Docstoc

CYBER SECURITY

Document Sample
CYBER SECURITY Powered By Docstoc
					CYBER SECURITY
October 2009
ARE YOU AWARE?
       The Federal Trade Commission reports
        that: “For the seventh year in a row,
        identity theft tops the list, accounting for
        36 percent of the 674,354 complaints
        received between January 1 and December
        31, 2006. Other categories near the top of
        the complaint list include shop-at-
        home/catalog sales; prizes, sweepstakes
        and lotteries; Internet services and
        computer complaints; and Internet auction
        fraud.”

    FTC News
TOP TEN COMPLAINTS FOR
VIRGINIA
     RANK              CATEGORIES           COMPLAINTS    %
      1     Identity Theft                      246,035   36
      2     Shop-at-Home/Catalog Sales           46,995   7
      3     Prizes/Sweepstakes &Lotteries        45,587   7
      4     Internet Services & Computer         41,243   6
      5     Internet Auctions                    32,832   5
      6     Foreign Money Offers                 20,411   3
      7     Advance-Fee Loans and Credit         10,857   2
            Protection/Repair
      8     Magazines and Buyer Clubs             8,924   1
      9     Telephone Services                    8,165   1
      10    Health Care                           7,467   1
Why should you be aware?
       Websites can be disabled and unavailable
       Office/home computers can be damaged
        by a virus
       Hackers can break into our databases and
        steal identity information, not just our
        customers, but yours as well!
       Malicious users could use our systems to
        attack other systems

     Cyber Security
DID YOU KNOW?
     A unprotected computer connected to
      the internet can be compromised in
      less than one minute
     A modern desktop computer can send
      200,000 spam emails an hour
     Networks of exploited computers can
      be rented for targeted attacks via
      web stores controlled by Bot Owners
    VITA
    BOTS
    CYBER SECURITY
CURRENT MALICIOUS
BEHAVIORS
WHAT IS SPAM?
    The simple definition of spam is it is an
    unsolicited email

       Product offers
       Misdirection to allow installation of
        malware
       Misinformation (denial of access)
WHAT IS PHISHING?

    According to Microsoft:
     “Phishing is a type of deception
      designed to steal your valuable
      personal data, such as credit card
      numbers, Windows Live IDs, other
      account data and passwords, or other
      information.”

    Microsoft
TYPES OF PHISHING
     IRS and Treasury scams
     Credit Union and Banking scams
     Major events (Elections, Holidays)
     Social networking Web sites
     Fake Websites
     Websites that spoof your familiar
      sites using slightly different Web
      addresses


                     Phishing Video
KEYLOGGER/KEYSTROKE SPYWARE

     Keylogger is a software program (it
      can even be hardware) designed to
      monitor and log all keystrokes.
     The biggest threats in this area are
      stolen password, confidental
      information, pin numbers, credit card
      account numbers, etc.



                                     VIRUSLIST
SOCIAL ENGINEERING
    According to Microsoft:
    “The purpose of social engineering is
      usually to secretly install spyware or
      other malicious software or to trick
      you into handing over your passwords
      or other sensitive financial or personal
      information.”
TYPES OF SOCIAL
ENGINEERING
     Phishing
     Spear phishing
     E-mail hoaxes




                NIGERIAN EMAIL SPAM
PROTECT YOURSELF
PROTECT YOU PERSONAL
INFORMATION
       Don’t give out your name, email or home
        address, phone, account numbers, or SS
        numbers without finding out why it is
        needed and how it will be protected
       Monitor your email- don’t respond to
        unknown or unsolicited email
       When shopping online, take measures to
        reduce the risk- ensure lit lock or https:
        (secured) sites are used
       Read the company privacy policy
LOGOFF OR LOCKUP
       When leaving your desk, remember
        to logoff or CTRL-ALT-Delete to lock
        your workstation


                      alt
EMAIL AND INSTANT MESSAGING
       Avoid clicking on links in emails, type
        the URL in the browser bar
       Don’t open attachments that appear to
        be suspicious
       Delete emails that direct you to a
        website where you are prompted to fill
        out personal data
       Delete hoax and chain letter emails
SENSITIVE DATA
     Don’t store sensitive data on you hard
      drive (Social Security, Credit Card, etc.)
     If you must store sensitive data, have it
      encrypted (see MIS for more Information)
     If printing sensitive data, avoid printing on
      shared printers/copiers:
      ** If you have to print on a shared
      copier/printer, remove it immediately!
EQUIPMENT PHYSICAL PROTECTION
       If you have a laptop/portable device, lock it
        up at night
       If traveling with a laptop, never check it in
        at the airport
       Use a surge protector
       Portable devices need to be secured when
        not in use!
       Don’t put laptops/portable devices on the
        seat of your car, not just for anti-theft but
        for climate control!
       Remember flash drives/CDs are considered
        portable devices!
PORTABLE DEVICES
       It is a COV Security standard that COV
        data not be stored on non-COV devices,
        so you will have to use COV portable
        devices when working away from the
        office
       COV sensitive data should be encrypted
        before being moved onto your COV-
        portables
       Scan, Scan, Scan-
        Portable devices are just like your hard
        drive, it needs to be scanned at least
        once a week
WHO IS IT?
    You don’t open your door at home
     without ensuring who is at the
     door,
    ….So why would you not take the
     same precaution online!
WORLD WIDE WEB, WWW
    Be watchful of sites that:
     Redirect you to other sites
     Request personal information
     Appear to involve malicious activity
    Remember:
     Block pop-ups and only enable them
      for trusted sites
     Cookies are great, but third party
      cookies should be blocked!
SECURITY SOFTWARE
    Ensure your home and work PCs are
    up-to-date on the following programs:
     Anti-Virus Software
     Firewalls
     Anti-Spyware and Malware Software
     Email Scanning


                    Windows XP Firewall
                        Information
UP-TO-DATE
     In order to protect yourself and your
      computer you need to ensure that
      you Operating System and Web
      Browser is up-to-date
     Security patches are frequently
      updated, so check regularly!




                    Microsoft
PASSWORD
      Your password is the key to your
       computer, don’t make it readily
       accessible. Never place your password
       out in plain view. Keep it secured!
      Avoid the option that allows a computer
       to remember any password
      Never share your password. Your IT
       person should never ask for your
       password!
STRONG PASSWORD
    Use at least nine characters, including
     numerals and symbols
    Avoid common (dictionary) words
    Don’t use your personal information,
     login or adjacent keys as passwords
    Change at least every 42 days for
     work and 90 days for home
    Use variety of passwords for your
     online accounts
PASSWORD TIPS
      Use memorable phases, such as “I hate
       Mondays!”
      Alter caps with lowercase, numbers, and
       use symbols:
       Example: 1h@teM0ndays!
      Using this format gives you the opportunity
       to use the same password for long time.
       Simply change at least two characters and
       most policies will allow you to keep the
       same password.
BACKUP YOUR DATA
       One of the biggest errors people make is not
        backing up their data!
       Depending upon your use:
           For work we back it up every night
           For home you should strive to back it up at
            least weekly
DEFEND YOURSELF
IDENTITY THEFT
       File a complaint with the Federal Trade
        Commission:
        Federal Trade Commission
       Place a fraud alert on your credit reports, and
        review your credit reports. This can be
        accomplished by contacting one of the
        nationwide consumer reporting agency
       File a Police Report
       Close the accounts that have been tampered with
        or opened fraudulently
HOUSTON WE HAVE A PROBLEM!
       How to Recognize a Cyber Security
        Threat:
       Slow or non-responsive system
       Unexpected behavior, such as program pop-ups
       Display of messages that you haven’t seen before
       Running out of disk space unexpectedly
       Unable to run a program due to lack of memory
       Crashing!
       Rejecting a valid and correct password
WHAT TO DO
     Stop and unplug system from the
      LAN/Modem!
     If unable to freeze the problem,
      take note about occurrence
     Contact any of your MIS
      personnel and supervisor about
      any cyber security incident
THE BE’S OF CYBER SECURITY
       BE ALERT
       BE WATCHFUL
       BE ON GUARD
       BE CAREFUL WHERE YOU GO
        ONLINE!
       BE SURE TO ASK FOR HELP!
       BE SURE TO THINK B4 U CLICK!
CYBER SECURITY
     It is said a chain is only strong as it’s
       weakness link…. Don’t be the weak
                         link!

                Cyber Security
         is everyone's responsibility!
Thanks!
        Thank you for going through the training today!

     Information Security is critical at work and at home. We
     appreciate you taking the time to learn the contents of this
     training and highly encourage you taking some time
     regularly to read up on security topics – you can click on
     the security link at the bottom of our MRC web pages to
     visit the VITA-NG security web site at any time.

     This information is provided to educate you on how to protect
     yourself at work and at home, but as always, it is required for
     you to understand and follow our agency security policy. If you
     need to review the policy again, you can go to the following link:
     Agency Information Security PowerPoint

     Please contact Erik Barth (x72262); Linda Farris (x72280) or
     your supervisor if you have any questions about this training or
     information security topics in general.
DON’T FORGET
Please don’t forget to email, fax, or mail
your acknowledgement for completing
your cyber-security training!
References
     FTC News
     Microsoft
     VITA
     VIRUSLIST
     Wikipedia
     Stay Safe Online
     OnGuard Online
     Cyber Security

				
DOCUMENT INFO