toddington international inc. - reboot communications€¦ · toddington international inc. ......
TRANSCRIPT
1
TODDINGTON INTERNATIONAL INC.
17th Annual Privacy & Security Conference
CREATING A SAFE ONLINE PRESENCE
February 2016 - Victoria, BC
http://www.toddington.com
© 2016 Toddington International Inc.
Sponsored by the BC Ministry of Technology, Innovation and Citizen’s Services – Information Security Branch
2
TODDINGTON INTERNATIONAL
Founded by David Toddington (CEO) and Julie Clegg-Toddington (President) in 1997
INTRODUCTION
© 2016 Toddington International Inc.
ORIENTATION
HANDOUTS
CELL PHONES
COURSE OBJECTIVES
© 2016 Toddington International Inc.
INTRODUCTION
3
© 2016 Toddington International Inc.
When we connect to the Internet we become susceptible to spam, fraud, phishing, social engineering and a myriad of other threats that can invade and destroy lives. Internet connected devices have the potential to be positive or negative, and creating a safety net around your online presence will allow for better protection of your privacy and security. This workshop will walk attendees through the steps to obtain a safer online presence through the use of privacy tools, device settings and best practice principles.
Upon attending this workshop, participants will be able to:
INTRODUCTION
- Understand the basic principles and behaviours of social media sharing
- Understand the common concerns associated with social media / Internet devices
- Assist colleagues, friends and family to:
� Identify “red-flag” events as it applies to the use of social media
� Identify the concerns surrounding mobile technology and Wi-Fi
� Identify and communicate the threats to Internet safety
© 2016 Toddington International Inc.
Mobile and WiFi
Basic Principles
Summary
Examples of Threats
Best Practices
Recent Research
Introduction
INTRODUCTION
4
© 2016 Toddington International Inc.
INTRODUCTION
Highlights:
Cryptowall 3.0 (virus)
Helpful Wiki definition
What happened
Where to pay
Your customer ID number
Removal requires skill and time
HELP_DECRYPT.TXT or HELP_DECRYPT.JPG
5
© 2016 Toddington International Inc.
RECENT RESEARCH
Research on Trends From 2015
Research on Hacker Motivation
Research Results on ‘Kid-Safe’ Websites
© 2016 Toddington International Inc.
RECENT RESEARCH
Current Trends from 2015:
Continued mass movement from desk-based to mobile devices in a variety of forms
Increase in websites that offer geolocation services
(examples: Geofeedia, Echosec, Teaching Privacy App)
Twitter ‘e-cosystem’ of analytical websites wiped out, Facebook and Instagram shrinking
(many former free services becoming to paid services)
Blogging websites decreasing in use and public visibility
Number of free and paid MMORPGs increasing , emphasis on mobile device platforms
Increased computerization of tools, toys and appliances
(examples: mini-drones, fridges, smartphone adaptive toys)
Crowdfunding is one of the most popular forms of legal alternative funding
Online fraud techniques increasing in invasiveness and inventiveness
6
© 2016 Toddington International Inc.
RECENT RESEARCH
How Safe are ‘Kid-Safe’ and Kid-Friendly’ websites?
Total of 21 websites reviewed; Google Safe Search mode used as control/comparison
Used 5 control words (Anarchy, Canada, Christmas, Easter, Zulu)
Used 55 test words increasing from ‘impolite’ to ‘taboo’
Many search engines are copies of Google Safe Search, with limited results shown
(block adult matter; minimal blocking of test words, i.e. 5-20 blocked words)
Some engines created ‘safety’ by having a limited database/content
(i.e. DisneySearch blocked 48/55 words, but content limited to Disney material)
(I.e. KidsClick blocked 52/55 words, but only had 4 results for search word ‘Canada’)
Some engines had blocked words, but lacked….. imagination
(i.e. Blocked 20-30/55 words, North American english dictionary focus)
Many websites could be cirumvented by ‘click-through’ opportunities
Some websites blocked the words, but still might show up in ads or posted comments
© 2016 Toddington International Inc.
RECENT RESEARCH
Top 5 Websites for Kids:(Based on a balance of screening of inappropriate material and word blocking)
Kid-orientated sites and ‘net-nanny’ programs are never as effective as adult supervision
http://aga-kids.com/
http://dibdabdoo.com/
http://www.kidrex.org/http://www.kidzsearch.com/
http://www.surfnetkids.com/search-results/
Control Score = 1700 (x5W)
Test Score = 319 (x10W; x45W=0)
V= Impolite, Ambiguous and Foreign
Control Score = >897M (x5W)
Test Score = >253M (x28W); 110 (<100x 7W);(x20W=0)
V= Amibiguous, slang, physiological terms
Control Score = >414M (x4W); (1W=0)
Test Score = >69M (x19W); (x36W=0)
V= Slang and Foreign
Control Score = 4622 (x5W)
Test Score = 103 (12W); (x43W=0)
V= Ambiguous terms
Control Score = >411M (x5W)
Test Score = >170M (x27W); (x28W=0)
V= Gaps in depth in all categories
7
© 2016 Toddington International Inc.
RECENT RESEARCH
Online Fraud and Hacking – What do they want?
- 99% of hackers believe that phishing is still an effective technique- 86% of hackers believe they will never face repurcussions for their activities - 70% of hackers focus on IT administrators and contractors as their favorite targetshttps://thycotic.com/about-us/events/blackhat-2014/
#1 = Direct Financial Gain (actions result in payment by Bitcoins or Transfers)
#2 = Banking/Credit Card Information (gained by hacking, sold for profit)
#3 = Politics/Ideology/Hacktivism (Anonymous, Op Darknet, Ashley Madison breach)
#4 = National Objectives (Sony, US OPM database)
#5 = Corporate Objectives (espionage, corporate spies, undercover operations, white hats)
#6 = Cyberterrorism (attacks on national infrastructure by a non-state group attack)
#7 = Reputation/Status/Fame (bragging rights)
#8 = Curiosity/Thrills/Trolls/Cyberbullies/Jerks
8
© 2016 Toddington International Inc.
BEST PRACTICES
Application
Passwords
Email addresses
Backup of information
Find the best deal
© 2016 Toddington International Inc.
BEST PRACTICES
The Right Equipment
Skill, Training, Knowledge, MemoryApplication:
9
© 2016 Toddington International Inc.
BEST PRACTICES
The Right Equipment
NO TILT VIEW
ZOOM VIEW
STREET VIEW
TILT VIEW
COMPASS VIEW
MOUSE - SLIDE VIEW
Find the best deal: Price v Capability
(Test using 3D maps)
© 2016 Toddington International Inc.
BEST PRACTICES
The Right Equipment
Vulnerable to physicalloss/damage/intrusion
Vulnerable to electronicloss/damage/intrusion
Backup of Information: External hard drive v iCloud
(Privacy v Security)
10
© 2016 Toddington International Inc.
BEST PRACTICES
The Right Equipment
PRIMARYPersonal email address
SECONDARYPersonal email address
PRIMARYWork email address
SECONDARYWork email address
TERTIARYOther email address
Email Addresses: Primary personal email
Secondary personal email
Primary business email
Secondary business email
Tertiary other email
© 2016 Toddington International Inc.
BEST PRACTICES
The Right Equipment
Pr!nce$$ (8)
Mayb3Ag00d0Ne? (13)
W0rk$tuff (9)
X4txf99b3TT3r!#X (16)
S0((3rBa11 (10)
Passwords: Complexity v Length
Different between accounts
Avoid patterns
Annual change
Life crisis change
11
© 2016 Toddington International Inc.
BASIC PRINCIPLES
The Right Mindset
Online Communication:
Multiple Personas?
Personal Informatiuon:
Trust no one
Suspect everything
Believe nothing
Personal v Work
Anonymity v Transparency
What personal information are you providing?
Does that website need those details?
Risk of breach?
Desire for privacy?
12
© 2016 Toddington International Inc.
BASIC PRINCIPLES
The Right Mindset
Networking:
Checking your vulnerability:
What are you posting?
What is your family posting?
What are other people posting?
Test searches on yourself?
Check if email/password exposed?
Right to be forgotten?
Methods of removing information?
© 2016 Toddington International Inc.
BASIC PRINCIPLES
Good Websites to Know
Google Dashboard
https://www.google.com/dashboard
Google Remove Outdated Contenthttps://www.google.com/webmasters/tools/removals
Have I Been Pwnedhttps://haveibeenpwned.com
Internet Officer Redirect Checkerhttp://www.internetofficer.com/seo-tool/redirect-check
Just Delete Mehttp://justdelete.me
Namech_khttps://namechk.com
Teaching Privacy Apphttp://app.teachingprivacy.com
Yasni People Searchhttp://www.yasni.ca/
13
© 2016 Toddington International Inc.
MOBILE AND WI-FI
It’s A Great Tool, But Be Aware of The Vulnerabilities
Mobile devices are high-value targets for theft
Vulnerable to interception, network spoofing and MITM attacks
New viruses being developed to target smartphones on all operating systems
Enormous amount of personal information – is it encrypted? Remote destruction?
Have an expert advise on how to ensure all old information is actually deleted
App stores remove malicious apps after they are reported to be malicious
Persons in a relationship crisis should inspect/change all desk-based and mobile devices
http://focus.forsythe.com/articles/55/Mobile-Device-Security-in-the-Workplace-6-Key-Risks-and-Challenges
JUNE 8, 2015
“With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30
seconds and either mirror the device and see everything on it, or install malware that will enable them to
siphon data from it at their leisure.”
14
© 2016 Toddington International Inc.
EXAMPLES OF THREATS
EXAMPLE SETS 1 TO 4
15
© 2016 Toddington International Inc.
SUMMARY
Know your equipment and safety programs
Make a copy of your most important electronic information
Use separate emails with good passwords
Look for incongruous information
Think before you click
Conduct periodic checks of your personal information
16