1 / 37

Protecting Yourself in Our Digital World

Protecting Yourself in Our Digital World. Jodi Ito • Information Security Officer Information Technology Services jodi@hawaii.edu • (808) 956-2400. From Our President. Today’s Thoughts. Our Digital World Today Threats and Vulnerabilities Mitigation Strategies Security Awareness.

ugo
Télécharger la présentation

Protecting Yourself in Our Digital World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protecting Yourself in Our Digital World Jodi Ito • Information Security Officer Information Technology Services jodi@hawaii.edu • (808) 956-2400

  2. From Our President

  3. Today’s Thoughts • Our Digital World Today • Threats and Vulnerabilities • Mitigation Strategies • Security Awareness

  4. Today’s Environment

  5. has become a verb!

  6. Technologies and Trends • INFORMATION AGE! • NOW Generation • PDAs, laptops, netbooks + (wireless networks/cellular broadband) = Mobile Computing • Cellphones --> Smartphones • “Texting”, “Tweeting”, “Friending” --> Social Networking • WHOLE NEW WORLD!

  7. Sign of Things to Come… • http://www.informationweek.com/news/showArticle.jhtml?articleID=219100621

  8. Fun, Convenience, OR….? • Toy car lets kids spy on others • http://www.networkworld.com/video/?bcpid=60965047001&bclid=1363192037&bctid=68172212001 • Using mobile devices to open hotel doors • http://www.tnooz.com/2010/03/01/mobile/hotel-door-opening-technology-moving-to-mobile-devices/

  9. FTC P2P data leak alarm… • The Federal Trade Commission this week sent letters to almost 100 organizations that personal information, including sensitive data about customers and employees, has been shared from their computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. • Search for “FTC P2P data leak” using your favorite search engine

  10. More P2P Filesharing Risks… • “P2P Snoopers Know What's In Your Wallet” http://www.networkworld.com/news/2010/020710-shmoocon-p2p-snoopers-know-whats.html • “File Sharers, Beware!”http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml

  11. Digital Threats • Viruses, Spyware, Trojans & Other Malicious Software • Botnets • Phishing & Spam • Identity Theft • Cyber Stalking, Cyber Bullying, Online Predators • Etc., etc., etc….

  12. Form Phishing • North Carolina State University Phishing Attack • “Security” email directed recipients to web site to “protect” their accounts • Phishers used NCSU graphics to replicate phishing web page • http://www.ncsu.edu/it/security/webmail-phishing.html

  13. Anti-Phishing Phil http://wombatsecurity.com/antiphishingphil

  14. Useful Information • Federal Trade Commission http://www.onguardonline.gov/ • Department of Homeland Security www.staysafeonline.org

  15. Tapping Your Cell Phone • http://www.wthr.com/Global/story.asp?s=9346833

  16. Booming Cyber Crime Industry! • Botnets: Rent-a-botnet • SPAM generators (steal email accounts and passwords) • $$$ - Stolen sensitive information • Top 3 categories: • Bank account - £5 ($8) • Credit cards - 50 credit cards for £20 ($35) • Personal identities - EU identities are worth more

  17. Underground Economy • Multi-Billion $$$ industry • TJX Data Breach: • Estimated 94 million victims • Estimated losses: $65M - $83M • August 2008: Hacker ring charged with conspiracy, computer intrusion, fraud, & identity theft: http://www.consumeraffairs.com/news04/2008/08/hacker_ring.html

  18. Background Resources • “Botnet probe turns up 70G bytes of personal, financial data” estimated worth $8.3M • http://www.networkworld.com/news/2009/050409-botnet-probe-turns-up-70g.html • UCSB Computer Science Study: • http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html

  19. Data Breaches • Privacy Rights Clearinghouse http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP • Over 260 millions records containing sensitive information are involved in security breaches • Educational Security Incidents: http://www.adamdodge.com/esi/

  20. Example

  21. This Cyber “stuff”… • Affects us all! • Each unprotected/unpatched computer is a threat: • Infected worm/virus/bot • Could be used in a concerted attack against a critical infrastructure • Computers, servers, mobile storage devices with any sensitive information represent a vulnerability

  22. What Do We Do? Practice safe computing!

  23. Keep Your Computers Safe • Update the software on your computer weekly (or more frequently) • Install anti-virus and anti-spyware software and keep it up-to-date • Use accounts and strong passwords • Encrypt sensitive information • http://www.hawaii.edu/askus/729 • Don’t install unknown software from unknown sites • Don’t share your accounts/passwords • Use password protected screen savers

  24. Use STRONG Passwords • Not easily guessable • Do not use dictionary words • Use a combination of upper and lowercase letters, numbers, and special characters • No less than 8 characters • Check your password strength: https://www.microsoft.com/protect/fraud/passwords/checker.aspx

  25. Password Strategies • Replace letters with numbers or characters • Incorporate something memorable to you • Example: • need password for CitiBank online account • got your mortgage in April 2005: • 04C7t7B@nk05 • Use a phrase and turn it into a password • Example: • My Favorite Food is Chocolate Ice Cream • MfFiCiC2010m@r

  26. More on Passwords • Don’t use the same password for all accounts • Change passwords frequently • Use more difficult passwords on more sensitive accounts • Use a password safe (but don’t lose the master password!) • http://passwordsafe.sourceforge.net/ • http://www.hawaii.edu/askus/705

  27. Protect Yourself and Information • Don’t open unknown emails & attachments • Visit only reputable web sites http://safeweb.norton.com/ • Do not reply to SPAM or Phishing emails • Only login to servers for the duration needed - disconnect when done • Don’t let others use your computer irresponsibly • Use a credit card for online shopping • http://www.hawaii.edu/askus/729

  28. DO NOT EVER… • …Give out your personal information in response to an UNSOLICTED email, phone call, voice mail • If in doubt, CHECK IT OUT! • Call the company using another legitimate phone number (not the one provided in the email or phone call) • New scams use social networking sites to get background personal information

  29. Protect Your Sensitive Information • BE SUSPICIOUS! You can’t take back information you’ve already given out • Ask “Why?” when someone asks for your SSN • Check your credit report: www.annualcreditreport.com

  30. Social Networking • Do not post TOO MUCH INFORMATION! • Internet is FOREVER! • Whatever you post may circulate even AFTER you delete it • New scams use social networking sites to get background personal information • Watch what your children do on the computer

  31. TTMI… • Tweeting Too Much Information: http://pleaserobme.com/

  32. Laptops and Mobile Devices • Implement passwords on the device • Backup your data frequently & test backups • Store backups away from the laptop • Encrypt sensitive information • Watch your laptop at all times • Keep your laptop in your possession at all times • Don’t leave it out in your hotel room • Consider using a laptop lock • Consider laptop recovery services • Don’t leave your laptop in a car

  33. Wireless & Public Computers • Be cautious when using open wireless networks • Others using the network maybe be “sniffing” the network • If you must use a public computer, change the password on the account accessed using a secure computer ASAP

  34. Wi-Fi Dangers… • Security Expert Claims Thieves Can Detect Wi-Fi In Sleeping Computers http://www.wired.com/gadgetlab/2010/03/security-expert-claims-thieves-can-detect-wi-fi-in-sleeping-computers/#ixzz0hKGscGjt • Hidden dangers of free public WiFi http://news.zdnet.com/2100-1035_22-149778.html

  35. BE AWARE!Know what’s out there(Google yourself)

  36. Questions? Jodi Ito jodi@hawaii.edu (808) 956-2400

More Related