Today's technology and you: Safe computing in a digital world - Eric Vanderburg - JurInnov

1. Today’s Technology and YouSafe computing in a digital worldMay 17, 2013Eric A. Vanderburg, MBA, CISSPDirector, Cyber Security and Information Systems

2. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedWho Are We?JurInnov works with organizations that want tomore effectively manage matters involving“Electronically Stored Information” (ESI).– Computer Forensics– Cyber Security– Electronic Discovery– Document and Case Management

3. © 2013 Property of JurInnov Ltd. All Rights Reserved4What are Cybercriminals After?Access to:– Personal information– Patent applications– Financial information– M&A documents– Intellectual property– Client correspondenceBusiness disruption of:– Calendar system– Billing system– Website

5. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedStarts with you• Exercise safe computing practices• Report suspicious activity• Notify IT/information security of potentialsecurity incidents• Escort guests through facilities• Challenge guests

6. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPasswords• Passwords are the keys to many things: your bankaccount, your computer, your email, a server on anetwork.• Your password gives others the power to:– Access your account (financial, email, etc)– Modify or destroy your files– Send malicious e-mail such as spam or threats in yourname– Commit fraud while masquerading as you– Use your computer to distribute illegally files such asmovies, songs or worse (child pornography)

7. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPasswords and Accounts• Creating a secure password• Passphrase: Here24octopihad5legslike*fish• Secondary logon• Limit administrative accounts• Lock the computer• Autolock• Change default passwords• Change passwords that you suspect may have beencompromised• Choose recovery hints and challenges wisely

8. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPasswords• Do not store them in obvious places• Do not let anyone observe you entering it• Do not share your password• Do not reveal a password– on questionnaires or security forms– to anyone over the phone, e-mail, or IM• Do not use same password for different servers/services• Do not use written examples of passwords

9. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSpotting password theft• Email– Large number of rejected messages– Missing emails– Messages in sent mail that you didn’t send• Social media– Posts you did not make– Many unknown contacts

10. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedWhen is data really gone?• Deleting a file does not actually remove it fromyour computer• Files persist until they are overwritten• Full or partial files may be recoverable• Sensitive data should be wiped• Drives should be wiped before being reused

11. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedBrowser security• Cookies• Block pop-ups• HTTP vs. HTTPS• Certificates• Fake sites– Swapped Characters yuotube.com– Replaced Characters wschovia.com– Inserted Characters Gooogle.com– Deleted Character Facbook.com– Missing dot wwwmicrosoft.com

12. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedWorking remotely• Free Wi-Fi• Encrypt and password protect mobiledevices• VPN• Enable computer firewall• Disable shares or use a homegroup (if noton a domain)

13. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPublic computers• Limit what you do• Erase your tracks (clear history)– IE (Tools, Internet Options, General tab, Delete BrowsingHistory)– Firefox (Tools, Options, Privacy tab, clear private data)– Use private browsing window• Do not save files locally• Don’t save passwords• Watch for over the shoulder• Delete temporary files• Exit programs and close browser when you leave

14. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSocial media• Privacy settings– Default– Per-post• Who should be your friend?• Geolocation• Watch out for social scams– Mugged on vacation– Free stuff– Spammed content and links

15. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSocial engineering• Social engineering preys on qualities of humannature: the desire to be helpful the tendency to trust people the fear of getting into trouble

17. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedWhy malware?• Revenge• Sense of power• To prove a point• Bragging rights• Profit• To attack other systems• Because they can

18. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSpyware• Corrupts/alters the currentsoftware• Tracks browsing habits, sites• Interferes with system settings• (registry, startup)• Steals passwords, information etc.

19. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSpyware• How does it get there?– Email– Instant Messaging– Internet Browsing– P2P Software• Don’t take downloads from strangers– What else are you getting with the “free” stuff– Be cautious with bundled installers

20. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSpyware• Identifying it– Sluggish computer– Annoying pop-ups– Changes to browser home pages– Unwanted toolbars– Unknown programs appear

21. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPreventing malware• Safe browsing habits• Up-to-date antivirus• Antimalware software• Computer firewall• Windows updates

23. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPhishing• False Sense Of Urgency - Threatens to "close/suspendyour account”, charge a fee or talks about suspiciouslogon attempts, etc.• Suspicious-Looking Links - Links containing all or part ofa real companys name asking you to submit personalinformation.• Not personalized – does not address you by name orinclude a masked version of the account number.• Misspelled or Poorly Written – Helps fraudulent emailsavoid spam filters

28. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedPhishing• Treat all email with suspicion• Never use a link in an email to get to any webpage• Never send personal or financial information toany one via email• Never give personal or financial informationsolicited via email

30. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedSpatial security• Computers or whiteboard placement• Facing away from windows or public areas• Monitor privacy screen• One way window film

31. Questions

32. © 2013 Property of JurInnov Ltd. All Rights ReservedBlogs & Podcasts• 50,000 Medicaid providers’data breached• Data breach threats of 2013• Ignorance of the breach isno excuse• Over processing of ESI andthe Microsoft letter• Predictive coding gets aglossary• LegalTech 2013

33. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights ReservedFor assistance or additional information• Phone: 216-664-1100• Web: www.jurinnov.com• Email: eric.vanderburg@jurinnov.comJurInnov Ltd.The Idea Center1375 Euclid Avenue, Suite 400Cleveland, Ohio 44115