Social Engineering: Protecting Yourself on the Campus Network


Published on

Published in: Technology
1 Comment

  • I fell so glad this is here, I get really worried working with computers so much.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Social Engineering: Protecting Yourself on the Campus Network

  1. 1. IT Services Open Forum Social Engineering Forum: Protecting Yourself on the Campus Network April 16, 2009
  2. 2. Agenda <ul><li>What is Social Engineering </li></ul><ul><li>Examples & Risks </li></ul><ul><ul><li>Virus and other malware scams </li></ul></ul><ul><ul><li>Telephone calls </li></ul></ul><ul><ul><li>Unauthorized personnel visits </li></ul></ul><ul><li>What technology is in place to help reduce risks </li></ul><ul><li>How you can avoid being a victim </li></ul><ul><li>What you should do if you are a victim </li></ul><ul><li>Questions and Answers </li></ul>IT Services Open Forum
  3. 3. What is Social Engineering <ul><li>Social engineering is the act of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access. In some cases, the hacker never comes face-to-face with the victim. </li></ul>IT Services Open Forum
  4. 4. What is Social Engineering <ul><li>The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. </li></ul>IT Services Open Forum
  5. 5. What is Social Engineering <ul><li>Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate. </li></ul>IT Services Open Forum
  6. 6. Examples <ul><li>You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it.  The label reads &quot;2005 Financials & Layoff's&quot;. You get a sinking feeling in your stomach and hurry to your desk.  It looks like your associate has good reasons for concern, and you're about to find out for your self. </li></ul><ul><li>What would you do? </li></ul>IT Services Open Forum
  7. 7. Examples <ul><li>Email from help desk asking you for your password </li></ul><ul><li>Email from your bank asking you for your account number </li></ul><ul><li>Email from your email provider (such as Hotmail) asking you to verify your account information </li></ul><ul><li>Phone call from your telephone company asking for your account information </li></ul><ul><li>Floppy disk that is tossed in trash that once contained confidential data (deleted data can be recovered with specialized software) </li></ul>IT Services Open Forum
  8. 8. Virus & Malware Attacks <ul><li>Various past and current examples given in presentation. For examples, contact CIU IT Help Desk. </li></ul>IT Services Open Forum
  9. 9. Risks <ul><li>Violation of data security policies with FERPA, PCI, Federal, etc. which may incur fines, embarrassment, or future business growth consequences. </li></ul><ul><li>Loss of financial resources. </li></ul><ul><li>Compromise of donor information. </li></ul><ul><li>Loss of personal information (anything done personally from your work computer such as online banking, etc.) </li></ul>IT Services Open Forum
  10. 10. What IT has in place to help reduce risks <ul><li>The Help Desk is the first line of defense for all IT related issues. </li></ul><ul><li>Poweruser accounts do not allow viruses to be installed on your local machine. However, it does not prevent email account from being compromise especially if password is given out as a response to the email. </li></ul><ul><li>Password criteria as well as periodic password reset requirements. </li></ul><ul><li>Data breach response plan. </li></ul>IT Services Open Forum
  11. 11. How do you avoid being a victim <ul><li>Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. Also be suspicious of emails requesting an action (such clicking on attachment). </li></ul><ul><ul><li>Do not give/send passwords via email </li></ul></ul><ul><ul><li>Do not give passwords to co-workers or anyone else (especially those you do not know) </li></ul></ul><ul><ul><li>Do not allow anyone from IT to work on your computer or phone unless they are wearing an IT name badge </li></ul></ul><ul><li>Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. </li></ul><ul><li>Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. </li></ul><ul><li>Don't send sensitive information over the Internet before checking a web site's security. </li></ul><ul><li>Shred disks as well as other paper documents that once contained sensitive information. </li></ul><ul><li>Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. </li></ul>IT Services Open Forum
  12. 12. What do you do if you think you are a victim <ul><li>If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including the IT Help Desk (5199). Alert us immediately of any suspicious activity or email. </li></ul><ul><li>If the breach involves a visitor, contact IT as well as Security immediately. </li></ul><ul><li>Reset your password immediately (just the password suspected of being compromised) </li></ul>IT Services Open Forum
  13. 13. Questions and Answers IT Services Open Forum Q: How do you know if your site is secure? A: Look for a small padlock in the lower right corner of your browser window (illustration below) or in the website address box (not on the actual site itself). Also look for HTTPS:// in the website address on secure sites instead of just HTTP://. Q: Do I need to be concerned with a website that does not have a “log out” button? A: Yes, a little. Site’s that do not have a “log out” button may cache (or keep) your account open so that others can view your account by simply opening the web browser. A safe practice is to lock your computer when leaving or to restart your computer to clear the session if a “log out” button is not available.