Good Computer Security Practices Basic Security Awareness By Harpreet Kaur Saini Hello; Thank you Overview of computer security and good computing practices. This is kind-of a whirlwind overview, so the handout that you have has additional information and details about any of the things that I will be talking about.
What is Information and Computer Security?
… the protection of computing systems and the data that they store or access. Desktop computers Confidential data Laptop computers Restricted data Servers Personal information Blackberries Archives Flash drives Databases The definition of computer security is pretty straightforward <Read definition> This may lead you to the question: <next slide>
Why do I need to learn about computer security? Isn’t this just an IT Problem? <Read slide> And the answer is: Well, not really… Everyone who uses a computer needs to understand how to keep his or her computer and data secure.
What are the consequences of security violations? Embarrassment to yourself and/or the University Having to recreate lost data Identity theft Data corruption or destruction Loss of patient, employee, and public trust Costly reporting requirements and penalties Disciplinary action (up to expulsion or termination) Unavailability of vital data Embarrassment to the University – Breach information on the front page of the Chronicle etc Risk to security and integrity of personal or confidential information e.g. identity theft, data corruption or destruction, unavailability of critical information in an emergency, etc. Loss of valuable business information Loss of employee and public trust, embarrassment, bad publicity, media coverage, news reports Costly reporting requirements in the case of a compromise of certain types of personal, financial and health information Internal disciplinary action(s) up to and including termination of employment, as well as possible penalties, prosecution and the potential for sanctions / lawsuits
Good Computer Security Practices “Top Ten List” Good Computer Security Practices So that’s what computer security is and why it is important to know about good computing practices. Next I will quickly go through some basic good computing practices. I’d like to call your attention to the “Top 10 list” of good computing practices” on the handout that I gave you. The handout is meant as a reference for you to take with you, and what I’ll be doing is highlighting some key points.
2. Back-up your data. Don’t keep restricted data on portable devices. Make backups a regular task, ideally at least once a day. Backup data to removable media such as portable hard drives, CDs, DVDs, or a USB memory stick. Store backup media safely and separately from the equipment. Remember, your data is valuable… don’t keep your backups in the same physical location as your computer! Restricted data discussed on slides 27 and 28. Maybe say something here about what portable devices are? Namely laptops, flash drives/memory sticks. Portable Devices: These include laptops, CDs/floppy disks, memory sticks, PDAs, phones, etc. These items are extra vulnerable to theft and loss. If you have to, keep these items extra secure. 1. Need info for back up your data.
3. Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them! Passwords: Passwords are a fundamental line of defense against unauthorized access of our computers or data, so it is important to have good passwords that are hard for hackers to guess or crack, and it’s also important to protect your passwords - keep them secure. They really need to be treated like other confidential info such as SSN or other identity theft information. The handout has some general pointers for creating good, cryptic passwords. Protecting your password means never share it and try to create passwords that are easy for you to remember so you don’t have to write them down. If you DO have to write a password down, be sure you store it securely - lock it up in a place where others wouldn’t think to look.
5. Don’t install unknown or unsolicited programs on your computer. “I’ll just keep finding new ways to break in!” 4. Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches. 5. Don’t install unknown or unsolicited programs on your computer. Patches: Ask your computing coordinator if you aren’t sure how to do this. (It’s not your job to figure it out.) Also find out what you need to do (if anything) to keep them current. Unknown programs: These can harbor computer viruses or open a “back door” giving others access to your computer.
6. Practice safe e-mailing ~ Don’t open, forward, or reply to suspicious e-mails Don’t open e-mail attachments or click on website addresses Delete spam Talk about the secure solution 3 main points: We already talked a bit about not clicking on web links unless you really know where you are going. This is especially true for unsolicited web links in email. Regarding attachments, only open attachments if you are positive you know what you’re opening 3 checks: you were expecting it, it is addressed specifically to you, and the file name is what you were expecting. Checks are important because email can look like it is from a known person but really be sent by an infected machine. See handout: “Should you open that email attachment?” 3. Don’t open, reply to or forward spam or suspicious e-mails - Just delete them. Some warning signs that you’re dealing with suspect email on handout.
7. Practice safe Internet use ~ Accessing any site on the internet could be tracked back to your name and location. Accessing sites with questionable content often results in spam or release of viruses. And it bears repeating… Don’t download unknown or unsolicited programs! Internet: With respect to using the Internet, it is important to keep 2 things in mind: The internet is not private. Don’t provide personal or sensitive information to internet sites, surveys or forms unless you are using a trusted, secure web page. Just opening a malicious web page can infect a poorly protected computer. Make sure you know where you’re going before clicking on a link Instead of clicking on a link, look up the company and go there directly.
8. & 9. Physically secure your area and data when unattended ~ Secure your files and portable equipment - including memory sticks. Secure laptop computers with a lockdown cable. Never share your ID badge, access codes, cards, or key devices (e.g. Axiom card) Lock Up; Close Up: Check windows, doors and drawers (take keys out of drawers). Lock up any sensitive materials before you leave your area. It’s OK to question people if you think they may be somewhere that they don’t belong. SAY MORE ABOUT AXIOM CARDS Laptops: Lock up your laptop wherever you take it, including at meetings, conferences, coffee shops, etc. Make sure it is locked to something permanent. Lockdown cables are available at The Source Bookstore.
10. Lock your screen For a PC ~ <ctrl> <alt> <delete> <enter> OR <> <L> For a Mac ~ Configure screensaver with your password Create a shortcut to activate screensaver Use a password to start up or wake-up your computer. Get directions from sean about how to log off a Mac Basic theme: Secure your computer when it is unattended. And make sure a password is required to get back on or to start up. For additional protection, have your computer set to “auto-lock” if it is left unattended.
Protecting Restricted Data In addition to going over these general good computing practices, I want to include a few words about restricted data.
Restricted data includes, but is not limited to: Name or first initial and last name Health or medical information Social security numbers Ethnicity or gender Date of birth Financial information (credit card number, bank account number) Proprietary data and copyrighted information Student records protected by FERPA Information subject to a non-disclosure agreement Restricted data is basically anything that would be considered sensitive that shouldn’t be available to the general public for one reason or another. These are a few examples. Some of the classic ones are SSN, health info, financial info, intellectual property, but most of us have a general sense of what is and isn’t sensitive or private, and you can always look it up or ask if you’re not sure. Because of its nature, restricted data needs to be specially protected. Given this, I have 3 relatively simple steps for you for protecting restricted data. <Next slide>