Security Awareness Presentation Fall 2013
- 1. 2013 Fall CCCS Security Awareness Why does Security Awareness apply to me?
- 2. What is the Top Cause of Organizational Breaches? • • • • External hackers having fun? External organized crime mobs stealing data? Government sponsored hacking? Negligent Insiders?
- 3. I’m an insider, why do I care? • Our customers expect and demand us to treat their Personal Private Information (PPI) with due care. • State law mandates that we do the right thing for our students. National law mandates that we take due care with Payment Card Industry (PCI) data. • Our brand name is build on our constant diligent care and ruined by one careless slip.
- 4. Seven Mistakes we can’t make! • #1 – Choosing poor passwords. • #2 – Allowing sensitive data to be viewed by others. • #3 – Using unknown USB devices. • #4 – Clicking bad links in e-mail. • #5 – Loosing devices with sensitive data. • #6 – Using unknown Wi-Fi. • #7 – Misusing Social Media.
- 5. Poor Passwords • In a large number of physical security audits passwords were found on and around end user workstations. • What to do? Write yourself a reminder of the password, not the password itself. Use a password schema and stick to it.
- 6. Clear screen & clean desk • 71% of office workers say that they have been able to sneak a peek at a workstation in the workplace. • What to do? Lock your computer screen when you step out. Store hard copy Personal Private Information in a cabinet or file folder.
- 7. Unknown USB devices • 35% of users have report having experienced malware or virus infection via a USB device. Attackers will leave infected devices in semipublic areas, sometimes with the company logo and then simply wait. • What to do? Only use USB devices that you own or trust. Ask IT to inspect any suspect USB devices.
- 8. Phishing Attacks • CCCS and other educational organizations are often the target of sophisticated, custom targeted email phishing campaigns. While SPAM filters can help, the human element is critical to stop these attacks. • What to do? CCCS staff will never ask for Credentials via email. Any email asking for login info should be treated as bogus and discarded.
- 9. Lost Devices • Almost 90% of people who find lost smartphones will look through the digital contents for sensitive information. Around 70% of users do not password protect their smartphones. • What to do? Password protect your smartphone. Notify IT as soon as possible if you should loose it.
- 10. Using Unknown Wi-Fi • Less than 20% of users will use a VPN when accessing a public Wi-Fi (Wireless hotspot.) Rogue Wi-Fi “providers” can easily intercept sensitive data and compromise CCCS machines. • What to do? Always use the VPN when accessing offsite guest Wi-Fi services.
- 11. Social Media • As social media norms are changing rapidly, more than 50% of enterprises have seen an increase of malware infections due to employee use of Social Media. Social media can also easily make public things that shouldn’t be disclosed. • What to do? Beware of viral videos that require you to install any application in order to view them. Be mindful of how others will view what you post online. It can be very easy for others to find you and misrepresent your posting.
- 12. CCCS Security Defenses • • • • • Firewalls Malware prevention devices Intrusion detection devices Spam filters System & network vulnerability scanners • Most importantly – YOU! Educated end users are the most important part of a good security posture.
- 13. Questions? • Comments? • Suggestions? • CCCS Security Contacts: cccs.edu/infosec 303-620-HELP (4357) CCCS-ITHelpDesk@cccs.edu