Q3 2016

C-Level Series:

Travel Cyber-Safe

• Overview

• The Cyber Threat is Real

• Before: Prepare Before You Leave

• During: Use Simple Security Methods While You Travel

• After: Clean up and Recover When You Return

• Special Precautions for Travel Abroad

• Summary

• Resources

Content

Overview

LP3

Security for All Domains

• LP3 is a multi-tiered organization of divisions and companies (gold borders)

• ARCSAFE LLC helps to protect children in schools with the support of major

partners such as: Raytheon, Citrix, Brocade, Switch, Oracle, ViaSat, DirectTV,

Facebook, Twitter, NFL, UCSD, SDSU, Georgia Tech, etc.

• Protecting Tomorrow is a non-profit helping to protect students, women on-line,

SMBs, emergency response services, veterans and emerging technologies

LP3 Corporate Structure

00 LP3-Corporate

(LLC)

10 LP3-Gov

(LLC)20 LP3-

SecurIT (LLC)

30 LP3-SWS

(Div)

40 LP3-

Enginnovation (Div)

50 LP3-

Eye-On (LLC)

60 LP3-

Racing (Div)

71 ARCSAFE

(LLC)

72 Protecting

Tomorrow (501.c.3)

01 LP3-Central

Services (Div)

Scott Lawler – CEO

Rusty Sailors – President / CTO

• Government: We drive security for small government programs and for some

of the largest programs in which we are protecting the largest repositories in

the world and providing the security architecture for the largest desktop

deployment in history ($10.4B)

• Industry: We’re involved in shaping cyber security by helping to write CISSP

and HICSPP and shape the NIST Cyber Security Framework for the President

– we serve SMBs and very large corporations (LP3-HEAT & V-CISO)

• Academia: We have a company just to help protect kids in schools. We’re

involved in every University in SD and with George Mason back East to help

shape new technology and develop the next generation of cyber security

engineers. On the board of a new UCSD Center developing innovation in IoT.

• Community: Through the non-profit Protecting Tomorow, we help develop

secured innovation in very small and medium sized companies to help them

secure the future – we help protect women on line and students in schools

Overview: LP3 – Security for All Domains

Overview

Protecting Tomorrow

‘By Taking Action Today!’

Protecting Tomorrow Mission Statement

“Protecting Tomorrow will help to protect our

nation’s future by protecting Tomorrow’s

Generations, Tomorrow’s Communities and

Tomorrow’s Technologies and do so by providing

a means for people to pursue their passion,

improve themselves and serve others.”

Generations

TechnologiesCommunities

Charter – Support 3 Areas

• We focus our efforts in three

specific areas of our communities

and our nation that are affected by

cyber and security

Visit: www.ProtectingTomorrow.org

• Protecting Tomorrow’s Generations

• Protecting Tomorrow’s Communities

• Protecting Tomorrow’s Technologies

Protecting Tomorrow – Nutshell

• Protecting Tomorrow helps protect students who are potentially endangered

on school campuses

• We help educate students better, with valuable and relevant skills that will

help them protect America tomorrow

• We help protect our communities by: protecting women on line; protecting

SMBs… the backbone of the American economy; protecting those who

protect us, emergency services organizations; and we will help veterans

transition from the military to solid civilian careers in our communities

• We protect our nation’s strength in technology by driving security into

innovation from “I-2-I”

• Protecting Tomorrow is focused on these areas by taking action today to help

protect and defend our nation’s future – our tomorrow

Today’s Speaker: Rusty Sailors

ILO/TLO Battalion Chief

Spec Ops (Ret’d)

Executive

Board

Gordon Fellow

CAP BoardPresident / CTO

Chairman / CEO

DHS Guidance for Cyber-Safe Travel

• Before you go:

• Update your mobile software to improve defense against malware

• Back up your information with another device or cloud service

• Keep your device locked, even if you step away for just a few minutes

• While you are there:

• Disable auto-connecting and Bluetooth so that your device does not seek a wireless network

• Think before you connect, and do not conduct sensitive activities or communicate private information on public networks

• Think before you click, and use caution when downloading unknown links

• Guard your mobile devices, including USB and external storage devices, and never leave them unattended. If it is necessary to leave them in your hotel, be sure they are locked

• Three common threats while traveling

• Unsecured wireless networks

• Publicly accessible computers

• Physical theft of devices

Pay attention – the threat is real

Travel Cyber-Safe: The Threat is Real

Hackers are getting more

Sophisticated… and more Effective!

“Stay secure my friends!”

• Cyber Security is a necessity at home, in your

business or while traveling – you have to solve

it as one

• Hackers run successful international enterprises,

stealing and selling our data

• They benefit from your lack of attention to cyber

security and poor protection while you’re in

public or traveling – the statistics say it’s working

for them – and not for us

• They train to hack you for a living – that’s all

they do and they’re very good at it

• You focus on making it to your destination and

not on cyber security - they win

Before You Even Leave – Real World

• Customer books a hotel and flight on one of the many popular travel sites for

six weeks time. To book, the customer must enter an email address and

password, put in some personal details (address) and contact details, then

pay using a credit card.

• What happens next may be a little surprising. Some travel sites send you a

welcome email

• But the problem is not over yet. As a result of the booking, the travel web site

sends the customer confirmation of the booking and itinerary in an email. In

clear and – worse – some actually put your password in it.

• As a criminal, I now have your email address, your telephone number and

know when you will be away from home. But I need your address. Well, I can

reset your travel web site password (I have access to your email, don’t

forget) and get your password – and then log in and get your address.

https://www.tnooz.com/article/cyber-crime-travel-overview

Hacking in Public

• Many simple methods are used to steal your

data while you’re in public:

• Compromised “Free WIFI”

• Shoulder Surfing

• Electronic Eavesdropping

• Proximity Credit Card Reading

• Proximity Phone Clone

• And a cast of many more!

Do you like pineapple juice?

The “Pineapple” WIFI Hack

So, What should you do then? Suggestions for moving forward.

Traveling Cyber-Safe: Solutions

Traveling Cyber-Safe?

Prepare ahead of time – always better

Travel Cyber- Safe: Before Your Travel

Reduce and Focus – Prepare Your Tech

Before: Your Travel

• Reduce and focus - carefully choose the devices and data you carry with you

• Back up data and contacts, etc. (set up air gap approach that cannot be

reached if someone else finds / steals your device)

• Update all apps

• Update operating system

• Update patches

• Update security DBs

• Notify your credit card companies where you will be traveling - other charges

could be bogus and they will be aware

• Consider using a highly respected and secure travel company like American

Express vs a foreign company or Ma / Pa shop with poor cyber hygiene

Teenage Girl Preparing to Travel with Tech

Before: Your Travel

• Loaner equipment / devices

• Pre-purchase respected data plans

• Configure cell phone as hot spot or purchase external device

• Set up device locks and screen locks

• Purchase a screen blocker / privacy screen for laptop

• Install two factor authentication where possible - if someone steals your device, they don't have the other factor

• Anonymize your personal information as much as possible so you don't lose identify information when connecting on travel

• Set up "Find my Phone" feature - losing your phone while on travel can be pretty tough

• REMOVE SENSITIVE DATA

Simple things you can do to stay cyber-safe while you’re on the road

Travel Cyber- Safe: During Your Travel

During: Your Travel

• Keep devices in close proximity and under tight physical security -

• don't put valuable IT in checked baggage

• keep with you in hotels, airports, restaurants, etc. (wait staff could be intentional distractions)

• Turn off auto-connect wireless

• Turn off Bluetooth and only turn on when you actually need it - set it to private connections

• Use secure wireless

• Use secure data plans

• Use screen blocker / privacy screen

• Cover your PIN entries

Be Intentional – Be Cyber-Secure

• Use two factor whenever possible

• Be careful what you expose on social media

• Think carefully when using any digital connection while traveling including WIFI

• Be very careful about new links to use that might appear to be from the train / boat / travel company - very easy to be tricked on this

• Same holds for a phone call "from the hotel you were just at" asking for credit card information to clear out some remaining charges

• Don't use publicly accessible computers - they could record your keystrokes and infect any USB you insert

• If at a conference, or on a well-schedule sightseeing vacation, thieves can easily discover when you won't be in your hotel or cabin.

How is Your Cyber Hygiene?

• Does your family have access to your BYOD equipment?

• Are they accessing your devices while you’re on travel – with or without you?

Yesterday Today

Pack it in, pack it out – clean out the trash and put things back in order

Travel Cyber- Safe: After Your Travel

After: Your Travel

• Return your devices and settings to the original configuration

• Scrub all devices and memory accessed during travel

• Clear roaming /browsing history, cookies, etc.

• Return loaners if applicable

• Turn on all features disabled during travel

Clean, Restore, Update

• Update all apps

• Update operating systems

• Update patches

• Update security DBs

• Monitor activities and accounts - respond quickly if you see anything

abnormal

• Change your access credentials

• Get some sleep

There are more challenges when you leave the country – be aware and be prepared

Travel Cyber- Safe: Travel Abroad

Cyber-Safe Travel: Abroad

• Foreign laws and regulations

• Social media

• Use of Encryption and even VPNs

• Accessing forbidden web-sites by using advanced technology can lead to

criminal charges

• Difference in morals and privacy expectations (both ways)

• Carefully consider the legality of reading materials, videos, songs and other

media when you enter countries with strong restrictions

• a risque novel might be consider as pornography in some countries.

• Illegally downloaded songs or movies might result in strong fines or

criminal charges.

Cyber-Safe Travel: Abroad (Cont’d)

• Hotels, rental cars, restaurants, phones and taxis might have

electronic, video and audio monitoring

• Maintain tight physical security

• Use straps

• Don’t get distracted, stressed or look away – even for an instant

• Encrypt your hard drive and USB if you must use one

• Pre-purchase International Data Plans

• Change passwords to travel passwords which are different that those you

use in the US

What messages should I walk away with?

Summary

Summary

• The cyber threat is real – it’s even stronger while you travel

• Before: Prepare ahead of time

• While: Use simple security methods while you’re on the road

• After: Clean and recover when you come back

• Take special precautions when you travel abroad

• The future holds even more challenges – do something now!

• We have resources for you – just ask

• Stay secure my friends!

From the LP3 family of companies and divisions!

Thank you!

Hyperlinks to sites with very valuable information for Cyber-Safe Travel

Helpful Information

Here are some excellent resources to leverage for travel:

• DHS Cybersecurity While Traveling Tip Card:https://www.dhs.gov/sites/default/files/publications/Cybersecurity%20While%20Traveling_7.pdf

• FCC Cyber Security Tips for International Travelers:https://www.fcc.gov/consumers/guides/cybersecurity-tips-international-travelers

• NDSU: Cyber Security Tips for Traveling Abroadhttps://www.ndsu.edu/its/security/traveling_abroad_with_electronic_devices/

• Canada: Cyber Security While Travelinghttps://travel.gc.ca/travelling/health-safety/cyber-safe

• Travel+Leisure Should I be Concerned About Cybersecurity While Traveling?http://www.travelandleisure.com/articles/should-i-be-worried-about-cybersecurity-while-traveling

Valuable Cyber Security Travel Resources

Here are more excellent resources to leverage for travel:

• Assurex Global Cybersecurity While Traveling:http://www.rhsb.com/wp-content/uploads/LIFARS-QA-Cyber-Security-web.pdf

• PassporthealthUSA How Can I Stay Cybersecure While Traveling?:https://www.passporthealthusa.com/2015/01/how-can-i-stay-cyber-secure-while-traveling/

• Visit www.dhs.gov/stopthinkconnect for more information. A best practice that is often overlooked, and is also absent from the government fact card, is to set up dual-layer authentication on your most important accounts. These include e-mail, Dropbox, and Facebook accounts among many others as more and more sites are accepting two-factor authentication.

• ABC News: Targeting Traveling Executives Through Hotel WIFI:http://abcnews.go.com/Technology/cyber-crime-gang-targets-travelling-executives-hotel-wi/story?id=26806725

• TNOOZ on Cyber-Crime and Travel: https://www.tnooz.com/article/cyber-crime-travel-overview

Valuable Cyber Security Travel Resources

Pineapple Options