Upload
itecksolutionsllc
View
336
Download
1
Embed Size (px)
Citation preview
Are You Security Aware?
Common practices to increase security awareness and protect your information and computers
Chris Duncan, ITeck Solutions
Security breaches are on the rise . . .
Security breaches are on the rise . . .
even in firms that have ample resources to prevent them.
Unfortunately, today’s antivirus programs alone can’t stop these attacks.
Fishing Phishing is the practice of gaining information or access under the guise of something else.
A few common methods for tricking users into giving access to their information or allowing dangerous programs to install:
Updates you didn’t request to install
Links to Dropbox or other file sharing programs
Updates you didn’t request to install
Links to Dropbox or other file sharing programs
Emails with an invoice saying you purchased something
Updates you didn’t request to install
Links to Dropbox or other file sharing programs
Emails with an invoice saying you purchased something
Emails from the bank or IRS saying you owe or should receive money
Updates you didn’t request to install
Links to Dropbox or other file sharing programs
Emails with an invoice saying you purchased something
Emails from the bank or IRS saying you owe or should receive money
Emails from FedEx or UPS saying a package is arriving or has shipped
Updates you didn’t request to install
Links to Dropbox or other file sharing programs
Emails with an invoice saying you purchased something
Emails from the bank or IRS saying you owe or should receive money
Emails from FedEx or UPS saying a package is arriving or has shipped
Emails saying you have a fax or message
Updates you didn’t request to install
Even well know websites can be compromised with false
ads that are infected.
The only sure line of prevention is common sense and vigilance.
If the email pertains to something you didn’t do, buy, ship or ask for, don’t open it.
If you are not expecting a fax or voice mail message via email, don’t open it.
No bank or government agency will communicate urgent matters via email.
No legitimate institution will ever ask you for private information via email.
Sometimes the display name you see in an email or the sentence that is a hot link might not actually go to the
correct email address or link destination implied.
If you see a URL or link in an email or website, first put your mouse over it and look in the bottom left corner of the window to see it’s true destination.
Read URL’s in their entirety and look for any typos or peculiar endings. For example: www.amazone.com.ru where amazon is misspelled or a country code is at
the end.
When reading a subject line or email, look for phrasing or language that doesn’t fit or seem right.
At the moment, smart phones and Apple and Google tablets are safe places to open any suspicious emails or links.
If you suspect anything, use your phone or tablet to open the message or website. This will prevent viruses, but do
not provide any personal information.
When suspicious, manually create and address an email in reply to something or manually type the
address of the site you want to go to rather clicking on a link within an email.
When in doubt, delete.
When sending emails out with any confidential or personal information, use an encryption program to
protect your information.
If you connect your computer to a public WiFi
service . . .
If you connect your computer to a public WiFi
service . . .
you are vulnerable to anyone and everyone else on that network.
You are more secure using a cellular hotspot.
Protecting private information is not just about securing your computer.
Be aware of your surroundings, including what people can see on your computer screen and what
you talk about.
Thumb drives are virus vectors. Be overly cautious when accepting them from other persons.
Data never truly deletes. Do not give away thumb
drives or hardware that had Personally Identifiable
Information on it.
Erase all information from cell phones before
trading them in.
Change your passwords every 45 - 90 days using a “complex” password.
Passwords must not contain your entire account name, or your full name.
To increase security, passwords should contain characters from three of the
following five categories:
1Uppercase Characters
of European languages
(A through Z, with diacritic marks, Greek and Cyrillic
characters)
2Lowercase Characters
of European languages
(a through z, sharp-s, with diacritic marks, Greek and
Cyrillic characters)
3
Base 10 Digits
(0 - 9)
4Non-Alphanumeric
Characters
(~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
5Any Unicode character that is categorized as an alphabetic
character but is not uppercase or lowercase. This includes Unicode characters
from Asian languages.
Think outside the box when creating your password.
We know you love them, but try not to use the names of spouse, children or pets when creating your password.
And don’t just change the last number of your old password!
Congratulations on becoming more security aware!
Want to find out more about securing your company, personnel and personal information?
Contact us to discuss your IT and data security needs:Phone: 1-866-483-2544
Email: [email protected]