Technology Solutions Security Update BOR March 2018 Paul Czarapata, Ed.D. KCTCS Vice President / CIO

2017 – KCTCS Technology By The Numbers 186,000,000 emails received Over 1 billion spam, phishing, and malware blocked Over 38,000 hours of Skype meetings Over 8 million files in OneDrive Technology Solutions help desk tickets completed in 2017 - 27,029 Average # of unique logins per day in Blackboard Learning Management System – 32,000 Up to 86 thousand logins daily to student information system

KCTCS Protection of Systems/Data Network Firewalls (controls incoming/outgoing network traffic) Intrusion detection hardware/software Antivirus / Anti-malware software Hard drive encryption Network penetration testing (both internal and by external parties) Annual Information Technology Audit by Crowe Horwath Personally Identifiable Information (PII) enterprise search software Looks for ssn, credit cards, drivers license, etc Take advantage of programs from FBI Infragard, Dept Homeland Security, and University of Texas

KCTCS Protection of Systems/Data (Continued) Physical security (locks, video surveillance, badge scanners, etc.) Education!! People are the weakest link, we coach them up! Seminars, online training, monthly newsletter, phishing campaign

What is the “Cloud” In simplest terms, cloud computing means storing and accessing data and programs over the internet instead of your computer or local data center.

Cloud Flavors SAAS – Software as a Service Software distribution method where access to program is provided over Internet (i.e. Quickbooks Online) PAAS – Platform as a Service Develop, run, and manage web-based applications IAAS – Infrastructure as a Service IaaS is the provision of virtual servers and storage that organizations use on a pay-as-you-go basis

KCTCS’s Cloud footprint Have adopted “Cloud First” strategy Nearly all KCTCS systems are in the “cloud” Mix of private and public cloud solutions Public = many companies in same cloud Private = cloud solution is just your company Each provider is vetted and audited Penetration testing Patch/fix policy Personnel screening Physical data center security Breach notification contracts Service level agreements

Sampling of KCTCS Cloud Providers

Who Is The Weakest Link? No matter how strong KCTCS: Firewalls Intrusion Detection Systems Cryptography Anti-virus software People are the weakest link in computer security!  People are more vulnerable than computers   "The weakest link in the security chain is the human element" -Kevin Mitnick

Privacy While KCTCS strives to protect its users' personal information and privacy, it cannot guarantee the security of any information you disclose online and you do so at your own risk. As a web user, keep in mind that whenever you give out personal information online information can be collected and used by people you don't even know.

Caution when you connect Be wary of how/where you connect to the Internet Careful with free Public WiFi hotspots Be aware of shoulder surfers Shut your machine down when you’re not using it Never leave your laptop/phone/tablet alone in a public area Do not allow thumb drive to be attached to your machine

External Hard Drives & Thumb Drives Don’t use a thumb drive you haven’t scanned for viruses (right click on it after you connect it)

What is Social Engineering? At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. Psychological manipulation Trickery or Deception for the purpose of information gathering Secretly install spyware, other malicious software Trick persons into handing over passwords and/or other sensitive financial (credit card) or personal information.

Phishing Fraudulently obtaining private information Send an email that looks like it came from a legitimate person or business Request verification of information and warn of some consequence if not provided Usually contains link to a fraudulent web page that looks legitimate User gives information to the social engineer

Example:

Spear-Phishing Example:

Online Financial Transactions Don’t use a debit card Sign up for alerts with your credit card company Only shop at reputable online stores (if the price is hard to believe, it’s probably a scam or a fake) Check your bank/credit card statements closely for small recurring charges Check if they support 2-factor authentication Ensure your are using a secure connection

What to do? Don’t click on links in suspicious emails Set your operating system to automatically update If something doesn’t seem right, it probably isn’t Be very careful of what data you give over the phone Back up your machine frequently Watch what you post on social media (Facebook, Twitter, etc) Use a firewall on your personal computer

Preventing the infection Use antivirus software. While there are some good free programs available, it may be worth your while to pay for top-notch protection. Antivirus software You are covered at work with antivirus, but are you covered at home? Set it to auto-update Run scans frequently My favorites – Kaspersky, McAfee, and AVG

What to do if you think you have a virus? Contact your local IT team if at work (or contact me/Keith if you are retired or self-employed) If at home Disconnect it from internet Do a full scan with virus software to see if it can be removed If comfortable, you may want to download virus removal tools to a portable drive on another machine to see if those work Contact a reputable computer repair service to see if they can help If your drive is encrypted, you may be out of luck unless you pay the bad guys

Tips & Tricks Update your software regularly. This is the best way to make sure all security patches get installed. Otherwise, hackers can target you by attacking your computer with malware designed to exploit known weaknesses. Don’t click unknown links. Far too many computer users engage in this practice, which is frowned on by the professionals. Remember, it’s easy for attackers to “spoof” an email address.

Questions? Thanks and be careful out there!!!! KCTCS Technology Solutions