Presentation on theme: "Information Security Phishing Update CTC"— Presentation transcript:
1 Information Security Phishing Update CTC 15 April 2015Julianne Tolson
2 PhishingPhishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.Wikipedia:
3 Phishing & password compromises The increase in phishing messages sent to SF State accounts is related to the increase in SF State password compromises. The primary reason for recent password compromises is that SF State individuals responded to phishing messages.
4 Other reasons for password compromises Absence of password policy on some accounts that permit brute force attacksUsing the same password and login on other sites that are compromisedUsing predictable passwordsMalware on devices that capture every keystroke using a keyloggerMalware on devices that redirects users to a fake web site
5 Risks of an account compromise Breach of sensitive informationInterruption of business operationsHarm to SF State’s reputation
6 Phishing / account compromise strategy Procedure changes IUser educationMessage filteringAccount managementLog analysis / managementProcedure changes II & III
7 Compromised account procedure changes I Lock accounts quicklyChange password when lockedHow compromised?Unlock & communicateImprove ticket flow & communication
8 User education strategy Phishing / security awareness campaignCSU Skillport security awareness / FERPA trainingPhishme.comCampus communication authenticity
10 Account management strategy De-provision or move accounts of separated employeesDe-provision unused Emeritus accountsIdentify unneeded secondary accountsApply password policy to all exchange accounts – identify service accounts
11 Compromised account procedure changes II Improve ticket flow & communication – need help listing phone numbers in campus directoryReduce emphasis on devicesProvide list of possible phishing reasons
12 Possible phishing reasons Did you "share your password" with anyone?Did you "upgrade your quota"?Did you "verify your account"?Did you click on an link to login to Web Mail?Did you use this password for any other account/loginDo you use a ‘numbering’ system or other recognizable password pattern?
13 Compromised account procedure changes III If compromise is explainable as phishing and only symptom is sendingDevice could be compromised so a device scan should still be runReview phishing awareness with users of accountAccount can be unlocked before the scan is run and used on a safe deviceDelegated access strongly recommended
14 Other Security Initiatives Multi factor authentication (MFA)Identity ManagerEndpoint management (SCCM/Casper)