Cyber Security Awareness Month

Using Your Laptop Safely On the Road

Off-Campus Safe Computing Part 2

Introductions

Allen Monette

Security Coordinator

Office of Campus Information Security

OCIS Brown Bag Series

Worst Practices, or 10 Easy Steps to Loosing Your DataProtecting Your Laptop’s DataUsing Your Laptop Safely on the RoadFinding and Protecting Sensitive Data on Your ComputerProtecting Data by Using Network and Server Scanning Tools

Rick’s Road Trip

Rick’s New Laptop

Rick visits his favorite coffee shop

Hey, Free Wi Fi!

Rick on the Road

Rick’s New Laptop

Rick’s New Laptop

Rick’s return

Account Balance: $0

2005 Wisconsin Act 138 requires entities to notify individuals of certain unauthorized acquisitions of personal information.

“Personal information” means an individual’s last name and the individual’s first name or first initial, in combination with and linked to any of the following elements, if the element is not publicly available information and is not encrypted, redacted, or altered in any manner that renders the element unreadable: (a) the individual’s Social Security number; (b) the individual’s driver’s license number or state identification number; (c) the number of the individual’s financial account number, including a credit or debit card account number, or any security code, access code, or password that would permit access to the individual’s financial account; (d) the individual’s DNA profile; and (e) the individual’s unique biometric data, including fingerprint, voice print,

retina or iris image, or any other unique physical characteristic.

Let’s go Back In Time

Rick isn’t a bad user

• Did work to secure his computer• What he did is good for a desktop on a

protected network• Not so good for the wilds of Free WiFi

Credit Card

What happened?

Solutions

What to do?

Solutions

• File on desktop– don’t store that data!– If you must store it, encrypt it!– Lock your workstation; use screensaver

passwords– Don’t leave your laptop unattended

• Be aware of those around you

Email + Break-in

What happened?

Solutions

What to do?

Solutions

• Know how to spot a phishing attempt• Use different credentials for different

accounts• Use a VPN

Laptop Lost; Cash gone

What happened?

Solutions

What to do?

Solutions

• OS hardening– require username/password to login

• Encrypt!• Use removable storage; better yet use

network storage• Lojack for laptops• Security screening line strategies

Rules of the Road

1. Store no data locally2. Since we know 1 is hard: Encrypt!3. Practice Defensive Networking – Use

VPN4. Know where your laptop is at all times

Questions?