Information Security By Louis Morgan, CISSP Information Security Officer Why Bother with IT Security? • Recent estimate - 900 million personal computers worldwide. • Computer hackers are out there. • How long do you think an unprotected PC will remain uninfected after it is connected to the internet? Responsible Computing @ PVAMU Since you're using PVAMU computing resources, you're obligated to: • Abide by PVAMU’s University Rules, Information Security Standards, and all relevant local, state, and federal laws. • Protect your computing account(s). For example: Log out of sites that require authentication and log off of shared computers such as those in Open Access Labs. Responsible Computing @ PVAMU Don't: • Let someone use your account (e.g., log-in as "you“). • Use PVAMU computing resources for illegal purposes, or commercial activities. Password - First Line of Defense • Passwords, in combination with a username, help authenticate users. • They are the first line of defense against unauthorized access to your computing devices and your accounts. • Therefore, it is important that you create strong passwords and keep them secure from disclosure. Creating Strong Passwords Strong Passwords Should Contain: • At least 2 upper case letters (A-Z) • At least 2 lower case letters (a-z) • At least 2 numbers (one of which is NOT the first or last character of the password) • At least 2 special characters (*$#-^) • At least 8 characters Password Example • Think of a phrase or sentence that's easy for you to remember. • Such as “Look before you leap” • Lb4u!3@P Protecting Your Passwords • Don't allow websites or Internet Browsers to "remember" your passwords. • Use caution when typing in a password in public, someone may be watching. • Change your password when you suspect that someone else may know it. Portable Device Security • Keep track of your portable device(s), especially those flash drives. • Don't leave your laptop (or other portable device) lying around or unattended in public areas; and store it in a safe place (out of sight) when you're not using it. Protecting Your Data with Encryption You can encrypt: • Files • Folders • USB/Flash Drives • • • • Email Attachments Images Videos Hard Drives • and more... • For more information see PVAMU encryption training… Backing Up Your Data • Back up anything that's important to you. – Papers/essays, Projects , Research data , Pictures, Music files, and more... Methods: • Save the file to your share drive. • Save the file on a CD/DVD, flash drive, etc. Malware • Malware is software designed to infiltrate and/or damage a computer system. The most common forms of malware are: • Viruses and Worms • Trojan Horses, Root kits, Backdoors • Spyware Web Threats • How can you avoid online threats? – Watch out for "phishy" emails. – Beware of fraudulent ("spoofed") websites. – Seeing spam pop-ups or ads? Click with caution. Beware of Fraudulent Sites • Pharming, a form of phishing, is becoming one of the most popular forms of web attack. Just by typing in a URL and visiting a website, you could be directed to a fraudulent site. • Before disclosing any personal information online, – check the website certificate to make sure you're not at a fraudulent site. – Open the website certificate. – Make sure the name following "Issued to" matches the site you think you're on. To click, or not to click? • Web threats come in various forms, and understandably some are more obvious than others. Phishing attacks and pop-up downloads are easier to detect and protect against than pharming attacks and drive-by downloads, however one thing that will assist in avoiding these threats is paying attention to what you click on. • Don't click on: – Pop-ups or spam mail. – Links within email that ask for your personal information. If You Are Still Unsure • Contact the supposed/claimed sender (e.g., your bank or credit card company) using the contact information on the company's official website. • Never respond to an email requesting your password, username, Social Security number, credit/debit card number, or other personal information, no matter how official it looks. 5 Ways to Protect Your Computer • Patches/Updates • Anti-Virus Software • Personal Firewall - Install a third-party 'bidirectional' firewall (one that protects against inbound and outbound threats) • Anti-Spyware - Install an anti-spyware program, • Caution: Free Downloads - Download only from trusted websites (e.g., Download.com) File Sharing & Copyright Law (DMCA)* Be aware that file-sharing can: • Expose your computer to malware • Accidentally expose personal/confidential information • Lead to copyright infringement • Keep in mind. . . your online activity is not anonymous and it is traceable * The Digital Millennium Copyright Act THINK BEFORE YOU CLICK! QUESTIONS? Contact Information Louis Morgan lamorgan@pvamu.edu 936-261-2126