This document provides information security tips for job seekers. It recommends choosing security and not relying on obscurity. Several key points are made:
- Job searches involve sharing personal information online, so security practices are important.
- Common excuses for not having strong security should be ignored, as identity theft is a serious risk.
- Tips are provided for securing hardware, software, browsers, and online accounts and activities. Safe email practices and limiting sharing of information are also advised. Free security tools can help protect systems and information.
1. Information Security for the
Jobseeker
Allison R. Peirce III, CISSP, GSLC
May 9, 2016
Allison R. Peirce III - 2016
2. Security is a choice –make the choice and protect
yourself
Security through obscurity is really no security at all
DO NOT SHARE CREDENTIALS!!!!
Information Security for the
Jobseeker
Allison R. Peirce III - 2016
3. Information security – a modern necessity
Imposed in the workplace
Instituted by function (online banking, Amazon, etc.)
Ignore the excuses
‘Nobody wants to hack me’
‘It takes too much time – it’s too complicated’
‘Why does my password have to be so hard?’
Introduction
Allison R. Peirce III - 2016
4. The 2015 Identity Fraud Study, released by Javelin
Strategy & Research, found that $16 billion was stolen
from 12.7 million U.S. consumers in 2014, compared
with $18 billion and 13.1 million victims a year earlier.
There was a new identity fraud victim every two
seconds in 2014.
Data breaches totaled 1,540 worldwide in 2014 -- up
46 percent from the year before -- and led to the
compromise of more than one billion data records.
Reality I
Allison R. Peirce III - 2016
5. You are outside of your comfort zone with modified
behavior.
You are not aware of who is watching you.
What is the impact of a job search
Short term
Long term
Focus on the Jobseeker
Allison R. Peirce III - 2016
6. What is involved?
Environments to consider
Hardware
Desktop
Laptop
Mobile
Router/Modem/Printer
Webcam
Software (OS, Browser, Tools)
The Internet
Personal Information Security
Allison R. Peirce III - 2016
7. Multiple users (what have the others been doing)
Static network connection
Firmware not an issue
Insure power on/BIOS settings are what you want
Boot order
Eligible boot devices
Security settings
Hardware - Desktop
Allison R. Peirce III - 2016
8. Laptop
Multiple accounts (and/or users)
Multiple network connections defined
Firmware – only from OEM site
Check BIOS settings
Mobile – Tablets and smartphones
Multiple admin accounts
Multiple network connections
Hardware - Portable
Allison R. Peirce III - 2016
9. Router/Modem/Printer
Router configuration
Printers are web enabled
Webcam
Can be hacked and used without notice
Preference – disable integrated webcam, use external
via USB connection
Hardware – Peripheral
Allison R. Peirce III - 2016
10. Acceptable
Windows 7, 8, 8.1, 10
Current Linux distro (Linux Mint, Ubuntu, etc.)
Unsupported
Windows Vista
Run Away, Run Away
Windows XP, ME, 98
Software Environment - OS
Allison R. Peirce III - 2016
11. Chrome (1a – 1b)
FireFox (1a – 1b)
Opera
IE 11 (support ended for IE 8, 9 and 10 - 1/12/2016)
Edge (windows 10) – lightweight but some driver
issues
Do not use unsupported browsers!
Browsers, Browsers, Everywhere
Allison R. Peirce III - 2016
12. Default Browser – this will not change ‘by itself’
Default Search Provider
Privacy and History settings
‘Delete my browser history…….’
Security Settings
Extensions, add-ons, BHO’s
Maintain currency – check for updates
Browser Settings
Allison R. Peirce III - 2016
13. Personal exercise – map your usage
Review your habits
Blogging, YouTube posting, eBay and Amazon accounts
Social media activity
Facebook, Twitter, Instagram (most cameras are GPS
enabled and embed data in photo)
Private or Incognito browsing does not equal security!
Beware clickbait
Chrome - Adblock
The Internet
Allison R. Peirce III - 2016
15. Disable Guest accounts
Change default accounts – ID if possible, password
change mandatory
Verify software source before download or install
Keep patching up to date
Validate external storage – disk, DVD/CD, Flash drive
Router – use password for network access, different
password for router admin account
Not necessary to hide SSID of network
Safe Practices
Allison R. Peirce III - 2016
16. Email – spoofing vs hacking (check sent folder on
client and host)
Use integral spam filters – set high as comfortable
If unknown – DO NOT OPEN
Use rules for routing/sorting
Archive (but don’t go crazy) – use archive to delete
Do not click on ‘unsubscribe’ button
Do not reply with personal data
Email practices - 1
Allison R. Peirce III - 2016
17. Attachments
Only accept from trusted sources
No .zip, .msi, .exe files
Office files (.doc/x, .xls/x, .ppt/x) may contain macros –
do not enable by default
Hover over attachment – view true name
Email practices - 2
Allison R. Peirce III - 2016
18. Sharing – not recommended on a default basis
Bluetooth – turn off or restrict – not secure
Webcams – keep under control – external preferred
Remote Support – disable and deny any request for
this level of access
GoTo Meeting – Exercise extreme caution
PC Anywhere – NO! (It’s dead, Jim)
Additional practices
Allison R. Peirce III - 2016
19. It’s Tool time
Tools you can use (and they’re free)
Firewall (ZoneAlarm, windows 10 firewall)
Anti-virus
Panda, AVG, Avast, ZoneAlarm (FW+AV)
Malwarebytes (2nd level support) (not free)
System tools
Ccleaner, Spybot, Windows Defender
More is not better – overhead and conflict can let
attackers through
Allison R. Peirce III - 2016
20. Software – verify source prior to download/install
Beware of BHO and ‘companion’ products
Watch for excessive permission requests
(smartphones)
Job search sites
Indeed, CareerBuilder, Dice, Monster
Valid company career sites
General Practices
Allison R. Peirce III - 2016
21. Personal VPN’s – should you use? Free and paid
versions
Overhead considerations – YMMV
Encryption
MS Office, Bit Locker, Axcrypt
Research and decide
Social Media
Watch your posts
Control access to your content
Last notes
Allison R. Peirce III - 2016