Embed Size (px)
Citation preview
Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015
Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015
Webinar Tips
• InteractAsk questions via chatConnect on Twitter
• Focus Avoid multitasking. You may just miss the best part of the presentation
• Webinar Slides & RecordingPowerPoint and recording links will be shared after the webinar
About Community IT
Advancing mission through the effective
use of technology.
• Invested Work exclusively with nonprofit organizations, serving over 900 since 1993.
• Strategic Help our clients make IT decisions that support mission.
• Collaborative Team of over 30 staff who empower you to make informed IT choices.
Common Internet Activities• Check emails, collaborate and share documents online…
• Communicate with friends on Facebook, Twitter, Whatsapp…
• Pay bills, view health and financial records…
• Read blogs, articles, magazines, and news…
• Order books, electronics, apparel…
• Listen to music, watch videos, and play games..
• Download digital content..
Threat Landscape• “Digital Extortion” through Malware
• Data Breaches
• Scams through Social Media platforms
• Mobile attacks on the rise
• Internet of Things including wearables, and even cars
• Targeted Attacks
• Web Threats
Corporate IT Security SystemsSome say, “Our organization is SAFE because we have Antivirus software on computers and servers, Anti-spam filters for email protection, encryption on our websites, firewall security to secure our local area network, and password-protected WiFi connections.”
Unfortunately, these alone may not be enough to keep your network secure from all threats. An organization is more likely to be jeopardized from employees unintentionally, erroneously, carelessly, or deliberately.
IT Security for End Users
• Trickiest to manage
• Balance between security and convenience
• Best defense is awareness and education
IT Security - BasicsPhysical
Workstation
Password
Web
Mobile
Remote Access
Physical Threats
• Your Workplace, desk, cubicle, office space
• Your Workstation, desktop PC, laptop, and mobile devices
• Your paperwork
Physical Security• Lock your screen before you leave your computer or mobile device
unattended– For Windows, press & hold the Windows Key, then press L. – For Mac, press these keys at the same time:
• Control + Shift + Eject (Mac with eject key)• Control + Shift + Power (Mac without eject key)
• Store documents containing sensitive data in a lockable safe or cabinet
• When destroying sensitive documents, at least shred them properly
• Report all suspicious activities
Workstation SecurityTips:
1. Antivirus software should always receive the latest virus signatures, and set to ran full virus scans weekly.
2. Antivirus software should be configured to scan web pages, attachments, and downloads.
3. Operating System and 3rd party applications should be patched regularly
Password SecurityTips:
1. Create Strong or hard-to-guess Passwords• For example, it must have at least 8 characters, 1 uppercase, 1 lowercase,1 numeric, & a special
character. You use a phase with space between words
2. Change passwords after every 90 days3. Set a lockout threshold for failed logon attempts4. Disable password caching on workstation and mobile devices5. When necessary, end users may share passwords with authorized persons only6. Do not store your password on or near your workstation7. If available, use two-factor authentication when accessing password protected websites8. Protect password files
Email Threats
Source - http://cdn2.hubspot.net/hub/204663/file-277596927-jpg/images/email-security.jpg
Email Security• Basic Rules
– Do not click unless you are certain that it’s safe– Think about the source, identify the sender, scan or
preview the attachment, verify the legitimate web address– Sign out of your email client after use– If you are in doubt or compromised contact your IT
helpdesk
Web Threats
• Instant Messaging Spam
• Unsecure Websites, & Compromised Sites
• Browser & Plug-in Vulnerabilities
• “Malvertising” or Malicious Advertising
• Denial of Service
Web SecurityTips:
1. Do not click until you are confident about the Internet link or website2. Make sure that pop-up blocker is enabled on your web browser3. Look at the actual web address by “hovering” mouse pointer over the link4. Verify that you are browsing a HTTPS website, especially transmitting personal data 5. Do not assume all plug-ins are safe. Take some time to do a little research.6. Be sure to update your browser and your plugins regularly or set them to auto update
on your home PC. 1. Firefox, Chrome, Java, Flash
7. When in doubt ask your IT helpdesk
Mobile Threats
• Fake Apps
• Short Messaging Spamming
• Improper use of camera
• Tracking users
• Stealing Information
Mobile SecurityTips:
1. Keep patches updated on your device and mobile applications 2. Do not assume all apps are safe. Fake apps exist!
a. Beware of apps that are mobile websites many adsb. Read the Reviews/Ratings to learn about the appsc. Look for apps with most downloads, especially those with labeled “Editor’s choice”d. Check the developer’s profile
3. Verify the source of any shared images, videos, and links before opening it.4. Make sure location services are enabled to help find your mobile if lost or stolen.5. When in doubt, or attacked, contact your IT helpdesk
Remote Access SecurityTips:
– Wireless Networks1. Home WiFi
Make sure your home network is password-protected. Avoid using your personal information as Network Name or Password. Keep firmware updated on your home wireless router.
2. Public WiFi Beware of Fake WiFi Hotspots in coffee shops, restaurants, airports, and public areas
3. Switch off the wireless card when not in use to avoid automatically connecting to an unsecure network.
– For Remote Desktop (RD) Connection, do not save your logon credentials on RD client software
– If available, use Virtual Private Network (VPN) encryption when accessing work files remotely across an untrusted network.
Takeaways
Source - Security Best Practices, https://www.opswat.com/blog/10-things-include-your-employee-cyber-security-policy
Upcoming Webinar
Guidelines for Annual Nonprofit IT Budgeting
Thursday October 22 4:00 – 5:00 PM EST
Cedric BoydSteve Longenecker
Provide feedback Short survey after you exit the webinar. Be sure to include any questions that were not answered.
Missed anything? Link to slides & recording will be emailed to you.
Connect with us
Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG
