Computers a Necessary Evil: Know the Risks

Introduction

• The importance of information security

• Security Smarts– Computers – Smartphones– Social media– At work

Information Security - Overview

• Information assurance: the measures to avoid compromise to data and systems.

• The three main threats:– Viruses – a program that attaches itself to

other programs and files.– Worms – copy themselves from one computer

to another using a network – Trojan Horses – a software that appears to do

something else

Other Threats

• Phishing – fake email messages and addresses and websites that appear to be legit that are used to obtain sensitive information.

• Evil twins – wireless networks that seem to be legit (airports, hotels, etc.)

• Social engineering – using social skills to convince people you are to be trusted with sensitive information (http://www.trutv.com/video/tiger-team/tiger-team-101-1-of-4.html)

Computer Security

• Virus protection –– Run scans frequently– You get the protection you pay for– Many softwares now have the ability to scan

facebook walls and search results.

• Firewalls - Any barrier that is intended to thwart the spread of a destructive agent.

• You – You have the ability to identify the potential threats and avoid them.

Computer Safety

• Do not open emails from unknown senders

• Do not click on links without verifying the URL – Sometimes the displayed URL is not the same

as the embedded URL (unm.edu)– Before entering information verify you are at

the correct site (that you are at amazon.com not anazon.com)

Smartphone Threats

• Smartphones are vulnerable to the same threats as regular computers, but they are much easier targets. – Apps– Loss or theft– Lack of virus protection– Saved passwords and other personal

information

• 82% have their own smartphone

Top 10 Smartphone Threats

1. Smishing - text messages to trick victims into calling a fake bank or credit card company and divulging his/her account information under the pretext of needing to confirm a purchase or update security settings.

2. War Texting - a hacking technique that sniffs out the codes used to communicate between a smartphone and a car.

3. Wi-Fi Hijacking - some hackers set up free Wi-Fi hotspots in public places such as parks, cafes and airports.

Top 10 Smartphone Threats (cont.)

4. Open Hot Spot - hackers may be able to gain instant access to your connection and your communications using your own created hotspot.

5. Baseband Hacking- intercepting cellular calls

6. Bluetooth Snooping - Using Bluetooth device-pairing default passcodes can give an attacker access to all your messages and contacts.

7. Hidden URLs - shortened URLs are being used to hide malicious sites and software

Top 10 Smartphone Threats (cont.)

8. A Few Bad Apps - Hackers used a Trojan known as Droiddream and hid in it as many as 50 different rogue apps.

9. The One-Minute Attack - smart hacker can attack quickly and get out before the victim is aware anything is wrong

10. Message Forwarding - A weak password enables a hacker to automatically forward all incoming and outgoing emails to him.

http://www.technewsdaily.com/7276-top-10-threats-smartphone.html (October 26, 2012)

Marketing Class Notable Statistics

• 76% have their own computer

• 100% use the internet and social media and have an email addresses– 94% have a facebook account– 24% have an instagram account

• 65% use different passwords for different accounts

• 94% have posted a picture of yourselves

Marketing Class Concerning Statistics

• 18% have posted something they didn’t want their parent or employer to see

• 6% don’t know what privacy settings are• 47% have had their email or social media

account hacked• 24% don’t know the strength of their

password• 12% aren’t aware of security policies at their

place of employment

Social Media

• Use privacy settings

• Share information sparing

• Read privacy/policy updates

• Don’t add apps or add-ons without knowing what information it will access

• Don’t added people you don’t know

• Don’t “like” unverified pages

Facebook Risks

• Fake product/organization/company pages

• Spam

• Applications access account information

• Fake people

• Fake posts – Joe Bob just watch a monkey kick a dog click here.

• Advertisements

Instagram Vulnerability

• “Friendship Vulnerability”– Anyone can add themselves as your friend– Can view photos set as private– Can view profile information

http://www.zdnet.com/instagram-vulnerability-anyone-can-add-you-see-your-photos-7000000757/ (7/12/2012)

• Inappropriate pictures

• Geotagging (location of picture)http://www.campusecho.com/campus/campus-news/instagram-app-

has-risks-1.2905250#.UI6dQIYoo3R (9/19/2012)

Social Media Posting Risks

• College Recruiters, parents, and potential employers look at these sites

• Computer administrators at work, school, or on public computers can access the information

• Application publishers and their affiliates also have the rights to view your content, and post as you

• The promote feature allows your post to be associate with a brand

LAHS 2013 on Facebook

• Type of information I was able to find:– Clubs/activities– Statuses– Places– Pictures– Relationship information (status, date, person, etc.)– Family– “Likes” including: “Having Sex”, “Smoking Weed”,

movie titles, band names, etc.

• Check your privacy settings!!!

At Work

• Security policies are in place to protect data• All companies deal with protected data• Companies may block a site if they deem it

unnecessary or a security risk • Backdoor routes into blocked sites could

cause extreme potential harm to the system• Follow the policies and procedures

Questions

Bonus Questions

What percent use facebook?

Bonus Questions

What is social engineering?

Bonus Questions

What are the three main computer threats?

Bonus Questions

In relationship to other countries in 2011 where did the US rank for Online Virus Threats Detected and what was it percentage? (on handout)

Bonus Questions

What is phishing?