Good Computer Security Practices Basic Security Awareness

Overview What is Information and Computer Security? “ Top 10 List” of Good Computer Security Practices Protecting Restricted Data Reporting Security Incidents Additional Resources

What is Information and Computer Security?

“ Top 10 List” of Good Computer Security Practices

Protecting Restricted Data

Reporting Security Incidents

Additional Resources

What is Information and Computer Security ?

What is Information and

Computer Security ?

… the protection of computing systems and the data that they store or access. Desktop computers Confidential data Laptop computers Restricted data Servers Personal information Blackberries Archives Flash drives Databases

… the protection of computing systems and the data that they store or access.

Desktop computers Confidential data

Laptop computers Restricted data

Servers Personal information

Blackberries Archives

Flash drives Databases

Isn’t this just an IT Problem? Why do I need to learn about computer security? Everyone who uses a computer needs to understand how to keep his or her computer and data secure.

Isn’t this just an IT Problem?

Good security practices follow the “90/10” rule 10% of security safeguards are technical 90% of security safeguards rely on us – the user - to adhere to good computing practices

10% of security safeguards are technical

90% of security safeguards rely on us – the user - to adhere to good computing practices

Embarrassment to yourself and/or the University Having to recreate lost data Identity theft Data corruption or destruction Loss of patient, employee, and public trust Costly reporting requirements and penalties Disciplinary action (up to expulsion or termination) Unavailability of vital data What are the consequences of security violations?

Embarrassment to yourself and/or the University

Having to recreate lost data

Identity theft

Data corruption or destruction

Loss of patient, employee, and public trust

Costly reporting requirements and penalties

Disciplinary action (up to expulsion or termination)

Unavailability of vital data

“ Top Ten List” Good Computer Security Practices

“ Top Ten List”

Good Computer Security Practices

Don’t keep restricted data on portable devices. 2 . Back-up your data. Make backups a regular task, ideally at least once a day. Backup data to removable media such as portable hard drives, CDs, DVDs, or a USB memory stick. Store backup media safely and separately from the equipment. Remember, your data is valuable… don’t keep your backups in the same physical location as your computer!

Don’t keep restricted data on portable devices.

2 . Back-up your data.

Make backups a regular task, ideally at least once a day.

Backup data to removable media such as portable hard drives, CDs, DVDs, or a USB memory stick.

Store backup media safely and separately from the equipment. Remember, your data is valuable… don’t keep your backups in the same physical location as your computer!

Data Backups How effective would you be if your email, word processing documents, excel spreadsheets and contact database were wiped out? How many hours would it take to rebuild that information from scratch?

How effective would you be if your email, word processing documents, excel spreadsheets and contact database were wiped out?

How many hours would it take to rebuild that information from scratch?

3. Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them!

3. Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them!

4. Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches. 5. Don’t install unknown or unsolicited programs on your computer. “ I’ll just keep finding new ways to break in!”

4. Make sure your computer has anti-virus, anti-spyware and firewall protection as well as all necessary security patches.

5. Don’t install unknown or unsolicited programs on your computer.

6 . Practice safe e-mailing Don’t open, forward, or reply to suspicious e-mails Don’t open e-mail attachments or click on website addresses Delete spam Use secure e-mail system to send confidential information

6 . Practice safe e-mailing

Don’t open, forward, or reply to suspicious e-mails

Don’t open e-mail attachments or click on website addresses

Delete spam

Use secure e-mail system to send confidential information

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do? a) Follow the instructions b) Open the e-mail attachment c) Reply and say “take me off this list” d) Delete the message e) Contact Customer Support

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment. What should you do?

a) Follow the instructions

b) Open the e-mail attachment

c) Reply and say “take me off this list”

d) Delete the message

e) Contact Customer Support

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment . What should you do? a) Follow the instructions b) Open the e-mail attachment c) Reply and say “take me off this list” d) Delete the message e) Contact Customer Support d) Delete the e-mail message! e) Contact Customer Support for further instructions – but do not open, reply to, or forward any suspicious e-mails!

You receive an e-mail with an attachment from “IT Security” stating that you need to open the attachment . What should you do?

a) Follow the instructions

b) Open the e-mail attachment

c) Reply and say “take me off this list”

d) Delete the message

e) Contact Customer Support

d) Delete the e-mail message!

e) Contact Customer Support for further instructions – but do not open, reply to, or forward any suspicious e-mails!

Your sister sends you an e-mail at school with a screen saver attachment. What should you do? a) Download it b) Forward the message c) Call a tech-savvy friend to help install it d) Delete the message

Your sister sends you an e-mail at school with a screen saver attachment.

What should you do?

a) Download it

b) Forward the message

c) Call a tech-savvy friend to help install it

d) Delete the message

Your sister sends you an e-mail at school with a screen saver attachment. What should you do? a) Download it b) Forward the message to a friend c) Call a tech-savvy friend to help install it d) Delete the message d) Delete it! Never put unknown or unsolicited programs or software on your computer. Screen savers may contain viruses.

Your sister sends you an e-mail at school with a screen saver attachment.

What should you do?

a) Download it

b) Forward the message to a friend

c) Call a tech-savvy friend to help install it

d) Delete the message

d) Delete it! Never put unknown or unsolicited programs or software on your computer. Screen savers may contain viruses.

7. Practice safe Internet use ~ Accessing any site on the internet could be tracked back to your name and location. Accessing sites with questionable content often results in spam or release of viruses. And it bears repeating… Don’t download unknown or unsolicited programs!

7. Practice safe Internet use ~

Accessing any site on the internet could be tracked back to your name and location.

Accessing sites with questionable content often results in spam or release of viruses.

And it bears repeating…

Don’t download unknown or unsolicited programs!

8. & 9. Physically secure your area and data when unattended ~ Secure your files and portable equipment - including memory sticks. Secure laptop computers with a lockdown cable. Never share your ID badge, access codes, cards, or key devices (e.g. Axiom card)

8. & 9. Physically secure your area and data when unattended ~

Secure your files and portable equipment - including memory sticks.

Secure laptop computers with a lockdown cable.

Never share your ID badge, access codes, cards, or key devices (e.g. Axiom card)

10. Lock your screen For a PC ~ <ctrl> <alt> <delete> <enter> OR <  > <L> For a Mac ~ Configure screensaver with your password Create a shortcut to activate screensaver Use a password to start up or wake-up your computer .

10. Lock your screen

For a PC ~

<ctrl> <alt> <delete> <enter> OR

<  > <L>

For a Mac ~

Configure screensaver with your password Create a shortcut to activate screensaver

Use a password to start up or wake-up your computer .

Which workstation security safeguards are YOU responsible for following and/or protecting? a) User ID b) Password c) Log-off programs d) Lock up office or work area (doors, windows) e) All of the above

Which workstation security safeguards are YOU responsible

for following and/or protecting?

a) User ID

b) Password

c) Log-off programs

d) Lock up office or work area (doors, windows)

e) All of the above

Which workstation security safeguards are YOU responsible for following and/or protecting? a) User ID b) Password c) Log-off programs d) Lock-up office or work area (doors, windows) e) All of the above ALL OF THE ABOVE!

Which workstation security safeguards are YOU responsible

for following and/or protecting?

a) User ID

b) Password

c) Log-off programs

d) Lock-up office or work area (doors, windows)

e) All of the above

ALL OF THE ABOVE!

The mouse on your computer screen starts to move around on its own and click on things on your desktop. What do you do? a) Show a faculty member or other students b) Unplug network cable c) Unplug your mouse d) Report the incident to whomever supports your computer e) Turn your computer off f) Run anti-virus software g) All of the above

The mouse on your computer screen starts to move around on its own and click on things on your desktop.

What do you do?

a) Show a faculty member or other students

b) Unplug network cable

c) Unplug your mouse

d) Report the incident to whomever supports your computer

e) Turn your computer off

f) Run anti-virus software

g) All of the above

The mouse on your computer screen starts to move around on its own and click on things on Your desktop. What do you do? This is a security incident! Immediately report the problem to whomever supports your computer. Since it is possible that someone is controlling the computer remotely, it is best if you can unplug the network cable until you can get help.

The mouse on your computer screen starts to move around on its own and click on things on Your desktop. What do you do?

This is a security incident!

Immediately report the problem to whomever supports your computer.

Since it is possible that someone is controlling the computer remotely, it is best if you can unplug the network cable until you can get help.

What can an attacker do to your computer? a) Hide programs that launch attacks b) Generate large volumes of unwanted traffic, slowing down the entire system c) Distribute illegal software from your computer d) Access restricted information (e.g. identity theft) e) Record all of your keystrokes and get your passwords

What can an attacker do to your

computer?

a) Hide programs that launch attacks

b) Generate large volumes of unwanted traffic, slowing down the entire system

c) Distribute illegal software from your computer

d) Access restricted information (e.g. identity theft)

e) Record all of your keystrokes and get your passwords

What can an attacker do to your computer? a) Hide programs that launch attacks b) Generate large volumes of unwanted traffic, slowing down the entire system c) Distribute illegal software from your computer d) Access restricted information (e.g. identity theft) e) Record all of your keystrokes and get your passwords ALL OF THE ABOVE! A compromised computer can be used for all kinds of surprising things.

What can an attacker do to your computer?

a) Hide programs that launch attacks

b) Generate large volumes of unwanted traffic, slowing down the entire system

c) Distribute illegal software from your computer

d) Access restricted information (e.g. identity theft)

e) Record all of your keystrokes and get your passwords

ALL OF THE ABOVE!

A compromised computer can be used for all kinds of surprising things.

Protecting Restricted Data

Protecting Restricted Data

Restricted data includes, but is not limited to: Name or first initial and last name Health or medical information Social security numbers Ethnicity or gender Date of birth Financial information (credit card number, bank account number) Proprietary data and copyrighted information Student records Information subject to a non-disclosure agreement

Restricted data includes, but is not limited to:

Name or first initial and last name

Health or medical information

Social security numbers

Ethnicity or gender

Date of birth

Financial information (credit card number, bank account number)

Proprietary data and copyrighted information

Student records

Information subject to a non-disclosure agreement

Managing Restricted Data Know where this data is stored. Destroy restricted data which is no longer needed ~ shred or otherwise destroy restricted data before throwing it away erase/degauss information before disposing of or re-using drives Protect restricted data that you keep ~ back-up your data regularly

Managing Restricted Data

Know where this data is stored.

Destroy restricted data which is no longer needed ~

shred or otherwise destroy restricted data before throwing it away

erase/degauss information before disposing of or re-using drives

Protect restricted data that you keep ~

back-up your data regularly

Reporting Security Incidents

Reporting Security Incidents