Digital Safety & SecuritySUU Information Security Office

Introduction

Why is your digital safety and security so important?

5 main topics:

● Personal computing● Wireless networks● Passwords● Mobile devices● Updating and patching

Why is your digital safety and security so important?

● Motivational factors

● Ease of attack

● Potential damage

● Cost of recovery

Personal Computing

Never save passwords in browser

● Stores passwords in clear text

● Easy for attackers to extract

● High risk of accessing sensitive accounts such as banking, credit card etc.

Ad blockers and Anti-tracking browser extensions

● Protect your privacy

● Helps stop malicious ads

● Can lead to bad external sites

Helpful browser extensions

● AdBlock Plus (ad-blocking & anti-tracking)

● uBlock Origin (ad-blocking & anti-tracking)

● Disconnect (anti-tracking)

● Ghostery (anti-tracking)

Regularly clear browser cache & cookies

● Flushes out saved information that may not be needed anymore

● Helps to keep your privacy more secure

● Helps to keep your browsing experience fresh and clean

Recommendation:

❏ Chrome: Settings -> More Tools -> Clear Browsing Data❏ Firefox: Settings -> Options -> Privacy -> remove cookies❏ Safari: Settings -> Preferences -> Privacy -> remove web data❏ IE: Settings -> Safety -> Delete browsing history

http://www.wikihow.com/Clear-Your-Browser's-Cookies

Don’t use an Administrator account for everyday use

● If you’re an admin user, software (good or bad) inherits those privileges when run

● Allows full access to your filesystem, OS, and the ability to change many important things

Recommendation:

● Regular account for daily tasks

● Administrative account for software installation and system updates

Antivirus & Personal Firewall

● Antivirus is not the catch-all, but can help with known malicious attacks● Keep definitions and antivirus software always up to date● Run regular full computer scans● Ensure AV is always running● Always ensure your computer’s firewall is enabled and active

Good (free) antivirus software solutions

● Windows Defender (PC only, included since Win 8)

● Sophos Home (PC & Mac)

● Malwarebytes (PC & Mac)

Unknown/Suspicious Flash Drives

● Found, picked up, someone untrusted asks you to plug it in

● May appear to be a flash drive

● Can do malicious things, steal data, install malware etc.

Proper device disposal

● Always securely wipe or destroy the hard drive before selling or disposing of a computer

● If not wiped securely data can be recovered easily● Ensure all media types are removed/disconnected before disposal (eg. flash

drives, memory cards, CDs)● Physically destroy if wiping is not an option

Free utilities to securely wipe hard drive

● Darik’s Boot & Nuke (DBAN)● Active KillDisk● Disk Wipe● Eraser

Data backup

● One of the most important tasks for digital safety

● Create a schedule to do regular backups of important data

● Extremely valuable if primary data loss occurs

Paid Solutions● CrashPlan● iDrive● Carbonite● Acronis True Image Cloud● SOS Online Backup

Free Solutions● External hard drive + built in OS

solution● Google Drive 15GB free● Dropbox, Box, etc.● Manual backup to external media

Be wary of links and attachments in emails

● Even if the sender is known and trusted● If it’s not expected, contact the person to verify● Never follow instructions on emails that ask you to input credentials● Suspicious file names: invoice, receipt, bank statement● Suspicious file types: .doc, .docx, .pdf, .xls, .xlsx, .exe● Suspicious subjects: Shared Document, Need Help, Account Verification

Scam support phone calls

● Someone calls claiming to be from “Microsoft”

● Pop-up saying a virus or malware was detected, please call

● This should spark a red flag immediately

Wireless Networks

Home wifi best practices

● Password protect your wireless network

● Use a strong password to secure your network (at least 16 chars)

● Use strong encryption (WPA2)

● Change default username/password on your router

● Ensure WPS is disabled

● Only share password with trusted individuals

Public wifi

● Avoid public wifi if at all possible● Ensure computer is up to date, AV

running and firewall enabled before connecting

● Use a VPN if connecting to public wifi● If no VPN, always avoid sensitive sites

such as banking, credit card etc.● If no VPN, avoid logging into sites such

as social media, email accounts etc.

Passwords

Use strong passphrases● Think passphrase not password● Use different passwords for every account● Never use the same password you use for things such as email or facebook

for your sensitive accounts such as banking, credit card etc.● Regularly change your passwords

Use a password manager

● Keeps your account information in an encrypted database● Only have to remember one very strong and very long passphrase● Most have an auto-type feature that doesn’t require you to type in anything● 2 different types: Local file based and Cloud based

Local password managers

● KeePass (free)

● 1Password ($49.99)

● Roboform ($29.95)

● SplashID ($19.95)

Cloud based password managers

● LastPass (free or $12/yr)

● Dashlane (free or $40/yr)

● Sticky Password (free or $20/yr)

Two-factor authentication

● Something you know + something you have● Requires a second form of authentication to establish a login● Usually in the form of application on your mobile phone

1 32

Services that support two-factor● Google (Gmail, Drive etc.)

● Facebook● Twitter● LinkedIn● Some banks (Chase, Wells Fargo)

https://twofactorauth.org/

Mobile Devices

Apps

● Only install apps from the official stores (Apple App Store or Google Play)● Be wary of sketchy looking apps that may look out of the ordinary● Review permissions on all newly installed apps to ask yourself the question:

“Does this app really need to access things such as my camera and account information?”

● Pokemon Go

SMS & Social Media

● Be wary of text messages you may receive that are asking you to update or are providing suspicious information with a link included.

● Be mindful of what you post on social media● Review privacy settings of social media accounts to ensure that your data is

only accessible to those you want it to be

Updates & Patches

Updating best practices

● Important to keep your computer OS, software, and mobile apps updated to the most current version

● Plan a certain time and day of the week to check for and apply updates to your computer and applications

● Install software to check for updates and help notify you when they are available

Helpful Software

● Secunia Personal Software Inspector● Glary Utilities (Pro license available for free)