1 / 22

Computer Security

Computer Security. Chris Hughes Chairman NTC. Computer Security. Physical security Stolen computers Electronic security Theft via software Theft via networks. 2014 Security Incidents. This year in the AARP Foundation Tax-Aide program there were: 35 taxpayer forms lost

nuwa
Download Presentation

Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Chris Hughes Chairman NTC NLT Meeting Aug 2014

  2. Computer Security • Physical security • Stolen computers • Electronic security • Theft via software • Theft via networks NLT Meeting Aug 2014

  3. 2014 Security Incidents • This year in the AARP Foundation Tax-Aide program there were: • 35 taxpayer forms lost • Eight (8) confirmed laptops reported stolen/lost • There was data and a disclosed password on one of the stolen computers • Many state laws do not require notification when computers and/or devices are encrypted NLT Meeting Aug 2014

  4. Consequences of Data Loss • Affected taxpayers individually contacted and given free credit monitoring for a year at program’s expense TaxWise Online - no data stored on computers NLT Meeting Aug 2014

  5. Security – What You Can Do • ALL computers used for Tax-Aide must be passwordprotected. • Passwords must not be shared outside the program. • Written password reminders must be keptaway from the computers. 2014 SMT/TCS Training - Dallas

  6. Data Security Password • Password guidelines: • Minimum length – eight (8) characters for Windows, and TaxWise™ accounts.  • At least one letter and one number in the password. • Choose a password that is not a dictionary word or someone’s name. • Do not use TaxWise, TW, Tax-Aide, AARP or any word in the password similar to something that is obviously related to the program. 2014 SMT/TCS Training - Dallas

  7. The Rising Malware Threat NLT Meeting Aug 2014

  8. http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdfhttp://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf NLT Meeting Aug 2014

  9. What is Malware? • Trojan, Virus, Worm, Backdoor, Botnets • RansomWare • Personal and account information theft • Bank account withdrawal, credit card usage, loan falsification • Ad clicking for Dollars NLT Meeting Aug 2014

  10. Methods of infection • Email attachments • Email web links • Infected web sites • Flash drives • Adding an infected system to a network (Windows XP) • Java installed – rapidly becoming one of biggest risks (this is different than javascript). NLT Meeting Aug 2014

  11. Nightmare Scenario • A key logger • Captures every account login • Sends every keystroke made on the computer to a criminal enterprise Server. • Every tax return done on the computer will result in identity theft on those SSNs NLT Meeting Aug 2014

  12. Effects of Identity Theft • For victims of identity theft, consequences can last for years; causing financial problems, credit issues, benefit losses, and legal problems. • Cost to the AARP Foundation Tax-Aide program reputation and the good work that you all do. • Cost of credit protection. NLT Meeting Aug 2014

  13. Infected System Recognition • Anti-virus software increasingly ineffective • Polymorphic and “kit” virus production • Where one virus exists there will be many due to backdoor access • Look for • Excessive ads, multiple IE toolbars, unusual home pages, slow system performance, problems running anti-virus scans • Silent key loggers are the most dangerous and most undetectable • If Tax-Aide becomes “targeted”, we will be infected and there is nothing we can do except re-image IF IN DOUBT RE-IMAGE NLT Meeting Aug 2014

  14. Windows XP • The tech industry is assuming that every single existing Windows XP system will become infected with malware over the next few months. • Infected websites • Flash drives • Email NLT Meeting Aug 2014

  15. What Can You Do • Make sure all computers are running the Windows 7 or8; this includes personal and site computers. • Windows Vista not supported by CCH • If a personal or site computer cannot be upgraded • They must not be used for Tax-Aide purposes. • They cannot be on the same network segment as Taxaide computers. • If necessary contact the National Office. NLT Meeting Aug 2014

  16. What Can Be Done? • Do all Windows, Adobe updates immediately • Use anti-malware software like MSE and MalwareBytes • If installed, remove Java • Stick to mainstream, branded websites on Tax-Aide systems • Re-Image systems regularly • Run as a “standard” user – see later Too much effort for many – we have infected systems in the program right now!! NLT Meeting Aug 2014

  17. Site Visits • All site visits by RCs and SCs should include the question • “Are any Windows XP systems being used?” • If yes take whatever action necessary to remove them • “Are any systems behaving oddly?” • Request technical help to check out the system. NLT Meeting Aug 2014

  18. What else can be done? • A policy change • Windows user account passwords must be changed yearly • 90% plus of malware will be stopped by using a “standard” Windows account!! – this includes silent key logger installation!! NLT Meeting Aug 2014

  19. Windows Users • Administrative User (e.g. Volunteer) • Our everyday default, allows easy program and update installation • Standard User • Allows all usage of TaxWise and other software • Does NOT allow any software installation or updating to be done. • An Administrator user password must be entered to allow installation and updates NLT Meeting Aug 2014

  20. NTC Recommendation • Use a standard User Volunteer Account for all everyday purposes • Only a best practice recommendation, not mandatory • Will be in this fall’s Sharenet documents update. NLT Meeting Aug 2014

  21. Why Recommendation • The changes are simple if the user is comfortable using Windows Control Panel • Many of our volunteers are not capable of this!! • The change causes the inconvenience of having to type in a password to do the required Windows updates • Many volunteers will find this unacceptable • This change ONLY prevents new infections! • Re-imaging is the only way to remove existing anti-virus proof infections! NLT Meeting Aug 2014

  22. Discussion & Questions??? NLT Meeting Aug 2014

More Related