Cybersecurity Hygiene

Slides:



Advertisements
Similar presentations
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
What is identity theft, and how can you protect yourself from it?
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Security 101 Harper P. Johnson Information Technology Services Director of Information Security.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Safe Online Keep your Information Secure.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Security at NCAR David Mitchell February 20th, 2007.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
KTAC Security Task Force Superintendents Update April 23, 2015.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Security By Duncan Hall.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
Computer Security Sample security policy Dr Alexei Vernitski.
Safe Computing Practices. What is behind a cyber attack? 1.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
Ransomware BISD Technology Department. Ransomware Ransomware is a type of malicious software (malware) that infects a computer and/or mobile device and.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Internet Safety.
HIPAA Privacy and Security
3.6 Fundamentals of cyber security
ISSeG Integrated Site Security for Grids WP2 - Methodology
Mysale Information Classification 101
Attention Identity theft Definition
Information Security.
Ways to protect yourself against hackers
Lesson 3 Safe Computing.
I S P S loss Prevention.
How to Protect Yourself from ID Theft and Social Engineering
Information Security 101 Richard Davis, Rob Laltrello.
Staying Austin College
Forensics Week 11.
Lesson 2- Protecting Yourself Online
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Take Cyber Security “TO HEART”
David J. Carter, CISO Commonwealth Office of Technology
Mysale Information Classification 101
Keeping your data, money & reputation safe
Top Ten Cyber Security Hygiene Tips
9 ways to avoid viruses and spyware
Bethesda Cybersecurity Club
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Records Management Network
Policies and Procedures to Protect you, your Office and your Data
16. Account Monitoring and Control
Cybersecurity and Cyberhygiene
Lesson 2- Protecting Yourself Online
G061 - Network Security.
6. Application Software Security
Online Computer Security Tips For Parents
Information Security in Your Office
School of Medicine Orientation Information Security Training
Presentation transcript:

Cybersecurity Hygiene …because you might be picking your friend’s nose. Sam Sneed June 2017

Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Yes, it is your problem What you don’t know will hurt you. Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Personal or Political Agenda Why people hack Money Organized online crime New methods to commit old crimes Personal or Political Agenda State actors “Hacktivists” Disgruntled employees Lulz Vandalism Curiosity Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Why everyone is a juicy target Information Financial (banking, credit, etc.) Health (medical records, prescriptions, etc.) Personnel files Intellectual property Critical business info Access Networks and devices Physical location or things Information or more access Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

What could happen when you’re hit Create backdoors, load additional code Loss of control of devices Exfiltration of info Encryption of files Ask for ransom Nothing (yet) Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Folk wisdom for the digital age Exploits and Current Events Practical Tips Folk wisdom for the digital age Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Don’t take candy from strangers If in doubt, don’t click Attachments may contain malware Links can take you to compromised websites “Phishing” common method of attack Can use spoofing, social engineering, other methods to trick users into accessing infected files or websites Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Don’t take candy from strangers (If in doubt, don’t click) Scan email and attachments Check with IT to see if this can be done automatically Use blacklists/ whitelists to control access Call and verify with the sender Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Don’t eat things off the ground Think before you connect How public is the network? How secure is the device? Man-in-the-middle attacks Dyn attack, October 2016 IoT devices infected w/ malware* became botnet (baby monitors, printers, cameras) DDoS attacks took down major online services and retailers * The malware used, “Mirai,” is Japanese for “the future” Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Don’t eat things off the ground (Beware of free lunch) Avoid public networks, especially open ones Avoid logging into sensitive services while on a public network Consider using a VPN or mobile network Do you really need an internet-connected teapot? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Think about who and what you interact with Don’t share cooties Think about who and what you interact with What is their cybersecurity hygiene like? Where have their devices been? Where have those thumb drives been? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Consider the terms of accessing your company network Don’t share cooties Consider the terms of accessing your company network May employees connect personal devices to the work network? Do contractors have access? Beware of “jailbroken” devices Consider options like mobile device management software Scan media (e.g. thumb drives) if they are coming in from unknown sources Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

A place for every password and every password in its place Pick up after yourself A place for every password and every password in its place Where do you keep your credentials? When’s the last time you cleaned them out? Are credentials doubled up? How many devices across how many networks have you used your credentials on? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Info and credentials should have an expiration date Pick up after yourself Info and credentials should have an expiration date Mind your passwords Don’t double up on credential usage How many post-its are you using? Consider using a password manager Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Are you taking full advantage of security tools? Lock your doors Are you taking full advantage of security tools? Weak passwords are easy to crack Brute force Password dictionaries Access controls frequently have publicly-accessible control panels and/or default admin passwords Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Use lock screens on mobile devices Mind your passwords Lock your doors Use lock screens on mobile devices Mind your passwords Length (8+) Complexity (Upper case, lower case, number, special character) Don’t forget about physical security Change your factory default passwords Consider multi-factor authentication Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Wash your hands and take your vitamins How often does your computer get a checkup? Automated scans? Software updated? WannaCry, May 2017 Affected unpatched Microsoft operating systems Supported OS could patch in March 2017 (Windows Vista, 7, 8.1, 10) Unsupported OS had no patch (XP, others) Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Wash your hands and take your vitamins Keep your software updated Consider SaaS models Get regular checkups Schedule regular scans Don’t ignore warning signs Error messages sometimes have important things to say Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

making it work for your organization Training Processes Documentation making it work for your organization Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Take stock of your operations PEOPLE Categories of users Employee lifecycle THINGS Function (Access control? Critical asset?) Mobile? Owner? PEOPLE + THINGS Inside - workflows and data lifecycle Outside - access and transfer Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

What is your risk tolerance? Liability for protected information Health Financial Info re children Security-related Relationship to customers and vendors Business continuity Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Formalize, document, and train! Policies and agreements IP and employment Data classification Data retention (lifecycle handling) BYOD and network access Training and documentation Onboarding and offboarding Periodic training, changes in access rights Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Find Expertise and Help Inside your organization Departments – IT, HR, Legal Levels – Executive, front-line Generations – consider reverse mentoring Outside your organization Technical expertise Insurance Incident response Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Questions? Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.