Online Self Defense


Published on

It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!

Published in: Technology
  • Be the first to comment

Online Self Defense

  1. 1. Online Self-DefenseDon’t Let Bad Stuff Happen To You Barry Caplin Chief Information Security Officer Minnesota Department of Human Services Slides on InfoLink
  2. 2. Happy CyberSecurity Month!(and belated Happy National Coffee day!)
  3. 3. 2 Main Issues• Passwords• Clicking on Links
  4. 4. PasswordsWhy Are They A Problem?•Hard to remember•Hard to enter•Need too many•Inconsistent Rules•Changes
  5. 5. How Passwords Work• Site saves encrypted pw• At login – enter pw – it’s encrypted and compared to stored value• Some sites: – Don’t encrypt well – Don’t encrypt at all!
  6. 6. Password Hacks in the NewsIt was a busy year
  7. 7. How Passwords Get Hacked• Site attacked – many methods• Encrypted pw file downloaded (should be more difficult!)• Over time, hackers crack the file• What does that get them?
  8. 8. Passwords• Avg. web user has: – 25 separate accounts but – 6.5 unique passwords  password reuse – not good• So…
  9. 9. Password Self-Defense1. Don’t reuse passwords2. Only enter on secure sites3. Login notifications4. Choose good (long) passwords
  10. 10. Password Self-Defense5. Vault it6. Care with “secret” questions7. Care with linking accounts8. 2-step authentication9. Use separate email addresses
  11. 11. Password Self-DefenseHandouts• Password Self-Defense tips and resources
  12. 12. Safe Computer Use and Web Surfing
  13. 13. Don’t Click!
  14. 14. How Your Computer Gets Sick• Attachments• Downloads – Intentional • Clicks • URL shortening – Unintentional - Website Visits/Drive- By
  15. 15. Attachments• File sent via email• Can execute when clicked• doc, xls, pdf, jpg (and other images), etc.• Even zip files can cause problems• Only open expected attachments• Don’t open chain emails• Watch holiday emails
  16. 16. Downloads• Intentional – Clicking on link downloads page or fileClick here to download
  17. 17. Downloads• Only some executables ask permission – Dialog boxes often ignored
  18. 18. URL shortening• io/2009/11/03/DP-Hr3_11-03- 2009_stream.mp3 or…••,, others• Some browsers support URL lengthening – Long URL Please
  19. 19. URL lengthening
  20. 20. Safe Surfing Tips• Look before you click• Use Link Rating• Consider the source (subjective)• Beware – file sharing, gaming, gambling, questionable legality
  21. 21. Safe Surfing Tips• Use Care – Social Networking (limit apps), ads, pop-ups, banners• https and lock for shopping, banking, etc.• Limit – open/public networks, scripts• Protect web pw’s
  22. 22. Safe Surfing TipsHandouts• PC Protection Tips/Tools• Safe Surfing Tips
  23. 23. Phishing
  24. 24. PhishingLooks real, but rarely isFrom a familiar business (not)May threaten to close account, warn of fraud or virusLegitimate businesses will not ask for private info via email
  25. 25. 
  26. 26. Phishing on Social NetworksScams seem real when they come from a “friend”Malicious links/appsSpread quickly when posted or “liked”“Just say no” to apps
  27. 27. • Installs app• Grabs info• Posts on your wall• Click-fraud
  28. 28. Phone PhishingAt work: gain access/info, supplement intel Impersonate user/exec/vendor Ask probing questions or for accessAt home: get personal/financial info Verify cc, ssn, etc. Use fear of theft or fraud to commit theft or fraud!
  29. 29. Tips to Avoid PhishingLook before you Click - Don’t click links asking for personal infoNever enter personal info in a pop-upUse spam filters, anti-virus/spyware, and keep updatedOnly open email attachments you’re expectingDon’t give out personal info over the phone unless you initiated the call
  30. 30. Tips to Avoid PhishingKnow what you’ve posted about yourself on social networksKnow who your “friends” areUse care with appsRecheck your social network privacy settingsVerify callers asking for “too much” infoInitiate calls to known numbers for banks, etc.Act immediately if you’ve been hooked
  31. 31. Tips for Avoiding PhishingHandouts• Top Tips to Help Avoid Phishing Scams• 10 Tips for Social Networking Safety
  32. 32. Mobile DevicesComputer is always with you•Device theft•Data theft•Wireless networks•Malicious software•Geolocation
  33. 33. Device Theft• How to protect your devices when you’re mobile?• Keep it with you, or• Lock it up – out of sight
  34. 34. Data Theft• Most people have a device: smartphone, tablet, netbook, laptop• Do you know your surroundings?• What network are you using?
  35. 35. Data TheftShoulder surfing…
  36. 36. Data Theft• USB devices• “evil maid”• Be aware of your surroundings
  37. 37. Wireless Networks• Open Wi-Fi• “evil twin”• firesheep
  38. 38. Wireless Networks• Use Wi-fi with WPA2• Verify your connection (ask the provider)• 3G/4G relatively safer… for now
  39. 39. Malicious Software• There’s an app for that!• Use official app markets• Use anti- malware
  40. 40. GeolocationThe world knows• Where you are• Where you are not
  41. 41. Tips for Mobile Devices• Use official app markets• Use anti-malware• Keep your device close or locked-up out of sight• Watch your surroundings• Be stingy with your personal data
  42. 42. Tips for Mobile Devices• No government data on personal devices• Use only DHS-managed connections 
  43. 43. Tips for Mobile DevicesHandouts• 10 Tips for Securing Your Mobile Device
  44. 44. Let’s Be Careful Out There
  45. 45. Discussion?