SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES.

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
Johnson Logistics Solutions Office of Systems and Information Technology.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Information Assurance Outreach. Overview Survey Results Password Security Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Threats to I.T Internet security By Cameron Mundy.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Technology Awareness & Information Security. Survey Results 50% class has smart phones 64% class has shared personal info over the internet 71% class.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
Staying Safe Online Keep your Information Secure.
Reliability & Desirability of Data
Online Safety and Awareness. Introductions We are students at UNM We are taking an Information Security course this semester. It is our mission to teach.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
CIS 450 – Network Security Chapter 8 – Password Security.
© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.
 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.
Protecting Your Personal Information November 15, 2013.
SURFING THE WEB PRIVACY, SAFETY, AND RELIABLE SOURCES.
P ROTECTING D ATA Threats to your privacy and the integrity of your computer’s data come from a number of sources. Understanding how to protect yourself.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Information Security. Survey Results Question What do you think Information Security is?
Pitfalls and Mistakes. Agenda Who We Are Social Media Today Pitfalls and Mistakes –Policies –Poor Decisions Online Reputation Accepting Random People.
Information System Security. Agenda Survey Results Social Networking Multi-Factor Authentication & Passwords Phishing Schemes Cyber Bullying Advice.
Information/Internet Safety. MBA Candidates at UNM Anderson School of Management This is our homework.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.
Personal Online Safety Information Security Systems Community Outreach Program McKinley Middle School April 23, 2013.
Online Safety and You!. Introduction The good and the bad about the internet Protecting your Personal Information –Password protection Safety.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.
Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.
Computer Security By Duncan Hall.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
Staying Safe On Social Media. Website Security  How do you know if a website is secure?  Celebrities  http vs https  http: Hypertext Transfer Protocol.
Digital Footprints Cyberbullying Passwords The Digital Community Staying Safe Online
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Cyber security. Malicious Code Social Engineering Detect and prevent.
2.4 Cyber-Safety.
Introduction to Web Safety
Unit 4 IT Security.
Information Security.
Ways to protect yourself against hackers
Home Computer Security
Information Security 101 Richard Davis, Rob Laltrello.
Teaching Computing to GCSE
Lesson 2- Protecting Yourself Online
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
2.4 Cyber-Safety.
Lesson 2: Epic Security Considerations
Information Security Awareness
Epic Introduction Basics
Epic Introduction Basics
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
Epic Introduction Basics
How to Stay Safe Online Rollie Edwards.
Lesson 2- Protecting Yourself Online
Presentation transcript:

SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES

Social engineering Who Are We? Graduate students at UNM Anderson School of Management, both studying toward graduate degree in Information Assurance Full time employees at Sandia National Laboratories, working in an IT department INTRODUCTION

Social engineering Why Are We Here? We all need to learn to defend our information from unauthorized access and use Survey given 3/10/2013 discloses some areas in which you can protect yourselves better Major Topics Online Privacy/Protection Social Engineering Password Strength/Password Management INTRODUCTION

Here are some of the more interesting results from the survey… SURVEY RESULTS Do you reuse the same password across your online accounts? Do you regularly clear your browser cache? Do you use strong passwords for your online accounts? How familiar are you with social media privacy settings?

Social engineering You may have heard recently that many celebrities accounts were being hacked So much information about celebrities on the internet Countless followers via Twitter, Facebook, and other social media ONLINE PRIVACY/PROTECTION

Social engineering One of the biggest threats to your personal privacy protection is social media Over-sharing “Checking in” Embarrassing pictures/posts/likes Lack of controlling who can see what Anonymous information gathering ONLINE PRIVACY/PROTECTION

Social engineering Browser Safety Cleaning cache Tracking and Cookies Double checking URLs Safety Spam filtering Attachments / BROWSER SAFETY

Social engineering Due to social media use today, we are all “celebrities” Just as people have been able to hack real celebrity accounts using information from the internet, the same can be done for anyone sharing via social media All this public information makes an individual vulnerable to social engineering attacks SOCIAL ENGINEERING

Social engineering “the art of manipulating people into performing actions or divulging confidential information” Tricking the victim in to divulging information Only a few of you responded that you had previously given personal information over the internet Can involve pretexting, or creating a target specific scenario, to help give the victim the sense of legitimacy SOCIAL ENGINEERING

Pretexting “the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.” Attackers will research their targets so that they can create a more believable lie Phishing from your bank asking to confirm your username and password Use of other information such as work or school gained via social networking sites. PRETEXTING

Social engineering 1. Clear out your ________ ________ regularly to keep sites from tracking your internet activity. MIDTERM EXAM Browser Cache 2. The act of creating a scenario to engage a targeted victim to divulge information is known as what? Pretexting 3. True or False. “Checking In” on Facebook on a regular basis is a safe practice. False 4. The art of manipulating people to divulge confidential information is known as what? Social Engineering 5. One of the greatest threats to our personal online privacy is how we use ________ ________. Social Media

Password best practices Password Strength Most of you say you use strong passwords What makes a strong password? At least 8 characters – more is better Avoid any dictionary words Mix of letters (upper and lower), numbers, and other characters (like punctuation) Some examples r3t7A#EM Tad3cha5$uh#q PASSWORD STRENGTH

WHY A COMPLEX PASSWORD? There are several methods of acquiring a password –Guessing* – use of personal information available –Dictionary-based attacks* –“Brute Force” attacks* – Programs that can guess every possible combination of characters. –Phishing** –Shoulder surfing** * These attacks are best mitigated through the use of a strong password. The stronger the password, the harder it is to guess by either people or programs. ** These attacks are best mitigated through personal security (preventing social engineering) Password strength criteria: – create.aspxhttp:// create.aspx Password strength checker: – checker.aspxhttps:// checker.aspx Password generator: – Importance of a strong password: – _passwords.phphttp:// _passwords.php PASSWORD STRENGTH

HOW STRONG IS MY PASSWORD? 5 volunteers! Password Strength Checker How long would it take a Desktop PC to crack a password Do NOT put your REAL password into this site – it is for relative strength checking only! PASSWORD STRENGTH DEMONSTRATION

Password best practices Password Reuse While most of you said you use strong passwords, most of you also said you reuse passwords DON’T USE SAME PASSWORD ACROSS ALL ACCOUNTS! Sites are hacked regularly and passwords are retrieved SERIOUSLY??? Did you see those password examples????? PASSWORD REUSE

Password best practices Password Management Various tools to manage passwords Allows unique passwords to be used for each account Convenient features for ease of use Categorization Auto-type/Auto-fill Online/Cloud based and client based Each solution has its Pros and Cons PASSWORD MANAGEMENT

Password best practices Pros/Cons Cloud-based – less secure, passwords stored somewhere on the internet Client-based – more secure, less convenient as only available when installed Solution: KeePass with Dropbox Power of client-based, encrypted database with availability provided by online storage PASSWORD MANAGEMENT

Password best practices Dropbox Online storage Web browser interface Desktop sync iPhone/iPad/Android sync FREE! (2GB – more than enough for a KeePass database file) PASSWORD MANAGEMENT KeePass Encrypted password database Categorize by folder Lightweight install Password generator/strength indicator Secure notes Auto-type iPhone/iPad/Android app support FREE! Result: encrypted database of passwords synced across all devices – only have to remember one really strong password! For FREE!

Password best practices PASSWORD MANAGEMENT DEMONSTRATION KeePass & Dropbox Demo

Password best practices Best Practices Use spam filters Don’t open unusual/unknown attachments Double-check URLs before clicking Lock-down public information on social media sites Be absolutely sure you know who you are divulging information to Use strong passwords Use a password management tool to enable unique passwords across the internet REVIEW

Password best practices QUESTIONS??? QUESTIONS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.