Welcome to Security Awareness Month
Securing the Saluki-Cyber AwarenessHosted by
Prabha Manda & Abby Razer
October 2017WEL
CO
ME
Why Are We Here Today?
• To learn about what it means to be cyber aware
• To learn about and respond to email phishing
• To learn about and respond to text smishing
• To learn about and protect sensitive data
• To learn about how to keep your data secure
• To learn about you and why you are here?
To protect all of us, individually and as an institution, against malicious tampering and interference through our connected systems.
Security is a Critical Issue
Why Are You Here Today?You Are Part of the Solution
• Afraid of Technology
• The World is Scary
• To Get Free Stuff!
• Someone Said to Come
What Does It Mean To Be Cyber Aware?Internet Security
Also known as Online Security ,are steps taken to protect your information online.
Data Protection
The process of protecting data from getting lost or damaged.
Password
A word or string of characters used to prove to the computer, you are who you
say you are.
What is Incident Response?
A preplanned set of actions that identifies an incident and limits damage without causing further harm.
Incident Response
How SIUC Security Works
The SIU Security Team has precise processes and procedures in place to address security issues.
6 Steps of Incident Response
1. Plan and prepare for response
2. Detect events—identify incidents
3. Contain incidents w/o additional harm
4. Acquire evidence
5. Analyze evidence
6. Resolve event or incident
Prabha MandaSecurity Analyst
Incident Response
Can you respond to these incidents?
Kahoot.itLet’s Have Fun!
How should you respond?
• Delete the e-mail
• Don’t click any links
• Check the current scam list at
http://oit.siu.edu/infosecurity/news-and-scams/
Email Phishing
How should you respond?
• Delete the text message
Text Smishing
What is Sensitive Data?
Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization.
http://whatis.techtarget.com/definition/sensitive-information
Sensitive Data vs. Not
Sensitive Not Sensitive/Public
Social Security Number Course Catalog
Health Records Schedule of Classes
Driver’s License Number Name
Bank Account Number Business Address
Passport Number Business TelephoneNumber
Student Information Education & Training Background
Human Subjects Research Data
Job Postings
What to protect ?
Laws and Requirements
Laws/Requirements related to sensitive data
• Illinois Personal Information Protection Act (PIPA)
• Payment Card Control Industry-Data Security Standards (PCI-DSS)
• Health Insurance Portability and Accountability Act (HIPAA)
• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach Bliley Act
• Red Flags Rule
• SIUC Policy
What are my responsibilities?
What Can I Do to Protect SIU Data?
• Lock your computer ( for windows + L )
• Store passwords securely
• Don’t leak information by accidentally
• sending things to the wrong people,
• saying the wrong thing in the wrong place,
• mislaying printed documents or
• leaving meeting rooms without erasing whiteboards.
• Save your work regularly somewhere safe
• Encrypt sensitive data
• Keep work and personal information separate
Keeping SIU’s Data Secure
What Can I Do to Protect My Information?
• STOP .THINK .CONNECT
• Be careful when connecting to public networks/Wi-Fi
• Secure your home network, make sure your Wi-Fi has a strong password
• Backup your data
• Use Anti-virus and Anti-malware
• Keep your computers up to date.(Operating System updates, browser updates, application updates)- possibly automate updates
Keeping Your Data Secure
We Are Here to Help and Assist
Resources
• http://oit.siu.edu/infosecurity/
• Scam List
• Twitter #SIUCscam
• Information Security Policies
• http://oit.siu.edu/infosecurity/security-day17/presentation-handout.php
19
Questions?
Securing the Saluki-Cyber AwarenessHosted by Prabha Manda & Abby Razer
October 2017
Than
k yo
u
To Contact Our Experts
SalukiTech618-453-5155 [email protected]
Jimmy BrownOffice of Information Technology, Desktop [email protected]
Prabha MandaOffice of Information Technology, [email protected]
Steve AldridgeOffice of Information Technology, [email protected]
Security Resources Available to You
22
We have a new look to make it easier to find what you need.
Visit us at:
http://oit.siu.edu/infosecurity/
ProfessionalAssistance for End User Needs
Type of scam where fraudsters trick a victim into divulging personal or financial information with email lures.
PHISHING
Phreaking
Original form of hacking. Hacking of phone systems
in 1970s.
Fishing
Like fishing with a bait, hackers “fish” for information with email lures.
Ph
Fishing
Login