1 / 29

UK A g Computing Security Initiative

UK A g Computing Security Initiative. Rick Hayes Ag Communications Services DEITC. Why are we doing this?. LAWSUITS? Lost/stolen computing devices/data Hackers and Malware Must reduce the number of electronic files available Protect our clientele Assure them that PII is safe with CES.

vilmaris-nellis
Download Presentation

UK A g Computing Security Initiative

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UK AgComputing Security Initiative Rick Hayes Ag Communications Services DEITC

  2. Why are we doing this? • LAWSUITS? • Lost/stolen computing devices/data • Hackers and Malware • Must reduce the number of electronic files available • Protect our clientele • Assure them that PII is safe with CES

  3. Acceptable Use Policy • TheUK Acceptable Use Policy contains official guidelines for the responsible use of information technology resources at the University. • The Acceptable Use Policy describes your rights and responsibilities when using and accessing university resources. • Acceptable Use Policy http://www.uky.edu/regs/files/ar/ar10-1.pdf

  4. Layered Defense • Update Software • Use Antivirus Software • Use Strong Passwords • Secure your Physical Environment and Encrypt Sensitive Data • Keep Wireless Devices Secure • Practice Online Safety • Back Up Your Data

  5. Update Software • Operating Systems and Applications • Update Java, Flash, Anti-virus • Auto Update Windows • Update software on mobile devices too • Restart Computer ? YES!!!

  6. Firefox Addons • Firefox can check your addonsfor updates • Tools -> Addons -> Plugins -> Check to see if your plugins are up to date

  7. Antivirus Software • Keep Forefront up to date • Microsoft Forefront can be downloaded at http://download.uky.edu

  8. Antimalware Software • Free versions help clean machines • Pay versions clean and help prevent infection • Malwarebytes can be downloaded at http://www.malwarebytes.org • SUPERAntispyware can be downloaded at http://www.superantispyware.com

  9. Concentration on Securing ‘Sensitive Data’ • Social security numbers • Youth data • Credit Card/Financial Info • Home Addresses, DOB

  10. Securing PII data Personal Professional • Account List • Account numbers • Passwords • User IDs • Company name • Financial Data • Quicken files • Taxes • Cancelled checks • Legal Documents • Birth certificates • Passports • Credit Card photos • Academic Records • Grades • Student Information • Transcripts • SSN/PUID • Recommendation letters • Academic challenge materials • Research Data • Names of children • Survey results

  11. Sensitive Data Locations? • My Documents, Ctyfile, and other folders on hard drives/media, Access databases • Email • Folders • Sent items • Archives • Deleted items/Trash • Backups on portable media • Flash drives • Servers

  12. What to do • Delete unneeded files • Empty recycle bin • Print and store information then delete source file • Consolidate needed files to minimize locations • Encrypt and/or password protect sensitive files • Don’t keep inactive old devices around • Wipe old hard drives before reusing hardware or disposal

  13. Password Guidelines • Don’t always use the same password • Don’t share your passwords • Don’t email it to anyone for any reason • Use Strong Passwords • At least 8 characters long • Avoid dictionary words, phrases, quotes, etc. • Mix of upper and lower case letters • Use number and non-letter characters

  14. File Protection • Password protect/encrypt Office files that contain sensitive information • Can encrypt any file/folder on computer • Encrypt sensitive information that HAS to be stored

  15. Encryption --The process of converting messages, information, or data into a form unreadable by anyone except the intended recipient. encryption—crypt—comes from the Greek word kryptos, meaning hidden or secret About 1900 BC An Egyptian scribe used non-standard hieroglyphs in an inscription. This is the first documented example of written cryptography. So nothing new about encryption!

  16. Automatic Encryption • BitLocker • Windows 7 • Secures entire drive in background • TrueCrypt • Free open-source disk encryption • www.truecrypt.org

  17. What is True Crypt • Free open-source disk encryption software for Windows, Mac OS X • Main Features: Creates a virtual encrypted disk within a file. • Encryption is automatic, real-time (on the fly) and transparent. • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. • Hidden volume

  18. Mobile device Security • Lock your laptop when you walk away • Password protect the login • Encrypt sensitive data • Automatic Encrypted flash drives are available • Physically secure with lock • Location Services: find myiPhone(iPad, etc.) also similar products for Android devices(Prey)

  19. Turning on Passcode Lock

  20. Remote device wipe from Outlook Web Access

  21. Public Wireless • Airports • Hotels • Coffee Shops • Bookstores • Neighbors Access Point • Use UK’s site licensed VPN Client http://download.uky.edu • Cisco VPN Client for Windows

  22. Practice Online Safety Only download what you trust, and even then be wary. Limit what you download to your work computer Don’t accept downloads from strangers What else are you getting with the “free” stuff? “Free” music and file sharing programs are wide open doors for hackers.

  23. Send & Receive Secure Messages • Email – Attachments • Email – Spam • Social Engineering • Phishing – Targeted or Spear Phishing

  24. Latest Phishing Attempts

  25. UK Email Password Expiration

  26. Backup Your Data It’s not a matter of IF, it’s a matter of when.

  27. Non-technical Protections • Lock your doors • Hide your valuables • Make your device hard to lose • Attach to keychain • Lanyard • Whatever helps

  28. Security Info on the web • https://www.ca.uky.edu/security • https://wiki.uky.edu/security/Wiki Pages/Security Awareness.aspx • https://www.uky.edu/UKIT/security/

  29. Questions?

More Related