cyber security october 2009 are you aware? the federal trade commission reports that: for the...
TRANSCRIPT
CYBER SECURITY
October 2009
ARE YOU AWARE? The Federal Trade Commission reports
that: “For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006. Other categories near the top of the complaint list include shop-at-home/catalog sales; prizes, sweepstakes and lotteries; Internet services and computer complaints; and Internet auction fraud.”
FTC News
TOP TEN COMPLAINTS FOR VIRGINIA
RANK CATEGORIES COMPLAINTS
%
1 Identity Theft 246,035 36
2 Shop-at-Home/Catalog Sales 46,995 7
3 Prizes/Sweepstakes &Lotteries 45,587 7
4 Internet Services & Computer 41,243 6
5 Internet Auctions 32,832 5
6 Foreign Money Offers 20,411 3
7 Advance-Fee Loans and Credit Protection/Repair
10,857 2
8 Magazines and Buyer Clubs 8,924 1
9 Telephone Services 8,165 1
10 Health Care 7,467 1
Why should you be aware? Websites can be disabled and
unavailable Office/home computers can be
damaged by a virus Hackers can break into our databases
and steal identity information, not just our customers, but yours as well!
Malicious users could use our systems to attack other systems
Cyber Security
DID YOU KNOW? A unprotected computer connected
to the internet can be compromised in less than one minute
A modern desktop computer can send 200,000 spam emails an hour
Networks of exploited computers can be rented for targeted attacks via web stores controlled by Bot Owners
VITABOTS
CYBER SECURITY
CURRENT MALICIOUS BEHAVIORS
WHAT IS SPAM?
The simple definition of spam is it is an
unsolicited email
Product offers Misdirection to allow installation
of malwareMisinformation (denial of
access)
WHAT IS PHISHING?
According to Microsoft:
“Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, other account data and passwords, or other information.”
Microsoft
TYPES OF PHISHING IRS and Treasury scams Credit Union and Banking scams Major events (Elections,
Holidays) Social networking Web sites Fake Websites Websites that spoof your
familiar sites using slightly different Web addresses
Phishing Video
KEYLOGGER/KEYSTROKE SPYWARE
Keylogger is a software program (it can even be hardware) designed to monitor and log all keystrokes.
The biggest threats in this area are stolen password, confidental information, pin numbers, credit card account numbers, etc.
VIRUSLIST
SOCIAL ENGINEERING
According to Microsoft:“The purpose of social engineering
is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.”
TYPES OF SOCIAL ENGINEERING
Phishing Spear phishing E-mail hoaxes
NIGERIAN EMAIL SPAM
PROTECT YOURSELF
PROTECT YOU PERSONAL INFORMATION
Don’t give out your name, email or home address, phone, account numbers, or SS numbers without finding out why it is needed and how it will be protected
Monitor your email- don’t respond to unknown or unsolicited email
When shopping online, take measures to reduce the risk- ensure lit lock or https: (secured) sites are used
Read the company privacy policy
LOGOFF OR LOCKUP
When leaving your desk, remember to logoff or CTRL-ALT-Delete to lock your workstation
alt
EMAIL AND INSTANT MESSAGING
Avoid clicking on links in emails, type the URL in the browser bar
Don’t open attachments that appear to be suspicious
Delete emails that direct you to a website where you are prompted to fill out personal data
Delete hoax and chain letter emails
SENSITIVE DATA Don’t store sensitive data on you hard
drive (Social Security, Credit Card, etc.)
If you must store sensitive data, have it encrypted (see MIS for more Information)
If printing sensitive data, avoid printing on shared printers/copiers:
** If you have to print on a shared copier/printer, remove it immediately!
EQUIPMENT PHYSICAL PROTECTION
If you have a laptop/portable device, lock it up at night
If traveling with a laptop, never check it in at the airport
Use a surge protector Portable devices need to be secured
when not in use! Don’t put laptops/portable devices on
the seat of your car, not just for anti-theft but for climate control!
Remember flash drives/CDs are considered portable devices!
PORTABLE DEVICES It is a COV Security standard that
COV data not be stored on non-COV devices, so you will have to use COV portable devices when working away from the office
COV sensitive data should be encrypted before being moved onto your COV-portables
Scan, Scan, Scan- Portable devices are just like your
hard drive, it needs to be scanned at least once a week
WHO IS IT?
You don’t open your door at home without ensuring who is at the door,
….So why would you not take the same precaution online!
WORLD WIDE WEB, WWW
Be watchful of sites that: Redirect you to other sites Request personal information Appear to involve malicious
activityRemember: Block pop-ups and only enable
them for trusted sites Cookies are great, but third party
cookies should be blocked!
SECURITY SOFTWARE
Ensure your home and work PCs are up-to-date on the following
programs: Anti-Virus Software Firewalls Anti-Spyware and Malware
Software Email ScanningWindows XP Firewall
Information
UP-TO-DATE
In order to protect yourself and your computer you need to ensure that you Operating System and Web Browser is up-to-date
Security patches are frequently updated, so check regularly!
Microsoft
PASSWORD Your password is the key to your
computer, don’t make it readily accessible. Never place your password out in plain view. Keep it secured!
Avoid the option that allows a computer to remember any password
Never share your password. Your IT person should never ask for your password!
STRONG PASSWORD
Use at least nine characters, including numerals and symbols
Avoid common (dictionary) words Don’t use your personal
information, login or adjacent keys as passwords
Change at least every 42 days for work and 90 days for home
Use variety of passwords for your online accounts
PASSWORD TIPS
Use memorable phases, such as “I hate Mondays!”
Alter caps with lowercase, numbers, and use symbols:
Example: 1h@teM0ndays! Using this format gives you the
opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password.
BACKUP YOUR DATA One of the biggest errors people make
is not backing up their data! Depending upon your use:
For work we back it up every night For home you should strive to back it up
at least weekly
Windows X
P Backup
DEFEND YOURSELF
IDENTITY THEFT
File a complaint with the Federal Trade Commission:
Federal Trade Commission Place a fraud alert on your credit reports,
and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency
File a Police Report Close the accounts that have been
tampered with or opened fraudulently
HOUSTON WE HAVE A PROBLEM!
How to Recognize a Cyber Security Threat:
Slow or non-responsive system Unexpected behavior, such as program pop-ups Display of messages that you haven’t seen
before Running out of disk space unexpectedly Unable to run a program due to lack of memory Crashing! Rejecting a valid and correct password
WHAT TO DO
Stop and unplug system from the LAN/Modem!
If unable to freeze the problem, take note about occurrence
Contact any of your MIS personnel and supervisor about any cyber security incident
THE BE’S OF CYBER SECURITY
BE ALERT BE WATCHFUL BE ON GUARD BE CAREFUL WHERE YOU GO
ONLINE! BE SURE TO ASK FOR HELP! BE SURE TO THINK B4 U
CLICK!
CYBER SECURITY
It is said a chain is only strong as it’s weakness link…. Don’t be the
weak link!
Cyber Security is everyone's responsibility!
Thanks!Thank you for going through the training today!
Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics – you can click on the security link at the bottom of our MRC web pages to visit the VITA-NG security web site at any time.
This information is provided to educate you on how to protect yourself at work and at home, but as always, it is required for you to understand and follow our agency security policy. If youneed to review the policy again, you can go to the following
link:
Agency Information Security PowerPoint
Please contact Erik Barth (x72262); Linda Farris (x72280) oryour supervisor if you have any questions about this training orinformation security topics in general.
DON’T FORGET
Please don’t forget to email, fax, or mail
your acknowledgement for completing
your cyber-security training!
References
FTC News Microsoft VITA VIRUSLIST Wikipedia Stay Safe Online OnGuard Online Cyber Security