simple ways to make security easier n.
Skip this Video
Loading SlideShow in 5 Seconds..
TOP TEN (10) Security Tips PowerPoint Presentation
Download Presentation
TOP TEN (10) Security Tips

Loading in 2 Seconds...

play fullscreen
1 / 39

TOP TEN (10) Security Tips - PowerPoint PPT Presentation

  • Uploaded on

Simple ways to make security easier. TOP TEN (10) Security Tips. Karen McDowell, Ph.D., GCIH Information Security, Policy, and Records Office Office Technology Conference 2010. Security Tip #1. Don’t click on unsolicited email messages If in doubt, telephone the sender

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'TOP TEN (10) Security Tips' - hateya

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
simple ways to make security easier
Simple ways to make security easier

TOP TEN (10) Security Tips

Karen McDowell, Ph.D., GCIH

Information Security, Policy, and Records Office

Office Technology Conference 2010

security tip 1
Security Tip #1
  • Don’t click on unsolicited email messages
  • If in doubt, telephone the sender
  • Use the 800 number on the back of your credit or debit card
  • Check the UVa Security and Suspicious Alerts Page (updated hourly if necessary)
old fashioned trickery or social engineering
Old-Fashioned Trickery orSocial Engineering

How shall I trick you? Let me count the ways!

  • Phishing
  • Spear-phishing
  • Vishing
how do i identify a phishing message
How Do I Identify a Phishing message?
  • Unsolicited – no reputable financial institution will ask for your personally identifiable information (PII) – if someone asks, suspect trouble
  • Timing is a clue, though not always
  • Words or tone of urgency
  • Web page or email message mimics in almost every detail legitimate, commercial or social networking sites
phishing with masked web address
Phishing with Masked Web Address
  • If you clicked on this, you went to the
spear phishing most dangerous
Spear Phishing Most Dangerous
    • Spear phishing is a highly-targeted attack directed to specific groups
      • Addresses members by first name
      • Conveys tone of intimacy
  • Spear phishers also create fake social networking login pages to lure us into sites, where we routinely enter PII (personally identifiable information)
  • Spear phishers lately tricking Fortune 500 senior execs who play Farmville
spear phishing message
Spear Phishing Message

Attached document contained malware!

phishing with masked web address1
Phishing with Masked Web Address
  • If you clicked on the URL below, you went to
why spear phishing works
Why Spear Phishing Works
  • Success relies upon details used --
    • Apparent source is known, trusted individual, like HR or IT staff
    • Message information supports its validity
    • Request has a logical basis
  • Anytime you see anything you think is suspicious, go to the Alerts page at UVa, and check if posted
security tip 2
Security Tip #2
  • Prepare for Rogue Antivirus, so you know what to do if it hits you

Fake (Rogue) Antivirus

Courtesy of Indiana University

rav social engineering plague
RAV: Social Engineering Plague
  • Rogue Antivirus popups appear to be authentic copy of legitimate Windows screens
  • RAV tricks users into thinking their computer is infected with viruses
    • Offer antivirus to help them clean it
  • Aggressive use of spam, online ads, and schemes to manipulate search engine results to infect Web users, searching for trends, like celebrity foibles, big breaking news, etc

what you can do
What You Can Do
  • Install and run Malwarebytes (legal on home computer only)
  • Stop using the computer immediately
    • Don’t click on any popups!
  • Turn off wireless, or pull the high-speed line out of the back
  • Why we backup often
security tip 3
Security Tip #3
  • Avoid wireless hotspots, or modify your computer use if you use them
  • Don’t do anything that requires a password
    • Don’t login to your bank or email
the evil twin wireless insecurity
The Evil Twin Wireless Insecurity
  • Home-made wireless access points masquerade as legitimate hot spots
  • Fairly easy to create an evil twin with a laptop
security tip 4
Security Tip #4
  • Use social networking sites like Facebook, LinkedIn, and Twitter very carefully
facebook security issues
Facebook Security Issues
  • Social network du jour
  • Attackers go where we go
  • Facebook members greater than population of USA
  • Weak passwords or passphrases
  • Don’t use third-party applications
  • Check for mis-configured or unused privacy settings
facebook instant personalization
Facebook Instant Personalization

Reports that Facebook has once again compromised users privacy settings by not only making the process more complex but by making it an opt-out process, instead of opt-in.

Don't post any information, like announcing you are going on vacation, on your blog or Facebook that could be used by identity thieves to target you, your family or friends, or UVa.

ZDNet 25 May 2010

rogue antivirus and twitter
Rogue Antivirus and Twitter
  • Twitter hit with rogue anti-virus scam
  • Flurry of tweets directed users to a website promising "Best Video“
  • Appeared to offer content from YouTube, but delivered a document infecting those using vulnerable versions of Adobe's Reader program
  • Victims then received urgent warning that their systems were infected and needed fraudulent security software cleaning

<> 6/2009

twitter security issues
Twitter Security Issues
  • Link shorteners like TinyURL lead users to unknown destinations, though there’s a fix for this
  • Vulnerable to phishing attacks
  • Users unwittingly give their passwords to third-party applications
  • Phishers use Twitter May 2009
    • Bogus accounts of “hot” women
    • Tiny URLs obfuscated real sites

<> 5/2009

security tip 5 protect smart phones
Security Tip #5 Protect Smart Phones
  • Passcode
    • Enable at least 4 digits but this also depends upon IT policies
    • Exceeding the number of allowed password attempts deletes all data
    • Auto-Lock
    • Locks the screen after a pre-set time periodof non-use (consider 30 minutes or less)
    • Passcode-lock enhances auto-lock
    • By itself not exactly a security feature but combined with passcode protection,it’s essential security
security tip 6
Security Tip #6
  • Use strong passwords or
  • Try a passphrase if it is easier for you to remember
create strong passwords
Create Strong Passwords
  • A 10-character password is not as hard to remember as you think
  • Make up a unique sentence, and use the first letter of each word in the sentence
  • Mix up the capitalization, and add a digit or punctuation mark somewhere
  • A sentence unique to you might be: “My Chevy’s front muffler leaks too much” for the password “MCfml,t3m”
  • But don’t accidentally create a word, as in “How older US educators sit” for password “HoUSes”
passphrases are just words
Passphrases are just words
  • Easy to remember
  • “Mysonjusthitmefor1200dollars”
  • “AvoidworkonMondaysifyoucan”
  • Avoid famous sayings or quotes like “give me liberty or give me death", “to be or not to be", or "four score and seven years ago", etc., because attackers makes lists of these
security tip 7
Security Tip #7
  • Update, update, update!
  • Backup, backup, backup!
update update update
Update, Update, Update
  • (home use only)
  • Macintosh Security Update
  • Microsoft Automatic Update
backup backup backup
Backup, Backup, Backup
  • Home Directory
  • External hard drive
    • These mechanical systems can fail!
  • Memory stick
    • Only for short term storage
  • Drag and drop action
security tip 8
Security Tip #8
  • Check your free annual credit report
  • Not
  • Pull down your credit history, and see what accounts have been opened in your name
    • Check personal data for accuracy
  • You will not receive a credit score, unless you pay for it
security tip 9
Security Tip #9
  • Stay on Main Street when using the Internet
    • Don’t go down any dark alleys
    • What’s a dark alley on the Internet?
security tip 10
Security Tip #10
  • Apply the same common sense rules you use in the real world to protect institutional and personal data –
    • Ask Ben Bernake’s wife
  • Regularly check your computer for sensitive data (Backup/remove files)
  • Use Secure Deletion Shredder
  • Use Identity Finder at work