Presentation on theme: "Security Liaisons Information Presentation. Introduction What’s the big deal with computer security? Don’t we have an IT security department to take."— Presentation transcript:
Introduction What’s the big deal with computer security? Don’t we have an IT security department to take care of this? [Explain users’ role in IT Security] [Who you are]
Facts Major security breaches are the result of users: Not protecting credentials People responding to phishing Responding to pop up “your computer is at risk” ads Losing cell phones and laptops, with no password protection Let’s break it down into some statistics: About 63% of all major security breaches are caused by user error http://www.channelbiz.co.uk/2012/06/12/internal-security- breaches-cause-businesses-most-concern/ http://www.channelbiz.co.uk/2012/06/12/internal-security- breaches-cause-businesses-most-concern/ Worldwide about 23% of people will respond to spear-phishing attacks, with 70% of people responding to directed phishing attacks http://www.scmagazine.com/infosec-23-percent-of- users-fall-for-spear-phishing/article/128480/http://www.scmagazine.com/infosec-23-percent-of- users-fall-for-spear-phishing/article/128480/
Facts (cont’d) More statistics (http://www.verizonbusiness.com/about/eve nts/2012dbir/) :http://www.verizonbusiness.com/about/eve nts/2012dbir/ 96% of all data breaches were not highly difficult 97% were avoidable through simple or intermediate controls 69% incorporated malware 81% of incidents used a form of hacking (through phishing, drive-by downloads, etc) 79% of victims were targets of opportunity
Things You Can Do Secure your computer Use strong passwords Watch for phishing Use social networking cautiously Do not store highly sensitive data How? Contact your Security Liaison for additional resources or contact the ITU Support Center for more information on how to protect yourself and your data!
What is phishing? Phishing is a form of social engineering that uses e- mail or malicious websites to solicit personal information by posing as a trustworthy organization. What does a phishing email look like? False Sense Of Urgency Suspicious-Looking Links Not personalized Misspeld or Pooooorly Written Sender not known
What can happen? Phishing Attacks Lead to Identity Theft - When users respond with the requested information, attackers can use it to: Empty your bank account Open new credit cards Gain employment Give your name to the police during an arrest Specific to Mason: Your Mason UserID gives access to: Patriotweb/Internet Native Banner Student/Employee Personal information Financial information Mason Money MyMason
Phishing (cont’d) How to protect yourself: Be cautious about opening attachments in e- mails Be very cautious about downloading files Be suspicious of unsolicited e-mails asking for information If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Pay attention to the URL of a website Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g.,.com vs..net).
Use a secure password Length first, then complexity At least 10 characters Mixed alphanumeric, upper/lower and special characters Try using a passphrase instead – makes it harder to crack! Use a password safe to store your passwords Never use chain-link passwords – i.e. never use the same password for all your accounts Never link accounts
What is social networking? Social networking service is defined as an “online service, platform, or site that focuses on facilitating the building of social networks or social relations among people who, for example, share interests, activities, backgrounds, or real-life connections.” (http://mashable.com/follow/topics/social- networking/) Social Networking Sites (to name a few): Facebook Twitter LinkedIn MySpace Google + Pinterest
Social Networking (cont’d) Privacy settings are key: Why do we need them? Won’t that make it harder for people to find us and friend us? How do they work? What do I need to do?
Social Networking (cont’d) Tips for safely using social networking: Be conscious of what you write. It’s the internet, nothing is ever truly private. Avoid posting your plans, particular personal information, etc. Do not state your location. Make sure you have your privacy settings in place. Be careful what you allow your friends to tag you in. Don’t accept friend requests from people you don’t know. Be careful when playing games and apps that ask for personal information. They can sell that to third-party vendors. Make sure your passwords are strong and are not the same for every site. Never use your Facebook or Twitter as logins for other sites.
Social Networking (cont’d) Social Networking Proof that nothing is private: “We Know What You’re Doing” – http://www.weknowwhatyouredoing.com http://www.weknowwhatyouredoing.com Takes revealing posts and makes them public, proving you’re not always as private as you would like to hope. Again, think before you type. Failbook – http://failbook.comhttp://failbook.com Embarrassing and funny Facebook statuses. If you’re not careful, you could end up on this site. Again, THINK BEFORE YOU POST.
Secure your computer Use strong passwords Watch for phishing – DO NOT respond Use social networking cautiously Do not store highly sensitive data
If you think there is a problem… Contact the IT Support Center if there is a suspected problem, or if you know you have a problem. ITU Support Center x3-8870 firstname.lastname@example.org
Important Contacts IT Support Center email@example.com 3-8870 http://itservices.gmu.edu Sarah Morehouse, Communications Coordinator, IT Security and Project Management Office firstname.lastname@example.org 3-2906 http://itsecurity.gmu.edu