Information Security Phishing Update CTC

Slides:



Advertisements
Similar presentations
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Advertisements

Employee Self Service (ESS) Registration
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Recommendations on the future of online GyroScope & Databse implementation.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
  Cyberbullying can be as simple as continuing to send e- mail or text harassing someone who has said they want no further contact with the sender.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Internet Phishing Not the kind of Fishing you are used to.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Protecting Information. Who We Are We are working on our Information Assurance MBA This is part of our curriculum; to present on information security.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
AI&SS Administrative Group April, Meal Reimbursements. Invoices, Check Requests Year end deadlines for Accounting De-obligation of Accounts “Phishing”
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
BUSINESS B1 Information Security.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Instructional Technology & Design Office or Digital Security Basics Presented by Mark Baldwin &
PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…
IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
Phishing: Trends and Countermeasures Blaine Wilson.
How Phishing Works Prof. Vipul Chudasama.
Awicaksi E-Commerce Security & Payment System E-Commerce.
A Matter of Your Personal Security Phishing. Beware of Phishing s Several employees received an that looked legitimate, as if it was being.
Lightspeed is a web-blocking and filtering software program providing safe online security for educational users.
Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.
A Matter of Your Personal Security Phishing Revised 11/30/15.
This Guide is going to be about how to  attach files  create a signature  send to multiple recipients with using ‘Cc’ and ‘Bcc’  change the priority.
October is National CyberSecurity Awareness Month OIT and IT providers across campus are launching an awareness campaign to provide tips and resources.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Electronic Mail. Gmail Accounts USERNAME Skyward PASSWORD Same password as you use to log in to your computer.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money)
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Important Information Provided by Information Technology Center
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Secure Software Confidentiality Integrity Data Security Authentication
I S P S loss Prevention.
Phishing is a form of social engineering that attempts to steal sensitive information.
Presented by: Brendan Walsh Manager, Security and Access Management
Electronic Mail.
Robert Leonard Information Security Manager Hamilton
Multifactor Authentication & First Time Login
Auburn Information Technology
Electronic Mail.
Computer Security.
Security Hardening through Awareness August 2018
Policies and Procedures to Protect you, your Office and your Data
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
What is Phishing? Pronounced “Fishing”
Spear Phishing Awareness
Security in mobile technologies
Cybersecurity Simplified: Phishing
Employee Self-Service (ESS) Portal
Presentation transcript:

Information Security Phishing Update CTC 15 April 2015 Julianne Tolson

Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Wikipedia: http://en.wikipedia.org/wiki/Phishing  

Phishing & password compromises The increase in phishing messages sent to SF State email accounts is related to the increase in SF State password compromises. The primary reason for recent password compromises is that SF State individuals responded to phishing messages. 

Other reasons for password compromises Absence of password policy on some accounts that permit brute force attacks Using the same password and login on other sites that are compromised Using predictable passwords Malware on devices that capture every keystroke using a keylogger Malware on devices that redirects users to a fake web site  

Risks of an account compromise Breach of sensitive information Interruption of business operations Harm to SF State’s reputation  

Phishing / account compromise strategy Procedure changes I User education Message filtering Account management Log analysis / management Procedure changes II & III

Compromised account procedure changes I Lock accounts quickly Change password when locked How compromised? Unlock & communicate Improve ticket flow & communication

User education strategy Phishing / security awareness campaign CSU Skillport security awareness / FERPA training Phishme.com Campus e-mail communication authenticity

Message filtering strategy Exchange Online Protection (EOP) Security Appliances Block specific message subjects Implement Sender Policy Framework (SPF)

Account management strategy De-provision or move accounts of separated employees De-provision unused Emeritus accounts Identify unneeded secondary accounts Apply password policy to all exchange accounts – identify service accounts

Compromised account procedure changes II Improve ticket flow & communication – need help listing phone numbers in campus directory Reduce emphasis on devices Provide list of possible phishing reasons

Possible phishing reasons Did you "share your password" with anyone? Did you "upgrade your quota"? Did you "verify your account"? Did you click on an e-mail link to login to Web Mail? Did you use this password for any other account/login Do you use a ‘numbering’ system or other recognizable password pattern?

Compromised account procedure changes III If compromise is explainable as phishing and only symptom is sending e-mail: Device could be compromised so a device scan should still be run Review phishing awareness with users of account Account can be unlocked before the scan is run and used on a safe device Delegated email access strongly recommended  

Other Security Initiatives Multi factor authentication (MFA) Identity Manager Endpoint management (SCCM/Casper)  

Questions and Suggestions?