Tech It Up a NotchCultivating Security:
easy steps to decrease risk
2012 MAP TechWorks, a program of MAP for Nonprofits
Where did this presentation come from?
2012 MAP TechWorks, a program of MAP for Nonprofits
• MAP TechWorks, a program of MAP for Nonprofits, is devoted to helping nonprofits use technology to unleash mission.
• Our "Tech It Up a Notch" series is designed to help nonprofit staff learn about and discuss technology to increase knowledge, and help people feel more comfortable talking about technology together.
• Learn more at MAPTechWorks.org
Cultivating SecurityIt’s like cultivating your garden . . .
Agenda.
2012 MAP TechWorks, a program of MAP for Nonprofits
• Who is Roger Hagedorn?
• Background Basics
• Five Quick Tips
• Questions
Note: feel free to ask questions at any time. This session is for you.
Question:
Who is Roger Hagedorn?Network Security CoordinatorSeward Community Co-op
CISSP
www.cultivatingsecurity.com
2012 MAP TechWorks, a program of MAP for Nonprofits
Preface:We want IT to assist you with your mission and strategic
plans, we want it to help you be innovative and successful.
But today we’ll talk about "due diligence" levels of security: things that everyone should be doing in order to keep you,
your computers, your data, and your organization’s reputation safe.
2012 MAP TechWorks, a program of MAP for Nonprofits
“It takes twenty years to build a reputation and five
minutes to ruin it. If you think about that, you’ll do things
differently.”
—Warren Buffett
2012 MAP TechWorks, a program of MAP for Nonprofits
BackgroundBasics
2012 MAP TechWorks, a program of MAP for Nonprofits
Things that I hope you are currently doing:
2012 MAP TechWorks, a program of MAP for Nonprofits
• An Anti-Malware Solution (regularly updated)
Things that I hope you are currently doing:
2012 MAP TechWorks, a program of MAP for Nonprofits
• An Anti-Malware Solution (regularly updated)• A Firewall Solution
Things that I hope you are currently doing:
2012 MAP TechWorks, a program of MAP for Nonprofits
• An Anti-Malware Solution (regularly updated)• A Firewall Solution• A Backup Solution
“Defense in Depth”Defense in depth is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack.
SANS Institute
2012 MAP TechWorks, a program of MAP for Nonprofits
Defense in Depth
2012 MAP TechWorks, a program of MAP for Nonprofits
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
I know: everyone’s favorite subject
But really, it’s our first line of defense in so many situations.
So let’s discuss . . .
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
Must Nots: • Your password must not contain any part of your real
name, your e-mail name, or anything based on these.• Your password must not be any single word in any
language.• Your password must not be any fact associated with
you: your address, a pet’s name, your birth date, phone number, social security number, driver’s license number, car license number, etc. Likewise, your password should not be a fact associated with your spouse/partner or children.
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
Musts: • Your password must be at least eight characters
long. Passwords or pass phrases 10-16 characters are even better.
• Your password must contain characters from at least three distinct character classes: uppercase, lowercase, number, non-alphabetic (@#$%, etc.).
• You will have to periodically change your password.
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
• Never use the password you’ve picked for your email account at any online site.
• Use different ones for different situations. Avoid using the same password at multiple Web sites.
• But it’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
Consider using a passphrase:
1 “Iw20yat/SPttbtp/thbgiaoos/btagtras.”
2 “HwmyrsmtBeyuclhm?”
3 “Brown T3L3phone nickel s@ndwich”
4 R3@dy4 [gmail, shopping, surf!]
You can, of course, create your own phrase. For example, "My sister Peg is 24 years old” can become “MsPi24yo."
Tip 1: Passwords
2012 MAP TechWorks, a program of MAP for Nonprofits
Consider using a password vault.It stores all of your passwords in an encrypted format and allows you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or USB thumb drive.
• KeePass
• Password Safe
• LastPass
• 1Password
Tip 2: Keep Your Devices Up-to-Date
2012 MAP TechWorks, a program of MAP for Nonprofits
• Operating Systems: turn on Windows update
• Applications.
There are now tools that can help:Secunia Personal Software InspectorFileHippo.com’s Update Checker
• Uninstall unused applications
Tip 3: Use a Better Browser
2012 MAP TechWorks, a program of MAP for Nonprofits
• Avoid Internet Explorer if at all possible
• Use Google’s Chrome
• Mozilla’s Firefox is pretty good too
• Keep your browser up-to-date
Tip 4: Safe Email / Web Surfing Habits.
2012 MAP TechWorks, a program of MAP for Nonprofits
• Links in email: don’t click if you don’t know the sender, or if you didn’t expect the message
• The same goes for attachments in email: don’t open if you don’t know
Tip 4: Safe Email / Web Surfing Habits.
2012 MAP TechWorks, a program of MAP for Nonprofits
Don’t Fall for Phishing Expeditions
Phishing: when hackers impersonate a business to trick you into giving out your personal information. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.
Tip 4: Safe Email / Web Surfing Habits.
2012 MAP TechWorks, a program of MAP for Nonprofits
• Don’t Fall for Phishing Expeditions
This topic demands more focus than we can give it here. SonicWALL, the firewall company, has a great online test to see if you can be tricked. Check it out here:http://www.sonicwall.com/furl/phishing/
Tip 5: Use Admin Privileges Carefully
2012 MAP TechWorks, a program of MAP for Nonprofits
There are several kinds of user accounts for most systems:
• Guest (disable)
• User
• Administrator
Tip 5: Use Admin Privileges Carefully
2012 MAP TechWorks, a program of MAP for Nonprofits
Only computer administrators should use administrative accounts . . . and use them only when administering computers.
Administrator – disabled (too easy to guess)Guest – disabled RDHadmin – my own administrative accountRoger – the non-administrative account I use for most things
On my personal computer:
There You Have it: 5 Tips to Cultivate Security
2012 MAP TechWorks, a program of MAP for Nonprofits
• Better Passwords
• Keep Devices Up-to-date
• Use a Better Browser
• Email / Websurfing Safety
• Use Admin Privileges Carefully
Thank You!
2012 MAP TechWorks, a program of MAP for Nonprofits
Any Questions or Comments?
2012 MAP TechWorks, a program of MAP for Nonprofits
www.cultivatingsecurity.com
10 Easy—and completely Free—Steps To Keep You and Your Computer Safe Online:
http://cultivatingsecurity.com/2012/08/11/10-easy-and-completely-free-steps-to-keep-you-and-your-computer-safe-online/