2. Introduction
2
Aims of the Information Security & Compliance
Course:
• Revise your knowledge of information security
• Enhance your knowledge with the latest
in information security
This lecture is divided into three sections:
1. Recent threats to information security
2. Important routine measures
3. Additional good behaviors
Improving
your
knowledge
of
information
security
3. Differences between the
2018 and 2017 version
3
• Why should we disconnect from the network?
• The route of virus infection.
• Damage from unauthorized apps.
• Use a password management tool
• Use the Cloud for data storage and sharing
• This type of case is an incident.
Newly added pages contain this mark
Pages displaying updated content contain this mark.
UPDATE
4. 4
1 Recent threats to
information security
• Phishing scams
• Virus infections
• Unauthorized access
5. Risks of phishing scams
5
The damage caused by phishing scams that make
unauthorized use of Internet banking and credit
card information is increasing.
1. Deceptive
emails
2. Entering ID, password,
credit card, and account
details
Phishing site
3.
Collecting
information
4. Malicious use
of obtained
information
Genuine site
Check your
transaction
statements for
signs of
improper use.
6. How to identify suspicious emails:
Point
6
This is a real email which we have received.
http://sprechmanlaw.com/eng.html
URL is suspicious.
“http” instead of “https”
Email address is suspicious.
Strange domain
UPDATE
7. Check the URL in the email
before clicking.
7
Virus infections are increasing with clicking on the
links within emails.
Check whether the URL is safe before clicking.
/
Since it is possible that your
account information has been
hacked, click this link to change
your password.
/ / / -
/- / .
./
./
/ -
8. Example of clever phishing site
8
Many recent phishing sites look exactly like
genuine sites.
Never open links in suspicious emails.
It’s difficult to
tell if a site is
fake!
9. Countermeasures and Behaviors
against phishing scams
9
Check whether your
devices are not used by
unknown third party.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Manage your IDs and
passwords carefully.
Countermeasures Behaviors
Keep informed of the latest
threats and attack methods.
Don’t click inadvertently
on file attachments or
URLs.
10. Risks of virus infections
10
The damage caused by ransomware has grown
markedly since 2015.
What is “ransomware”?
All the files on the infected
PCs are encrypted to make
them unusable.
à The perpetrator
requires a "ransom" to
repair your files.
Files are encrypted,
so they cannot be
used!
11. Examples of ransomware
11
Infection screen of
“CryptoLocker”
Infection screen of
“CYBER POLICE”
If your smartphone is
infected, you will not
be able to boot it.
Online banking
information was also
stolen!
12. If your PC is infected by
viruses
12
• Never pay a ransom.
• Disconnect from the network.
• Reinitialize the PC, then restore from a
backup.
• Report the incident to the University.
restore
Make regular backups in case
this ever happens!
UPDATE
13. Why should you disconnect
the PC from the network?
13
If you leave a virus-infected PC connected to the
network
• The PC will download a backdoor tool.
• The PC sends information in it to the perpetrator.
• The PC is remotely controlled.
• The infection may spread to all accessible
surrounding PCs.
15. Countermeasures and Behaviors
against virus infections
15
Don’t click inadvertently on
file attachments or URLs.
Do not install suspicious
applications.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Make regular backups.
Countermeasures Behaviors
Keep informed of the latest
threats and attack methods.
16. Official sites contain
unauthorized apps
16
• Unauthorized apps may be
registered on official sites.
• Check for unnecessary
features.
• Confirm your rights to access the
apps.
,
,
Delete the apps that request
inappropriate rights.
,
, ,
17. Check the app before
installation.
17
Search the Web and read reviews before installing the
app to verify its authenticity.
Search the app by its name and look for blogs about it.
. .
.
the name of app unlawful apps 2018
. .
18. Check whether the app is being
used correctly
18
Spoofing user accounts are increasing.
Check the service usage history and settings
regularly.
For example, in the
case wherein Twitter
is used, the Web
browser settings can
be checked.
19. Damage caused by unauthorized access
to devices such as PCs, smartphones,
and tablets.
19
Sending spam
emails
Hijacking of
social media
accounts
Data leaksModifying web
sites
The perpetrator accesses the electronic
devices unlawfully.
Viewing,
modifying, and
deleting files
Viewing,
modifying, and
deleting emails
UPDATE
20. Things that increase the risk of
unauthorized access
20
Continuing to use
old versions of OS
and applications
Using easy-
to-guess
passwords
Repeatedly using the
same password
Connecting to suspicious
free public Wi-Fi networks
Entering personal information
on sites with URLs not
beginning with “https”
Leaving old
accounts
activeLetting someone else
use your smartphone
Not checking the usage
status of your services
UPDATE
PCs containing unlawful apps
are included to avoid a
license check
21. Countermeasures and Behaviors
against unauthorized access
21
Don’t click inadvertently on
file attachments or URLs.
Use only secure
communications channels.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Manage your IDs and
passwords carefully.
Keep informed of the latest
threats and attack methods.
Countermeasures Behaviors
Take care not to lose your PC
or smartphone, or have it
stolen.
22. 22
2. Important routine measures
• Antivirus software
• Updating software
• Strong passwords
• Regular backups
• Knowing the latest threats and attack
methods
23. Antivirus software
23
New computer viruses are discovered every day.
Set your antivirus software to update
automatically!
It is not possible to
protect against
unknown viruses…
The virus definition list
of your antivirus
software needs to be
updated.
24. Updating software
24
• Set the “automatic updates” option!
• Update your OS as well as your applications!
Always use the
latest version!
25. Strong passwords
25
The common password for your HIRODAI
ID and accounts should
– Be at least 8 characters long
– Include numerals, symbols, and both
upper and lowercase letters
– Not be an easy-to-guess character
string
It is dangerous to
repeatedly use the
same password!
26. Use the Cloud for data
storage.
26
Cloud file storage services
OneDrive for Business
You can view and edit data anywhere.
27. Regular backups
27
Make sure to back up regularly in case your PC
malfunctions or gets infected by a virus.
You can use OneDrive for Business (1TB) free of charge
for your data and OS backups.
You can access OneDrive
from the list of Office 365
applications.
28. Knowing the latest threats and
attack methods
28
Make the effort to keep informed about the latest
security threats.
http://www.ipa.go.jp/security/kokokara/study/international.html
29. 29
3. Additional good behaviors
• Use a password management tool.
• Use the Cloud to share data.
• Use multi-factor authentication
• Share information with people you
know
• Report problems immediately
• Other precautions
30. Use a password
management tool
30
• Password management tool (password manager) :
Saving passwords to a management tool, you can use them
from a PC or a smartphone.
– passwords for Web servies
– passwords for encrypting/dencrypting files, etc.
• Important:
– Create a backup of the management tool database.
– Take care to avoid any information leaks!
• A variety of management tools are available.
– Free KeePass Password Safe (Win), Keychain access(Mac
– Charged 1Password, LastPass, etc.
Be sure to
remember the
master password
31. Use Cloud services for sharing
data
31
Virus infections caused by opening a file attachment
are increasingly.
When exchanging files, you may place the file in the
Cloud service and send the link to the file in the
email.
To: Taro Hirodai,
From: Momiji Saijo
I uploaded the created file to ownCloud.
Please check it.
Folder name: Work Folder
File name: 20180401ver1.docx
32. Image of the sharing
32
Only send and share information via email
do not attach files
File temporary storage and sharing services
ownCloud
https://share.hiroshima-u.ac.jp/
Location of data
View data
Download
33. How to use the “ownCloud”
33
<For people without a university
account>
Check “Share with URL.”
Share by sending the URL to the
recipient.
<For people with a university
account>
Share by specifying an account
ownCloud can be used free of charge at Hiroshima
University.
http://www.media.hiroshima-u.ac.jp/services/fileshare
Files are automatically deleted after
one month, so the service is suited only
for temporary file exchanges.
34. Use multi-factor authentication
34
To enhance security, multi-factor authentication
can be used with Office 365 at Hiroshima
University.
When using a smartphone mobile app,
Log in with account@hiroshima-u.ac.jp + password + smartphone
* Authentication is also possible with an SMS or telephone call.
I got hold of an ID
and password! Let
me try and log in
now!
What’s this…?
It’s asking me for
authentication to
log in…
I wonder why.
I’ll refuse.
What the hell?
I can’t log in…
35. Share information with people
you know
35
Actively exchange
information with
family and friends.
Helping the people
around you understand
security will help protect
you all from harm.
36. Take care to avoid information
leaks when using SNS
36
• If you post pictures and messages including the
location of your home or office, your private
information may be leaked to all over the world.
• Be careful of the environment when you post
pictures!
It may contain confidential information about your
workplace or your part-time job employer
When using social
media, take care not to
post inappropriate
content or leak sensitive
information!
UPDATE
37. Take care to avoid loss or theft of
PCs or smartphone
37
• Do not pass or lend the phone to others.
– There are cases of it being stolen and
a remote management tool being
installed.
• Back up and initialize old smartphones
when changing model.
Always encrypt sensitive
information when you carry it
around.
Be careful not to lose or
misplace your devices!
Never leave
your bag
unattended
!
Let's
encrypt
UPDATE
38. Use safe communication
routes.
38
Using public Wi-Fi
networks puts you at risk
of unauthorized access!
Do not exchange sensitive
information on there.
Free Wi-Fi
When connecting from
outside, use encryption such
as a VPN.
https://www.media.hiroshima-
u.ac.jp/services/hinet/vpngw
Image of VPN
You can connect to a VPN using an app.
UPDATE
hotel Wi-Fi
too!
39. The use of File Sharing
Software is prohibited.
39
It is prohibited at Hiroshima
University to use of file
sharing software sharing
files with many and
unspecified people!
.
.
l
l
l
l
l
l
l
l .
UPDATE
40. Sending SPAM
mails from PC
Unauthorized access
Information
leakage
Virus infections
Symptoms that indicate a
security incident
40
I lost my USB memory
device containing
personal information.
My smartphone was
stolen.
My PC was infected
with a virus.
There was
unauthorized entry
into the Server.
UPDATE
41. Promptly reporting security
incidents
41
This handy card lists emergency contacts and
precautions.
The cards are distributed by the Media Center.
Carry one with you, together with
your student/staff ID!
Knowing emergency
contacts at all times
is a useful security
measure .
42. Counter measures and
behaviors
42
Many things have been explained, but
fundamentally,
you can protect yourself against security breaches
by practicing “5 countermeasures” and “5
behaviors”.
5 counter
measures 5 behaviors
43. 5 countermeasures
43
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Make regular backups.
Keep informed of the latest threats and attack methods.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Make regular backups.
Keep informed of the latest threats and attack methods.
44. 5 behaviors
44
Don’t click inadvertently on file attachments or URLs.
Do not install suspicious applications.
Check whether your devices are not used by
unknown third party.
Use only secure communications channels.
Take care not to lose your PC or smartphone,
or have it stolen.
45. Conclusion
45
We are at the end of this online workshop.
After this, you must take a verification test.
16 correct answers out of 20 questions
is a pass.
If you pass the verification test make sure to
• 1st year: Check that your account is working.
• 2nd and later years: Update your account for the
current year
46. Reference documents and
materials
46
• “Top 10 Threats to Information Security 2018,” IPA
https://www.ipa.go.jp/security/vuln/10threats2018.htm
• Trendmicro
http://www.trendmicro.co.jp/jp/security-intelligence/threat-
solution/ransomware/
http://blog.trendmicro.co.jp/archives/13041
Materials
• Human Pictogram2.0
http://pictogram2.com/
• FLAT ICON DESIGN
http://flat-icon-design.com/
• ICOOON MONO
http://icooon-mono.com/
47. 47
Issued in April, 2018
Information Media Center, Hiroshima University
Attribution 4.0 International