c-level series: travel cyber-safe
TRANSCRIPT
Q3 2016
C-Level Series:
Travel Cyber-Safe
• Overview
• The Cyber Threat is Real
• Before: Prepare Before You Leave
• During: Use Simple Security Methods While You Travel
• After: Clean up and Recover When You Return
• Special Precautions for Travel Abroad
• Summary
• Resources
Content
Overview
LP3
Security for All Domains
• LP3 is a multi-tiered organization of divisions and companies (gold borders)
• ARCSAFE LLC helps to protect children in schools with the support of major
partners such as: Raytheon, Citrix, Brocade, Switch, Oracle, ViaSat, DirectTV,
Facebook, Twitter, NFL, UCSD, SDSU, Georgia Tech, etc.
• Protecting Tomorrow is a non-profit helping to protect students, women on-line,
SMBs, emergency response services, veterans and emerging technologies
LP3 Corporate Structure
00 LP3-Corporate
(LLC)
10 LP3-Gov
(LLC)20 LP3-
SecurIT (LLC)
30 LP3-SWS
(Div)
40 LP3-
Enginnovation (Div)
50 LP3-
Eye-On (LLC)
60 LP3-
Racing (Div)
71 ARCSAFE
(LLC)
72 Protecting
Tomorrow (501.c.3)
01 LP3-Central
Services (Div)
Scott Lawler – CEO
Rusty Sailors – President / CTO
• Government: We drive security for small government programs and for some
of the largest programs in which we are protecting the largest repositories in
the world and providing the security architecture for the largest desktop
deployment in history ($10.4B)
• Industry: We’re involved in shaping cyber security by helping to write CISSP
and HICSPP and shape the NIST Cyber Security Framework for the President
– we serve SMBs and very large corporations (LP3-HEAT & V-CISO)
• Academia: We have a company just to help protect kids in schools. We’re
involved in every University in SD and with George Mason back East to help
shape new technology and develop the next generation of cyber security
engineers. On the board of a new UCSD Center developing innovation in IoT.
• Community: Through the non-profit Protecting Tomorow, we help develop
secured innovation in very small and medium sized companies to help them
secure the future – we help protect women on line and students in schools
Overview: LP3 – Security for All Domains
Overview
Protecting Tomorrow
‘By Taking Action Today!’
Protecting Tomorrow Mission Statement
“Protecting Tomorrow will help to protect our
nation’s future by protecting Tomorrow’s
Generations, Tomorrow’s Communities and
Tomorrow’s Technologies and do so by providing
a means for people to pursue their passion,
improve themselves and serve others.”
Generations
TechnologiesCommunities
Charter – Support 3 Areas
• We focus our efforts in three
specific areas of our communities
and our nation that are affected by
cyber and security
Visit: www.ProtectingTomorrow.org
• Protecting Tomorrow’s Generations
• Protecting Tomorrow’s Communities
• Protecting Tomorrow’s Technologies
Protecting Tomorrow – Nutshell
• Protecting Tomorrow helps protect students who are potentially endangered
on school campuses
• We help educate students better, with valuable and relevant skills that will
help them protect America tomorrow
• We help protect our communities by: protecting women on line; protecting
SMBs… the backbone of the American economy; protecting those who
protect us, emergency services organizations; and we will help veterans
transition from the military to solid civilian careers in our communities
• We protect our nation’s strength in technology by driving security into
innovation from “I-2-I”
• Protecting Tomorrow is focused on these areas by taking action today to help
protect and defend our nation’s future – our tomorrow
Today’s Speaker: Rusty Sailors
ILO/TLO Battalion Chief
Spec Ops (Ret’d)
Executive
Board
Gordon Fellow
CAP BoardPresident / CTO
Chairman / CEO
DHS Guidance for Cyber-Safe Travel
• Before you go:
• Update your mobile software to improve defense against malware
• Back up your information with another device or cloud service
• Keep your device locked, even if you step away for just a few minutes
• While you are there:
• Disable auto-connecting and Bluetooth so that your device does not seek a wireless network
• Think before you connect, and do not conduct sensitive activities or communicate private information on public networks
• Think before you click, and use caution when downloading unknown links
• Guard your mobile devices, including USB and external storage devices, and never leave them unattended. If it is necessary to leave them in your hotel, be sure they are locked
• Three common threats while traveling
• Unsecured wireless networks
• Publicly accessible computers
• Physical theft of devices
Pay attention – the threat is real
Travel Cyber-Safe: The Threat is Real
Hackers are getting more
Sophisticated… and more Effective!
“Stay secure my friends!”
• Cyber Security is a necessity at home, in your
business or while traveling – you have to solve
it as one
• Hackers run successful international enterprises,
stealing and selling our data
• They benefit from your lack of attention to cyber
security and poor protection while you’re in
public or traveling – the statistics say it’s working
for them – and not for us
• They train to hack you for a living – that’s all
they do and they’re very good at it
• You focus on making it to your destination and
not on cyber security - they win
Before You Even Leave – Real World
• Customer books a hotel and flight on one of the many popular travel sites for
six weeks time. To book, the customer must enter an email address and
password, put in some personal details (address) and contact details, then
pay using a credit card.
• What happens next may be a little surprising. Some travel sites send you a
welcome email
• But the problem is not over yet. As a result of the booking, the travel web site
sends the customer confirmation of the booking and itinerary in an email. In
clear and – worse – some actually put your password in it.
• As a criminal, I now have your email address, your telephone number and
know when you will be away from home. But I need your address. Well, I can
reset your travel web site password (I have access to your email, don’t
forget) and get your password – and then log in and get your address.
https://www.tnooz.com/article/cyber-crime-travel-overview
Hacking in Public
• Many simple methods are used to steal your
data while you’re in public:
• Compromised “Free WIFI”
• Shoulder Surfing
• Electronic Eavesdropping
• Proximity Credit Card Reading
• Proximity Phone Clone
• And a cast of many more!
Do you like pineapple juice?
The “Pineapple” WIFI Hack
So, What should you do then? Suggestions for moving forward.
Traveling Cyber-Safe: Solutions
Traveling Cyber-Safe?
Prepare ahead of time – always better
Travel Cyber- Safe: Before Your Travel
Reduce and Focus – Prepare Your Tech
Before: Your Travel
• Reduce and focus - carefully choose the devices and data you carry with you
• Back up data and contacts, etc. (set up air gap approach that cannot be
reached if someone else finds / steals your device)
• Update all apps
• Update operating system
• Update patches
• Update security DBs
• Notify your credit card companies where you will be traveling - other charges
could be bogus and they will be aware
• Consider using a highly respected and secure travel company like American
Express vs a foreign company or Ma / Pa shop with poor cyber hygiene
Teenage Girl Preparing to Travel with Tech
Before: Your Travel
• Loaner equipment / devices
• Pre-purchase respected data plans
• Configure cell phone as hot spot or purchase external device
• Set up device locks and screen locks
• Purchase a screen blocker / privacy screen for laptop
• Install two factor authentication where possible - if someone steals your device, they don't have the other factor
• Anonymize your personal information as much as possible so you don't lose identify information when connecting on travel
• Set up "Find my Phone" feature - losing your phone while on travel can be pretty tough
• REMOVE SENSITIVE DATA
Simple things you can do to stay cyber-safe while you’re on the road
Travel Cyber- Safe: During Your Travel
During: Your Travel
• Keep devices in close proximity and under tight physical security -
• don't put valuable IT in checked baggage
• keep with you in hotels, airports, restaurants, etc. (wait staff could be intentional distractions)
• Turn off auto-connect wireless
• Turn off Bluetooth and only turn on when you actually need it - set it to private connections
• Use secure wireless
• Use secure data plans
• Use screen blocker / privacy screen
• Cover your PIN entries
Be Intentional – Be Cyber-Secure
• Use two factor whenever possible
• Be careful what you expose on social media
• Think carefully when using any digital connection while traveling including WIFI
• Be very careful about new links to use that might appear to be from the train / boat / travel company - very easy to be tricked on this
• Same holds for a phone call "from the hotel you were just at" asking for credit card information to clear out some remaining charges
• Don't use publicly accessible computers - they could record your keystrokes and infect any USB you insert
• If at a conference, or on a well-schedule sightseeing vacation, thieves can easily discover when you won't be in your hotel or cabin.
How is Your Cyber Hygiene?
• Does your family have access to your BYOD equipment?
• Are they accessing your devices while you’re on travel – with or without you?
Yesterday Today
Pack it in, pack it out – clean out the trash and put things back in order
Travel Cyber- Safe: After Your Travel
After: Your Travel
• Return your devices and settings to the original configuration
• Scrub all devices and memory accessed during travel
• Clear roaming /browsing history, cookies, etc.
• Return loaners if applicable
• Turn on all features disabled during travel
Clean, Restore, Update
• Update all apps
• Update operating systems
• Update patches
• Update security DBs
• Monitor activities and accounts - respond quickly if you see anything
abnormal
• Change your access credentials
• Get some sleep
There are more challenges when you leave the country – be aware and be prepared
Travel Cyber- Safe: Travel Abroad
Cyber-Safe Travel: Abroad
• Foreign laws and regulations
• Social media
• Use of Encryption and even VPNs
• Accessing forbidden web-sites by using advanced technology can lead to
criminal charges
• Difference in morals and privacy expectations (both ways)
• Carefully consider the legality of reading materials, videos, songs and other
media when you enter countries with strong restrictions
• a risque novel might be consider as pornography in some countries.
• Illegally downloaded songs or movies might result in strong fines or
criminal charges.
Cyber-Safe Travel: Abroad (Cont’d)
• Hotels, rental cars, restaurants, phones and taxis might have
electronic, video and audio monitoring
• Maintain tight physical security
• Use straps
• Don’t get distracted, stressed or look away – even for an instant
• Encrypt your hard drive and USB if you must use one
• Pre-purchase International Data Plans
• Change passwords to travel passwords which are different that those you
use in the US
What messages should I walk away with?
Summary
Summary
• The cyber threat is real – it’s even stronger while you travel
• Before: Prepare ahead of time
• While: Use simple security methods while you’re on the road
• After: Clean and recover when you come back
• Take special precautions when you travel abroad
• The future holds even more challenges – do something now!
• We have resources for you – just ask
• Stay secure my friends!
From the LP3 family of companies and divisions!
Thank you!
Hyperlinks to sites with very valuable information for Cyber-Safe Travel
Helpful Information
Here are some excellent resources to leverage for travel:
• DHS Cybersecurity While Traveling Tip Card:https://www.dhs.gov/sites/default/files/publications/Cybersecurity%20While%20Traveling_7.pdf
• FCC Cyber Security Tips for International Travelers:https://www.fcc.gov/consumers/guides/cybersecurity-tips-international-travelers
• NDSU: Cyber Security Tips for Traveling Abroadhttps://www.ndsu.edu/its/security/traveling_abroad_with_electronic_devices/
• Canada: Cyber Security While Travelinghttps://travel.gc.ca/travelling/health-safety/cyber-safe
• Travel+Leisure Should I be Concerned About Cybersecurity While Traveling?http://www.travelandleisure.com/articles/should-i-be-worried-about-cybersecurity-while-traveling
Valuable Cyber Security Travel Resources
Here are more excellent resources to leverage for travel:
• Assurex Global Cybersecurity While Traveling:http://www.rhsb.com/wp-content/uploads/LIFARS-QA-Cyber-Security-web.pdf
• PassporthealthUSA How Can I Stay Cybersecure While Traveling?:https://www.passporthealthusa.com/2015/01/how-can-i-stay-cyber-secure-while-traveling/
• Visit www.dhs.gov/stopthinkconnect for more information. A best practice that is often overlooked, and is also absent from the government fact card, is to set up dual-layer authentication on your most important accounts. These include e-mail, Dropbox, and Facebook accounts among many others as more and more sites are accepting two-factor authentication.
• ABC News: Targeting Traveling Executives Through Hotel WIFI:http://abcnews.go.com/Technology/cyber-crime-gang-targets-travelling-executives-hotel-wi/story?id=26806725
• TNOOZ on Cyber-Crime and Travel: https://www.tnooz.com/article/cyber-crime-travel-overview
Valuable Cyber Security Travel Resources
Pineapple Options