information security basics - illinois legal aid · information security best practices ......
TRANSCRIPT
Information Security Best Practices
Keeping Personal Data Private
Eric Fong IT Supervisor
Vivian Hessel Director of Technology for Advocates
About this presentationhellip
Each series of slides will focus on a different type of security hazard We will
Define and identify the threats
Explore real world examples
Review best practices and lessons learned
Discuss questions amp answers
Please also refer to the handout Information Security Basics - Quick Guide
Remember Your Context
Inadvertent DisclosureldquoOops I didnrsquot mean tohelliprdquo
Sending email using carbon copy (CC) or forwarding messages shows each otherrsquos email addresses
Document metadata reveals comments tracked changes and other sensitive information
Cloud services may not adhere to our privacy standards
Screens in plain view and conversations within earshot expose information publicly
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
About this presentationhellip
Each series of slides will focus on a different type of security hazard We will
Define and identify the threats
Explore real world examples
Review best practices and lessons learned
Discuss questions amp answers
Please also refer to the handout Information Security Basics - Quick Guide
Remember Your Context
Inadvertent DisclosureldquoOops I didnrsquot mean tohelliprdquo
Sending email using carbon copy (CC) or forwarding messages shows each otherrsquos email addresses
Document metadata reveals comments tracked changes and other sensitive information
Cloud services may not adhere to our privacy standards
Screens in plain view and conversations within earshot expose information publicly
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Remember Your Context
Inadvertent DisclosureldquoOops I didnrsquot mean tohelliprdquo
Sending email using carbon copy (CC) or forwarding messages shows each otherrsquos email addresses
Document metadata reveals comments tracked changes and other sensitive information
Cloud services may not adhere to our privacy standards
Screens in plain view and conversations within earshot expose information publicly
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Inadvertent DisclosureldquoOops I didnrsquot mean tohelliprdquo
Sending email using carbon copy (CC) or forwarding messages shows each otherrsquos email addresses
Document metadata reveals comments tracked changes and other sensitive information
Cloud services may not adhere to our privacy standards
Screens in plain view and conversations within earshot expose information publicly
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Inadvertent DisclosureBest Practices
Use ldquoBCCrdquo and delete revealing text from forwarded communications
Use metadata cleaners or convert your file to PDF format
Read the terms of use and privacy policies carefully Ask when in doubt
Cover your screen and close your door
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Social EngineeringPhishing ScamsObtaining information by manipulation
Telephone calls or email from people claiming they need help may not be genuine
Emails and web pages can look legitimate but are often fraudulent
Being asked to download a computer program or other unusual actions may compromise internal security
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Social EngineeringPhishing ScamsBest Practices
Be skeptical and verify unknown parties
Donrsquot be afraid to say ldquoNo thanksrdquo
Type in web page addresses instead of clicking email links
Ask for a phone call instead (but beware of falsified Caller IDs)
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Malicious FilesViruses and other malware
Web downloads such as screen savers browser toolbars etc often include unwanted programs
Email attachments may look like legitimate documents but can be harmful in nature
Mobile apps may be snooping around on your phone
Unknown flash drives such as free giveaways at a conference may hide unsafe programs
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Malicious FilesBest Practices
Ask yourselfhellip
if you really need this application
if you are expecting this email attachment
if a free flash drive is worth the risk of a data leak
Ask IThellip
if you are unsure about a particular file
if you want help with formatting flash drives
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Unsecured CommunicationsNetworksWhat is encryption and why is it important
Public Wi-Fi at hotels airports coffee shops etc may be monitored or altered
Unencrypted web pages (http) can be intercepted
Email is not a secure communications medium
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Unsecured CommunicationsNetworksBest Practices
Use your own connection such as a hotspot or tethered phone
Limit your own access of sensitive information
Look for the padlock icon or https in front of a web address
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Lost or Stolen Devices
Information on a lost phone notebook computer or other device may become freely available to anyone who comes across it
Best Practices
Secure mobile devices with a PIN or passcode
Enable encryption of sensitive data
Contact IT for help with a remote data wipe if applicable
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Lost or Compromised PasswordThe combination ishellip 1-2-3-4-5 same as my luggage
Common scenarios include
Sticky notes with login credentials stuck to a monitor
Setting computers to ldquorememberrdquo passwords
Forgetting to log out
Using a public computer
A bystander watching you type in your password
Knowingly sharing your password
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
Lost or Compromised PasswordBest Practices
Pick strong passphrases
Longer passwords are generally harder to guess
Avoid incorporating information easily discovered such as birthdates or names of pets
Use a password manager
Avoid using the same passwords across different sites
Do not share passwords with others
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure
LAF Technology Policy
We have an ethical responsibility to keep confidential data secure
Secure your personal devices Basic measures such as passcodes are a requirement for connecting your own devices to the LAF network
Change your passwords regularly especially if you suspect that somebody else may have it
Report lost or stolen devices to IT staff immediately whether they are personally owned or belong to LAF
Err on the side of caution and consult with IT staff if you are unsure
Letrsquos Keep Our Information Secure