Get documents about "Cougar Career Tracks
Document Sample
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
Computer Safety
Work & Home
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
• Columbus State I.T. Policy Documents to be aware of
– 15-01: Overview of I.T. policy
• http://www.cscc.edu/policy/pdf/15-01.pdf
– 15-01C: Description of proper use of CSCC owned technology devices
• http://www.cscc.edu/policy/pdf/IT%20Procedures%2015-01C%20Final.pdf
– All CSCC policies can be found here:
• http://www.cscc.edu/policy/index.htm
• Upcoming policy releases/updates
– Information Security Policy
– Password Management Policy
Will soon launch an Information Security web site
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
2009 Security Trends
• New security trends/emerging threats predicted for 2009 include
– Hit and run web sites
• Web sites up briefly, do damage, and disappear
– Can exist for as little as one day
– Phishing/Social Engineering
• With more and more people out of work looking to make a quick dollar,
lucrative emails promising lots of money while working from home turn
out to be scams
– Michael Jackson’s death, Swine Flu, Obama’s Presidency were top three malware venues this
year
– Stimulus scams
• Fill this form out, give us your banking information and we’ll deposit your
share – don’t do it
– Tax scams – emails appearing to be from credible financial institutions “phish” for
your information to fill out fraudulent tax returns
• They get paid before you file
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
2009 Security Breaches
http://www.insideidtheft.info/breaches09.aspx
Includes MySpace.com & Facebook.com
2008 Security Breaches
http://www.insideidtheft.info/breaches.aspx
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Numbers
• Recent Websense’s State of Internet Security Q3 & Q4 (dated January 21, 2009)
reported that 70 of the top 100 web sites (70%) hosted some form of malicious code
or linked to a malicious web site
– An increase in 16% over the first half of 2008
– In the second half of 2008, 77% of web sites classified as malicious were actually
sites with good reputations
– From January 2008-2009, the number of malicious web sites increased by 46%
– 39% of malicious web sites specifically target data theft
– 85% of emails were spam in the second half of 2008
• Of the 85%, 90% contained links to spam sites or sites with malicious code
• An increase of 6%
Think about what this means for less credible web sites
you visit while at work or at home
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Numbers
• $240 Million: amount of US dollars lost to web-based crime and fraud during 2007, as
reported to the Internet Crime Complaint Center 2007 Internet Crime Report
– Will continue to grow
• 79% Estimated percentage of enterprise PCs in the U.S. that are infected with some
form of spyware at any given time. U.S. FBI Cyber Crime Survey
• 33,627,587 – Total number of records containing sensitive information involved in
security breaches in 2008 datalossdb.org
– Will continue to grow
• 38% - The percentage of breaches caused by a stolen laptop or system hack in 2008
datalossdb.org
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Never share your account/personal information without knowing the source
• Be aware of “personally identifiable information” whether it’s CSCC related
or your personal accounts (financial, web sites, etc.)
– SSN, credit card #s, drivers license number, passport number, home
address, phone numbers, birthday, mother’s maiden name, biometric
data, CougarID
– Never share your passwords with co-workers/friends/family
• Use strong passwords
• Combination of upper case, lower case, numbers, special characters
• Best if minimum of 8 characters used
• Use different passwords for different systems/accounts
– Be careful when visiting less credible web sites
• CSCC is an open environment…most external web sites have some form of
malicious content; never trust files downloaded from untrustworthy sites
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Watch out for malicious emails – if you don’t know who it’s from, especially from
someone off campus, it’s probably best not to open it
• Social Engineering, Phishing = Identity theft
– Lot of effort spent on acquiring banking data…financial identity theft
– Avoid sending credit card information/your social security number via
email/instant messaging/unsecure documents (Word, Excel, .PDF)
• Watch how much personal information you give out over the
internet/email/instant messaging…if unsecure, it could be intercepted and
used at your expense
• If you have to, at a minimum, password protect the document & ZIP it up
using a different password then CALL the person with the password
information…don’t put the passwords in the same email
– Lock your PC when you step away (Ctrl-Alt-Delete, Enter)
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– If you have a laptop
• Never leave your laptop/accessories in your car in plain sight
• Never leave your laptop unattended
– Use a security cable to lock to a desk/table…something solid
• Never leave a laptop out in the open overnight
– Even when using a security cable…they can be cut
– Lock it in a cabinet drawer, closet, office
• Never download sensitive data to your laptop (student/staff SSNs, credit
card numbers…..Colleague data included)
– Increases the chances of identity theft if laptop stolen
– CSCC would have to report the data breach by law
» Not good for the reputation of CSCC
– If it’s a department laptop, know what data is on the laptop before you
sign it out
• If you know of a lost laptop, call Rob Clifford (x3686) immediately (work
related laptop)
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Install Antivirus Solution
• Free products include
– Avast http://avast.com/eng/avast_4_home.html
– Avira http://www.free-av.com/
– BitDefender
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-Free-
Edition.html
• Subscription Providers ($)
– Symantec http://www.symantec.com/norton/index.jsp
– TrendMicro
» http://us.trendmicro.com/us/products/personal/?WT.mc_id=2008H
P_Home_ProductsOverview
– McAfee http://us.mcafee.com/
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Know how to check your virus definitions
• Symantec product: SAV10
• Double click gold shield
• Date on virus definitions should not be older
than a day (at best)
• If virus definitions are older than a few days,
try clicking on “LiveUpdate” button or
call 5050
– 9 days old…alert generated
• Symantec releases their daily certified
virus definitions between 1pm-4pm Eastern
• If you see a yellow exclamation point or
a “ghost buster” symbol on the gold shield,
call 5050
• If you are missing the gold shield, call 5050
– Depending on your virus protection application, generally, double clicking on their products
symbol in the clock area will launch a window showing similar information
– AV providers should publish virus definitions daily
• Each day, PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other
types of Internet threats (8/14/09 article)
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
Enable your PC to automatically download Microsoft
Security Patches (Operating System & Office)
• Start>Settings>Control Panel>Automatic Updates
• Microsoft Tuesday – second Tuesday of every month
(or as needed…off-cycle)
Update other software on your computer (may likely be a
manual effort but worth it)
• Adobe software in the news recently (Acrobat &
Reader)
– Install/Use a firewall
• Windows XP & Vista come with a built in firewall
• ZoneAlarm (http://www.zonealarm.com/security/en-us/trial-download-
znalm.htm)
– Free
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Use adware/spyware software (Google “free adware solution”)
• One of the better solutions for free….LavaSoft’s Ad-Aware
– http://www.download.com/Ad-Aware-Anniversary-Edition/3000-8022_4-10045910.html?part=dl-
ad-aware&subj=dl&tag=top5&cdlPid=10998841
– Apply the lowest level of rights available that still gives you the functionality
you need
– Remove unused software from your PC
• May make it run faster
• Reduces opportunity of a hacker finding entrance into your PC through a
known/unknown vulnerability
– Encrypt sensitive files (spreadsheets for example)
– Make sure your family/friends who use your computer know your guidelines
– Install content protection on your computer if you have younger kids/teenagers
(Google “parental control review”)
• Good site (among many):
http://www.internet-filter-review.toptenreviews.com/
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Be careful of the software you download…especially free software
• If possible, go through a credible vendor
– While on the Internet, think before providing your credit card number, email
address, cell phone number
– Make sure you scan USB drives…new virus (Conficker or Downadup) spreading
via USB drives
• Keep personal/business USB drives separate
• Password protect your files
• Don’t plug unknown USB drives into your PC
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Become aware of public documents available on the internet containing
information about you
• Delaware County Auditor
– http://oh-delaware-auditor.governmax.org/propertymax/rover30.asp?sid=6465F888516D412DB082B6C8505C28C2
• Franklin County Auditor
– http://franklincountyoh.metacama.com/altIndex.jsp
• Similar links likely available for your county
Franklin County Municipal Clerk of Court
http://www.fcmcclerk.com/
See how important it is to see what’s publically available and whether or not it contains
personally identifiable information? It can be easy to fill in the pieces of the puzzle if
someone wants to steal someone’s identity.
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips
– Paper documents
• Don’t throw sensitive data into garbage cans - dumpster diving
– Burn them
– Use a shredder - Cross-cut shredders provide more security by cutting
paper vertically and horizontally into confetti-like pieces compared to
strip cut shredders
– Identity Theft Protection
• Review here: http://www.consumercompare.org/identity_theft_protection_services/index-
single.php?kw=2+gid5+identity%20theft%20protection&gclid=COjNopDah5kCFSPxDAodhnmsmg
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Security Tips – Smart Phones/PDAs
– Be careful of the software you download…especially free software
• If possible, go through a credible vendor
– While on the Internet, think before providing your credit card number, email
address, cell phone number (especially from a smart phone)
• Cell phones seeing increased virus activity after years of zero virus activity
– Lock your cell phones/PDAs when not in use
• Prevents unwanted access and data theft
• If your cell phone/PDA has memory card expansion capabilities, don’t keep
sensitive data on them
– They could easily be removed and accessed from any computer with a
card reader
– If you have a virus on your phone/PDA and sync the file over to your PC, it opens
your PC to infection
– Smartphone threats
• Classified as a Trojan - propagates by sending
malicious links via SMS to all numbers in a
phone’s memory
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
• Call the Help Desk at x5050 if….
– You feel your account has been compromised
– Your PC has detected a virus or may not have antivirus software installed
– You notice your virus definitions are out of date
• Should normally not be older than a day or two
– Your PC is demonstrating unusual behavior
• Call Rob Clifford at x3686 if…
– You suspect co-workers/students are sharing account/password information
– If you suspect co-workers/students are using CSCC computers in a way not in
accordance with I.T. Policy 15-01
– You or your department lose a laptop
– If you have general security questions
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Useful Links
• US-CERT: http://www.us-cert.gov/cas/tips/ &
http://www.cert.org/tech_tips/home_networks.html
• Educational Security Incidents (ESI): http://www.adamdodge.com/esi/
• Inside ID Theft: http://www.insideidtheft.info/breaches09.aspx
• Microsoft Security At Home: http://www.microsoft.com/protect/default.mspx
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
The safest computer is a powered off computer
When not in use, turn it off…saves energy and money.
However if you have to leave it on, incorporate some of the
things we talked about today to help reduce your security risk.
Information Security: Work & Home
CSCC Brown Bag Session August 19, 2009
____________________________________________________________________
Contact Information
Rob Clifford
Information Security Program Coordinator
rclifford2@cscc.edu
614-287-3686
