The Human Firewall
“As we’ve come to realize, the idea that security starts and ends with the purchase of a
prepackaged firewall is simply misguided.”
-Art Wittman
Best Practices For Office Information Security
• Be suspicious of email links and attachments.
• Back up your files regularly.
• Use strong passwords. • Use password
protected screensavers.
• Be careful when using public Wi-Fi.
• Download only from approved sources.
• Don’t give out information to unverified individuals.
• Know and follow information security policies.
Phishing The act of sending an email message claiming to be a business to scam the receiver into sharing
personal data or private information.
• Spear phishing • Whaling
More Phishing Examples “Log in now to claim your prize!” “Credit Card on file has Expired” “Your account has been compromised” INTERNAL REVENUE SERVICE “Court attendance notification ID#608” “Your eBay confirmation of your PayPal transaction.”
Avoiding Malware • Be wary of email from
strangers. • DO NOT double-click
attachments • DO NOT click on links. • Look for obvious social
engineering: – Free stuff! – Flattery – Urgency
AND…
Back Up Your Files Regularly
• Determine how often by how much you
are willing to lose. • Test your files and your recovery success. • Store your backup files securely and at a
different location. • Have multiple backup files, just in case.
Passwords 101: Use Strong Passwords and Keep Them Safe
Passwords 101: Use 2-Factor Authentication
Use 2 of the Following:
-Something you know… …Password
-Something you have… …Authenticator
-Something you are… …Fingerprint
With 2FA, the password alone will not be enough to access your account.
Password 101: What Makes a Good Password
Passwords should be: 15+ Characters – size matters! Complex: ABC abc 123 @#$ Unique for each important site. PRIVATE
Passwords 101: Use Strong Passwords
Complex (15) Ih@dnLily&acnC! (I have a dog named Lily and a
cat named Charlie!)
Long (23) TrueMonkeyRaceCarBucket
Both (27) B*ttleneck11AirplaneC@rseat
B11AC
Another Idea for Making Passwords
Take 4-6 letters LotR (Lord of the Rings)
Pick some random numbers 20150424
Random symbols !@
Base password: LotR20150424!@
Add a few letters from site: IG (Instagram)
Password for Instagram: LotR20150424!@IG
Has My Password Been Compromised?
• How to tell: – Strange activity on your account – Your password or email address is changed – Communications from your account that you don’t
remember sending • Where to check:
– www.HaveIBeenPwned.com • What to do:
– Change your password – Contact the service to notify them – Contact people who have been affected by interaction
with your account
Use Password Protected Screensavers
Be Careful with Public WiFi
Public WiFi Networks are NOT SECURE
Verify you’re connecting to the correct one Never send confidential information
over an open wireless network Check for shoulder surfers
Wi-Fi at Home
Make sure your router at home has a secure password, too!
A strong password on your router: – Protects your devices from becoming zombies
in a botnet – Protects your sensitive data from being stolen – Helps protect your work network if you are
working from home
Protecting Your Family at Home
• Keep your kids safe. – An open line of communication can help you
spot trouble – Many cable companies and mobile carriers offer
parental control programs for free to customers • Practice safe browsing habits
– Only input data into websites that have https protection (look for the little padlock next to the web address)
Download Only From Approved Sources
Download Only From Approved Sources
Research the website. Research the file. Watch out for executable files.
.exe, .bat, .pif, and .scr Google is your friend!
Don’t Give Out Information to Unverified Individuals
How Does It Work?
Research Develop Trust Exploit Trust
Use the Information (…Repeat)
Social Engineer: Frank Abagnale
Pilot, doctor, reporter, prosecutor…all by age 20!
How Do I Avoid Being Tricked?
Verify that the person: 1. Is who they say they are. 2. Works where they say they do. 3. Has a need to know the information.
Countermeasures
Policies and Procedures Awareness training If it’s a violation of policy
– SAY NO!
Know Your Policies and Procedures
• Read them carefully! • If you suspect a problem, contact
your Information Technology office first.
• Document what is happening, the time, take screenshots.