the human firewall - amazon s3 · 2019-04-22 · the human firewall “as we’ve come to realize,...

The Human Firewall

“As we’ve come to realize, the idea that security starts and ends with the purchase of a

prepackaged firewall is simply misguided.”

-Art Wittman

Best Practices For Office Information Security

• Be suspicious of email links and attachments.

• Back up your files regularly.

• Use strong passwords. • Use password

protected screensavers.

• Be careful when using public Wi-Fi.

• Download only from approved sources.

• Don’t give out information to unverified individuals.

• Know and follow information security policies.

Phishing The act of sending an email message claiming to be a business to scam the receiver into sharing

personal data or private information.

• Spear phishing • Whaling

More Phishing Examples “Log in now to claim your prize!” “Credit Card on file has Expired” “Your account has been compromised” INTERNAL REVENUE SERVICE “Court attendance notification ID#608” “Your eBay confirmation of your PayPal transaction.”

Avoiding Malware • Be wary of email from

strangers. • DO NOT double-click

attachments • DO NOT click on links. • Look for obvious social

engineering: – Free stuff! – Flattery – Urgency

AND…

Back Up Your Files Regularly

• Determine how often by how much you

are willing to lose. • Test your files and your recovery success. • Store your backup files securely and at a

different location. • Have multiple backup files, just in case.

Passwords 101: Use Strong Passwords and Keep Them Safe

Passwords 101: Use 2-Factor Authentication

Use 2 of the Following:

-Something you know… …Password

-Something you have… …Authenticator

-Something you are… …Fingerprint

With 2FA, the password alone will not be enough to access your account.

Password 101: What Makes a Good Password

Passwords should be: 15+ Characters – size matters! Complex: ABC abc 123 @#$ Unique for each important site. PRIVATE

Passwords 101: Use Strong Passwords

Complex (15) Ih@dnLily&acnC! (I have a dog named Lily and a

cat named Charlie!)

Long (23) TrueMonkeyRaceCarBucket

Both (27) B*ttleneck11AirplaneC@rseat

B11AC

Another Idea for Making Passwords

Take 4-6 letters LotR (Lord of the Rings)

Pick some random numbers 20150424

Random symbols !@

Base password: LotR20150424!@

Add a few letters from site: IG (Instagram)

Password for Instagram: LotR20150424!@IG

Has My Password Been Compromised?

• How to tell: – Strange activity on your account – Your password or email address is changed – Communications from your account that you don’t

remember sending • Where to check:

– www.HaveIBeenPwned.com • What to do:

– Change your password – Contact the service to notify them – Contact people who have been affected by interaction

with your account

Use Password Protected Screensavers

Be Careful with Public WiFi

Public WiFi Networks are NOT SECURE

Verify you’re connecting to the correct one Never send confidential information

over an open wireless network Check for shoulder surfers

Wi-Fi at Home

Make sure your router at home has a secure password, too!

A strong password on your router: – Protects your devices from becoming zombies

in a botnet – Protects your sensitive data from being stolen – Helps protect your work network if you are

working from home

Protecting Your Family at Home

• Keep your kids safe. – An open line of communication can help you

spot trouble – Many cable companies and mobile carriers offer

parental control programs for free to customers • Practice safe browsing habits

– Only input data into websites that have https protection (look for the little padlock next to the web address)

Download Only From Approved Sources

Download Only From Approved Sources

Research the website. Research the file. Watch out for executable files.

.exe, .bat, .pif, and .scr Google is your friend!

Don’t Give Out Information to Unverified Individuals

How Does It Work?

Research Develop Trust Exploit Trust

Use the Information (…Repeat)

Social Engineer: Frank Abagnale

Pilot, doctor, reporter, prosecutor…all by age 20!

How Do I Avoid Being Tricked?

Verify that the person: 1. Is who they say they are. 2. Works where they say they do. 3. Has a need to know the information.

Countermeasures

Policies and Procedures Awareness training If it’s a violation of policy

– SAY NO!

Know Your Policies and Procedures

• Read them carefully! • If you suspect a problem, contact

your Information Technology office first.

• Document what is happening, the time, take screenshots.