making secure choices
TRANSCRIPT
Charles Garrett
ISSA:MSC
MAKING SECURE CHOICES
2
OBJECTIVES• Show how much information can be found on the internet
• Provide best practices when it comes to information sharing.
• Learn how to develop strong passwords
• Learn how to use mobile devices securely.
3
PROFESSIONAL WEBSITE
4
PROFESSIONAL WEBSITE
5
PERSONAL INFORMATION • Full Name
• Date of Birth or Age
• Phone number
• Location
• Financial Information
• Schedule (What you do and where you go.) (Ex. Checking in on social media)
6
WEB PAGES/IDENTIFIERS • Profiles
• Newsgroup Postings
• Social Networking profiles
• Personal or Business Websites
• Newspapers
• Ebay
• General Web Presence
• Screen Names or Email Addresses
7
INFORMATION GIVEN UP • Screen names and email addresses shouldn’t tell anything about you.
• Poor Ex.
1. John12343
2. GADAWGSLUVA
3. Lucy_Waycross12343
8
BETTER SCREEN NAMES• B!@ck&Ye1L0W
• Keychains101
• PepperSpray
9
ACTIVITY: INFORMATION GATHERING• HINTS:
1. Use whole name (can include initials)
2. Use quotes
3. Search with name forward/backward
4. Use quotes spaces with phone numbers and addresses
10
PASSWORD DEVELOPMENT• Bad examples:
• Password
• Qwerty
• 123456
• Any word in the dictionary
• Good Examples. Hint Passphrase
• b!@ck&yE1L0w
• q@w4dgf*542
11
PASSWORD DEVELOPMENT• Basic Concepts
• Length of Password (8 char min. 10+ < Preferable)
• Complexity of Password (As random as possible)
• Use lowercase, uppercase, numbers, and symbols in a random sequence.
12
PASSWORD TIPS• Create a unique password for each account.
• Never share or write down your password.
• Use a passphrase so it is easy to remember.
• Change passwords if your email or system has a virus.
13
WORKING REMOTELY
• Working remotely provides many professionals with the freedom to complete work related tasks from almost any location.
• The challenge is that many are unaware of the security vulnerabilities and regular maintenance required to protect their devices.
14
BEST PRACTICES: SOFTWARE• Ensure virus protection is installed, enabled, and up to date.
• Ensure Windows Firewall is turned ON.
• Ensure all software applications like Java and Flash are up to date.
• NEVER install software that is not necessary for work related tasks.
• NEVER allow non-BBBS employees to use installed software.
15
BEST PRACTICES: PASSWORDS• Protect passwords that are used to access BBBS information.
• Ensure your machine have STRONG passwords.
• Ensure that passwords are changed a MINIMUM of 6 months.
• Ensure all mobile devices have a timeout function that lock the screen.
• NEVER use the “Remember this password” function in an internet browser.
• Use software like LastPass to properly secure passwords.
16
BEST PRACTICES: INFORMATION MANAGEMENT• Invest in a backup solution and back it up once every two weeks. (flash drive, external
HD, etc.)
• Protect devices by enabling a lock and wipe function on mobile devices such as tablets and smartphones.
• ALWAYS ensure that all BBBS information is encrypted.
• Remove unnecessary information when it is no longer needed on the machine.
• Ensure that when you work remotely that you do not leave your computer unattended for any period of time.
17
SOURCES• GBI Cyber Security Awareness