Presentation on theme: "CYBER SECURITY October 2009 ARE YOU AWARE? The Federal Trade Commission reports that: For the seventh year in a row, identity theft tops the list, accounting."— Presentation transcript:
ARE YOU AWARE? The Federal Trade Commission reports that: For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006. Other categories near the top of the complaint list include shop-at- home/catalog sales; prizes, sweepstakes and lotteries; Internet services and computer complaints; and Internet auction fraud. FTC News
TOP TEN COMPLAINTS FOR VIRGINIA RANKCATEGORIESCOMPLAINTS% 1Identity Theft246,03536 2Shop-at-Home/Catalog Sales 46,9957 3Prizes/Sweepstakes &Lotteries 45,5877 4Internet Services & Computer41,2436 5Internet Auctions32,8325 6Foreign Money Offers20,4113 7Advance-Fee Loans and Credit Protection/Repair 10,8572 8Magazines and Buyer Clubs8,9241 9Telephone Services8,1651 10Health Care7,4671
Why should you be aware? Websites can be disabled and unavailable Office/home computers can be damaged by a virus Hackers can break into our databases and steal identity information, not just our customers, but yours as well! Malicious users could use our systems to attack other systems Cyber Security
DID YOU KNOW? A unprotected computer connected to the internet can be compromised in less than one minute A modern desktop computer can send 200,000 spam emails an hour Networks of exploited computers can be rented for targeted attacks via web stores controlled by Bot Owners VITA BOTS CYBER SECURITY
WHAT IS SPAM? The simple definition of spam is it is an unsolicited email Product offers Misdirection to allow installation of malware Misinformation (denial of access)
WHAT IS PHISHING? According to Microsoft: Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, Windows Live IDs, other account data and passwords, or other information.Windows Live IDs Microsoft
TYPES OF PHISHING IRS and Treasury scams Credit Union and Banking scams Major events (Elections, Holidays) Social networking Web sites Fake Websites Websites that spoof your familiar sites using slightly different Web addresses Phishing Video
KEYLOGGER/KEYSTROKE SPYWARE Keylogger is a software program (it can even be hardware) designed to monitor and log all keystrokes. The biggest threats in this area are stolen password, confidental information, pin numbers, credit card account numbers, etc. VIRUSLIST
SOCIAL ENGINEERING According to Microsoft: The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.
TYPES OF SOCIAL ENGINEERING Phishing Spear phishing E-mail hoaxes NIGERIAN EMAIL SPAM
LOGOFF OR LOCKUP When leaving your desk, remember to logoff or CTRL-ALT-Delete to lock your workstation alt
EMAIL AND INSTANT MESSAGING Avoid clicking on links in emails, type the URL in the browser bar Dont open attachments that appear to be suspicious Delete emails that direct you to a website where you are prompted to fill out personal data Delete hoax and chain letter emails
SENSITIVE DATA Dont store sensitive data on you hard drive (Social Security, Credit Card, etc.) If you must store sensitive data, have it encrypted (see MIS for more Information) If printing sensitive data, avoid printing on shared printers/copiers: ** If you have to print on a shared copier/printer, remove it immediately!
EQUIPMENT PHYSICAL PROTECTION If you have a laptop/portable device, lock it up at night If traveling with a laptop, never check it in at the airport Use a surge protector Portable devices need to be secured when not in use! Dont put laptops/portable devices on the seat of your car, not just for anti-theft but for climate control! Remember flash drives/CDs are considered portable devices!
PORTABLE DEVICES It is a COV Security standard that COV data not be stored on non-COV devices, so you will have to use COV portable devices when working away from the office COV sensitive data should be encrypted before being moved onto your COV- portables Scan, Scan, Scan- Portable devices are just like your hard drive, it needs to be scanned at least once a week
WHO IS IT? You dont open your door at home without ensuring who is at the door, ….So why would you not take the same precaution online!
WORLD WIDE WEB, WWW Be watchful of sites that: Redirect you to other sites Request personal information Appear to involve malicious activity Remember: Block pop-ups and only enable them for trusted sites Cookies are great, but third party cookies should be blocked!
SECURITY SOFTWARE Ensure your home and work PCs are up-to-date on the following programs: Anti-Virus Software Firewalls Anti-Spyware and Malware Software Email Scanning Windows XP Firewall Information
UP-TO-DATE In order to protect yourself and your computer you need to ensure that you Operating System and Web Browser is up-to-date Security patches are frequently updated, so check regularly! Microsoft
PASSWORD Your password is the key to your computer, dont make it readily accessible. Never place your password out in plain view. Keep it secured! Avoid the option that allows a computer to remember any password Never share your password. Your IT person should never ask for your password!
STRONG PASSWORD Use at least nine characters, including numerals and symbols Avoid common (dictionary) words Dont use your personal information, login or adjacent keys as passwords Change at least every 42 days for work and 90 days for home Use variety of passwords for your online accounts
PASSWORD TIPS Use memorable phases, such as I hate Mondays! Alter caps with lowercase, numbers, and use symbols: Example: 1h@teM0ndays! Using this format gives you the opportunity to use the same password for long time. Simply change at least two characters and most policies will allow you to keep the same password.
BACKUP YOUR DATA One of the biggest errors people make is not backing up their data! Depending upon your use: For work we back it up every night For home you should strive to back it up at least weekly Windows XP Backup
IDENTITY THEFT File a complaint with the Federal Trade Commission: Federal Trade Commission Place a fraud alert on your credit reports, and review your credit reports. This can be accomplished by contacting one of the nationwide consumer reporting agency File a Police Report Close the accounts that have been tampered with or opened fraudulently
HOUSTON WE HAVE A PROBLEM! How to Recognize a Cyber Security Threat: Slow or non-responsive system Unexpected behavior, such as program pop-ups Display of messages that you havent seen before Running out of disk space unexpectedly Unable to run a program due to lack of memory Crashing! Rejecting a valid and correct password
WHAT TO DO Stop and unplug system from the LAN/Modem! If unable to freeze the problem, take note about occurrence Contact any of your MIS personnel and supervisor about any cyber security incident
THE BES OF CYBER SECURITY BE ALERT BE WATCHFUL BE ON GUARD BE CAREFUL WHERE YOU GO ONLINE! BE SURE TO ASK FOR HELP! BE SURE TO THINK B4 U CLICK!
CYBER SECURITY It is said a chain is only strong as its weakness link…. Dont be the weak link! Cyber Security is everyone's responsibility!
Thanks! Thank you for going through the training today! Information Security is critical at work and at home. We appreciate you taking the time to learn the contents of this training and highly encourage you taking some time regularly to read up on security topics – you can click on the security link at the bottom of our MRC web pages to visit the VITA-NG security web site at any time. This information is provided to educate you on how to protect yourself at work and at home, but as always, it is required for you to understand and follow our agency security policy. If you need to review the policy again, you can go to the following link: Agency Information Security PowerPoint Please contact Erik Barth (x72262); Linda Farris (x72280) or your supervisor if you have any questions about this training or information security topics in general.
DONT FORGET Please dont forget to email, fax, or mail your acknowledgement for completing your cyber-security training!
References FTC News Microsoft VITA VIRUSLIST Wikipedia Stay Safe Online OnGuard Online Cyber Security