Cultivating security: Easy Steps to Decrease Risk for Small Organizations

491 views

Published on

“Cultivating Security: Easy Steps to Decrease Risk for Small Organizations”
is a MAP Tech It Up a Notch presentation I did November 28. 2012 at MAP for Nonprofits in St. Paul MN

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
491
On SlideShare
0
From Embeds
0
Number of Embeds
253
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Security doesn’t take special skills, special tools, or lots of money.It takes a mindset and consistent tending.
  • Cultivating security: Easy Steps to Decrease Risk for Small Organizations

    1. 1. Tech It Up a NotchCultivating Security:easy steps to decrease risk2012 MAP TechWorks, a program of MAP for Nonprofits
    2. 2. Where did this presentation comefrom?2012 MAP TechWorks, a program of MAP for Nonprofits• MAP TechWorks, a program of MAP for Nonprofits,is devoted to helping nonprofits use technology tounleash mission.• Our "Tech It Up a Notch" series is designed to helpnonprofit staff learn about and discuss technology toincrease knowledge, and help people feel morecomfortable talking about technology together.• Learn more at MAPTechWorks.org
    3. 3. Cultivating SecurityIt’s like cultivating your garden . . .
    4. 4. Agenda.2012 MAP TechWorks, a program of MAP for Nonprofits• Who is Roger Hagedorn?• Background Basics• Five Quick Tips• QuestionsNote: feel free to ask questions at any time. Thissession is for you.
    5. 5. Question:Who is Roger Hagedorn?Network Security CoordinatorSeward Community Co-opCISSPwww.cultivatingsecurity.com2012 MAP TechWorks, a program of MAP for Nonprofits
    6. 6. Preface:We want IT to assist you with your mission and strategicplans, we want it to help you be innovative and successful.But today we’ll talk about "due diligence" levels of security:things that everyone should be doing in order to keep you,your computers, your data, and your organization’s reputationsafe.2012 MAP TechWorks, a program of MAP for Nonprofits
    7. 7. “It takes twenty years tobuild a reputation and fiveminutes to ruin it. If you thinkabout that, you’ll do thingsdifferently.”—Warren Buffett2012 MAP TechWorks, a program of MAP for Nonprofits
    8. 8. BackgroundBasics2012 MAP TechWorks, a program of MAP for Nonprofits
    9. 9. Things that I hope you are currentlydoing:2012 MAP TechWorks, a program of MAP for Nonprofits• An Anti-Malware Solution (regularly updated)
    10. 10. Things that I hope you are currentlydoing:2012 MAP TechWorks, a program of MAP for Nonprofits• An Anti-Malware Solution (regularly updated)• A Firewall Solution
    11. 11. Things that I hope you are currentlydoing:2012 MAP TechWorks, a program of MAP for Nonprofits• An Anti-Malware Solution (regularly updated)• A Firewall Solution• A Backup Solution
    12. 12. “Defense in Depth”Defense in depth is the concept of protecting acomputer network with a series of defensivemechanisms such that if one mechanism fails,another will already be in place to thwart anattack.SANS Institute2012 MAP TechWorks, a program of MAP for Nonprofits
    13. 13. Defensein Depth2012 MAP TechWorks, a program of MAP for Nonprofits
    14. 14. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for NonprofitsI know: everyone’s favorite subjectBut really, it’s our first line of defense in so manysituations.So let’s discuss . . .
    15. 15. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for NonprofitsMust Nots:• Your password must not contain any part of your realname, your e-mail name, or anything based on these.• Your password must not be any single word in anylanguage.• Your password must not be any fact associated withyou: your address, a pet’s name, your birth date,phone number, social security number, driver’slicense number, car license number, etc. Likewise,your password should not be a fact associated withyour spouse/partner or children.
    16. 16. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for NonprofitsMusts:• Your password must be at least eight characterslong. Passwords or pass phrases 10-16 charactersare even better.• Your password must contain characters from at leastthree distinct character classes: uppercase,lowercase, number, non-alphabetic (@#$%, etc.).• You will have to periodically change your password.
    17. 17. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for Nonprofits• Never use the password you’ve picked foryour email account at any online site.• Use different ones for different situations. Avoidusing the same password at multiple Web sites.• But it’s generally safe to re-use the same passwordat sites that do not store sensitive information aboutyou (like a news Web site) provided you don’t usethis same password at sites that are sensitive.
    18. 18. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for NonprofitsConsider using a passphrase:1 ―Iw20yat/SPttbtp/thbgiaoos/btagtras.‖2 ―HwmyrsmtBeyuclhm?‖3 ―Brown T3L3phone nickel s@ndwich‖4 R3@dy4 [gmail, shopping, surf!]You can, of course, create your own phrase. Forexample, "My sister Peg is 24 years old‖ can become―MsPi24yo."
    19. 19. Tip 1: Passwords2012 MAP TechWorks, a program of MAP for NonprofitsConsider using a password vault.It stores all of your passwords in an encryptedformat and allows you to use just one master passwordto access all of them. It will also automatically fill informs on Web pages, and you can even get versionsthat allow you to take your password list with you onyour PDA, phone or USB thumb drive.• KeePass• Password Safe• LastPass• 1Password
    20. 20. Tip 2: Keep Your Devices Up-to-Date2012 MAP TechWorks, a program of MAP for Nonprofits• Operating Systems: turn on Windows update• Applications.There are now tools that can help:Secunia Personal Software InspectorFileHippo.com’s Update Checker• Uninstall unused applications
    21. 21. Tip 3: Use a Better Browser2012 MAP TechWorks, a program of MAP for Nonprofits• Avoid Internet Explorer if at all possible• Use Google’s Chrome• Mozilla’s Firefox is pretty good too• Keep your browser up-to-date
    22. 22. Tip 4: Safe Email / Web Surfing Habits.2012 MAP TechWorks, a program of MAP for Nonprofits• Links in email: don’t click if you don’t know thesender, or if you didn’t expect the message• The same goes for attachments inemail: don’t open if you don’t know
    23. 23. Tip 4: Safe Email / Web Surfing Habits.2012 MAP TechWorks, a program of MAP for NonprofitsDon’t Fall for Phishing ExpeditionsPhishing: when hackers impersonate a business totrick you into giving out your personal information.Dont reply to email, text, or pop-up messages that askfor your personal or financial information.Don’t click on links within them either – even if themessage seems to be from an organization you trust. Itisn’t. Legitimate businesses don’t ask you to sendsensitive information through insecure channels.
    24. 24. Tip 4: Safe Email / Web Surfing Habits.2012 MAP TechWorks, a program of MAP for Nonprofits• Don’t Fall for Phishing ExpeditionsThis topic demands more focus than we can give ithere. SonicWALL, the firewall company, has a greatonline test to see if you can be tricked. Check it outhere:http://www.sonicwall.com/furl/phishing/
    25. 25. Tip 5: Use Admin Privileges Carefully2012 MAP TechWorks, a program of MAP for NonprofitsThere are several kinds of user accounts for mostsystems:• Guest (disable)• User• Administrator
    26. 26. Tip 5: Use Admin Privileges Carefully2012 MAP TechWorks, a program of MAP for NonprofitsOnly computer administrators should useadministrative accounts . . . and use them only whenadministering computers.Administrator – disabled (too easy to guess)Guest – disabledRDHadmin – my own administrative accountRoger – the non-administrative account I use for most thingsOn my personal computer:
    27. 27. There You Have it: 5 Tips toCultivate Security2012 MAP TechWorks, a program of MAP for Nonprofits• Better Passwords• Keep Devices Up-to-date• Use a Better Browser• Email / Websurfing Safety• Use Admin Privileges Carefully
    28. 28. Thank You!2012 MAP TechWorks, a program of MAP for Nonprofits
    29. 29. Any Questions or Comments?2012 MAP TechWorks, a program of MAP for Nonprofitsroger.hagedorn@gmail.comwww.cultivatingsecurity.com10 Easy—and completely Free—Steps ToKeep You and Your Computer Safe Online:http://cultivatingsecurity.com/2012/08/11/10-easy-and-completely-free-steps-to-keep-you-and-your-computer-safe-online/

    ×