Security Liaisons Information Presentation. Introduction What’s the big deal with computer...
-
Upload
mervyn-haynes -
Category
Documents
-
view
216 -
download
0
Transcript of Security Liaisons Information Presentation. Introduction What’s the big deal with computer...
Security Liaisons Information Presentation<Security Liaison’s Name><Date>
Introduction What’s the big deal with computer
security? Don’t we have an IT security department to take care of this?
[Explain users’ role in IT Security] [Who you are]
Facts Major security breaches are the result of users:
Not protecting credentials People responding to phishing Responding to pop up “your computer is at risk” ads Losing cell phones and laptops, with no password protection
Let’s break it down into some statistics: About 63% of all major security breaches are caused by user error
http://www.channelbiz.co.uk/2012/06/12/internal-security-breaches-cause-businesses-most-concern/
Worldwide about 23% of people will respond to spear-phishing attacks, with 70% of people responding to directed phishing attacks http://www.scmagazine.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/
Facts (cont’d) More statistics (
http://www.verizonbusiness.com/about/events/2012dbir/) : 96% of all data breaches were not highly
difficult 97% were avoidable through simple or
intermediate controls 69% incorporated malware 81% of incidents used a form of hacking
(through phishing, drive-by downloads, etc)
79% of victims were targets of opportunity
Things You Can Do Secure your computer Use strong passwords Watch for phishing Use social networking cautiously Do not store highly sensitive data
How? Contact your Security Liaison for additional
resources or contact the ITU Support Center for more information on how to protect yourself and your data!
Phishing
Phishing What is phishing?
Phishing is a form of social engineering that uses e-mail or malicious websites to solicit personal information by posing as a trustworthy organization.
What does a phishing email look like? False Sense Of Urgency Suspicious-Looking Links Not personalized Misspeld or Pooooorly Written Sender not known
Phishing (cont’d)
Phishing (cont’d)
Phishing (cont’d) What can happen?
Phishing Attacks Lead to Identity Theft - When users respond with the requested information, attackers can use it to: Empty your bank account Open new credit cards Gain employment Give your name to the police during an arrest
Specific to Mason: Your Mason UserID gives access to:
Patriotweb/Internet Native Banner Student/Employee Personal information Financial information Mason Money MyMason
Phishing (cont’d) How to protect yourself:
Be cautious about opening attachments in e-mails
Be very cautious about downloading files Be suspicious of unsolicited e-mails asking
for information If an unknown individual claims to be from a
legitimate organization, try to verify his or her identity directly with the company.
Pay attention to the URL of a website Malicious websites may look identical to a
legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
Password Security
Password Security Use a secure password
Length first, then complexity At least 10 characters Mixed alphanumeric, upper/lower and special
characters Try using a passphrase instead – makes it
harder to crack!
Use a password safe to store your passwords
Never use chain-link passwords – i.e. never use the same password for all your accounts
Never link accounts
Securing Your Web Browser
Securing Your Web Browser Web browser security:
Understand what risky behavior is Beware of untrusted web sites Don’t click the fake anti-virus button, instead
end the process – do not just close your browser. Beware of downloading plugins and add-ons
Secure your internet browser Manage plugins Disable Java**, JavaScript, and ActiveX For more details, please visit
http://itsecurity.gmu.edu/Alerts/upload/Securing-Home-Network-Part2.pdf
Social Networking
Social Networking What is social networking?
Social networking service is defined as an “online service, platform, or site that focuses on facilitating the building of social networks or social relations among people who, for example, share interests, activities, backgrounds, or real-life connections.” (http://mashable.com/follow/topics/social-networking/)
Social Networking Sites (to name a few): Facebook Twitter LinkedIn MySpace Google + Pinterest
Social Networking (cont’d) Privacy settings are key:
Why do we need them? Won’t that make it harder for people to find
us and friend us? How do they work? What do I need to do?
Social Networking (cont’d) Tips for safely using social networking:
Be conscious of what you write. It’s the internet, nothing is ever truly private.
Avoid posting your plans, particular personal information, etc.
Do not state your location. Make sure you have your privacy settings in place. Be careful what you allow your friends to tag you in. Don’t accept friend requests from people you don’t know. Be careful when playing games and apps that ask for
personal information. They can sell that to third-party vendors.
Make sure your passwords are strong and are not the same for every site.
Never use your Facebook or Twitter as logins for other sites.
Social Networking (cont’d) Social Networking
Proof that nothing is private: “We Know What You’re Doing” –
http://www.weknowwhatyouredoing.com Takes revealing posts and makes them public,
proving you’re not always as private as you would like to hope. Again, think before you type.
Failbook – http://failbook.com Embarrassing and funny Facebook statuses. If
you’re not careful, you could end up on this site. Again, THINK BEFORE YOU POST.
Things You Can Do
Things You Can Do Secure your computer Use strong passwords Watch for phishing – DO NOT respond Use social networking cautiously Do not store highly sensitive data
If you think there is a problem… Contact the IT Support Center if there
is a suspected problem, or if you know you have a problem. ITU Support Center
Important Contacts <Security Liaison Name, Title>
<SL email><SL extension>
IT Support [email protected]://itservices.gmu.edu
Sarah Morehouse, Communications Coordinator, IT Security and Project Management [email protected]://itsecurity.gmu.edu