1. K-State IT Security Training Ken Stafford CIO and Vice Provost for IT Services kens@k-state.edu Harvard Townsend Chief Information Security Officer harv@k-state.edu

2. The Risks Computer infected with malicious software (malware) Stolen, altered, and/or deleted K-State or personal information (do you have SSNs on your computer?) Identity theft Financial fraud – stolen credit card and/or bank account information Your computer is used to send spam Your computer stops working because of damage done by the malware Your computer is used to infect other computers Your computer is used to attack other sites Your computer’s network access is blocked by the security team to prevent further damage 2

3. What’s the big deal? In November 2009, 130+ K-State computers were infected when people opened malicious email attachments – the same emails that hit campus four months earlier and infected 100+ computers 296 spear phishing scams at K-State in 2009 resulting in 431 giving away their eID password to criminals; 377 of those stolen accounts were used to send spam from K-State’s Webmail Hasn’t slowed down in 2010: 305 phishing scams and 313 compromised eIDs through end of September These forms of “social engineering” are currently one of the most effective ways to compromise a computer and steal financial or personal identity information They involve tricking the user into clicking on a link, replying to an email, or opening an attachment. Tactics constantly changing so technology can’t prevent it all - you, the users, are critically important in our security defenses 3

4. It doesn’t just affect you When stolen K-State email accounts are used to send spam, K- State is seen as a spam source and sometimes ends up on spam block lists such that ALL email from K-State to those email providers is blocked (examples include Hotmail, Gmail, Comcast, AT&T, Road Runner…) – a huge headache for faculty-student communication Compromised computers become part of a “botnet” used for illegal purposes (one at K-State used this summer to make purchases with credit card info stolen from an Emporia State U. student) A recent compromised K-State computer became a “botnet controller” that controlled 12,000 other compromised computers around the world Another one used last month in a “distributed denial of service attack” on a computer in the Ukraine Compromised computers are used to send spam, host scam web sites, spread malware, steal data, launch denial of service attack, etc. (don’t worry if you don’t know what these mean – just know they’re all bad!) One careless mouse click can affect thousands of other people, not just yourself 4

5. YOU are important!! Recent estimate – a new piece of malware is created every 1.5 seconds. TrendLabs (Trend Micro’s research group) reports seeing 250,000 malware samples PER DAY! Same report says “recent estimates place the number of unique new malware samples introduced in a single day at greater than 60,000.” Antivirus software can’t keep up. Technology can’t stop it all. We must rely on a trained, knowledgeable user community to help defend against the constantly evolving threats. Online security training available soon 5

6. Logistics Breakout sessions for next two hours Go to any session Enjoy refreshments between sessions Return to Big 12 room at 11:10 a.m. for wrap- up session Powerpoint slides will be available on the event web site this week 6