protecting yourself in our digital world jodi ito information security officer information...
TRANSCRIPT
Protecting Yourself in Our
Digital World
Jodi Ito • Information Security Officer
Information Technology Services
[email protected] • (808) 956-2400
From Our President
QuickTime™ and a decompressor
are needed to see this picture.
2
Today’s Thoughts
Our Digital World TodayThreats and VulnerabilitiesMitigation StrategiesSecurity Awareness
3
Today’s Environment
4
has become a verb!
Technologies and Trends
INFORMATION AGE!NOW GenerationPDAs, laptops, netbooks + (wireless networks/cellular broadband) = Mobile Computing
Cellphones --> Smartphones“Texting”, “Tweeting”, “Friending” --> Social Networking
WHOLE NEW WORLD!6
Sign of Things to Come…
http://www.informationweek.com/news/showArticle.jhtml?articleID=219100621
7
Fun, Convenience, OR….?
Toy car lets kids spy on othershttp://www.networkworld.com/video/?bcpid=60965047001&bclid=1363192037&bctid=68172212001
Using mobile devices to open hotel doorshttp://www.tnooz.com/2010/03/01/mobile/hotel-door-opening-technology-moving-to-mobile-devices/
8
QuickTime™ and aH.264 decompressor
are needed to see this picture.
9
FTC P2P data leak alarm…
The Federal Trade Commission this week sent letters to almost 100 organizations that personal information, including sensitive data about customers and employees, has been shared from their computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud.
Search for “FTC P2P data leak” using your favorite search engine
10
More P2P Filesharing Risks…
“P2P Snoopers Know What's In Your Wallet”
http://www.networkworld.com/news/2010/020710-shmoocon-p2p-snoopers-know-whats.html
“File Sharers, Beware!” http://www.cbsnews.com/stories/2005/05/03/eveningnews/main692765.shtml
11
Digital Threats
Viruses, Spyware, Trojans & Other Malicious Software
BotnetsPhishing & SpamIdentity TheftCyber Stalking, Cyber Bullying, Online Predators
Etc., etc., etc….
12
Form Phishing
North Carolina State University Phishing Attack
“Security” email directed recipients to web site to “protect” their accounts
Phishers used NCSU graphics to replicate phishing web page
http://www.ncsu.edu/it/security/webmail-phishing.html
13
Anti-Phishing Phil
http://wombatsecurity.com/antiphishingphil
14
Useful Information
Federal Trade Commission
http://www.onguardonline.gov/Department of Homeland Security
www.staysafeonline.org
15
Tapping Your Cell Phone
http://www.wthr.com/Global/story.asp?s=9346833
QuickTime™ and a decompressor
are needed to see this picture.
16
Booming Cyber Crime Industry!Botnets: Rent-a-botnet SPAM generators (steal email accounts and passwords)
$$$ - Stolen sensitive informationTop 3 categories:
Bank account - £5 ($8)Credit cards - 50 credit cards for £20 ($35)
Personal identities - EU identities are worth more
17
Underground Economy
Multi-Billion $$$ industryTJX Data Breach:
Estimated 94 million victimsEstimated losses: $65M - $83M
August 2008: Hacker ring charged with conspiracy, computer intrusion, fraud, & identity theft: http://www.consumeraffairs.com/news04/2008/08/hacker_ring.html 18
Background Resources
“Botnet probe turns up 70G bytes of personal, financial data” estimated worth $8.3Mhttp://www.networkworld.com/news/2009/050409-botnet-probe-turns-up-70g.html
UCSB Computer Science Study:http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html
19
Data Breaches
Privacy Rights Clearinghousehttp://www.privacyrights.org/ar/ChronDataBreaches.htm#CP
Over 260 millions records containing sensitive information are involved in security breaches
Educational Security Incidents: http://www.adamdodge.com/esi/ 20
Example
21
This Cyber “stuff”…
Affects us all!Each unprotected/unpatched computer is a threat: Infected worm/virus/bot Could be used in a concerted attack against a critical infrastructure
Computers, servers, mobile storage devices with any sensitive information represent a vulnerability
22
What Do We Do?
Practice safe computing!
23
Keep Your Computers Safe
Update the software on your computer weekly (or more frequently)
Install anti-virus and anti-spyware software and keep it up-to-date
Use accounts and strong passwords Encrypt sensitive information
http://www.hawaii.edu/askus/729
Don’t install unknown software from unknown sites
Don’t share your accounts/passwords Use password protected screen savers 24
Use STRONG Passwords
Not easily guessableDo not use dictionary wordsUse a combination of upper and lowercase letters, numbers, and special characters
No less than 8 characters Check your password strength:
https://www.microsoft.com/protect/fraud/passwords/checker.aspx
25
Password Strategies
Replace letters with numbers or characters
Incorporate something memorable to youExample:
need password for CitiBank online account got your mortgage in April 2005: 04C7t7B@nk05
Use a phrase and turn it into a password
Example: My Favorite Food is Chocolate Ice Cream MfFiCiC2010m@r
26
More on Passwords
Don’t use the same password for all accounts
Change passwords frequentlyUse more difficult passwords on more sensitive accounts
Use a password safe (but don’t lose the master password!)
http://passwordsafe.sourceforge.net/http://www.hawaii.edu/askus/705
27
Protect Yourself and Information Don’t open unknown emails & attachments Visit only reputable web sites http://safeweb.norton.com/
Do not reply to SPAM or Phishing emails Only login to servers for the duration needed - disconnect when done
Don’t let others use your computer irresponsibly
Use a credit card for online shopping http://www.hawaii.edu/askus/729
28
DO NOT EVER…
…Give out your personal information in response to an UNSOLICTED email, phone call, voice mail
If in doubt, CHECK IT OUT! Call the company using another legitimate phone number (not the one provided in the email or phone call)
New scams use social networking sites to get background personal information
29
Protect Your Sensitive InformationBE SUSPICIOUS!You can’t take back information you’ve already given out
Ask “Why?” when someone asks for your SSN
Check your credit report:www.annualcreditreport.com
30
Social Networking
Do not post TOO MUCH INFORMATION!Internet is FOREVER!
Whatever you post may circulate even AFTER you delete it
New scams use social networking sites to get background personal information
Watch what your children do on the computer
31
TTMI…
Tweeting Too Much Information:
http://pleaserobme.com/
32
Laptops and Mobile DevicesImplement passwords on the deviceBackup your data frequently & test backupsStore backups away from the laptopEncrypt sensitive informationWatch your laptop at all times
Keep your laptop in your possession at all times Don’t leave it out in your hotel room Consider using a laptop lock Consider laptop recovery services Don’t leave your laptop in a car
33
Wireless & Public ComputersBe cautious when using open wireless networks Others using the network maybe be “sniffing” the network
If you must use a public computer, change the password on the account accessed using a secure computer ASAP
34
Wi-Fi Dangers…
Security Expert Claims Thieves Can Detect Wi-Fi In Sleeping Computers
http://www.wired.com/gadgetlab/2010/03/security-expert-claims-thieves-can-detect-wi-fi-in-sleeping-computers/#ixzz0hKGscGjt
Hidden dangers of free public WiFi
http://news.zdnet.com/2100-1035_22-149778.html
35
BE AWARE!
Know what’s out there
(Google yourself)