents that have your social security number or other financial information, such as your bank account numbers, credit card numbers etc. Identity thieves actually go through homeowner's trash to obtain personal information. If you don't have a shredder, burn these documents completely in the fireplace. • Freeze your credit! It prevents scammers from opening unauthorized accounts in your name. Even if your state is one of the few that doesn't allow a freeze, thanks to pressure from consumer advocacy groups, you can still freeze your files at the three major credit bureaus. • Block credit card offers. Sign up to opt out of credit card offers, so they don’t arrive in your mailbox. • Don’t give out any financial information, such as checking account and credit card numbers, and especially your social Security number, on the phone or online, unless you initiate the call and know the person or organization you’re dealing with. In general, it is only required for medical providers, banks, mortgages and credit card companies. • Don't fill out the "win a vacation" and other promotions you see in stores and shopping malls. That will just get you on a junk mailing list and guarantee calls from persistent, high-pressure salesmen. • Don’t pre-print your driver’s license, telephone or Social Security numbers on your checks. And in states that want to use your social security number as your driver's license number, insist on another method - most allow it.
Defend yourself • Guard your Personal Identification Numbers (PINs) for your ATM and credit cards, and don’t keep your PINs with your cards. You should also guard your ATM and credit card receipts. Thieves can use them to access your accounts. • Be creative in selecting Personal Identification Numbers for your ATM and credit cards, and passwords that enable you to access other accounts. Don’t use birth dates, part of your Social Security Number or driver’s license number, address, or children’s or spouse’s names. Remember: If someone has stolen your identity, he or she probably has some or all of this information. • Use a good anti-virus software, anti-adware software and a hardware firewall on your computer, and keep them up to date. You need all three. • Don’t put outgoing mail in or on your mailbox. Drop it into a secure, official Postal Service collection box. Thieves may use your mail to steal your identity. • If regular bills fail to reach you, call the company to find out why. Someone may have filed a false change-of-address notice to divert your information to his or her address. • If your bills include suspicious charges, don’t ignore them. Instead, investigate immediately to head off any possible fraud before it occurs. • Check your credit report regularly. Federal law allows you to obtain one from credit report from each of the 3 major credit reporting agencies per year.
Defend yourself • NEVER buy anything from a company that sends you spam. Don't even visit their sites or ask for more information. It is like feeding a stray cat. Give it one morsel of food, and it will be there all the time (and that may be fine with cats, but NO one wants spammers at the doorstep!). Remember, since they send out millions of spam emails, they only need a tiny fraction of responses to be profitable. And if that doesn't convince you, consider this: the vast majority of spam "offers" are in fact scams! • Set up filters in your email program. Outlook does this quite easily. When you open an email and realize that it is spam, just click on Actions then Create Rule, then select an appropriate action, such as "from" then click "Move e-mail to folder" and select the "Deleted Items" folder. That's it! You'll never receive email from that particular address or subject again! • If you have a website, do not post your address in the HTML "mail-to" format, otherwise you will be spammed, since address-harvesting spiders (programs) extract your email address from the website and add it to the spammer's lists. Instead use feedback forms through PHP, ASP, or JSP that hide the email address, OR post the email address as a GIF (image file). • If it seems to good to be true... IT IS! No one is going to send you a pile of money from a dead Nigerian president, no lottery is going to make you a winner from a "randomly selected from a database of email addresses". Multi-level marketing IS A SCAM, ALL psychics are nothing more than conmen, and you can not make big money from "passive residual income in a few hours of your spare time each day". And there is no Easter Bunny.
Defend yourself How to Identify E-mail Fraud - So, how do you know if the email you received is fraudulent? • Your bank will NEVER send you an email, or call you on the phone, asking you to disclose personal information such as your credit card number, online banking password or your mother's maiden name. • Be suspicious of unsolicited emails that have a sense of urgency and warnings that your accounts will be closed or your access limited if you do not reply. • The email might claim that your details are needed for a security and maintenance upgrade, to ‘verify’ your account or to protect you from a fraud threat. The email might even state that you are due to receive a refund for a bill or other fee that it claims you have been charged. • Does the email look professional? While some fraudulent emails may look professional at first glance, if you look more closely you may notice spelling and bad grammar, unusual language or branding that is not quite right. Fraudulent emails are not personalized and, instead, are addressed in general terms, such as 'Dear valued customer'.
Defend yourself Opt Out From Credit Card Offers • Every day your mailbox may contain an interesting offer of pre-approved credit or insurance. These offers give you numerous choices and opportunities. However, while millions of Americans welcome these choices, others prefer not to receive such offers. • Your rights as a consumer include the ability to "Opt-Out", which prevents consumer credit reporting companies from using your credit file information for pre-approved offers of credit or insurance. The major consumer credit reporting companies, Equifax, Experian, Innovis and TransUnion are participating in this government-mandated option. Your rights include the right to say, "Please don't send me these offers". Please note: this process may not be used by businesses and companies to Opt-Out. • You may request to Opt-Out from pre-approved offer lists for 5 years or permanently.
Good References to Help Yourself • Consumer Fraud Reportinghttp://www.consumerfraudreporting.org/defend_yourself.php • United Status Department of justice http://www.usdoj.gov/criminal/fraud/websites/idtheft.html#whatshouldido