Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Security & Privacy

Published byLucie Mašková Modified over 6 years ago

Similar presentations

Presentation on theme: "Digital Security & Privacy"— Presentation transcript:

1 Digital Security & Privacy
Knowledge for the World

2 Privacy Test Privacy Test CC 4/10/2019
Copyright © Carl M. Burnett

3 Outline Introductions Class Outline Review Class Website 4/10/2019
Copyright © Carl M. Burnett

4 Instructor Info Carl Burnett Instructor with MCC since 2007
Military – Corps of Engineers IT Contractor - BAH, GD, Independent 4/10/2019 Copyright © Carl M. Burnett

5 Introduce Yourselves Name Your Previous Job or Current Job
What do you to expect from course? 4/10/2019 Copyright © Carl M. Burnett

6 Outline What is Digital Security & Privacy?
How can I Protect my Digital Assets? How can I Protect my Digital Identity? How can I Protect my Digital Privacy? 4/10/2019 Copyright © Carl M. Burnett

7 Outcomes Explain Digital Security & Privacy. Define Digital Assets.
Identify Threats to your Digital Assets. Define Digital Identity and Privacy. Identify Threats to your Digital Identity and Privacy. Identify measures you can take to protect: Your Digital Assets Your Digital Identity Your Digital Privacy 4/10/2019 Copyright © Carl M. Burnett

8 3 Questions Name: _________________
What are your top 3 questions concerning digital security and privacy? ___________________________________________________________ 4/10/2019 Copyright © Carl M. Burnett

9 What is Digital Security & Privacy?
Digital security and privacy are two significant issues. Digital security pertains to protecting your digital assets. Digital privacy has two parts: How you protect your digital identity. How you protect your digital privacy. 4/10/2019 Copyright © Carl M. Burnett

10 What are my Digital Assets?
$ 4/10/2019 Copyright © Carl M. Burnett

11 What are Digital Threats?
Types of Threats Physical damage Natural events Loss of essential services Compromise of information Technical failures Compromise of functions Threat Origination Deliberate Accidental Environmental Negligence Threat Classification (STRIDE Model) Spoofing of user identity Tampering Repudiation Information disclosure (privacy breach or Data leak) Denial of Service (D.o.S.) Elevation of privilege 4/10/2019 Copyright © Carl M. Burnett

12 How Big is the Threat to Your Digital Assets & Privacy?
The End of Privacy The End of Privacy CC 4/10/2019 Copyright © Carl M. Burnett

13 FBI Most Common Fraud Schemes
Phishing Spoofing Ransomware Tech Support Fraud Account Compromise (EAC) Advance Fee Schemes Identity Theft Internet Auction Fraud Nigerian Letter or “419” Fraud Non-Delivery of Merchandise Online Vehicle Sale Fraud Redemption / Strawman / Bond Fraud Credit Card Fraud Business Fraud Counterfeit Prescription Drugs Fraud Against Seniors Fraudulent Cosmetics and “Anti-Aging” Products Funeral and Cemetery Fraud Health Care Fraud or Health Insurance Fraud Investment Fraud Letter of Credit Fraud Market Manipulation (“Pump and Dump”) Fraud Ponzi Schemes Prime Bank Note Fraud Pyramid Schemes Reverse Mortgage Scams Telemarketing Fraud Contact the FBI Internet Crime Complaint Center (IC3) 4/10/2019 Copyright © Carl M. Burnett

14 4/10/2019 Copyright © Carl M. Burnett

15 *It should be noted that the numbers above will total more than the total numbers of breaches for each industry because each “record exposed” can be comprised of multiple types of information. 4/10/2019 Copyright © Carl M. Burnett

16 2019 Five Data Breach Predictions
5 - Gaming Breach 4 - Cloud Breach 3 - Major Attack on Wireless Carrier 2 - Skimming 1 - Biometric Signature Hacking 4/10/2019 Copyright © Carl M. Burnett

17 RoboCalling & RoboTexts
2017 – 18 Billion Calls 2018 – 26 Billion Calls ????? 4/10/2019 Copyright © Carl M. Burnett

18 What is my Digital Identity?
Programmer Web Developer Program Assistant Project Manager Program Manager Washington DC New York City Los Angeles, CA Dallas, TX Brussels, Belgium 4/10/2019 Copyright © Carl M. Burnett

19 What Threats to My Digital Identity?
Compromised Personal Identifying Information (PII) Name Home address SSN Passport number Vehicle registration plate number Driver's license number Facial Recognition Fingerprints Credit card numbers Date of Birth Birthplace Telephone number Nickname Compromised Digital Credentials Login name address IP address Digital Certificate Screen name Handle Tracking ID Password Compromised Digital Device Identification ESN IP address MAC Address Barcode RFID Serial No 4/10/2019 Copyright © Carl M. Burnett

20 How to Protect Your Digital Assets
What digital security measures can I take to protect my digital assets? Use a strong password (Multi-Factor Authentication) Use a Password Manager Use a separate password for your devices and accounts. Use and Update Antivirus Programs Update your apps regularly Secure Your Cellphone Secure your laptop/tablet Backup your data regularly Monitor your computer activity. Never open attachments or links in , IM’s from unknown people. Watch out for Social Engineering Use online Credit Card for all online purchases. Use a offline Credit Card for all offline purchases. Monitor your financial account (Text Alerts) Receive free credit report monitoring. Freezing and locking your credit file. Free dark web scan. 4/10/2019 Copyright © Carl M. Burnett

21 Credit Freeze Starting Sept. 21, 2018
Free to place or remove a freeze on your credit report. Equifax or   Experian or TransUnion or 4/10/2019 Copyright © Carl M. Burnett

22 How to Protect Your Digital Assets
Password Privacy Protection Policy Asset Value Type of Site Password Strength Low Social Media Medium (5 Level) Medium Site where you pay for something Strong (7 Level) High Medical Site Very Strong (10 Level) Very High Banking Multi-Factor Authentication Develop a password usage policy based on type of asset. Never use the same password for your router/computer/ or online accounts. Avoid information of commonly known information (friends/family/colleagues). Encourage writing down passwords as long as the written password lists are kept in a safe place - (not attached to a monitor - in an unlocked desk drawer – on a mobile device). 4/10/2019 Copyright © Carl M. Burnett

23 How to Protect Your Digital Assets
7 Level Password Policy 7 Level Password Policy 12 to 14 characters lowercase and uppercase 1 numbers 1 symbols (if permitted) Random passwords Avoid using the same password twice Mnemonic Password 4/10/2019 Copyright © Carl M. Burnett

24 How to Protect Your Digital Assets
Mnemonic Password Protection Policy Mnemonic Password Slogan Lyric of Song Passage Part of a poem A Number Sequence. Replace Lower Case with Upper Case. Replace Number with special character. I Can’t Believe I Ate The Whole Thing – IcBIaTwT AlkaSeltzer TV Commercial Imagine there's no countries, It isn't hard to do – ItNcIiHtD Imagine – John Lennon The most beautiful things in the world cannot be seen or touched – tMbTiTwCbSoT Quote from Hellen Keller You may shoot me with your words, You may cut me with your eyes – yMsMwYwyMcMwYe Still I Rise by Maya Angelou 4/10/2019 Copyright © Carl M. Burnett

25 How to Protect Your Digital Assets
Number Sequence Password Use Number Sequence. Old Telephone Number Reversed Old house Number Addresses Graduation Date Other Special Date 1 - ! 2 3 - # 4 - $ 5 - % 6 - ^ 7 - & 8 - * 9 - ( 0 - ) 4/10/2019 Copyright © Carl M. Burnett

26 How to Protect Your Digital Assets
10 Level Password Protection Policy 10 Level Password Policy – Multi Factor Authentication Avoid: character repetition keyboard patterns dictionary words, letter or number sequences Usernames relative or pet names romantic links (current or past) biographical information Avoid information publicly associated with you 4/10/2019 Copyright © Carl M. Burnett

27 How to Protect Your Digital Assets
Multi Factor Authentication Protection Security Token Web-based Security Authorization Smartphone Security Code Smartphone App Biometric Security 4/10/2019 Copyright © Carl M. Burnett

28 Password Managers PC Magazine Best Password Managers for 2019
RANK PROGRAM COST 1 – Editor Choice Dashlane 3 Free / Premium - $5/M / Plus - $10/M 2– Editor Choice Keeper Password Manager & Digital Vault Free / Express - $2/m / Advanced - $5/M / Pro $15/M 3 RoboForm Everywhere 7 Free / Indiv - $23.88/Y / Family - $47.75 /Y 4 LastPass 3.0 Families (6) - $4/M 5 LastPass 3.0 Premium $2/M 6 Zoho Vault Free / $0.9 per user per month 7 Sticky Password 7 Free / 14.99/Y 8 Intuitive Password 2.9 9 Keeper Password Manager & Digital Vault 8 Personal $2.50/M / Family $5/M 10 Norton Identity Safe Free 11 my1login 4/10/2019 Copyright © Carl M. Burnett

29 How to Protect Your Digital Identity & Privacy
What security measures can I take to protect my digital identity? Destroy Tracking Cookies De-identification Implement DO-NOT -TRACK Do Not Accept Third-Party Cookies Anonymous Searching Eliminate Device Fingerprinting Destroy Click-Stream Data Use a Password Policy 4/10/2019 Copyright © Carl M. Burnett

30 How to Protect Your Digital Identity & Privacy
What are companies responsibilities to protect my digital information? Communications Act of 1934 Section 222 (As amended, 47 U.S.C. 222) U.S. Telecommunications Act of 1996 Granted the Federal Communications Commission (FCC) authority Title 47, Chapter I, Subchapter B, Part 64, Subpart U Customer Proprietary Network Information (CPNI) 4/10/2019 Copyright © Carl M. Burnett

31 How to Protect Your Digital Identity & Privacy
What are companies responsibilities to protect my digital information? Customer Proprietary Network Information (CPNI) Only covers voice communications. (Not Internet communications) Limits the information which carriers may provide to third-party marketing firms. Must first secure affirmative consent of their customers. Defines when and how customer service representatives may share call details. Creates new notification and reporting obligations for carriers (including identity verification procedures). Verification process must MATCH what is shown with the company placing the call. 4/10/2019 Copyright © Carl M. Burnett

32 How to Protect Your Digital Identity & Privacy
What are companies responsibilities to protect my digital information? Customer Proprietary Network Information (CPNI) Opt-Out Procedures Verizon opt-out - call (866) SBC-Ameritech opt-out - call (800) Sprint – Opt-In Program T-Mobile – Opt-Out - call  AT&T – Opt-Out Link Comcast XFINITY Additional Opt-Out of Information 4/10/2019 Copyright © Carl M. Burnett

33 What about Internet Communication?
4/10/2019 Copyright © Carl M. Burnett

34 Internet Communication
FCC changed the Telecom Rules in 2016: Internet Communications to include VOIP Reclassified ISP’s to “Common Carriers” U.S. Telecommunications Act of 1996 would apply. CPNI laws would then apply to Internet communication in 2017. 4/10/2019 Copyright © Carl M. Burnett

35 CPNI Laws and Internet Communication
Election in October 2016 – Change Administration March 21, 2017 – Senate approves to kill the implementation of FCC Broadband Privacy Rules – Vote (50-48) March 28 , 2017 – House approves to kill the implementation of FCC Broadband Privacy Rules – Vote ( ) April 3 , 2017 – President Signs JR 34 nullifying the FCC Broadband Privacy Rules - Directed that the FCC can never make that “rule” again. 4/10/2019 Copyright © Carl M. Burnett

36 How can I Protect my Digital Privacy?
VPNs VPNs CC 4/10/2019 Copyright © Carl M. Burnett

37 What about Privacy Controls?
4/10/2019 Copyright © Carl M. Burnett

38 Tech Defaults Tech Defaults 4/10/2019
Copyright © Carl M. Burnett

39 Privacy Controls Facebook Twitter Google Microsoft Apple LinkedIn
Yahoo Amazon TV’s - STB Cellphone Providers Verizon (See Yahoo) AT&T T-Mobile Sprint WiFi Routers 4/10/2019 Copyright © Carl M. Burnett

40 Facebook Privacy Controls
Technolicious Facebook Privacy Guide Facebook Privacy Basics Data Policy Posts Apps Profile Advanced Privacy Controls Timeline and tagging options Manage blocking Customize app privacy Apps, websites and Platforms Apps others use Ad Settings 4/10/2019 Copyright © Carl M. Burnett

41 Twitter Privacy Controls
Privacy Policy & Data Controls Privacy Settings Personalization and Data settings gPost Article on Twitter Controls 4/10/2019 Copyright © Carl M. Burnett

42 Google Privacy Settings
Google Privacy Policies Security Checkup Privacy Checkup My Activity Data Takeout PC Magazine Google Privacy Article 4/10/2019 Copyright © Carl M. Burnett

43 Microsoft Privacy Controls
Privacy at Microsoft Privacy Dashboard 4/10/2019 Copyright © Carl M. Burnett

44 Apple Privacy Controls
Apple Privacy Policies Manage Your Privacy – By Device Touch ID Face ID 4/10/2019 Copyright © Carl M. Burnett

45 LinkedIn Privacy Controls
LinkedIn Privacy Settings Account Privacy Ads Communications 4/10/2019 Copyright © Carl M. Burnett

46 Yahoo Privacy Controls
Oath - Verizon AOL Yahoo Tumblr MapQuest Oath Privacy Controls 4/10/2019 Copyright © Carl M. Burnett

47 Amazon Privacy Controls
Amazon Privacy Notice Your Profile Wish Lists Customer Reviews Amazon Prime 4/10/2019 Copyright © Carl M. Burnett

48 TV’s – STB Privacy Guidelines
Set Top Box (STB) Disable interactive services Limit ad tracking Opt out 4/10/2019 Copyright © Carl M. Burnett

49 Cellphone Providers Privacy Controls
Verizon (See Yahoo) AT&T – Privacy Policy / Smart Controls T-Mobile – Privacy Statement / Protecting your Privacy Sprint – Privacy Policy / Profile & Opt Out 4/10/2019 Copyright © Carl M. Burnett

50 WiFi Routers Change you defaults Turn Off Wireless Router Broadcasting
Admin Name: Password: Turn Off Wireless Router Broadcasting Use MAC Addressing 4/10/2019 Copyright © Carl M. Burnett

51 Stopping Robocalls - Text - Phone Scams
Don't answer calls from unknown numbers. If you answer such a call, hang up immediately. Be aware: Caller ID showing a "local" number does not necessarily mean it is a local caller. If you answer the phone and the caller - or a recording - asks you to hit a button to stop getting the calls, you should just hang up. Do not respond to any questions, especially those that can be answered with "Yes." Never give out personal information: account numbers Social Security numbers mother's maiden names Passwords other identifying information in response to unexpected calls or if you are at all suspicious. If you get an inquiry from someone who says they represent a company or a government agency, hang up and call the phone number on your account statement, in the phone book, or on the company's or government agency's website to verify the authenticity of the request. You will usually get a written statement in the mail before you get a phone call from a legitimate source, particularly if the caller is asking for a payment. 4/10/2019 Copyright © Carl M. Burnett

52 Stopping Robocalls - Text - Phone Scams
Use a voice mail account password. Contact your phone company about call blocking tools. Use robocall-blocking technology Register your number on the Do Not Call List. File a complaint with the FCC. 4/10/2019 Copyright © Carl M. Burnett

53 Robocall Blocker Apps Android iOS Call Blocker Free
Master call blocker Safest Call Blocker Should I Answer? Blacklist Plus Truecaller iOS Call Controls (iOS) ... Whoscall (iOS) ... Truecaller (iOS) ... Avast Call Blocker – Spam Blocking $$ Mr. Number (iOS) YouMail $$ 4/10/2019 Copyright © Carl M. Burnett

54 PC Magazine “Best of 2019” The Best Free Password Managers of 2019
The Best Antivirus Protection of 2019 The Best Ransomware Protection of 2019 The Best Online Backup Services of 2019 The Best Backup Software of 2019 The Best Data Recovery Software of 2019 The Best VPN Services of 2019 The Best Smart Home Security Systems of 2019 The Best Medical Alert Systems of 2019 4/10/2019 Copyright © Carl M. Burnett

55 Privacy Legislation & Regulation
CC 4/10/2019 Copyright © Carl M. Burnett

56 Is Electronic Data Tangible Property?
In Nutigen (2007), Digitech (2012), and Burnett (2018) The Court of Appeals for the Federal Circuit (CAFC) held: “electronic data is non-tangible property” and is “not real”. On Dec 3, 2018 the U.S. Supreme Court let the CAFC holding stand as law. (Case No Burnett v. Panasonic) CAFC decision - Federal legal holding that electronic data is: Inadmissible as tangible property under Federal Rules of Evidence. Your personal electronic data “non-tangible property”. Cannot be used to prosecute cybercrimes. 4/10/2019 Copyright © Carl M. Burnett

57 GDPR GDPR CC 4/10/2019 Copyright © Carl M. Burnett

58 Review Explain Digital Security & Privacy. Define Digital Assets.
Identify Threats to your Digital Assets. Define Digital Identity and Privacy. Identify Threats to your Digital Identity and Privacy. Identify measures you can take to protect: Your Digital Assets Your Digital Identity Your Digital Privacy 4/10/2019 Copyright © Carl M. Burnett

59 Class Evaluation WD&CE LLI Course Evaluation Form
Course Name: Digital Security and Privacy Course CRN: 35149  Course Start Date: March 19, 2018 Course Instructor: Carl Burnett 4/10/2019 Copyright © Carl M. Burnett

Download ppt "Digital Security & Privacy"

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.

Deter, Detect, Defend: The FTC’s Program on Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
Protect Yourself from Identity Theft

Protect Yourself from Identity Theft
Scams Stevie's Scam School videos

Scams Stevie's Scam School videos
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”

Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.

PLUG IT IN 7 Protecting Your Information Assets. 1.How to Protect Your Assets: The Basics 2.Behavioral Actions to Protect Your Information Assets 3.Computer-Based.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Personal Privacy and Security Zenia C. Bahorski Ph.D. Department of Computer Science Eastern Michigan University Personal Privacy & Security - Z. Bahorski,

Personal Privacy and Security Zenia C. Bahorski Ph.D. Department of Computer Science Eastern Michigan University Personal Privacy & Security - Z. Bahorski,

Similar presentations

Ads by Google