Jennifer Brooks // Schipul – The Web Marketing Cojbrooks@schipul.com

Rodney Sabrsula// Schipul – The Web Marketing Corsabrsula@schipul.com

WATCH YOUR BACKLet’s Talk Web Safety and Personal Identity Theft

Overview

• Password Security• Email Security• Virus Scanners• Social Engineering• Home/Wireless Security

PASSWORD SECURITY

Best Practices

• Writing down passwords– If you must, store securely, and destroy when no

longer needed

Best Practices

• NEVER share passwords

Best Practices

• Use different passwords for every account

Best Practices

• Change immediately if a password is compromised

Best Practices

• Be careful about storing on your computer

Best Practices

• Always use strong passwords

Strong Passwords

• A strong password:– Should be at least 7 characters long– Does not contain your user name, real name, or

company name– Does not contain a complete dictionary word– Is significantly different from previous passwords• Incremental (password 1, password 2…) are not strong

– Contains uppercase, lowercase, numerical, and at least one special character

Common Password

Common Password Themes

• Children’s Names• Birthdates• Spouse’s Name• Religious• Username• Pet’s Name• Sports Team

EMAIL SECURITY

Email Spoofing

• Reading email headers

• Recognizing Spoofed emails

Top 10 Spam Subject Lines1. You’ve received a greeting ecard2. Virtualization Webinar3. Masters degree with no efforts4. Career Advancement Opportunities – July of 20095. Webinar: Think Big: Create Efficiencies With an Enterprise-Wide6. Non-Profit job from home7. Administrative Certification: Increase Productivity with Superior

Organizational Skills8. Administrative Certification: Gain Credibility by Maximizing Your Productivity9. you can wear tag heuer watch now;10. you can wear cartier watch now

Source: http://www.mcafee.com/us/threat_center/anti_spam/spam_top10.html

Do Not Download These Types of FilesFile Extension Description File

Extension DescriptionADE Microsoft Access Project Extension MDB Microsoft Access Application

ADP Microsoft Access Project MDE Microsoft Access MDE Database

BAS Visual Basic® Class Module MSC Microsoft Common Console Document

BAT Batch File MSI Windows Installer Package

CHM Compiled HTML Help File MSP Windows Installer Patch

CMD Windows NT® Command Scrip MST Visual Test Source File

COM MS-DOS® Application PCD Photo CD Image

CPL Control Panel Extension PIF Shortcut to MS-DOS Program

CRT Security Certificate REG Registration Entries

EXE Application SCR Screen Saver

HLP Windows® Help File SCT Windows Script Component

HTA HTML Applications SHS Shell Scrap Object

INF Setup Information File URL Internet Shortcut (Uniform Resource Locator)

INS Internet Communication Settings VB VBScript File

ISP Internet Communication Settings VBE VBScript Encoded Script File

JS JScript® File VBS VBScript Script File

JSE JScript Encoded Script File WSC Windows Script Component

LNK Shortcut WSF Windows Script File

WSH Windows Scripting Host Settings File

Source: http://www.novatone.net/mag/mailsec.htm

Safe File Extensions for Email Downloads

File Extension Description

GIF Picture - Graphics Interchange Format (ConmuServe)

JPG or JPEG Picture - Joint Photographic Expert Group

TIF or TIFF Picture - Tagged Image File Format (Adobe)

MPG or MPEG Movie - Motion Picture Expert Group

MP3 Sound – MPEG compressed audio

WAV Sound – Audio (Microsoft)

Source: http://www.novatone.net/mag/mailsec.htm

VIRUS SCANNERS

AVG Free

Get a free virus scanner at: http://free.avg.com/

Hint: Don’t install the tool bar!

Current Virus Threats

• Change Daily• Scheduled Signature Updates• Sources of Latest Threat and Severity

What to do with a Virus

• Isolate• Cure• Identify Source

SOCIAL ENGINEERING

Phone Calls

• Know who you’re talking to• Provide no confidential data• Call them back

Phishing

• Definition– In the field of computer security, phishing is the

criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details to “catch” financial information and passwords.

Source: http://en.wikipedia.org/wiki/Phishing

Top 10 Phishing Scams1. security alert!2. account notification!3. account notification4. please confirm your data!5. Chase Bank: online banking notification6. Chase Bank: necessary to be read!7. Chase Bank: important notice8. Chase Bank: important security notice9. Chase Bank: account secure confirmation10. Chase Bank customer service: security alert

Source: http://www.mcafee.com/us/threat_center/anti_phishing/phishing_top10.html

Top Brands Exploited by Phishing Scams

http://www.mcafee.com/us/threat_center/anti_phishing/phishing_top10.html

Flash Drive Example

• USB Flash Drives Pose Security Risk

HOME/WIRELESS SECURITY

Set-Up

• You may be at risk by default• Create a strong administrative password• Do not share your connection

Password/Encryption

• The key to your data• Lock them away physically and electronically

Definition: Firewall

• A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.

Definition: IP Address

• Internet Protocol (IP) address- a numerical label that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its devices.

Photo Credits• http://www.flickr.com/photos/9483141@N02/1043482672/• http://www.flickr.com/photos/35034348736@N01/6091103/• http://www.flickr.com/photos/30055137@N05/2874818735/• http://www.flickr.com/photos/71038389@N00/2335148856/• http://www.flickr.com/photos/80682954@N00/3168425434/• http://www.flickr.com/photos/26811362@N05/3169491395/• http://www.braswellcomputers.com/images/hackers.jpg• http://www.flickr.com/photos/26260213@N05/3093056683/• http://www.flickr.com/photos/34957438@N05/3416525003/• http://static.howstuffworks.com/• http://www.esat.kuleuven.be/• http://www.computermantorbay.com/• http://www.amsys.co.uk/• http://engageology.wordpress.com/• http://www.cscisd.net/• http://www.vietnamalbum.com/• http://www.noticebored.com/• http://www.ehow.com/• http://www.gadgetsnews.co.uk/• http://www.webmastersbydesign.com/• http://www.reasoft.com/solutions/

RODNEY SABRSULASchipul

Personal Brand: rsabrsula

Facebook: http://facebook.com/sabrsulaTwitter: http://twitter.com/rsabrsula

JENNIFER BROOKSSchipul

Personal Brand: jbrooks

Facebook: http://facebook.com/jbrooksTwitter: http://twitter.com/jbrooks

Find this presentation here: www.schipulcon.com/presentations