TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

7 Effective Habits when using the Internet Philip O’Kane 1.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

PRIORITIES. AARP Tax-Aide Priorities BudgetsTraining E-Filing Reimbursements Security Accuracy Developing Leaders CertificationDonations Recruitment.

TAX-AIDE Computer Security Chris Hughes (HMR mod) Chairman NTC 1 NLT Meeting Aug 2014.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Data Security GCSE ICT.

1 NTC TCS Training Dallas 2010 TaxWise Online (TWO) Practical Notes and TWO Wireless.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

TAX-AIDE Windows 7 Upgrade Chris Hughes - NTC 1. TAX-AIDE TCS Conference Call Sept Windows 7 Imperative ● Microsoft support for Windows XP ends.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Course ILT Computers and society Unit objectives Identify the main uses of computers in daily life, and identify the benefits of using Describe.

Staying Safe Online Keep your Information Secure.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

IT security By Tilly Gerlack.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

1 Technology Updates Regional Meetings October 2009 Veronica Coates, AARP Tax-Aide National Technology Manager.

ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.

Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

Return to the PC Security web page Lesson 5: Dealing with Malware.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

1 NTTC/NTC ERO Training 2011 Tax Year 2007 ERO TRAINING ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

1 NTC/TCS Training Dallas 2009 TaxWise, TrueCrypt, and Vista There are several issues that need to be addressed when using TaxWise and TrueCrypt on computers.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

TAX-AIDE Security 2013 Regional Meetings1. TAX-AIDE Security ● This year in the AARP Foundation Tax-Aide program there were: Two(2)confirmed laptops reported.

Final Union Training TY What’s New In TaxWise Gary Blauth Module NJ 2.3.

Topic 5: Basic Security.

1 NTTC/NTC ERO Training 2010 ERO TRAINING The ELECTRONIC RETURN ORIGINATOR (ERO) is the Transmitter in Tax-Aide.

By: Asfa Khan and Huda Mukhtar

Final Essex Training TY What’s New In TaxWise Gary Blauth Module NJ 2.3.

NTC/TCS/TRS Training Dallas 2009 HMR modified for NY3 Security.

TAX-AIDE Tech Update Consumables, Equipment, and Security Modified for NY3.

Cyber Safety Jamie Salazar.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

Unit 2 Assignment 1. Spyware Spyware is a software that gathers information about a person or site and uses it without you knowing. It can send your information.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Safety & Security By Kieran Bolko. Laws The main law that you should be taking note of is the Data Protection Act 1998 – this law sets rules for the electronic.

Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.

1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.

Computer Security Sample security policy Dr Alexei Vernitski.

Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.

Computer Security Keeping you and your computer safe in the digital world.

Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

National Technology Committee Update

ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)

Information Security 101 Richard Davis, Rob Laltrello.

2017 TCS SMT Training - Dallas

Cybersecurity Awareness

2017 TCS SMT Training - Dallas

HOW DO I KEEP MY COMPUTER SAFE?

Presentation transcript:

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014

TAX-AIDE Computer Security ● Physical security Stolen computers ● Electronic security Theft via software Theft via networks 2 NLT Meeting Aug 2014

TAX-AIDE 2014 Security Incidents ● This year in the AARP Foundation Tax-Aide program there were: 35 taxpayer forms lost Eight (8) confirmed laptops reported stolen/lost There was data and a disclosed password on one of the stolen computers ● Many state laws do not require notification when computers and/or devices are encrypted NLT Meeting Aug 20143

TAX-AIDE Consequences of Data Loss ● Affected taxpayers individually contacted and given free credit monitoring for a year at program’s expense NLT Meeting Aug TaxWise Online - no data stored on computers

TAX-AIDE Security – What You Can Do ● ALL computers used for Tax-Aide must be password protected. Passwords must not be shared outside the program. Written password reminders must be kept away from the computers SMT/TCS Training - Dallas5

TAX-AIDE Data Security Password ● Password guidelines: ● Minimum length – eight (8) characters for Windows, and TaxWise™ accounts. ● At least one letter and one number in the password. ● Choose a password that is not a dictionary word or someone’s name. ● Do not use TaxWise, TW, Tax-Aide, AARP or any word in the password similar to something that is obviously related to the program SMT/TCS Training - Dallas6

TAX-AIDE The Rising Malware Threat 7 NLT Meeting Aug 2014

TAX-AIDE 8 NLT Meeting Aug

TAX-AIDE What is Malware? ● Trojan, Virus, Worm, Backdoor, Botnets ● RansomWare ● Personal and account information theft Bank account withdrawal, credit card usage, loan falsification ● Ad clicking for Dollars 9 NLT Meeting Aug 2014

TAX-AIDE Methods of infection ● attachments ● web links ● Infected web sites ● Flash drives ● Adding an infected system to a network (Windows XP) ● Java installed – rapidly becoming one of biggest risks (this is different than javascript). 10 NLT Meeting Aug 2014

TAX-AIDE Nightmare Scenario ● A key logger ● Captures every account login ● Sends every keystroke made on the computer to a criminal enterprise Server. ● Every tax return done on the computer will result in identity theft on those SSNs 11 NLT Meeting Aug 2014

TAX-AIDE Effects of Identity Theft ● For victims of identity theft, consequences can last for years; causing financial problems, credit issues, benefit losses, and legal problems. ● Cost to the AARP Foundation Tax-Aide program reputation and the good work that you all do. ● Cost of credit protection. NLT Meeting Aug

TAX-AIDE Infected System Recognition ● Anti-virus software increasingly ineffective Polymorphic and “kit” virus production ● Where one virus exists there will be many due to backdoor access ● Look for Excessive ads, multiple IE toolbars, unusual home pages, slow system performance, problems running anti-virus scans ● Silent key loggers are the most dangerous and most undetectable If Tax-Aide becomes “targeted”, we will be infected and there is nothing we can do except re-image 13NLT Meeting Aug 2014 IF IN DOUBT RE-IMAGE

TAX-AIDE Windows XP ● The tech industry is assuming that every single existing Windows XP system will become infected with malware over the next few months. Infected websites Flash drives 14 NLT Meeting Aug 2014

TAX-AIDE What Can You Do ● Make sure all computers are running the Windows 7 or 8; this includes personal and site computers. ● Windows Vista not supported by CCH ● If a personal or site computer cannot be upgraded They must not be used for Tax-Aide purposes. They cannot be on the same network segment as Taxaide computers. If necessary contact the National Office. NLT Meeting Aug

TAX-AIDE What Can Be Done? ● Do all Windows, Adobe updates immediately ● Use anti-malware software like MSE and MalwareBytes ● If installed, remove Java ● Stick to mainstream, branded websites on Tax- Aide systems ● Re-Image systems regularly ● Run as a “standard” user – see later 16NLT Meeting Aug 2014 Too much effort for many – we have infected systems in the program right now!!

TAX-AIDE Site Visits ● All site visits by RCs and SCs should include the question ● “Are any Windows XP systems being used?” If yes take whatever action necessary to remove them ● “Are any systems behaving oddly?” Request technical help to check out the system. 17NLT Meeting Aug 2014

TAX-AIDE What else can be done? ● A policy change Windows user account passwords must be changed yearly ● 90% plus of malware will be stopped by using a “standard” Windows account!! – this includes silent key logger installation!! 18NLT Meeting Aug 2014

TAX-AIDE Windows Users ● Administrative User (e.g. Volunteer) Our everyday default, allows easy program and update installation ● Standard User Allows all usage of TaxWise and other software Does NOT allow any software installation or updating to be done. An Administrator user password must be entered to allow installation and updates 19NLT Meeting Aug 2014

TAX-AIDE NTC Recommendation ● Use a standard User Volunteer Account for all everyday purposes ● Only a best practice recommendation, not mandatory ● Will be in this fall’s Sharenet documents update. 20NLT Meeting Aug 2014

TAX-AIDE Why Recommendation ● The changes are simple if the user is comfortable using Windows Control Panel Many of our volunteers are not capable of this!! ● The change causes the inconvenience of having to type in a password to do the required Windows updates Many volunteers will find this unacceptable ● This change ONLY prevents new infections! Re-imaging is the only way to remove existing anti-virus proof infections! 21NLT Meeting Aug 2014

TAX-AIDE Discussion & Questions??? 22NLT Meeting Aug 2014