University of Louisville CIS Department

Prepared by Brian Martinez, Danna Penaranda, and James Pesetsky

Cyber Security & Today’s User- Defense Against Security Breaches

The Electronic Environment

● Desktop Computers

● Laptops

● Tablets and Phones

● The Internet

2

How many people own more than one electronic/digital device?

● As of 2015, 1 in 3 Americans owned a Smartphone, Tablet, and Computer

● 1 in 4 Americans own a gaming console/device

Source: http://www.pewresearch.org/fact-tank/2015/11/25/device-ownership/3

The Connected World● Population of Earth (2015):

● 7.2 billion● Number of personal

computers (2015):● 2 billion estimated

● Number of mobile devices (GSMA 2017):● 8.114 billion mobile

connections

Source: https://www.reference.com/technology/many-computers-world-e2e980daa5e128d04

Hacking and Security Breaches● Earliest hack:

● 1903: Nevil Maskelyne sends insulting Morse code messages with projector and disrupts wireless telegraphy demonstration by John Ambrose Fleming

● Most recent security breach:● March 2017: River City Media

backup servers were not password protected, exposing 1.37 billion record spam database. Includes names, zip codes and physical and IP addresses

Source: https://www.newscientist.com/article/mg21228440-700-dot-dash-diss-the-gentleman-hackers-1903-lulz/https://betanews.com/2017/03/06/river-city-media-spam-database-leak/ 5

Why should you care?● Protect your identity

● Protect your personal & financial data

● Safeguard your online privacy

● Prevent yourself from falling victim to scams

● Be proactive about protecting your personal identifiable information

6

What are some mistakes people make online?● Using one universal password

across multiple websites●Bank account password = FB account password. Don’t do it!

●Increase password complexity and length

●Invest in a password manager. The cost of eating out once = one-time purchase and protection for a year.

7

What are some mistakes that people make online? (cont.)

●Putting personal information online ● Be mindful of the information you put

on social media

●Being unaware of cyber threats like social engineering and scams

8

Safe Web Practices ● Don’t share your login information with anyone

●Never give out credentials without considering the risks and consequences involved

The goal is to be responsible for your security and privacy9

Safe Web Practices

●Always verify the source of your downloads

●Keep backups of your important data

●Don’t leave credentials or other confidential information freely available to anyone

10

Safe Web Practices●Only open email attachments from familiar contacts

Respectable businesses and government agencies do not call or e-mail you asking for money/credentials

●Learn to recognize “phishing” emails

Before providing any kind of information, call and verify with the source that they are indeed the ones who sent the email.

11

Phishing Example

12

HIPAA Compliance●Be aware of the ways in which you come in contact with

PII and protect it: names, geographical subdivisions, dates like DOB, and other unique identifying numbers.

●Recognize everyone in the building and avoid tailgating●Lock your computer when you leave your desk

13

How to tell you’re compromised

● Slow/Sluggish performance

● Strange/unfamiliar errors

● File changes being made without permission

● Unknown programs or services running in the background

● Unauthorized activity on system or across network

● Strange emails being sent to or from you/your contacts

14

Common Vulnerabilities

● Out of date operating system

● Out of date software

● Out of date antivirus definitions

● No scheduled backups

● Inactive or incorrectly configured firewall

● Insufficient antimalware software

15

Keep software up to date● Update Operating System regularly

● Check software and hardware manufacturers websites for updates if automating isn’t possible

16

Good web practices to remember● Check the URL of websites you visit

● Know the source of your downloads

● Scan recently downloaded software, files, and email attachments

● Watch out for spyware

●Ignore or close ads and pop-ups

17

Being proactive● Monitor email and bank

accounts

● Use 2-Factor Authentication when available

● Know the recovery steps you need to take in the event that your system is compromised

● Never give out more information than is absolutely necessary

● Consider the use of a password manager to keep track of unique logins and passwords

18

A list of recommended freeware programs

Antivirus: ● Avast Free Antivirus, AVG Antivirus Free, BitDefender

Antivirus Free EditionAntimalware:

●Malwarebytes Anti-Malware, IObit Malware FighterCleaners and Pop-up blockers

●Ad Block Plus for Chrome, uBlock Origin for Firefox, AdwCleaner, Ghostery - Defends against internet trackers

19

LinksAntivirus (never use more than one): https://www.avast.com/indexhttp://www.avg.com/us-en/homepagehttps://www.bitdefender.com/solutions/free.html

Antimalware (use 1 or more): https://www.malwarebytes.com/http://www.iobit.com/en/index.php

Ad blockers & anti-trackers:https://adblockplus.org/https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/https://www.malwarebytes.com/adwcleaner/https://www.ghostery.com/ (protects against web trackers)