Security Liaisons Information Presentation<Security Liaison’s Name><Date>

Introduction What’s the big deal with computer

security? Don’t we have an IT security department to take care of this?

[Explain users’ role in IT Security] [Who you are]

Facts Major security breaches are the result of users:

Not protecting credentials People responding to phishing Responding to pop up “your computer is at risk” ads Losing cell phones and laptops, with no password protection

Let’s break it down into some statistics: About 63% of all major security breaches are caused by user error

http://www.channelbiz.co.uk/2012/06/12/internal-security-breaches-cause-businesses-most-concern/

Worldwide about 23% of people will respond to spear-phishing attacks, with 70% of people responding to directed phishing attacks http://www.scmagazine.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/

Facts (cont’d) More statistics (

http://www.verizonbusiness.com/about/events/2012dbir/) : 96% of all data breaches were not highly

difficult 97% were avoidable through simple or

intermediate controls 69% incorporated malware 81% of incidents used a form of hacking

(through phishing, drive-by downloads, etc)

79% of victims were targets of opportunity

Things You Can Do Secure your computer Use strong passwords Watch for phishing Use social networking cautiously Do not store highly sensitive data

How? Contact your Security Liaison for additional

resources or contact the ITU Support Center for more information on how to protect yourself and your data!

Phishing

Phishing What is phishing?

Phishing is a form of social engineering that uses e-mail or malicious websites to solicit personal information by posing as a trustworthy organization.

What does a phishing email look like? False Sense Of Urgency Suspicious-Looking Links Not personalized Misspeld or Pooooorly Written Sender not known

Phishing (cont’d)

Phishing (cont’d)

Phishing (cont’d) What can happen?

Phishing Attacks Lead to Identity Theft - When users respond with the requested information, attackers can use it to: Empty your bank account Open new credit cards Gain employment Give your name to the police during an arrest

Specific to Mason: Your Mason UserID gives access to:

Patriotweb/Internet Native Banner Student/Employee Personal information Financial information Mason Money MyMason

Phishing (cont’d) How to protect yourself:

Be cautious about opening attachments in e-mails

Be very cautious about downloading files Be suspicious of unsolicited e-mails asking for

information If an unknown individual claims to be from a

legitimate organization, try to verify his or her identity directly with the company.

Pay attention to the URL of a website Malicious websites may look identical to a

legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

Password Security

Password Security Use a secure password

Length first, then complexity At least 10 characters Mixed alphanumeric, upper/lower and special

characters Try using a passphrase instead – makes it

harder to crack! Use a password safe to store your

passwords Never use chain-link passwords – i.e.

never use the same password for all your accounts

Never link accounts

Securing Your Web Browser

Securing Your Web Browser Web browser security:

Understand what risky behavior is Beware of untrusted web sites Don’t click the fake anti-virus button, instead

end the process – do not just close your browser. Beware of downloading plugins and add-ons

Secure your internet browser Manage plugins Disable Java**, JavaScript, and ActiveX For more details, please visit

http://itsecurity.gmu.edu/Alerts/upload/Securing-Home-Network-Part2.pdf

Social Networking

Social Networking What is social networking?

Social networking service is defined as an “online service, platform, or site that focuses on facilitating the building of social networks or social relations among people who, for example, share interests, activities, backgrounds, or real-life connections.” (http://mashable.com/follow/topics/social-networking/)

Social Networking Sites (to name a few): Facebook Twitter LinkedIn MySpace Google + Pinterest

Social Networking (cont’d) Privacy settings are key:

Why do we need them? Won’t that make it harder for people to find

us and friend us? How do they work? What do I need to do?

Social Networking (cont’d) Tips for safely using social networking:

Be conscious of what you write. It’s the internet, nothing is ever truly private.

Avoid posting your plans, particular personal information, etc. Do not state your location. Make sure you have your privacy settings in place. Be careful what you allow your friends to tag you in. Don’t accept friend requests from people you don’t know. Be careful when playing games and apps that ask for personal

information. They can sell that to third-party vendors. Make sure your passwords are strong and are not the same

for every site. Never use your Facebook or Twitter as logins for other sites.

Social Networking (cont’d) Social Networking

Proof that nothing is private: “We Know What You’re Doing” –

http://www.weknowwhatyouredoing.com Takes revealing posts and makes them public,

proving you’re not always as private as you would like to hope. Again, think before you type.

Failbook – http://failbook.com Embarrassing and funny Facebook statuses. If

you’re not careful, you could end up on this site. Again, THINK BEFORE YOU POST.

Things You Can Do

Things You Can Do Secure your computer Use strong passwords Watch for phishing – DO NOT respond Use social networking cautiously Do not store highly sensitive data

If you think there is a problem… Contact the IT Support Center if there

is a suspected problem, or if you know you have a problem. ITU Support Center

x3-8870support@gmu.edu

Important Contacts <Security Liaison Name, Title>

<SL email><SL extension>

IT Support Centersupport@gmu.edu3-8870http://itservices.gmu.edu

Sarah Morehouse, Communications Coordinator, IT Security and Project Management Officesmoreho3@gmu.edu3-2906http://itsecurity.gmu.edu