Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Phishing Update CTC

Similar presentations

Presentation on theme: "Information Security Phishing Update CTC"— Presentation transcript:

1 Information Security Phishing Update CTC
15 April 2015 Julianne Tolson

2 Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Wikipedia:

3 Phishing & password compromises
The increase in phishing messages sent to SF State accounts is related to the increase in SF State password compromises. The primary reason for recent password compromises is that SF State individuals responded to phishing messages. 

4 Other reasons for password compromises
Absence of password policy on some accounts that permit brute force attacks Using the same password and login on other sites that are compromised Using predictable passwords Malware on devices that capture every keystroke using a keylogger Malware on devices that redirects users to a fake web site

5 Risks of an account compromise
Breach of sensitive information Interruption of business operations Harm to SF State’s reputation  

6 Phishing / account compromise strategy
Procedure changes I User education Message filtering Account management Log analysis / management Procedure changes II & III

7 Compromised account procedure changes I
Lock accounts quickly Change password when locked How compromised? Unlock & communicate Improve ticket flow & communication

8 User education strategy
Phishing / security awareness campaign CSU Skillport security awareness / FERPA training Campus communication authenticity

9 Message filtering strategy
Exchange Online Protection (EOP) Security Appliances Block specific message subjects Implement Sender Policy Framework (SPF)

10 Account management strategy
De-provision or move accounts of separated employees De-provision unused Emeritus accounts Identify unneeded secondary accounts Apply password policy to all exchange accounts – identify service accounts

11 Compromised account procedure changes II
Improve ticket flow & communication – need help listing phone numbers in campus directory Reduce emphasis on devices Provide list of possible phishing reasons

12 Possible phishing reasons
Did you "share your password" with anyone? Did you "upgrade your quota"? Did you "verify your account"? Did you click on an link to login to Web Mail? Did you use this password for any other account/login Do you use a ‘numbering’ system or other recognizable password pattern?

13 Compromised account procedure changes III
If compromise is explainable as phishing and only symptom is sending Device could be compromised so a device scan should still be run Review phishing awareness with users of account Account can be unlocked before the scan is run and used on a safe device Delegated access strongly recommended

14 Other Security Initiatives
Multi factor authentication (MFA) Identity Manager Endpoint management (SCCM/Casper)

15 Questions and Suggestions?

Download ppt "Information Security Phishing Update CTC"

Similar presentations

Ads by Google