College of Ag Security Initiative

UK Ag Computing Security InitiativeRick HayesAg Communications ServicesDEITCWhy are we doing this?LAWSUITS?Lost/stolen computing devices/data

Hackers and MalwareMust reduce the number of electronic files available

Protect our clienteleAssure them that PII is safe with CES

Acceptable Use PolicyThe UK Acceptable Use Policy contains official guidelines for the responsible use of information technology resources at the University.

The Acceptable Use Policy describes your rights and responsibilities when using and accessing university resources.

Acceptable Use Policy http://www.uky.edu/regs/files/ar/ar10-1.pdf The University provides industry-standard security on University maintained systems. Users are responsible for properly safeguarding the information technology resources under their control, specific to files associated with their computer accounts.3Layered DefenseUpdate SoftwareUse Antivirus SoftwareUse Strong PasswordsSecure your Physical Environment and Encrypt Sensitive DataKeep Wireless Devices SecurePractice Online SafetyBack Up Your DataA layered defense for your computer is similar to the defense you use for your home. Most of us use layers of defense to protect our homes, our belongings, and our loved ones from intruders. We have locked doors and windows, and probably more than one lock on doors. We may additionally have a security door, a dog or an alarm system (or we may use all of these devices). We turn on exterior lights at night. All of these steps discourage a thief from seeing our homes as easy targets.

Similarly, we should use layers of defense to discourage hackers from viewing our computers as easy targets. If you have some (ideally all) of these measures in place (for example, a personal firewall, anti-virus software, an updated operating system, and strong passwords, Encrypted Sensitive Files), you have gone a long way in securing your computer and your data.4Update SoftwareOperating Systems and ApplicationsUpdate Java, Flash, Anti-virusAuto Update WindowsUpdate software on mobile devices tooRestart Computer ? YES!!!

5Firefox AddonsFirefox can check your addons for updatesTools -> Addons -> Plugins -> Check to see if your plugins are up to date

Antivirus SoftwareKeep Forefront up to dateMicrosoft Forefront can be downloaded at http://download.uky.edu

7Antimalware SoftwareFree versions help clean machinesPay versions clean and help prevent infectionMalwarebytes can be downloaded at http://www.malwarebytes.orgSUPERAntispyware can be downloaded at http://www.superantispyware.com

8Concentration on Securing Sensitive DataSocial security numbersYouth dataCredit Card/Financial InfoHome Addresses, DOB

Scanning Tool: Spider scans multiple types of files, but does return false positiveshttp://www2.cit.cornell.edu/security/tools/Should be seen as a tool, not a solution.9Securing PII dataPersonalProfessionalAccount ListAccount numbersPasswordsUser IDsCompany nameFinancial DataQuicken filesTaxesCancelled checksLegal DocumentsBirth certificatesPassportsCredit Card photos

Academic RecordsGradesStudent InformationTranscriptsSSN/PUIDRecommendation lettersAcademic challenge materialsResearch DataNames of childrenSurvey results

10Sensitive Data Locations?My Documents, Ctyfile, and other folders on hard drives/media, Access databasesEmailFoldersSent itemsArchivesDeleted items/TrashBackups on portable mediaFlash drivesServersWhat to doDelete unneeded filesEmpty recycle binPrint and store information then delete source fileConsolidate needed files to minimize locationsEncrypt and/or password protect sensitive filesDont keep inactive old devices aroundWipe old hard drives before reusing hardware or disposal

12

Password GuidelinesDont always use the same passwordDont share your passwordsDont email it to anyone for any reasonUse Strong PasswordsAt least 8 characters longAvoid dictionary words, phrases, quotes, etc.Mix of upper and lower case lettersUse number and non-letter characters

File ProtectionPassword protect/encrypt Office files that contain sensitive information

Can encrypt any file/folder on computerEncrypt sensitive information that HAS to be storedEncryption--The process of converting messages, information, or data into a form unreadable by anyone except the intended recipient.

encryptioncryptcomes from the Greekword kryptos, meaning hidden or secret

About 1900 BC An Egyptian scribe used non-standardhieroglyphs in an inscription. This is the first documented example of written cryptography.So nothing new about encryption!

Automatic EncryptionBitLockerWindows 7Secures entire drive in background

TrueCryptFree open-source disk encryptionwww.truecrypt.org

16What is True CryptFree open-source disk encryption software for Windows, Mac OS XMain Features: Creates a virtual encrypted disk within a file.Encryption is automatic, real-time (on the fly) and transparent.Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.Hidden volume

17Mobile device SecurityLock your laptop when you walk awayPassword protect the loginEncrypt sensitive dataAutomatic Encrypted flash drives are availablePhysically secure with lockLocation Services: find myiPhone(iPad, etc.) also similar products for Android devices(Prey)18Turning on Passcode Lock

Can also set it up to wipe the phone after so many login attempts19Remote device wipe from Outlook Web Access

* If mobile device is stolen/lost, you can wipe it remotely from OWA 20Public WirelessAirportsHotelsCoffee ShopsBookstoresNeighbors Access Point

Use UKs site licensed VPN Client http://download.uky.edu Cisco VPN Client for Windows

21Practice Online SafetyOnly download what you trust, and even then be wary.Limit what you download to your work computerDont accept downloads from strangersWhat else are you getting with the free stuff?Free music and file sharing programs are wide open doors for hackers.

22Send & Receive Secure MessagesEmail AttachmentsEmail SpamSocial Engineering

Phishing Targeted or Spear PhishingA particularly prevalent problem at this point is targeted and spear phishing. Spammers use these types of communications to elicit personal information from email recipients, such as user names and passwords. These emails will look as if they come from a legitimate UK entity or vendor, but with a little training, you will be able to separate phishing from legitimate email very easily.23Latest Phishing Attempts

UK Email Password Expiration

Backup Your DataIts not a matter of IF, its a matter of when.

Cloud based as well as physical offsite backups26Non-technical ProtectionsLock your doorsHide your valuablesMake your device hard to loseAttach to keychainLanyardWhatever helps

Security Info on the webhttps://www.ca.uky.edu/securityhttps://wiki.uky.edu/security/Wiki Pages/Security Awareness.aspxhttps://www.uky.edu/UKIT/security/Questions?