Computer security and best practices

Computer security and best practices

Computer Security and what you can do about it Vadim Droznin a geek - not a professional speaker! [email protected] Dont let this happen to you! Introduction Discuss best computer and mobile device related practices to protecting you and your office information You

will be able to make a knowledgeable decision about combating potential threats on the Internet and make better decisions related to IT INDEX has been building web sites and online courses that are Outline Best practice to protect Internet of Everything Viruses Intrusion prevention Passwords Backup

Encryption Cloud IT outsourcing vs in-house MASS PI Law Regulation 201 CMR 17 HIPAA compliance Danger, Will Robinson, Danger! Computer Viruses programs that can infect a computer without permission or knowledge of the user Spread over Internet, Networks, E-Mails, Social Networks, and Instant messages. Viruses will spread to other computers and potentially cause data loss. Malware (malicious software) a program that infects and damages the computer/mobile device (most rootkits, some

viruses, trojan horses, worms). Ransomware Malware that encrypts a computer or files and blocks access until ransom is paid. Spyware a program that intercepts and takes partial control over the computer or mobile device monitoring interaction and capture key strokes. Types of Antivirus/Antispyware Sophos, etc. Symantec, IObit, McAfee,

Avira, Avast and AVG offer free basic versions Ability to update and monitor. Scan whole computer weekly Anti-Spyware: Webroot, CounterSpy, etc. MalwareBytes and SuperAntispyware have free versions Viruses that disguise themselves Antivirus 2018/2017/2016/2015 and Antivirus XP/7/8/10

any year are actually viruses. Never click on a pop up about your computer being infected when surfing If infected, press and hold the power button 5 Anti-SPAM / PHISHING Use internet e-mail sites that offer SPAM scanning (Google, Outlook.com, Yahoo! etc.)

Free Anti-SPAM version exists for Outlook, Outlook Express, Apple and other versions PHISHING - When e-mail or Internet link takes user to a site that masquerades as a real site (can also be done via a server) Spear Phishing Targeted attack Examples of PHISHING E-Mails Site

- CEO email fraud CFO or person responsible for payments at the company receives and email from what looks like their companys CEO that requests a money wire transfer. In some cases email addresses were spoofed in others CEOs email account was used to send emails. Started in October of 2013 Over 12,000 businesses World Wide affected Business email compromise schemes netted over one billion dollars in 2015

Average scheme is $120,000 and as high SMS Spoofing and Vishing SMS Spoofing Impersonating companies and people If fraudster is successful at impersonating an individual, there may be charges to innocent individual iTunes weak password hijack Vishing - disclosing confidential and sensitive information such as personal finances to a scammer Used to get Credit Card or Medical Information

Firewall, Passwords, Wireless, etc. Never hook your computer up to Internet without a firewall. It takes less then 20 minutes to get hacked (cracked) or infected Wireless must have WPA2 enabled minimum 14 characters long passphrase. Cisco (Meraki) and others offer real wireless security solution Wi-Fi Protected Setup (WPS) is vulnerable and should be disabled

User account passwords on the computer and Internet sites passwords must be at least 15 characters long combination of Caps, small letters, numbers, and special characters Example - *[email protected]@r! Password Helpers LastPass is one of the best utilities to manage your passwords. It is free for Macs and PCs and Premium version ($24/year) works on Mobile Devices KeyPass is open source has a great offline mode and can be synced securely across dropbox accounts 1Password known for notes that you

want to keep private, a digital wallet for bank accounts and payment info, and a password "recipe" builder that lets you customize your passwords Operating Systems Pros and cons Windows is still most popular Operating System Windows Vista/7/8/ replaced by Windows 10 as of 2015. Windows OS are more secure now. Come with built in Windows Defender and better security. Win OS are still prone to security flaws hence critical updates every week.

Apple Still most secure, but more and more programs are written to infect Mac OS. Install latest updates to make sure you are secured. Hardware can dual boot into both Apple and Windows OS. Phones and Internet of Everything Phones have become more then a phone mobile computers. Use a password to unlock the phone Purchase Antivirus (AVG Free) with Android based phone. In the foreseeable future, be very careful when installing Apps on the Android. iPhone has a much smaller chance of getting infected and downloading a

malware/spyware based app. Window Phones require small learning curve for people used to Windows interface Most new devices have access to Mobile Apps Android, iPhone and iPad application markets are continuing to grow. There are over 2 million Apps in Apple store, 2.5 million in Google Play, and around 700,000 for Windows Phone Store. Apps are now used for learning, money saving and productivity. It is extremely important when deciding on developing a mobile App to start development with Accessibility in mind. It is much harder to change

the App later. Encryption Encryption uses an algorithm to encode the devices, files, or information You should be encrypting any business related information on all devices that are taken outside the office Laptops, Mobile Devices, Thumb drive, etc. When creating a web site that requires a login, an SSL encryption should be implemented Secure Socket Layer encrypts the data over the Internet between server and client Backup You

can never have enough backups Redundancy is not a backup, but can be used for a quick restore Examples of redundancy External Drive plugged into USB, Thumb Drive, DropBox, OneDrive, Google Drive, etc. Backup Continues What should I NOT be using as a media backup (DVDs, External

Drive, Dropbox) Best Offsite backups (online backups) provide encryption Carbonite - $6/month unlimited size. Mozy - $5.95/month unlimited size. iDrive offers 5 GB of free cloud backup and $6.95/month for 5TB of space. Backblaze - $50/year unlimited size. Ransomware Malware Cryptolocker, CryptoWall and others are examples of Ransomware Free versions of Google Drive, OneDrive, and Dropbox are prone to

Ranswomware attacks and can not be considered backups. You need an offsite backup that stores files for a minimum of 30 days so you can restore unlocked versions. Cloud Pros Minimizes IT support. Allows Pay as you go Does not require dedicated on-site location 24/7 uptime not tied to your office

Internet Scalable Cons Requires higher level of security (prone to attack) Some of the Applications can not be used, example HIPAA compliance If part of Internet goes down Cloud Servers may not be reachable Cloud tools for NonProfits Office365.com

Free for non-profits if qualified. Up to 50 Gigabyte mailbox per user, and 1 TB OneDrive business version per user up to 300 users. Google Apps - Free for non-profits if qualified. 30 Gigabyte mailbox and Google drive size per user. Both offer and should be used with second layer authentication Information Technology Outsourcing

Cost Efficient if used in pay as required Support 24/7 Some of the support may be remote No sick/holiday/vacati on time, though usually higher rate during off- In-House Cost efficient if subsidized by grant A dedicated

person that is on site during business hours Person grows with office and understands technology needs better Online Training http://wiki.cucat.org/ Accessible online IT courses https://www.staysafeonline.org/ Provides great outline and training material for all ages Personal Information The

following information related to any Massachusetts resident is considered to be Personal Information (PI): Name (First initial/name and last name) And one of the following: Social Security Number Drivers License Number Financial Account Number (ex. Credit Card, Debit Card) Other Access Code Related to Persons Financial Information MASS Personal Information Law Standards for the Protection of Personal Information of

Residents of the Commonwealth Effective 3/1/10 Safeguard personal information (PI), both paper and electronic Insure security and confidentiality are consistent with industry standards Protect against anticipated threats Protect against unauthorized access Establishes minimum standards to be met in connection with the safeguarding of personal information (PI) contained in both paper and electronic records

Up to $50,000 per improper disposal and maximum of $5,000 per violation Above penalties don't include lost business, dealing Written Information Security Plan (WISP) Working document that details how your organization will protect the non-public personal information (PI) of both students and staff through administrative, technical, and physical safeguards WISP must address: Paper Files Electronic Information

PI - Paper Files Do not leave files containing PI out and about Lock desks and file cabinets containing PI Store keys related to locked desks/cabinets in safe place If possible, avoid faxing PI If faxing is required, double check # and name of recipient before sending PI - Electronic Information Hardware Your computer Any Computer or mobile device that is portable can not contain PI As an extra security, if using a laptop that contains PI, try not to use wireless at a public location turn off wireless feature

Software Usage on daily bases Any email that may contain PI, must be encrypted Passwords to computers, can not be left out in the open (under mouse pad, keyboard, etc.) Passwords have to meet minimum requirements Data Files Protection of files with PI info Files containing PI should be password protected and never taken off site No text, Instant Message, or social networking If there is a necessity to take files with PI offsite, files Health Insurance Portability and Accountability Act - HIPAA

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. HIPAA applies to PHI (Protected Health Information). This is information that identifies who the healthrelated information belongs to - names, email addresses, phone numbers, medical record numbers, photos, drivers license numbers, etc. If you have something that can identify a person together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected per

HIPAA Applies to Covered Entities and everyone touching PHI Health plans: With certain exceptions, an individual or group plan that provides or pays the cost of medical care. Health care clearinghouses: An entity that either process or facilitates the processing of health information from various organizations. I.e. to reformat or process the data into standard formats. Health care providers: Care, services, or supplies related

to the health of an individual,. The HITECH additions to HIPAA extend HIPAA compliance requirements to all Business Associates of Covered Entities. Further the Omnibus rule requires that all Business Associates of Business Associates to also be compliant Everyone in the chain of companies from the Covered Entitles onward needs to be compliant! Even law firms need to comply with HIPAA where they contact PHI. Note: Individuals (unless they fall into one on of the above categories) do not have to be HIPAA compliant. So, for example, it is OK for a patient to be non-compliant in communicating with his Wrap-up Internet of Everything

Virus/Spyware/Malware/ Adware SPAM/Phishing/Spear Phishing Firewall Wireless Passwords Windows 10/Apple Mobile Devices Encryption/Backup Cloud Hosting IT in-house/outsourced 201 CMR 17

Recently Viewed Presentations

  • Title

    Title

    Equatorward, monopolar E-fields, are found at the PC boundary in the evening LT sector Bipolar E-fields are found at particle boundaries within PS Monopolar fields, if plasma, dense enough to support connecting FACs, exists on one side of the boundary...
  • MINERALI Doc. dr Olga Horvat 2013. godine Magnezijum

    MINERALI Doc. dr Olga Horvat 2013. godine Magnezijum

    Jedini region na svetu gde dolazi do nedostatka selena u organizmu zbog njegovog manjka u ishrani su neki delovi Kine (kardiomiopatija) (Keshan disease) Višak selena je štetan i smatra se da unošenje preko 400 mikrograma dnevno može da izazove trovanje...
  • ELECTROCHEMISTRY Chapter 21 - Roy Bailey

    ELECTROCHEMISTRY Chapter 21 - Roy Bailey

    Salt bridge allows anions and cations to move between electrode compartments. This maintains electrical neutrality. ANODE OXIDATION CATHODE REDUCTION * This is the STANDARD CELL POTENTIAL, Eo Eo is a quantitative measure of the tendency of reactants to proceed to...
  • CH.3 Radio Receiver (Marks ) Visit for more

    CH.3 Radio Receiver (Marks ) Visit for more

    (Tuned Radio Frequency) Radio receiver. TRF receiver is oldest but simple. But it has many drawbacks. ... In the domestic radio receivers RF amplifier is not used for economic reason, however RF amplifier improves quality of receiver output.
  • Name Nina Soloff Affiliation CNWL-Milton Keynes Question/Rationale The

    Name Nina Soloff Affiliation CNWL-Milton Keynes Question/Rationale The

    CV VC CVCV CVC CCVC CVCC CVCVC word / phrase / sentence. Memory strategies. Other: Syllable / onset / rhyme / phoneme pictures - Black Sheep etc. Bricks counters syllables/phoneme visuals plastic letters. Nuffield pictures - C V CV VC...
  • Inventories: Additional Issues I N T E R

    Inventories: Additional Issues I N T E R

    This presentation is under development. ... XX. OR. LOWER . OF COST and . nrv. adjustment. The loss must be expressly disclosed in the financial statements through a disclosure note alone or by also reporting the loss in a separate...
  • POSITIVE ATTITUDE BUILDING - e-library WCL

    POSITIVE ATTITUDE BUILDING - e-library WCL

    Social Learning PROCESS OF LEARNING ATTITUDES FROM OBSERVATION- DIRECT LEARNING One's direct experience with an object or person serves as a powerful source for his or her attitude formation In other words attitudes are formed on the basis of one's...
  • Our Foundation

    Our Foundation

    LCIF at a Glance. Founded in 1968 - official foundation of Lions Clubs International, giving support to clubs. Provides grant funding for large-scale projects