SlideShare a Scribd company logo

Untangled Conference - November 8, 2014 - Security Awareness

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Security awareness for church employees. This presentation was given at the Untangled Conference on November 8, 2014. http://getuntangled.org/

Technology
1 of 28
Security Awareness Untangled Church Technology Conference © 2014 JurInnov, Ltd. All Rights Reserved November 8, 2014 Dr. Eric Vanderburg Director, Cybersecurity and Information Systems eav@jurinnov.com @evanderburg (216) 664-1100
How Security is comprised 90% © 2014 JurInnov, Ltd. All Rights Reserved 1 Process Technology People 10%
Things your mother probably told you • Don’t accept candy from strangers – Infected devices • It’s ok to ask questions – Challenge • Don’t leave your things lying around – Clean desk and locked screen • Be careful who your friends are – Social networking • Avoid that area of town – Discretionary web surfing © 2014 JurInnov, Ltd. All Rights Reserved 2
Security goals Three Goals Confidentiality Ensuring that confidential university information is protected from unauthorized disclosure Integrity Ensuring the accuracy and completeness of information and computer software © 2014 JurInnov, Ltd. All Rights Reserved 3 Availability Ensuring that information and vital services are accessible for use when required
Malware Detection Security software stops working Defense Computer seems slower than usual, unexpected restarts Browser takes you to a different site than you expected © 2014 JurInnov, Ltd. All Rights Reserved 4 Your hard drive is full Antivirus software with updates and regular scanning Avoid unsolicited email and links Download from trusted sites Increased number of popup windows Personal firewall
Computer Use • Secure browsing • Updates • Popups and warnings • Certificate errors • Suspicious links • Deleted files are not truly deleted © 2014 JurInnov, Ltd. All Rights Reserved 5
Remove the opportunity • Location of office equipment – Printers & fax machines • Lock it down – Office doors – File cabinets, sensitive documents, personal items – Computers • Windows OS: Ctrl-Alt-Delete [enter] or Windows L • Macs: Shift (⇧) + Command (⌘) + Q • Password-protected screensaver or Time-out • Don’t leave the computer unattended when logged into an account with sensitive data (i.e., payroll, email, personal info) – Phones © 2014 JurInnov, Ltd. All Rights Reserved 6
It’s ok to discriminate against data • You can’t treat it all the same – Personal information – Financial information – Member information – Public information • Where is all the data? – Head, paper, computer, server, backup, email • What if we got rid of it? © 2014 JurInnov, Ltd. All Rights Reserved 7
Data Protection • Accessible only to authorized users • Physically locked down • Not out in the open • Encrypted • Password protected © 2014 JurInnov, Ltd. All Rights Reserved 8
Encryption • At rest © 2014 JurInnov, Ltd. All Rights Reserved 9 – Full disk encryption – File encryption • In motion – VPN – SSL
Phishing • Email • Text • Chat • Craigslist • Dating sites © 2014 JurInnov, Ltd. All Rights Reserved 10
Phishing markers • False Sense Of Urgency - Threatens to "close/suspend your account”, charge a fee or talks about suspicious logon attempts, etc. • Suspicious-Looking Links - Links containing all or part of a real company's name asking you to submit personal information. • Not personalized – does not address you by name or include a masked version of the account number. • Misspelled or Poorly Written – Helps fraudulent emails avoid spam filters © 2014 JurInnov, Ltd. All Rights Reserved 11
Subject: URGENT! Haiti Victims Need Your Help! Subject: You’ve received a greeting card © 2014 JurInnov, Ltd. All Rights Reserved 12
Protect yourself against phishing • Treat all email with suspicion • Never use a link in an email to get to any web page • Never send personal or financial information to any one via email • Never give personal or financial information solicited via email © 2014 JurInnov, Ltd. All Rights Reserved 13
Passwords • Passwords are THE KEYS TO: – Your bank account – Your computer – Your email – A server on a network – Many other things © 2014 JurInnov, Ltd. All Rights Reserved 14
Passwords • Passwords are like underwear – Change them often – Showing them to others can get you in trouble – Don’t leave them lying around • Use different passwords for different purposes © 2014 JurInnov, Ltd. All Rights Reserved 15
Passwords • Length • Complexity • Passphrase • http://www.passwordmeter.com/ © 2014 JurInnov, Ltd. All Rights Reserved 16
• 2NiteWeparty*likeits1999 • HowdoU”spell”thatAGAIN? • Amishwish4fish2squish • OunceI$good#isbetter! Use a phrase, sentence, question or random statement (with a twist) • Website (time4anewpwagain.com) • Email (Passwords@stupid.com) • File (passwords/make/me/crazy) • Address 4223westmyhouse Use fake website, email, file, addresse • Follow the yellow brick road to OZ = Ftybr2OZ • Why did the chicken cross the road? = Y?dtCxtR? • Wildthing = W!ld*7H1ng! • Red Jello = R3d-j3llo:) Use a phrase, random statement or compound word; then shorten it and make it nonsensical © 2014 JurInnov, Ltd. All Rights Reserved 17
Email password theft - indicators Receive a large number of rejected messages © 2014 JurInnov, Ltd. All Rights Reserved 18 Find messages in your sent folder that you know you didn’t send Missing email Unexplained changes to your account settings Spam Warning Signs
Identity Theft • Thieves will… • Go on spending sprees using your credit card • With your name and Social Security number they can: – open new credit card accounts – gain employment • Give your name to the police during an arrest • Establish wireless service in your name © 2014 JurInnov, Ltd. All Rights Reserved 19
Identity theft – How it happens • They may steal your mail, wallet, or purse • Malware • Phishing • Social engineering – bribing or conning an employee who has access to these records • Stealing personnel records or breaking into your records electronically © 2014 JurInnov, Ltd. All Rights Reserved 20
Social engineering Social engineering preys on qualities of human nature:  The desire to © 2014 JurInnov, Ltd. All Rights Reserved 21 be helpful  The tendency to trust people  The fear of getting into trouble
Identity Theft - Indicators • Bills that do not arrive as expected • Charges on your credit card that are not yours • Unexpected credit cards or account statements • Denials of credit for no apparent reason • Calls or letters from – Debt collectors – Businesses about merchandise or services you did not make © 2014 JurInnov, Ltd. All Rights Reserved 22
Identity Theft - Defenses • Limit the number of credit cards you carry • Keep a list of all credit cards numbers and the numbers to call to report them • Shred Information • Be diligent about checking statements • Order and analyze your credit report • Watch for Shoulder Surfing © 2014 JurInnov, Ltd. All Rights Reserved 23
Identity Theft - Response • Place a "Fraud Alert" on your credit reports • Close suspect accounts • Use the FTC’s ID Theft Affidavit • Keep Documentation about conversations • File a police report with local Law Enforcement • Report the theft to FTC – Online at Ftc.gov/idtheft – By phone 1-877-ID-THEFT (438-4338) © 2014 JurInnov, Ltd. All Rights Reserved 24
Social Networking (Cont’d) • Networking sites: – Used to meet people online, stay in touch with friends, connect on professional levels – Use privacy setting on your account to ensure maximum security – Be careful about who you accept as a “friend” – Be careful about the information you provide on these sites © 2014 JurInnov, Ltd. All Rights Reserved 25
What’s wrong with this picture? © 2014 JurInnov, Ltd. All Rights Reserved 26
Q&A Don’t be shy… © 2014 JurInnov, Ltd. All Rights Reserved 27

Recommended

Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Eric Vanderburg
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Eric Vanderburg
 
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgSt. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
Eric Vanderburg
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
Dinesh O Bareja
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
Cyber security and crime
Cyber security and crimeCyber security and crime
Cyber security and crime
Md. Sarowar Alam Saidi
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Internet security
Internet securityInternet security
Internet security
Pokanati SatyaPraveen
 

Recommended

Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Eric Vanderburg
 
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vande...
Eric Vanderburg
 
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric VanderburgSt. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
St. Mark Lutheran Cyber safety seminar - JurInnov - Eric Vanderburg
Eric Vanderburg
 
WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers WFH Cybersecurity Basics Employees and Employers
WFH Cybersecurity Basics Employees and Employers
Dinesh O Bareja
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
Cyber security and crime
Cyber security and crimeCyber security and crime
Cyber security and crime
Md. Sarowar Alam Saidi
 
Internet Security
Internet SecurityInternet Security
Internet Security
Mitesh Gupta
 
Internet security
Internet securityInternet security
Internet security
Pokanati SatyaPraveen
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
Gian Gentile
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
Akhil Nadh PC
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
Gerard Lamusse
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
Cyber Security Infotech
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
David Rogers
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
Manish Singh
 
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
Smt. Indira Gandhi College of Engineering, Navi Mumbai, Mumbai
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Hacking
Hacking Hacking
Hacking
thajmohammed
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threats
pattcom
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 

More Related Content

What's hot

Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
Arifa Ali
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
David Rogers
 

What's hot (20)

Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)Cyber Security Awareness (Reduce Personal & Business Risk)
Cyber Security Awareness (Reduce Personal & Business Risk)
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Network Security
Network SecurityNetwork Security
Network Security
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
 
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
cyber crime, Cyber Security, Introduction, Umakant Bhaskar Gohatre
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Hacking
Hacking Hacking
Hacking
 
Corporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance ThreatsCorporate Espionage: Technical Surveillance Threats
Corporate Espionage: Technical Surveillance Threats
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 

Viewers also liked

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 

Viewers also liked (13)

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOVServer Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similar to Untangled Conference - November 8, 2014 - Security Awareness

Identity Theft Lake Placid 2012
Identity Theft Lake Placid 2012Identity Theft Lake Placid 2012
Identity Theft Lake Placid 2012
Mark Kotzin
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 

Similar to Untangled Conference - November 8, 2014 - Security Awareness (20)

Today's technology and you: Safe computing in a digital world - Eric Vanderbu...
Today's technology and you: Safe computing in a digital world - Eric Vanderbu...Today's technology and you: Safe computing in a digital world - Eric Vanderbu...
Today's technology and you: Safe computing in a digital world - Eric Vanderbu...
 
Identity Theft Lake Placid 2012
Identity Theft Lake Placid 2012Identity Theft Lake Placid 2012
Identity Theft Lake Placid 2012
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Identity Theft ppt
Identity Theft pptIdentity Theft ppt
Identity Theft ppt
 
Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....Steps and Tips to Protect Yourself and your Private Information while Online....
Steps and Tips to Protect Yourself and your Private Information while Online....
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
 
Internet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwalInternet secutity ppt by vaishnavi khandelwal
Internet secutity ppt by vaishnavi khandelwal
 
Internet security
Internet securityInternet security
Internet security
 
Staying Secure Electronically
Staying Secure ElectronicallyStaying Secure Electronically
Staying Secure Electronically
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Identity thefts
Identity theftsIdentity thefts
Identity thefts
 
Ulster Bank - Financial Elder Abuse Project in Ireland, 2015
Ulster Bank - Financial Elder Abuse Project in Ireland, 2015Ulster Bank - Financial Elder Abuse Project in Ireland, 2015
Ulster Bank - Financial Elder Abuse Project in Ireland, 2015
 
MatahariMall.com - Jiwasraya Knowledge Sharing
MatahariMall.com - Jiwasraya Knowledge SharingMatahariMall.com - Jiwasraya Knowledge Sharing
MatahariMall.com - Jiwasraya Knowledge Sharing
 
Protect Your Identity
Protect Your IdentityProtect Your Identity
Protect Your Identity
 
ACESnWS cyber security tips
ACESnWS cyber security tipsACESnWS cyber security tips
ACESnWS cyber security tips
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 

More from Eric Vanderburg

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Untangled Conference - November 8, 2014 - Security Awareness

  • 1. Security Awareness Untangled Church Technology Conference © 2014 JurInnov, Ltd. All Rights Reserved November 8, 2014 Dr. Eric Vanderburg Director, Cybersecurity and Information Systems eav@jurinnov.com @evanderburg (216) 664-1100
  • 2. How Security is comprised 90% © 2014 JurInnov, Ltd. All Rights Reserved 1 Process Technology People 10%
  • 3. Things your mother probably told you • Don’t accept candy from strangers – Infected devices • It’s ok to ask questions – Challenge • Don’t leave your things lying around – Clean desk and locked screen • Be careful who your friends are – Social networking • Avoid that area of town – Discretionary web surfing © 2014 JurInnov, Ltd. All Rights Reserved 2
  • 4. Security goals Three Goals Confidentiality Ensuring that confidential university information is protected from unauthorized disclosure Integrity Ensuring the accuracy and completeness of information and computer software © 2014 JurInnov, Ltd. All Rights Reserved 3 Availability Ensuring that information and vital services are accessible for use when required
  • 5. Malware Detection Security software stops working Defense Computer seems slower than usual, unexpected restarts Browser takes you to a different site than you expected © 2014 JurInnov, Ltd. All Rights Reserved 4 Your hard drive is full Antivirus software with updates and regular scanning Avoid unsolicited email and links Download from trusted sites Increased number of popup windows Personal firewall
  • 6. Computer Use • Secure browsing • Updates • Popups and warnings • Certificate errors • Suspicious links • Deleted files are not truly deleted © 2014 JurInnov, Ltd. All Rights Reserved 5
  • 7. Remove the opportunity • Location of office equipment – Printers & fax machines • Lock it down – Office doors – File cabinets, sensitive documents, personal items – Computers • Windows OS: Ctrl-Alt-Delete [enter] or Windows L • Macs: Shift (⇧) + Command (⌘) + Q • Password-protected screensaver or Time-out • Don’t leave the computer unattended when logged into an account with sensitive data (i.e., payroll, email, personal info) – Phones © 2014 JurInnov, Ltd. All Rights Reserved 6
  • 8. It’s ok to discriminate against data • You can’t treat it all the same – Personal information – Financial information – Member information – Public information • Where is all the data? – Head, paper, computer, server, backup, email • What if we got rid of it? © 2014 JurInnov, Ltd. All Rights Reserved 7
  • 9. Data Protection • Accessible only to authorized users • Physically locked down • Not out in the open • Encrypted • Password protected © 2014 JurInnov, Ltd. All Rights Reserved 8
  • 10. Encryption • At rest © 2014 JurInnov, Ltd. All Rights Reserved 9 – Full disk encryption – File encryption • In motion – VPN – SSL
  • 11. Phishing • Email • Text • Chat • Craigslist • Dating sites © 2014 JurInnov, Ltd. All Rights Reserved 10
  • 12. Phishing markers • False Sense Of Urgency - Threatens to "close/suspend your account”, charge a fee or talks about suspicious logon attempts, etc. • Suspicious-Looking Links - Links containing all or part of a real company's name asking you to submit personal information. • Not personalized – does not address you by name or include a masked version of the account number. • Misspelled or Poorly Written – Helps fraudulent emails avoid spam filters © 2014 JurInnov, Ltd. All Rights Reserved 11
  • 13. Subject: URGENT! Haiti Victims Need Your Help! Subject: You’ve received a greeting card © 2014 JurInnov, Ltd. All Rights Reserved 12
  • 14. Protect yourself against phishing • Treat all email with suspicion • Never use a link in an email to get to any web page • Never send personal or financial information to any one via email • Never give personal or financial information solicited via email © 2014 JurInnov, Ltd. All Rights Reserved 13
  • 15. Passwords • Passwords are THE KEYS TO: – Your bank account – Your computer – Your email – A server on a network – Many other things © 2014 JurInnov, Ltd. All Rights Reserved 14
  • 16. Passwords • Passwords are like underwear – Change them often – Showing them to others can get you in trouble – Don’t leave them lying around • Use different passwords for different purposes © 2014 JurInnov, Ltd. All Rights Reserved 15
  • 17. Passwords • Length • Complexity • Passphrase • http://www.passwordmeter.com/ © 2014 JurInnov, Ltd. All Rights Reserved 16
  • 18. • 2NiteWeparty*likeits1999 • HowdoU”spell”thatAGAIN? • Amishwish4fish2squish • OunceI$good#isbetter! Use a phrase, sentence, question or random statement (with a twist) • Website (time4anewpwagain.com) • Email (Passwords@stupid.com) • File (passwords/make/me/crazy) • Address 4223westmyhouse Use fake website, email, file, addresse • Follow the yellow brick road to OZ = Ftybr2OZ • Why did the chicken cross the road? = Y?dtCxtR? • Wildthing = W!ld*7H1ng! • Red Jello = R3d-j3llo:) Use a phrase, random statement or compound word; then shorten it and make it nonsensical © 2014 JurInnov, Ltd. All Rights Reserved 17
  • 19. Email password theft - indicators Receive a large number of rejected messages © 2014 JurInnov, Ltd. All Rights Reserved 18 Find messages in your sent folder that you know you didn’t send Missing email Unexplained changes to your account settings Spam Warning Signs
  • 20. Identity Theft • Thieves will… • Go on spending sprees using your credit card • With your name and Social Security number they can: – open new credit card accounts – gain employment • Give your name to the police during an arrest • Establish wireless service in your name © 2014 JurInnov, Ltd. All Rights Reserved 19
  • 21. Identity theft – How it happens • They may steal your mail, wallet, or purse • Malware • Phishing • Social engineering – bribing or conning an employee who has access to these records • Stealing personnel records or breaking into your records electronically © 2014 JurInnov, Ltd. All Rights Reserved 20
  • 22. Social engineering Social engineering preys on qualities of human nature:  The desire to © 2014 JurInnov, Ltd. All Rights Reserved 21 be helpful  The tendency to trust people  The fear of getting into trouble
  • 23. Identity Theft - Indicators • Bills that do not arrive as expected • Charges on your credit card that are not yours • Unexpected credit cards or account statements • Denials of credit for no apparent reason • Calls or letters from – Debt collectors – Businesses about merchandise or services you did not make © 2014 JurInnov, Ltd. All Rights Reserved 22
  • 24. Identity Theft - Defenses • Limit the number of credit cards you carry • Keep a list of all credit cards numbers and the numbers to call to report them • Shred Information • Be diligent about checking statements • Order and analyze your credit report • Watch for Shoulder Surfing © 2014 JurInnov, Ltd. All Rights Reserved 23
  • 25. Identity Theft - Response • Place a "Fraud Alert" on your credit reports • Close suspect accounts • Use the FTC’s ID Theft Affidavit • Keep Documentation about conversations • File a police report with local Law Enforcement • Report the theft to FTC – Online at Ftc.gov/idtheft – By phone 1-877-ID-THEFT (438-4338) © 2014 JurInnov, Ltd. All Rights Reserved 24
  • 26. Social Networking (Cont’d) • Networking sites: – Used to meet people online, stay in touch with friends, connect on professional levels – Use privacy setting on your account to ensure maximum security – Be careful about who you accept as a “friend” – Be careful about the information you provide on these sites © 2014 JurInnov, Ltd. All Rights Reserved 25
  • 27. What’s wrong with this picture? © 2014 JurInnov, Ltd. All Rights Reserved 26
  • 28. Q&A Don’t be shy… © 2014 JurInnov, Ltd. All Rights Reserved 27

Editor's Notes

  1. A more malicious type of spam is phishing. Phishing is a social engineering technique cyber criminals use to acquire sensitive information by masquerading as a trustworthy person or business in a seemingly official electronic notification or message. Other common malicious emails masquerade as invitations to see photos of family or friends, greeting cards, pleas for disaster relief assistance, or other intriguing headlines.  These emails play on your emotions to try to get you to react without thinking. So always beware of messages where someone is threatening to close an account or take away privileges unless you provide personal information. Remember that social engineers are trying to use your trusting nature and fear of trouble against you.
  2. The key to password strength is length and complexity As you just learned, a poorly chosen password may result in the compromise of individual systems, data or the entire University of Arizona network. Therefore, it’s important that your NetID password is as long and complex as is feasible. Passwords should be easy for you to remember, but difficult for other people to guess. Some people find creating a password that is associated with a phrase (also known as a passphrase) is easier to remember. By virtue of its length, a passphrase is stronger than a password. It could be a line from your favorite song, the punch line of a joke, three or more words in a row, or anything else. However, be careful about using dictionary words, movie titles, famous quotes, etc., as these have been added to password cracker dictionaries. So, if you opt to use a well-known phrase, sentence, question, or quote, you should always add a twist. For example, if you use a well know question -- such as “why did the chicken cross the road?” -- add a word in the middle. Another suggestion for creating a complex yet easy to remember password is to use a fake (and we emphasize fake) website address, email address, and the like. Unfortunately, not all services support long passwords. For those accounts that do allow longer passwords, what matters is the complexity you add to make it secure. The more nonsensical, the better!  For these instances you can use a phrase, random statement or compound word, shorten it and make it nonsensical by inserting numbers and special characters. Take the example here using the compound word “wildthing,” where we have added complexity by using uppercase, lowercase, and inserting numbers and special characters. It’s important to note that you should never use published example password/passphrases, such as the ones used in this presentation.
  3. Networking sites have become very popular online, but can also be places that identity thieves use to capture personal information they can use against you. Make sure that you adjust your privacy settings to protect yourself, and be careful about who you accept as a friend. Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time, should you change your mind about someone.