TODDINGTON INTERNATIONAL INC. - Reboot Communications€¦ · TODDINGTON INTERNATIONAL INC. ... .com Sponsored by the BC Ministry of Technology, Innovation and Citizen’s Services

1

TODDINGTON INTERNATIONAL INC.

17th Annual Privacy & Security Conference

CREATING A SAFE ONLINE PRESENCE

February 2016 - Victoria, BC

http://www.toddington.com

© 2016 Toddington International Inc.

[email protected]

Sponsored by the BC Ministry of Technology, Innovation and Citizen’s Services – Information Security Branch

2

TODDINGTON INTERNATIONAL

Founded by David Toddington (CEO) and Julie Clegg-Toddington (President) in 1997

INTRODUCTION


ORIENTATION

HANDOUTS

CELL PHONES

COURSE OBJECTIVES


INTRODUCTION

3


When we connect to the Internet we become susceptible to spam, fraud, phishing, social engineering and a myriad of other threats that can invade and destroy lives. Internet connected devices have the potential to be positive or negative, and creating a safety net around your online presence will allow for better protection of your privacy and security. This workshop will walk attendees through the steps to obtain a safer online presence through the use of privacy tools, device settings and best practice principles.

Upon attending this workshop, participants will be able to:

INTRODUCTION

- Understand the basic principles and behaviours of social media sharing

- Understand the common concerns associated with social media / Internet devices

- Assist colleagues, friends and family to:

� Identify “red-flag” events as it applies to the use of social media

� Identify the concerns surrounding mobile technology and Wi-Fi

� Identify and communicate the threats to Internet safety


Mobile and WiFi

Basic Principles

Summary

Examples of Threats

Best Practices

Recent Research

Introduction

INTRODUCTION

4


INTRODUCTION

Highlights:

Cryptowall 3.0 (virus)

Helpful Wiki definition

What happened

Where to pay

Your customer ID number

Removal requires skill and time

HELP_DECRYPT.TXT or HELP_DECRYPT.JPG

5


RECENT RESEARCH

Research on Trends From 2015

Research on Hacker Motivation

Research Results on ‘Kid-Safe’ Websites


RECENT RESEARCH

Current Trends from 2015:

Continued mass movement from desk-based to mobile devices in a variety of forms

Increase in websites that offer geolocation services

(examples: Geofeedia, Echosec, Teaching Privacy App)

Twitter ‘e-cosystem’ of analytical websites wiped out, Facebook and Instagram shrinking

(many former free services becoming to paid services)

Blogging websites decreasing in use and public visibility

Number of free and paid MMORPGs increasing , emphasis on mobile device platforms

Increased computerization of tools, toys and appliances

(examples: mini-drones, fridges, smartphone adaptive toys)

Crowdfunding is one of the most popular forms of legal alternative funding

Online fraud techniques increasing in invasiveness and inventiveness

6


RECENT RESEARCH

How Safe are ‘Kid-Safe’ and Kid-Friendly’ websites?

Total of 21 websites reviewed; Google Safe Search mode used as control/comparison

Used 5 control words (Anarchy, Canada, Christmas, Easter, Zulu)

Used 55 test words increasing from ‘impolite’ to ‘taboo’

Many search engines are copies of Google Safe Search, with limited results shown

(block adult matter; minimal blocking of test words, i.e. 5-20 blocked words)

Some engines created ‘safety’ by having a limited database/content

(i.e. DisneySearch blocked 48/55 words, but content limited to Disney material)

(I.e. KidsClick blocked 52/55 words, but only had 4 results for search word ‘Canada’)

Some engines had blocked words, but lacked….. imagination

(i.e. Blocked 20-30/55 words, North American english dictionary focus)

Many websites could be cirumvented by ‘click-through’ opportunities

Some websites blocked the words, but still might show up in ads or posted comments


RECENT RESEARCH

Top 5 Websites for Kids:(Based on a balance of screening of inappropriate material and word blocking)

Kid-orientated sites and ‘net-nanny’ programs are never as effective as adult supervision

http://aga-kids.com/

http://dibdabdoo.com/

http://www.kidrex.org/http://www.kidzsearch.com/

http://www.surfnetkids.com/search-results/

Control Score = 1700 (x5W)

Test Score = 319 (x10W; x45W=0)

V= Impolite, Ambiguous and Foreign

Control Score = >897M (x5W)

Test Score = >253M (x28W); 110 (<100x 7W);(x20W=0)

V= Amibiguous, slang, physiological terms

Control Score = >414M (x4W); (1W=0)

Test Score = >69M (x19W); (x36W=0)

V= Slang and Foreign

Control Score = 4622 (x5W)

Test Score = 103 (12W); (x43W=0)

V= Ambiguous terms

Control Score = >411M (x5W)

Test Score = >170M (x27W); (x28W=0)

V= Gaps in depth in all categories

7


RECENT RESEARCH

Online Fraud and Hacking – What do they want?

- 99% of hackers believe that phishing is still an effective technique- 86% of hackers believe they will never face repurcussions for their activities - 70% of hackers focus on IT administrators and contractors as their favorite targetshttps://thycotic.com/about-us/events/blackhat-2014/

#1 = Direct Financial Gain (actions result in payment by Bitcoins or Transfers)

#2 = Banking/Credit Card Information (gained by hacking, sold for profit)

#3 = Politics/Ideology/Hacktivism (Anonymous, Op Darknet, Ashley Madison breach)

#4 = National Objectives (Sony, US OPM database)

#5 = Corporate Objectives (espionage, corporate spies, undercover operations, white hats)

#6 = Cyberterrorism (attacks on national infrastructure by a non-state group attack)

#7 = Reputation/Status/Fame (bragging rights)

#8 = Curiosity/Thrills/Trolls/Cyberbullies/Jerks

8


BEST PRACTICES

Application

Passwords

Email addresses

Backup of information

Find the best deal


BEST PRACTICES

The Right Equipment

Skill, Training, Knowledge, MemoryApplication:

9


BEST PRACTICES

The Right Equipment

NO TILT VIEW

ZOOM VIEW

STREET VIEW

TILT VIEW

COMPASS VIEW

MOUSE - SLIDE VIEW

Find the best deal: Price v Capability

(Test using 3D maps)


BEST PRACTICES

The Right Equipment

Vulnerable to physicalloss/damage/intrusion

Vulnerable to electronicloss/damage/intrusion

Backup of Information: External hard drive v iCloud

(Privacy v Security)

10


BEST PRACTICES

The Right Equipment

PRIMARYPersonal email address

SECONDARYPersonal email address

PRIMARYWork email address

SECONDARYWork email address

TERTIARYOther email address

Email Addresses: Primary personal email

Secondary personal email

Primary business email

Secondary business email

Tertiary other email


BEST PRACTICES

The Right Equipment

Pr!nce$$ (8)

Mayb3Ag00d0Ne? (13)

W0rk$tuff (9)

X4txf99b3TT3r!#X (16)

S0((3rBa11 (10)

Passwords: Complexity v Length

Different between accounts

Avoid patterns

Annual change

Life crisis change

11


BASIC PRINCIPLES

The Right Mindset

Online Communication:

Multiple Personas?

Personal Informatiuon:

Trust no one

Suspect everything

Believe nothing

Personal v Work

Anonymity v Transparency

What personal information are you providing?

Does that website need those details?

Risk of breach?

Desire for privacy?

12


BASIC PRINCIPLES

The Right Mindset

Networking:

Checking your vulnerability:

What are you posting?

What is your family posting?

What are other people posting?

Test searches on yourself?

Check if email/password exposed?

Right to be forgotten?

Methods of removing information?


BASIC PRINCIPLES

Good Websites to Know

Google Dashboard

https://www.google.com/dashboard

Google Remove Outdated Contenthttps://www.google.com/webmasters/tools/removals

Have I Been Pwnedhttps://haveibeenpwned.com

Internet Officer Redirect Checkerhttp://www.internetofficer.com/seo-tool/redirect-check

Just Delete Mehttp://justdelete.me

Namech_khttps://namechk.com

Teaching Privacy Apphttp://app.teachingprivacy.com

Yasni People Searchhttp://www.yasni.ca/

13


MOBILE AND WI-FI

It’s A Great Tool, But Be Aware of The Vulnerabilities

Mobile devices are high-value targets for theft

Vulnerable to interception, network spoofing and MITM attacks

New viruses being developed to target smartphones on all operating systems

Enormous amount of personal information – is it encrypted? Remote destruction?

Have an expert advise on how to ensure all old information is actually deleted

App stores remove malicious apps after they are reported to be malicious

Persons in a relationship crisis should inspect/change all desk-based and mobile devices

http://focus.forsythe.com/articles/55/Mobile-Device-Security-in-the-Workplace-6-Key-Risks-and-Challenges

JUNE 8, 2015

“With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30

seconds and either mirror the device and see everything on it, or install malware that will enable them to

siphon data from it at their leisure.”

14


EXAMPLES OF THREATS

EXAMPLE SETS 1 TO 4

15


SUMMARY

Know your equipment and safety programs

Make a copy of your most important electronic information

Use separate emails with good passwords

Look for incongruous information

Think before you click

Conduct periodic checks of your personal information

16

Documents

TODDINGTON INTERNATIONAL INC. - Reboot Communications€¦ · TODDINGTON INTERNATIONAL INC. ... .com Sponsored by the BC Ministry of Technology, Innovation and Citizen’s Services