Cyber Security Awareness Month

Download Cyber Security Awareness Month

Post on 25-Feb-2016




2 download

Embed Size (px)


Cyber Security Awareness Month. Off-Campus Safe Computing Part 2. Using Your Laptop Safely On the Road. Introductions. Allen Monette Security Coordinator Office of Campus Information Security. OCIS Brown Bag Series. Worst Practices, or 10 Easy Steps to Loosing Your Data - PowerPoint PPT Presentation


PKI Development Forum

Cyber Security Awareness MonthUsing Your Laptop Safely On the RoadOff-Campus Safe Computing Part 2IntroductionsAllen Monette

Security Coordinator

Office of Campus Information Security

OCIS Brown Bag SeriesWorst Practices, or 10 Easy Steps to Loosing Your DataProtecting Your Laptops DataUsing Your Laptop Safely on the RoadFinding and Protecting Sensitive Data on Your ComputerProtecting Data by Using Network and Server Scanning ToolsRicks Road Trip

Meet Rick typical user from Department of Ethical Environmental Programming (DEEP)Going to a conference and taking a few personal vacation days afterwardsfollowing some good practices, but not aware of special circumstances in using a laptop off campus


Ricks New LaptopReal Rick would buy a Mac6

For today, Rick bought a Dell7

Added antivirus software


Checked that Windows Firewall was turned on


Ran Windows Update to get latest patches


Downloads all the data hell need to do some work and give a presentationInstalled and configured other software, too11Rick visits his favorite coffee shop

Hey, Free Wi Fi!

Rick isnt actually using Blogger. Posted note about his upcoming travel. Supposed to be limited access.16

Bought and drank two cups of coffeehe also had a little help from one of the locals17

We all know what happens when you drink lots of coffee.18

Left his laptop sitting on the table when he went to get coffee and use the restroom19

Fortunately for Rick, his laptop didnt just walk off20Rick on the Road

While Rick is on the road, a number of things happen21

Credit card stops working and its not because the places hes using it have broken equipment22

Cant login to his email23

Ricks New LaptopReal Rick would buy a Mac24Ricks New LaptopGoes missing as he makes his way through airport security25Ricks return

Once Rick gets home, things dont get any better.26

House broken into; stuff stolen27Account Balance: $0Checking account is cleaned out28

2005 Wisconsin Act 138 requires entities to notify individuals of certain unauthorized acquisitions of personal information.

Personal information means an individuals last name and the individuals first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in any manner that renders the element unreadable: (a) the individuals Social Security number; (b) the individuals drivers license number or state identification number; (c) the number of the individuals financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individuals financial account; (d) the individuals DNA profile; and (e) the individuals unique biometric data, including fingerprint, voice print, retina or iris image, or any other unique physical characteristic. When he tells his department IT staff about losing his laptop, they say that they may have to notify under state laws. Department isnt happy with Rick.30Lets go Back In Time

Ricks had a really bad tripwhat happened?What could be done to protect him?

31Rick isnt a bad userDid work to secure his computerWhat he did is good for a desktop on a protected networkNot so good for the wilds of Free WiFi

Credit CardWhat happened?

Since Rick wasnt doing this.shoulder surfer got part of the number.Got rest of the number, plus the expiration date and Card Security Code from a file on Ricks desktop

34SolutionsWhat to do?SolutionsFile on desktopdont store that data!If you must store it, encrypt it!Lock your workstation; use screensaver passwordsDont leave your laptop unattendedBe aware of those around you

Email + Break-inWhat happened?

Repsonded to a phishing attempt; spammers used his account and his ISP shut it down38

Rick isnt actually using Blogger; blog he is using does not use SSL to protect his login credentials. Rick is using free, open, wireless without a vpntraffic got sniffed.39SolutionsWhat to do?SolutionsKnow how to spot a phishing attemptUse different credentials for different accountsUse a VPN

Laptop Lost; Cash goneWhat happened?42

Had checking account information on laptop in MS Money; downloaded all the data he needed to his laptop43SolutionsWhat to do?SolutionsOS hardeningrequire username/password to loginEncrypt!Use removable storage; better yet use network storageLojack for laptopsSecurity screening line strategiesRules of the RoadStore no data locallySince we know 1 is hard: Encrypt!Practice Defensive Networking Use VPNKnow where your laptop is at all timesQuestions?