1 / 17

Information & Data Security, 10 tips for personal and professional behaviors

Information & Data Security, 10 tips for personal and professional behaviors. William C. Moore II, CISSP, MLIS Chief Information Security Officer Valdosta State University. What is identity theft?.

penelope-herman
Télécharger la présentation

Information & Data Security, 10 tips for personal and professional behaviors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information & Data Security, 10 tips for personal and professional behaviors William C. Moore II, CISSP, MLIS Chief Information Security Officer Valdosta State University

  2. What is identity theft? • Identity theft occurs when someone uses your personal information without your knowledge or consent to commit a crime, such as fraud or theft. • In 2001 Georgia ranked 7th nationally with 2,592 victims • In 2003, Georgia ranked 12th in the nation with over 6,000 victims

  3. 10 Basic Habits • Protect personal data • Be aware of “phishing” techniques • Know who you are interacting with • Know how to identify a “secure site” or SSL site • Protect your passwords • Backup important files • Anti-Virus, Anti-Spy and Firewall • Operating Systems and Applications • Request a credit report • Financial and academic records

  4. Protect personal data • SSNs • Change Drivers License number from SSN • Do not include SSN on checks • Do not carry SSN card in wallet or purse • Ask why SSN is needed by various companies • Keep copy of Credit Card contact information at home or in safe location in the event your wallet or purse is stolen • Request credit card companies to cease delivery of “convenience checks”

  5. “Phishing” you are the catch of the day • Phishing is a term used for impersonating a company or individual in an effort to gather personal information • This normally leads to identity theft and/or credit card fraud • You should initiate the conversation or transaction. • Email messages are easily faked and may appear to be from legitimate sources • Do not click URLs or web addresses in email messages (copy and paste or type URLs into your browser Address Bar)

  6. Know who you are working with • Again, email is easily faked. Exactly who is bill.moore@hotmail.com? • Do not provide personal information when using “chat clients” • https://bankofamerica.com/l3g1t/login.asp vs http://banksofamerica.com/5l4y3r/login.php • When shopping online, verify physical mailing address and phone number.

  7. Know what a “secure site” is • Look for “https://” and “http://” in the address bar of your web browser. • Look for a pad lock or some other form of lock symbol in the bottom of your web browser. • Read the company’s Privacy Statement

  8. Protect your passwords • Change your initial or default passwords • Use complex passwords not real words • i.e. first letter of each word in favorite song • wdnnewdnntc (we don’t need no education we don’t need no thought control) • Do not give out or share your passwords • If you must store passwords in an electronic files • Password protect the file • Store the file on “off-line” media such as floppy disk • The more important or sensitive the material, the more frequently the password should be changed

  9. Backup important files • Backup important files frequently and regularly • Decide what files to backup • How many files • How much storage space is required (plan for growth) • Create Backup plan • A full backup: All files are included. • A differential backup: files that have changed since the last full backup. • An incremental backup: files that have changed since the last backup of any type. • What type of media will be used (CDRs, tapes, DVDRs) • Many newer operating systems have included backup functionality (Windows, Linux, and Macintosh)

  10. Anti-Virus, Anti-Spy and Firewalls • Anti-Virus • Primarily for email attachments, “off-line” media (floppy disk, CDs and USB drives), network drives • Often works in conjunction with web browsing • Computer viruses destroys or modifies data/files • Spy Ware • Records computing and/or surfing habits often for marketing purposes • Can include “key logger” for malicious activity • Can be used in conjunction with “Pop Ups” • Is often included with “free” software such as WebShots and “Bonsai Buddy” • Firewalls • Hardware and software models • Helps prevent receiving, distributing and functionality of viruses, worms and spy ware • Is NOT a complete solution

  11. O.S. and Program Application patches • All commercial Operating Systems (O.S.) and applications receive patches or updates • Can often be automated on many current computers • Can often help alleviate or mend computer “bugs” • Reduces security risks for worms, hacking and other forms of malicious activity • Helps in maintaining a more stable computer

  12. Request a credit report • Georgia residents are allowed 2 free credit reports per year • Credit reports can be obtained by visiting http://www.annualcreditreport.com • May also be purchased by contacting any of the three major credit bureaus: Equifax, Experian or Trans Union

  13. Keep financial/academic records • Paper copies of financial and academic records should be kept for a minimum of one year • Academic Records-- follow institutional and USG policies for record retention • Financial Records-- follow recommendation of financial advisor or attorney • When disposing paper copies of academic or financial records shred with a cross-cut shredder or a certified and bonded document destruction and disposal company • When disposing electronic records use a method and/or software that at least meets the DoD standards • Replacing computer • Destroying backups

  14. Conclusion • Identity theft and poor computing habits often go “hand in hand” • Disclosure of personal data • “Phishing” techniques are used for gathering information • By not knowing who you are dealing with you may be releasing personal data for illegitimate use • A “secure site” or SSL protected site helps ensure a more secured transaction • Your passwords grant access to material you deem important. Protect them wisely

  15. Conclusion • Backups of important files are your best method of recovery • Anti-Virus, Anti-Spy and Firewalls - the safety features for your computing tools • Operating System and Application patches - recalls and repairs for your software • By requesting credit reports you are being proactive in safe guarding your identity • Keep financial/academic records for non-repudiating purposes and dispose of them appropriately

  16. Questions / Comments? William C. Moore II, CISSP, MLIS Chief Information Security Officer Valdosta State University wcmoore@valdosta.edu

  17. Presentation and handouts will be accessible via:http://www.valdosta.edu/security/training/darton-2005-presentation.pptand http://www.valdosta.edu/security/training/darton-handout.doc William C. Moore II, CISSP, MLIS Chief Information Security Officer Valdosta State University wcmoore@valdosta.edu

More Related