It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!

1. Online
Self-Defense
Don’t Let Bad Stuff Happen To You
Barry Caplin
Chief Information Security Officer
Minnesota Department of Human Services
barry.caplin@state.mn.us
Slides on InfoLink

2. Happy
CyberSecurity
Month!
(and belated Happy National Coffee day!)

4. 2 Main Issues
• Passwords
• Clicking on Links

5. Passwords
Why Are They A Problem?
•Hard to remember
•Hard to enter
•Need too many
•Inconsistent Rules
•Changes

6. How Passwords Work
• Site saves encrypted pw
• At login – enter pw – it’s encrypted
and compared to stored value
• Some sites:
– Don’t encrypt well
– Don’t encrypt at all!

7. Password Hacks in the News
It was a busy year

8. How Passwords Get Hacked
• Site attacked – many methods
• Encrypted pw file downloaded
(should be more difficult!)
• Over time, hackers crack the file
• What does that get them?

9. Passwords
• Avg. web user has:
– 25 separate accounts but
– 6.5 unique passwords
 password reuse – not good
• So…

10. Password Self-Defense
1. Don’t reuse passwords
2. Only enter on secure sites
3. Login notifications
4. Choose good (long) passwords

11. Password Self-Defense
5. Vault it
6. Care with “secret” questions
7. Care with linking accounts
8. 2-step authentication
9. Use separate email addresses

12. Password Self-Defense
Handouts
• Password Self-Defense tips
and resources

13. Safe Computer Use
and Web Surfing

14. Don’t Click!

15. How Your Computer Gets Sick
• Attachments
• Downloads
– Intentional
• Clicks
• URL shortening
– Unintentional - Website Visits/Drive-
By

16. Attachments
• File sent via email
• Can execute when clicked
• doc, xls, pdf, jpg (and other images), etc.
• Even zip files can cause problems
• Only open expected attachments
• Don’t open chain emails
• Watch holiday emails

17. Downloads
• Intentional – Clicking on link downloads
page or file
Click here to download
http://www.download.com/filename

18. Downloads
• Only some executables ask permission
– Dialog boxes often ignored

19. URL shortening
• http://ht.cdn.turner.com/si/danpatrick/aud
io/2009/11/03/DP-Hr3_11-03-
2009_stream.mp3 or…
• http://bit.ly/2d5LUP
• bit.ly, tinyurl.com, others
• Some browsers support URL lengthening
– Long URL Please

20. URL lengthening

21. Safe Surfing Tips
• Look before you click
• Use Link Rating
• Consider the source (subjective)
• Beware – file sharing, gaming, gambling,
questionable legality

22. Safe Surfing Tips
• Use Care – Social Networking (limit
apps), ads, pop-ups, banners
• https and lock for shopping, banking, etc.
• Limit – open/public networks, scripts
• Protect web pw’s

23. Safe Surfing Tips
Handouts
• PC Protection Tips/Tools
• Safe Surfing Tips

24. Phishing

25. Phishing
Looks real, but rarely is
From a familiar business (not)
May threaten to close account, warn of fraud or
virus
Legitimate businesses will not ask for private
info via email

26. 
http://192.160.201.5/trusted.bank/index.htm

27. Phishing on Social Networks
Scams seem real when they come from a
“friend”
Malicious links/apps
Spread quickly when posted or “liked”
“Just say no” to apps

28. • Installs app
• Grabs info
• Posts on your wall
• Click-fraud

29. Phone Phishing
At work: gain access/info,
supplement intel
Impersonate user/exec/vendor
Ask probing questions or for
access
At home: get personal/financial
info
Verify cc, ssn, etc.
Use fear of theft or fraud to
commit theft or fraud!

30. Tips to Avoid Phishing
Look before you Click - Don’t click links
asking for personal info
Never enter personal info in a pop-up
Use spam filters, anti-virus/spyware, and keep
updated
Only open email attachments you’re expecting
Don’t give out personal info over the phone
unless you initiated the call

31. Tips to Avoid Phishing
Know what you’ve posted about yourself on
social networks
Know who your “friends” are
Use care with apps
Recheck your social network privacy settings
Verify callers asking for “too much” info
Initiate calls to known numbers for banks, etc.
Act immediately if you’ve been hooked

32. Tips for Avoiding Phishing
Handouts
• Top Tips to Help Avoid
Phishing Scams
• 10 Tips for Social
Networking Safety

33. Mobile Devices
Computer is always with you
•Device theft
•Data theft
•Wireless networks
•Malicious software
•Geolocation

34. Device Theft
• How to protect
your devices
when you’re
mobile?
• Keep it with
you, or
• Lock it up –
out of sight

35. Data Theft
• Most people have a device: smartphone,
tablet, netbook, laptop
• Do you know your surroundings?
• What network are you using?

36. Data Theft
Shoulder surfing…

37. Data Theft
• USB devices
• “evil maid”
• Be aware of
your
surroundings

39. Wireless Networks
• Open Wi-Fi
• “evil twin”
• firesheep

40. Wireless Networks
• Use Wi-fi with WPA2
• Verify your connection (ask the provider)
• 3G/4G relatively safer… for now

41. Malicious Software
• There’s an app
for that!
• Use official
app markets
• Use anti-
malware

42. Geolocation
The world knows
• Where you are
• Where you are not

43. Tips for Mobile Devices
• Use official app markets
• Use anti-malware
• Keep your device close or locked-up out of
sight
• Watch your surroundings
• Be stingy with your personal data

44. Tips for Mobile Devices
• No government data on personal devices
• Use only DHS-managed connections


45. Tips for Mobile Devices
Handouts
• 10 Tips for Securing Your
Mobile Device

46. Let’s Be Careful Out There

47. Discussion?