Download presentation
Presentation is loading. Please wait.
Published by한헌 궉 Modified over 6 years ago
1
Presented by: Brendan Walsh Manager, Security and Access Management
Cyber Security Presented by: Brendan Walsh Manager, Security and Access Management BAS Forum – 10/11/2017
2
Agenda for this presentation
Importance of protecting your digital identity Recent and in-progress security improvements Ways to avoid compromise Recognizing and reporting security issues
3
Why is protecting your digital identity important?
Your FlashLine username and password are your keys to everything Kent State (which makes them prime targets) W-2 Direct Deposit Dependent information Grades and student information Plus access to other university information General Ledger Payroll Data Financial Accounts HIPAA, FERPA, GLBA, PCI, etc.
4
Recent actions to secure our environment
Restricting of access to addresses from public phone directory Tweaking parameters to improve spam/phish/junk mail routing Secure VPN with Multi-Factor authentication for super-users Improved efficiency in detecting and securing compromised accounts
5
Additional efforts we have underway
Authentication enhancements Multi-factor authentication for everyone Adaptive access controls based on risk Network firewall enhancements Security awareness training and communications
6
You are the last line of defense!
BUT… All of the best security controls can only go so far You are the last line of defense!
7
Security attacks you may face
Phishing Vishing (Voice/phone Phishing) Credential Stuffing (Reuse of stolen passwords)
8
How to recognize and avoid getting phished – Email messages
Five things to watch for: Message sounds threatening or conveys a sense of urgency E.g. Account will be disabled Message sounds official but comes from an unofficial address Message has a generic greeting or signature Link in message does not match landing site E.g. Link to Dropbox goes to “weebly.com” Request seems “out of the norm” E.g. CFO asks you to send copies of all W-2s
9
How to recognize and avoid getting phished – Email examples
10
How to recognize and avoid getting phished – Email example
Example of a Phishing Attempts to steal usernames and passwords by tricking the recipient Do not click on links in suspicious Forward suspicious to:
11
How to recognize and avoid getting phished – Message links
Be wary of any link that goes to a login prompt Don’t login until you check the address Don’t login unless you see a padlock
12
Check the link before logging in!
Kupa.bg/wp/wp-includes… is not Login.kent.edu Notice the missing:
13
Here’s the real one:
14
How to recognize and avoid getting “vished” – Voice phishing
Caller claims to be a vendor, but does not have tangible details Caller will not provide call-back number Caller sounds threatening Intent is to trick or fraud the call receiver
15
Common Vishing Examples
Microsoft Support Informs you that they detected a virus on your computer IRS Agent Informs you of a pending lawsuit Printing/Copier or Office Supply Vendors Asks you to confirm the printer serial number to invoice you for toner or other supplies
16
How to avoid being susceptible to “credential stuffing” – Password reuse
Reuse of passwords across different sites A breach of your password from one site will put all other accounts at risk Consider a password manager for personal accounts Check your addresses and accounts using the site: haveibeenpwned.com “Have I Been P-owned”
17
A quick review Never share your passwords with anyone
Be on alert for phishing Exercise caution when you receive pushy calls Question any request that seems out of the norm Never reuse passwords for multiple sites Forward suspicious to:
18
Additional information available:
SecureIT.kent.edu Phishing archive, training materials, and identity protection information Security Roadshow Invite security staff to speak at a staff event or team meeting Contact us at or x2-5566
19
Q&A Brendan Walsh Manager, Security and Access Management
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.