being secure while ... living y our l ife o nline
DESCRIPTION
Being secure while ... living y our l ife o nline. Grant Currie Manager, Educational Technologies. # SaintsGoSocial. Convenience vs. Security. +. convenience. -. -. +. s ecurity. # SaintsGoSocial. Sending a message from a “fake” email address is called:. Scamming Spoofing - PowerPoint PPT PresentationTRANSCRIPT
Computing Safety, Security,and Resources
Information Technology
95% of breaches began with a human failure… often well intentioned
Recent NY6 breaches of note:• Phishing email … nearly led to $400k loss• Cryptolocker• Scam office supply calls• Student changing grades on faculty computer
95% of breaches began with a human failure… often well intended
http://www.dhs.gov/photo/if-you-see-something-say-something
What is Phishing?
A. Sending an email from a “fake” email addressB. Trying to steal someone’s
username/password through emailC. Attending a concert by noted American rock
band Phish
What happens whenyour account is phished?
A. It can be used to send spamB. It can be used to access computing resources
using your identityC. It could be used to gain access to your other
online accounts if they use the same passwordD. It could be used to reset passwords on other
online accounts tied to your SLU email addressE. All of the above
Is this a legitimate email?
A. YesB. No
A. YesB. No
Is this a legitimate email?
A. YesB. No
A. YesB. No
Is it safe to view a phishing or other scam email?
A. YesB. No
Is it safe to click a link in an email?
A. YesB. No
Is it safe to open an attachment to an email?
A. YesB. No
Is it Secure? Look left of first slash
Links don’t always go where they say …
Why phishing, why steal an account?
• The going rate for stolen credentials:• $8 - iTunes accounts• $6 - Fedex.com, Continental.com and United.com
accounts• $5 - Groupon.com accounts• $4 - Godaddy.com, Att.com, Sprint.com,
Verizonwireless.com, and Tmobile.com.• $2.50 - Facebook and Twitter
Do you use your SLU password for other online accounts?
A. YesB. No
What are the risks of reusing passwords?
A. If phished, can use to access other accountsB. If you use email account to signup for another online
account using the same password, someone could use that information to gain access to your email account
C. If someone gains access to an email account, they could use that account to reset passwords on other accounts
D. All of the above
Managing Passwords
treat passwords like your toothbrush • Pick a good one• Don’t share it• Replace it often
http://www.deltadentaliablog.com/wp-content/uploads/2014/05/6.26-facts-for-toothbrush-day.jpg
Managing Passwords
… use a pack of passwords• One for SLU• One for financial sites• One for social media• Others as needed
Managing Passwords
… use a password management “system”• Use passphrases
• I <3 peanut butter sandwiches!is easier to remember than3dKe7d#
• Store in notebook (if you can keep it safe)• better than post-it-note• better than “passwords” file on desktop
• Vary standard password based on website/url• standard password: I <3 peanut butter sandwiches!• use at Citibank: I CT peanut butter sandwiches!• use at SLU: I <3 SLUnut butter sandwiches!
• Use a password management system
Must change SLU password every 365 days(do so on an anniversary, or set a reminder)
Must change SLU password every 365 days(how to check your expiration date)
Phishing & Other Scams (malware, viruses)
are not limited to email
• Telephone• Texts• Ads• Websites
Security and Mobile Devices
Acceptable Use Policy (AUP)
http://www.stlawu.edu/it/acceptable-use-policy-aup
• Have you read it?• Have you accepted it?• Do you know what it says?• Do your employees know what it says?
AUP: Executive Summary• Our computer network exists to support the academic mission of
the university. It’s use is a privilege requiring responsible use• Use that disrupts the academic mission is prohibited
• It is the user’s responsibility to prevent unauthorized use of account/resources
• IT will make every reasonable effort to respect user’s privacy. However, users should not have an expectation of privacy in communications transmitted or stored on university resources
• In accordance with law or university policy, the president or vice president of the university can request access by authorized agent to review or monitor files associated with a user account
AUP: Executive Summary• Users are responsible to keep the operating systems and
virus protection on their personal devices connected to the university network up to date. These devices should also be protected by a strong password
• IT is happy to work with users to help them comply with the AUP
Other ResponsibilitiesUniversity laptop: not for personal/family use• avoids grape juice spill issues, etc• avoids problems due to personal app installations
Other ResponsibilitiesSLUbay: • Managers/Supervisors must set policy for employee use• Use of University Resources• one-time sales • must be associated with not-for-profit entity• no listing of illegal/prohibited items
slubay
Other ResponsibilitiesLock workstation, etc, when away
Mac:• enable “require password
after screensaver”• Set Hot Corner to initiate
screensaver
Other ResponsibilitiesSocial Media: • Personal use: should not conflict with work• Work use: should balance with other responsibilities• Careful what you share … phishers can use to create
irresistible emails
What is encryption?
• Scrambles information
• Can only be de-scrambled by recipient
• It is different from authentication
The information on the hard drive of my work computer is encrypted.
A. True
B. False
C. Maybe
Email is a secure way to share information.
A. True
B. False
slu-wifi (wireless) is secure
A. True
B. False
primary take aways …
• Information Security is everyone’s responsibility…which means YOU
• If you SEE something, SAY something• If it smells remotely phishy, act as if it is phishy• PAUSE before following links, opening attachments, supplying
username/password, etc• MANAGE your passwords and other personal info• Be careful when sharing personal information
How To Contact IT
A. Stop by HelpDesk at Madill HallB. Stop by HelpDesk at ODY LibraryC. Call 315.229.5770D. Email [email protected]. Enter a Service Request at IT Website
What are we missing?What else would you like to know about?
http://realizedworth.com/wp-content/uploads/2013/01/question-mark.jpg