Steps and Tips to Protect Yourself and your Private Information while Online. Cyber Hygiene.

1. Steps and Tips to Protect Yourself and your Private Information while Online. Cyber Hygiene.
Shahdag, 29 November 2014 Assoc.Prof. Abzetdin ADAMOV Chair of Computer Engineering Department IEEE Computer Society Azerbaijan Chapter aadamov@qu.edu.az www.ce.qu.edu.az/~aadamov

2. Content
•Malicious Code Types
•The Impact of Cybercrime
•Cybercrime as a Service (CaaS)
•Top Ten Threads for 2014
•New Urgency to Improve Networks Security
•Protect Yourself and your Private Information
•How Your Privacy can be Compromised?
•Maintaining Your Privacy
•Kids' Online Safety
•ATM Oriented Scams and Protection

3. Just Imagine!!!
•10 years ago Skype, Facebook, YouTube, Twitter, Dropbox, and Instagram didn't exist.
•20 years ago there were only 130 websites total, Google wasn't even around yet, and you had to pay for an email account through an ISP.
•30 years ago there was no Internet. What has Internet Brought to Us?

4. Malicious Code Types
•Viruses - This type of malicious code requires you to actually do something before it infects your computer.
•Worms - Worms propagate without you r doing anything. They typically start by exploiting a software vulnerability
•Trojan Horses - A Trojan horse program is software that claims to do one thing while, in fact, doing something different behind the scenes.
•Spyware - Spyware sends information about what you're doing on the Internet to a third-party

5. Malicious Code Types
Spyware
Trojan Horses

6. Cyber Warfare

7. Cost of Cybercrime in five countries
range of $1.4 - $46 million

8. Types of cyber attacks

9. Everything as a Service
•Infrastructure as a Service (IaaS)
•Platform as a Service (PaaS)
•Software as a Service (SaaS)
•Network as a Service (NaaS)
•Cybercrime as a Service (CaaS)

10. Why they doing this?
•DDoS attacks cost just $10 per hour;
•For Spamming $10 to spam a million e-mail addresses;
•Malware against antivirus software $30 per month;
•A Trojan can costs from $8 to thousands;
•SMS fraud services about $150 to spam 10,000 people;
•Hacking email account (Gmail, Yandex, …) from $45
Paid services offered by hackers:

11. Cyber Security Aspects
•Information Security;
•Network Security;
•System Security;
•Application Security;
•Operating System Security;
•Database Security;
•Language Security.

12. Top Ten Threads for 2014
1.Injection
2.Broken Authentication and Session Management
3.Cross-Site Scripting (XSS)
4.Insecure Direct Object References
5.Security Misconfiguration
6.Sensitive Data Exposure
7.Missing Function Level Access Control
8.Cross-Site Request Forgery (CSRF)
9.Using Components with Known Vulnerabilities
10.Unvalidated Redirects and Forwards
According to OWASP (Open Web Application Security Project)

13. Total Security

14. New Urgency to Improve Networks Security
•In place effective security on all networks
•Authorized users with excellent cyber hygiene techniques
•CIO’s, Network Administrators, Operations Center Directors, other IT Professionals with latest knowledge, skills
•Goal: future generation users with innate cyber security skills:
–Safe in a connected environment as second nature
–Ready access to latest information and updates
–Cyber security format that becomes the default use case
•Public-Private partnership in information sharing, response actions with privacy respected
•Leaders and Managers across all enterprises with cyber vulnerability awareness knowledge

15. USA Experience
•National Cyber Security Awareness Month (NCSAM) - October
•Data Privacy Day (DPD) - Data Privacy Day is held on January 28th every year.
•National Cyber Security Education Council (NCEC)
•Cyber Security For National Security (CS4NS) www.cs4ns.com
•Job fairs for Security-Cleared professionals www.techexpousa.com

16. USA Experience

17. Protect Yourself and your Private Information

18. How Your Privacy can be Compromised?
•Not using a secure email or webmail account.
•Using a work email account for personal email
•Website interactions can be monitored
•Via phishing
•Via vishing (short for 'voice phishing')
•Using unsecured WiFi networks
•Using unencrypted links for sensitive communications (VPN)
•Not using secure websites when banking or paying online
•Not using strong passwords

19. Use Secure Websites for Sensitive Information
None Secure
Secure

20. How Your Privacy can be Compromised? (Cont…)
•Staying logged in to a website or email account
•Via spyware and viruses
•Via physical keystroke loggers
•Not storing personal or financial documents securely
•Not shredding unwanted personal or financial documents
•Being taken into people’s confidence too easily

21. Ways of Getting Your Phone Number and eMail
•You overshare your number
•You accept Terms of Use without reading or understanding them
•Big data has killed privacy
•Technology can dial billions of random numbers
•The credit bureaus give away your information
•Charities take all the fun out of being philanthropic (get deeper access to your wallet just for $5)

22. Maintaining Your Privacy
1.Use effective and updated antivirus/antispyware software
2.In a public or work, check your computer physically
3.Use secure websites when shopping or banking online
4.Log out of secure websites when you have finished transaction
5.Use strong passwords and change them regularly
6.Avoid using a work email address for personal use
7.Make sure your home/office WiFi network is secured
8.Store personal and financial documents securely
9.Be careful to whom you disclose personal information
10.Where possible, avoid using your real name online
11.Be offline, if not using Internet

23. Maintaining Your Privacy (Cont…)
12.Be cautious about who is trying to befriend you online
13.Use an anonymous webmail account for website registrations
14.Keep your social network activity private
15.Lie when setting up password security questions
16.Only give out as much personal information as you need to
17.Never install potentially unwanted programs (PUPs) or unknown programs
18.Do not answer chain email even came from friends
19.Make regular backups of critical data
20.Set clear guidelines for children about information sharing
21.Monitor your children’s online activity

24. Special Recommendations
1.Don’t fill out your social media profile (don't complete)
2.Turn on private browsing (Chrome - New Incognito Window, IE - InPrivate Prowsing)
3.Lock down your hardware (require a password after sleep or boots up)
4.Use passcode on mobile devices (also lock or wipe status)

25. What if Your Online Privacy is Compromised?
•Contact your financial institution immediately
•Close any accounts that may have been compromised
•Inform your closest friends and coworkers
•Watch for any unexplainable charges to your account
•Report your situation to local police

26. Kids' Online Safety
•Talk to your kids about bullying
•Talk Early and Often
•As soon as your child is using a computer, a cell phone
•Types of Virtual Worlds - virtuality under control
•Talk about private information
•Too much gaming is not good
•Teach to use computer purposely

27. ATM Oriented Scams
•Attached card reader
•Card blocking and "helpful" person
•WiFi scanners and fake ATM machines
•ATM is out of order - manual Cash deposits
•Stealing an entire ATM - easiest way

28. Protect Yourself at ATM
•Cover your password with your hand
•Use familiar ATMs and limit your visits
•Check bank balances frequently
•Observe the ATM
•Prefer to use chip-and-PIN cards

29. SECURITY IDEA
The Internet is a shared resource and securing it is Our Shared Responsibility.

30. Thank you… www.ce.qu.edu.az/~aadamov