It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
1. Online
Self-Defense
Don’t Let Bad Stuff Happen To You
Barry Caplin
Chief Information Security Officer
Minnesota Department of Human Services
barry.caplin@state.mn.us
Slides on InfoLink
5. Passwords
Why Are They A Problem?
•Hard to remember
•Hard to enter
•Need too many
•Inconsistent Rules
•Changes
6. How Passwords Work
• Site saves encrypted pw
• At login – enter pw – it’s encrypted
and compared to stored value
• Some sites:
– Don’t encrypt well
– Don’t encrypt at all!
8. How Passwords Get Hacked
• Site attacked – many methods
• Encrypted pw file downloaded
(should be more difficult!)
• Over time, hackers crack the file
• What does that get them?
9. Passwords
• Avg. web user has:
– 25 separate accounts but
– 6.5 unique passwords
password reuse – not good
• So…
10. Password Self-Defense
1. Don’t reuse passwords
2. Only enter on secure sites
3. Login notifications
4. Choose good (long) passwords
11. Password Self-Defense
5. Vault it
6. Care with “secret” questions
7. Care with linking accounts
8. 2-step authentication
9. Use separate email addresses
15. How Your Computer Gets Sick
• Attachments
• Downloads
– Intentional
• Clicks
• URL shortening
– Unintentional - Website Visits/Drive-
By
16. Attachments
• File sent via email
• Can execute when clicked
• doc, xls, pdf, jpg (and other images), etc.
• Even zip files can cause problems
• Only open expected attachments
• Don’t open chain emails
• Watch holiday emails
17. Downloads
• Intentional – Clicking on link downloads
page or file
Click here to download
http://www.download.com/filename
21. Safe Surfing Tips
• Look before you click
• Use Link Rating
• Consider the source (subjective)
• Beware – file sharing, gaming, gambling,
questionable legality
22. Safe Surfing Tips
• Use Care – Social Networking (limit
apps), ads, pop-ups, banners
• https and lock for shopping, banking, etc.
• Limit – open/public networks, scripts
• Protect web pw’s
25. Phishing
Looks real, but rarely is
From a familiar business (not)
May threaten to close account, warn of fraud or
virus
Legitimate businesses will not ask for private
info via email
27. Phishing on Social Networks
Scams seem real when they come from a
“friend”
Malicious links/apps
Spread quickly when posted or “liked”
“Just say no” to apps
29. Phone Phishing
At work: gain access/info,
supplement intel
Impersonate user/exec/vendor
Ask probing questions or for
access
At home: get personal/financial
info
Verify cc, ssn, etc.
Use fear of theft or fraud to
commit theft or fraud!
30. Tips to Avoid Phishing
Look before you Click - Don’t click links
asking for personal info
Never enter personal info in a pop-up
Use spam filters, anti-virus/spyware, and keep
updated
Only open email attachments you’re expecting
Don’t give out personal info over the phone
unless you initiated the call
31. Tips to Avoid Phishing
Know what you’ve posted about yourself on
social networks
Know who your “friends” are
Use care with apps
Recheck your social network privacy settings
Verify callers asking for “too much” info
Initiate calls to known numbers for banks, etc.
Act immediately if you’ve been hooked
32. Tips for Avoiding Phishing
Handouts
• Top Tips to Help Avoid
Phishing Scams
• 10 Tips for Social
Networking Safety
33. Mobile Devices
Computer is always with you
•Device theft
•Data theft
•Wireless networks
•Malicious software
•Geolocation
34. Device Theft
• How to protect
your devices
when you’re
mobile?
• Keep it with
you, or
• Lock it up –
out of sight
35. Data Theft
• Most people have a device: smartphone,
tablet, netbook, laptop
• Do you know your surroundings?
• What network are you using?
43. Tips for Mobile Devices
• Use official app markets
• Use anti-malware
• Keep your device close or locked-up out of
sight
• Watch your surroundings
• Be stingy with your personal data
44. Tips for Mobile Devices
• No government data on personal devices
• Use only DHS-managed connections
45. Tips for Mobile Devices
Handouts
• 10 Tips for Securing Your
Mobile Device