1 / 28

Email Security & Protection

Email Security & Protection Cyber Security Month October 2006 What are we going to cover? Phishing Spam Viruses & Worms What is GU doing about this? Policies Resources Phishing

Jeffrey
Télécharger la présentation

Email Security & Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email Security & Protection Cyber Security Month October 2006

  2. What are we going to cover? • Phishing • Spam • Viruses & Worms • What is GU doing about this? • Policies • Resources

  3. Phishing • Occurs when ID thieves trick people into providing their Social Security number, financial account numbers, PINs, mother’s maiden name and other personal information by pretending to be someone they are not

  4. Phishing, con’t • What to look for • Phishy emails • Appear to be from legitimate retailer, bank, organization or govt. agency • Sender asks to confirm your personal information for some reason (account is being closed, order has been placed in your name, your information has been lost) • Links within emails that ask for your personal information • Lure people to phony websites that look like the real site • By following the instructions and entering personal information you’ll deliver it directly into the hands of the ID thieves

  5. Phishing Scam Sample • Email message with a link to take you to a fake survey site

  6. Phishing Scam Sample • Email message with link to take you to Pay Pal site. When the link is clicked the victim is taken to a legitimate looking Pay-Pal website:

  7. Phishing Scam Sample • Fake site

  8. Phishing Scam Sample • Legitimate site

  9. Phishing, What to look for con’t • To check whether a message is legite, call the company directly or go to their website (use a search engine to find it) • Pharming • Virus or malicious program is secretly planted in your computer and hijacks your web browser • You type in the legitimate address but you’re taken to a fake copy of the site without realizing it

  10. Phishing, What to look for con’t • Pop Up Screens • Never enter personal information in a pop up screen • Phisher will direct you to the real company’s website but an unauthorized screen created by the scammer will appear with blanks to provide your personal information • Legite company, organization won’t ask for personal info via a pop up screen • Install pop up blocking software to help prevent this type of phishing

  11. Phishing, How to protect yourself con’t • Protect your PC with spam filters, anti-virus and anti-spyware software and a firewall and keep them up to date • Spam filters – help reduce the number of phishing emails you get • Anti-virus – scans incoming messages • Anti-spyware – looks for programs that have been installed on your computer and tracks your online activity without your knowledge • Firewalls – prevent hackers and unauthorized communication from entering your computer

  12. Phishing, How to protect yourself con’t • Look for programs that offer automatic updates and take advantage of free patches • Only open attachments if you’re expecting them • Phishing can occur by phone too • Verify the person’s identity before providing any personal info (ask for person’s name, name of agency, phone number, physical address)

  13. Spam • Indiscriminately sent unsolicited, unwanted, irrelevant or inappropriate messages, especially commercial advertising in mass quantities • Also know as junk mail • Why is Spam a threat? • Spam may contain worms, viruses, and other malicious code

  14. Spam con’t • CAN-SPAM Act of 2003 • Established requirements for those sending commercial email • Ban on false or misleading header info • No deceptive subject lines • Requires an opt out method • Opt out mechanism must process request for at least 30 days after you send commercial email • Email must be identified as advertisement and include sender’s physical address • Reporting Spam • Forward to spam@uce.gov

  15. Spam con’t • Resources • CAN SPAM Act see the FTC’s CAN SPAM guide at http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm • FCC CAN SPAM pamphlet at http://www.fcc.gov/cgb/consumerfacts/canspam.html • Reducing Spam • Federal Trade Commissions guide at http://www.ftc.gov/bcp/conline/edcams/spam/business.htm

  16. Viruses and Worms • Self replicating, malicious codes that attach to an application program or other executable system component and leave no obvious signs of their presence • Can arrive via emails or downloads • Can slow down your company’s systems and productivity as you need to dedicate resources to remove it

  17. Viruses and Worms con’t • Other impacts • Increased spam • Denial of service • Deleted files • Allow remote access to your computer • No particular way to identify that your computer has been infected • Some may destroy files and shut down your computer • Others may only subtly affect computer normal operations • Anti-virus software may alert you that it’s found malicious code and may be able to clean it automatically

  18. Viruses and Worms con’t • What to do if infected • Minimize the damage – contact your IT dept • For home computers – disconnect your computer from the Internet • Remove malicious code • Update virus definitions for your anti-virus software • Perform manual scan of entire system • If software can’t locate and remove code, you may need to reinstall your operating system • NOTE: Reinstalling or restoring your operating system typically erases all your files and additional software you have installed on your machine

  19. Viruses and Worms con’t • Resources • National Cyber Alert System Tip: Recovering from Viruses, Worms and Trojan Horses at http://www.uscert.gov/cas/tips/ST05-006.html

  20. What’s GU doing? • Barracuda firewall • Blocks an average of 400 phishing types of email messages on a daily basis • Blocks roughly 112 viruses • Blocks roughly 36,000 spam emails • Email server virus protection • Blocks roughly 98% of viruses that are sent

  21. Barracuda Results 6/05-7/06

  22. What’s GU doing con’t • Your computer • Each GU owned computer is installed with virus protection and a firewall • Outlook has Spam detection rules built in that users can configure • User awareness • Be aware of hazards in order to protect yourself

  23. Policies • Find them on the http://cybersecurity.gonzaga.edu website • Employee Email Policy • Prohibited Activities • Sending SPAM, chain letters from a Gonzaga email account • Unauthorized altering of the header of an email message to prevent the recipient from determining the actual sender of the email • Sending email from another user’s account or falsifying sender information in any way

  24. Policies con’t • Using email for any activity that is unlawful or in violation of any Gonzaga policies • Unauthorized disclosure or forwarding of information proprietary to the university or deemed confidential in nature or information that could be construed as a statement of official university policy, position, or attitude • Mass Mailings • Warnings and mass mailings about important technology issues must be approved by the Director of Central Computing or assigned designee • Mass mailings to staff and faculty shall be approved by the Director of Public Relations or assigned designee • Mass mailings to students shall be approved by the Vice President of Student Life or assigned designee

  25. Policies con’t • General Policy • Using a reasonable amount of Gonzaga University’s resources for personal emails is acceptable • All email stored in the “Deleted Items” directory will be automatically purged (permanently deleted and unrecoverable) after a period of thirty (30) days. This includes email attachments stored in the Deleted Items directory • Central Computing and Network Support Services (CCNSS) will employ methods to reduce the number of SPAM type email and viruses that are received by university recipients. CCNSS will attempt to ensure valid email is allowed, however, some false positives can be expected

  26. Policies con’t • Student Email Policy • Students have the responsibility of accessing and reading their email messages in a timely fashion and maintaining their email box at a reasonable size. Zagmail users should move messages from their inbox and maintain their inbox at a size no greater than 25 megabytes • The university reserves the right to purge email from accounts

  27. Resources • Check out the new Cyber Security website at http://cybersecurity.gonzaga.edu • Learn more about how to keep your computer secure at www.onguardonline.gov and www.staysafeonline.org • Info on how to put a ‘fraud alert’ on your files at the credit reporting bureaus at www.consumer.gov/idtheft or 877-438-4338 • Report phishing at www.fraud.org or 800-876-7060

  28. Resources • Check out the new Cyber Security website at http://cybersecurity.gonzaga.edu • Learn more about how to keep your computer secure at www.onguardonline.gov and www.staysafeonline.org • Info on how to put a ‘fraud alert’ on your files at the credit reporting bureaus at www.consumer.gov/idtheft or 877-438-4338 • Report phishing at www.fraud.org or 800-876-7060

More Related