Protect Yourself from Cyber Risks

1. Protect Yourself from Cyber Risks 2012 SEAS Cybersecurity Awareness Day 10/17/12 Jay Carter, CISSP CISA

2. Agenda • Overview • Notable Targets of Hackers • What You Can Do to Protect Yourself • Identity Theft • Questions

3. Overview The intent of this presentation is to raise your awareness to the continuous cybersecurity risks we all face daily in our personal lives, and to discuss what you can do to reduce your level of risk. This information is for personal consideration only, and must not be applied to University owned computers. The events discussed in this presentation were reported publically, and links to the sources are provided. No application mentioned in this presentation is endorsed by Harvard, nor used in the University’s Information Security Program.

4. Torn from the Headlines • How Apple and Amazon Security Flaws Led to My Epic Hacking (08/06/12) • http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/ • 6.4 Million Passwords Reportedly Stolen From LinkedIn Website (06/06/12) • http://abcnews.go.com/US/linkedin-hacked-64-million-user-passwords-reportedly-leaked/story?id=16508728#.UHwAmYXrTw4 • Dropbox gets hacked ... Again (08/01/12) • http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/

5. Torn from the Headlines • Anonymous Claims To Have Hacked Facebook’s Website (06/01/12) • http://washington.cbslocal.com/2012/06/01/anonymous-claims-to-have-hacked-facebooks-website/ • Like LinkedIn, eHarmony is hacked; 1.5 million passwords stolen (06/06/12) • http://articles.latimes.com/2012/jun/06/business/la-fi-tn-eharmony-hacked-linkedin-20120606 • iTunes Hack: Users Report Unauthorized Charges On Accounts (02/10/12) • http://www.huffingtonpost.com/2012/02/10/itunes-hack-unauthorized-charges-apple_n_1268593.html

6. There is Hope …

7. Defense in Depth - Network • Enable the firewall native to your Operating System • http://windows.microsoft.com/en-US/windows-vista/Understanding-Windows-Firewall-settings • https://support.apple.com/kb/HT1810 • Test your firewall • https://www.grc.com/x/ne.dll?bh0bkyd2 (Windows only) • Wi-Fi Security • Best security practices http://www.wi-fi.org/discover-and-learn/security, http://wirelessdefence.org/Contents/Home%20Wireless%20Security%20Tips.htm

8. Defense in Depth - OS • Install antivirus software, good free choices: • http://windows.microsoft.com/en-US/windows/products/security-essentials • http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx • Patch your computer to most current level • Enable Automatic Updates • http://windows.microsoft.com/en-US/windows-vista/Understanding-Windows-automatic-updating • https://www.apple.com/softwareupdate/ • Operating System and software patch scanner • https://secunia.com/vulnerability_scanning/personal/ • http://informer-technologies-inc.mac.informer.com/

9. Defense in Depth - Browser • Consider using Chrome as your browser • https://www.computerworld.com/s/article/9223957/German_gov_t_endorses_Chrome_as_most_secure_browser • Security browser extensions • https://www.eff.org/https-everywhere • https://www.ghostery.com/ • http://donottrack.us/ • http://noscript.net/

10. Protect Yourself • Multi-factor Authentication – something you know AND something you have • Gmail 2-step verification http://gmailblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html • Yahoo! second sign-in verificationhttp://www.ymailblog.com/blog/2011/12/yahoo-introduces-stronger-user-authentication-%E2%80%93-second-sign-in-verification/ • PayPal Security Key https://www.paypal.com/us/cgi-bin?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside&bn_r=o • Facebook Login Approvalshttps://www.facebook.com/note.php?note_id=10150172618258920 • Dropbox two-step verificationhttps://blog.dropbox.com/index.php/another-layer-of-security-for-your-dropbox-account/

11. Protect Yourself • Password Manager/Safe – DON’T SAVE VIA BROWSER • LastPasshttp://lastpass.com/ • KeePasshttp://keepass.info/ • Google Alerts for your personal information • http://www.google.com/alerts • Review your Credit Reports • http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml • All purpose security resources • http://www.onguardonline.gov/ • www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf • https://ssl.apple.com/support/security/

12. Protect Yourself • Encrypt your hard disk • Windows BitLocker http://windows.microsoft.com/en-US/windows7/products/features/bitlocker • Mac OS X FileVaulthttps://support.apple.com/kb/PH7024 or https://support.apple.com/kb/HT4790 • TruCrypthttp://www.truecrypt.org/ • Backup your hard disk • Backup both locally AND online • Windows http://windows.microsoft.com/en-US/windows7/products/features/backup-and-restore • Mac OS X https://support.apple.com/kb/ht1553 • Commodo Backuphttp://backup.comodo.com/ (Windows) • SugarSynchttps://www.sugarsync.com/ • MozyHomehttps://mozy.com/home/free/

13. Protect Yourself • Securely erase your hard disk • UCSD Center for Recording Magnetic Research http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml • Darik’s Boot And Nuke (DBAN)http://www.dban.org/ • Encrypt email containing your sensitive data • Hushmail https://www.hushmail.com/ • Mobile Device Security • Androidhttp://source.android.com/tech/security/ • iOShttps://www.apple.com/ipad/business/resources/ • Windows Phone http://www.microsoft.com/security/online-privacy/mobile-phone-safety.aspx

14. When It All Goes Wrong • If you become a victim of identity theft • Federal Trade Commission http://www.ftc.gov/bcp/edu/microsites/idtheft/ • United States Postal Service https://postalinspectors.uspis.gov/investigations/MailFraud/fraudschemes/mailtheft/IdentityTheft.aspx • FBI https://www.fbi.gov/about-us/investigate/cyber/identity_theft • Massachusettshttp://www.mass.gov/ocabr/consumer/identity-theft/

15. Questions?