Tools and Best Practices

THREAT PROTECTION

INTRODUCTION

The greatest threat to our digital security is assuming that the following is true:

• “Someone” else is looking out for me.

• “They” have my best interests in mind.

• “No one” would do that, it’s unethical.

• It won’t happen to me.

• It doesn’t matter if I have a virus because all I do is surf the internet.

OBJECTIVES

To gain a basic understanding of the following topics: Threat Types Threat Vectors (sources) Virus Protection The Unknown Malware Reporting Windows Updates BYOD recommended policies

MALWARE

Trojans allow the enemy inside your computer by opening a backdoor.

Viruses are self replicating and spread throughout your files.

Worms propagate themselves thru your local area network to infect and control.

Downloaders invite all of their buddies into your computer.

Spyware is software that steals your information and sends it out of your computer.

PUP – Potentially unwanted program

Internet (web)

Social Networking

Scare Tactics

Email

Media

Network

Threat Vectors

EMAIL - YOU SHOULD KEEP SOME THINGS PRIVATE

• Don’t give out your email address too quickly.

• Create a 2nd Junk account for your junk correspondence that must have a valid address.

• Use a bogus account or fictitious information first.

• Don’t check your personal email at work.

• Don’t check your work email at home.

FREE IS NOT REALLY FREE

• What does “Free” mean?

• What is your privacy worth?

• What is access to your PC worth?

• Free versions are obviously something less than “Paid For” versions!

• Read the EULA. Most “free” products are not be free for “Government” or “Commercial” use.

REAL-TIME ANTIVIRUS PROTECTION

You

Your Computer

Network

The Internet

Never install more than one “Real-Time” Antivirus protection product

STANDALONE PROTECTION

Get a second opinion - Freestanding programs (not to be confused with free programs) are available that can provide you with a second opinion of your malware status. They do not normally have “Real-time” modules. If they do, they are designed to co-exist with existing antivirus products. Note: Some of these products can’t legally be used for free on Government computers. Not even for a one time check.

• Malwarebytes• Spybot• Online scans at various vendors• Clamwin antivirus (do not install resident)

SCHEDULED SCANS

Scan Weekly or Monthly depending on surfing habits

Schedule for a time when PC is turned on

THE “UNKNOWN”

Infection

Discovery and

Definitions

Update Distribution

Protected

CreationDistribution

SECURITY INCIDENT INDICATORSSigns that your computers security may have been compromised

• The PC crashes unexpectedly without clear reason

• New user accounts appear

• Unexplained poor performance

• Unusually high virus detection rate within the PC or office

• Browser redirects or browser crashes

• New files or folders with strange names appear

• Unexpected User Account Control (UAC) prompts

• Unexpected/Uncontrolled cursor or keyboard activity

• Inability to run protection programs like MWB or AVG

REPORTING RESPONSIBILITIES

• Individual office personnel must report suspicious activity or they put the whole office at risk.

• It’s everyone’s responsibility to insure the security and integrity of office data.

• Government and Corporate offices are incorporating network monitoring systems to track data transfers and internet usage.

WINDOWS UPDATESWindows updates provide security patches and performance fixes as well as “bug” fixes and “Service Packs”.

Service packs (come from windows update) are MAJOR operating system upgrades and should only be done after backing up your data and when you have plenty of time for it to finish.

Do not perform windows updates just prior to any major work project like payroll, year-end processes, or budget.

Windows Updates – Windows updates comes in 2 forms, Automatic and Manual (optional) and 2 flavors, Windows updates and Microsoft Updates. Most users will install automatic updates routinely because they get reminded by the balloon popup every time they log on or shutdown. Users should periodically perform a manual update by clicking on the windows update link.

The first time there you should sign up for “Microsoft Updates” This will allow updates for other Microsoft products (Word, Excel, etc.) to be installed as well. After signing up for “Microsoft updates”, you should repeatedly come back to this link until it shows 0 (zero) critical updates available. Manual updating should be done every 6 months.

WINDOWS UPDATES VS. MICROSOFT UPDATES

LGC RECOMMENDATIONS AND OFFERINGS

Local Government Corporation recommends 2 forms of protection. An antivirus that provides “Real Time” protection and a malware removal tool.

• Your office may purchase AVG antivirus from LGC. After the initial sale, we can include the AVG product renewal costs in with your annual hardware support cost on contracted computers. For non-contracted computers we can provide renewals on demand at a cost.

• LGC also offers “Malwarebytes Antimalware”. It comes quoted automatically with any new PC and we can sell a copy to any existing user. MWB is a one time purchase per computer and is not transferrable.

BYOD – BRING YOUR OWN DEVICENOTEBOOKS, TABLETS, AND SMART PHONES.

• Tablets and smart phones typically have minimal antivirus protection if any at all.

• The device “Belongs” to the user. Accessing it to check its security may not be possible.

• Security can be compromised by “Apps” that gain access with the users’ permission.

• May not get “patches” when a security flaw has been discovered.

• Portable equates to easily lost, damaged, or stolen.

• Email encryption may require a purchase of software (touchdown, PGP, etc.).

• Wi-Fi hotspots are notorious for being used to hack smartphones laptops and tablets.

• There may be no way to clean wipe a device if returning it for repair. Main drive/storage is normally non-removable.

• Your data WILL leave your office and go home with your employees.

THE CONSENSUS

According to ESET's survey results, most BYOD devices are not well protected. Encryption of company data is occurring on only one-third of BYOD phones, tablets, and PCs. Auto-locking with password protection is enabled by less than half of all notebook users, less than one-third of smartphone users, and one-tenth of all tablet users.

Many would argue that if users are buying their own devices, there's no reason why they shouldn't be able to download any app they want. However, according to security software vendors such as Symantec and Kaspersky, incidents of mobile malware are skyrocketing, especially on Android OS. Users have been known to download fraudulent apps masquerading as legitimate ones, which are laden with malware. Trojans embedded into SMS messages are also an emerging threat.

REVIEW QUESTIONS

1. True / False – Installing more than one real-time antivirus at a time can break your computer.

2. Pick the correct statement

a: Weekly/Monthly antivirus scan is recommended.

b: You never need to scan your hard drive.

c: Scanning annually is the only requirement.

3. The common threat types include:

a: bogus, hoax, malware, Trojans, and spyware

b. rogue, malware, virus, spystuff and uploaders

c: malware, viruses, Trojans, spyware, and downloaders

REVIEW QUESTIONS CONTINUED

4. Common places to acquire a malware include:

a. subways, coffee shops, email, and internet cafes.

b. internet, social networking, scare tactics, email, and media

c. jail, prison, detention, my neighbors house, and the hospital

5. True / False . Unknown malware can’t hurt your computer because your antivirus does not recognize it.

6. Who should report unusual computer behavior?

REVIEW QUESTIONS CONTINUED

7. Operating system updates comes in 2 forms and 2 flavors. What are they?

a. Reverse, Forward, Chocolate, and Vanilla.

b. Automatic, Manual, Windows updates, and Microsoft updates.

c. Update, Uninstall, Windows updates, Microsoft updates.

8. BYOD means

a. Bright Yellow Orange Ducks

b. Bring Your Own Date

c. Be Young Once Daily

d. Bring Your Own Device

9. True / False – BYOD policies vary office to office You should consult your supervisor.

LOCAL GOVERNMENT CORPORATION

Thank You for Attending

Threat Protectionat

Local Government Corporations

Resource 2014