Digital Safety & SecuritySUU Information Security Office
Introduction
Why is your digital safety and security so important?
5 main topics:
● Personal computing● Wireless networks● Passwords● Mobile devices● Updating and patching
Why is your digital safety and security so important?
● Motivational factors
● Ease of attack
● Potential damage
● Cost of recovery
Personal Computing
Never save passwords in browser
● Stores passwords in clear text
● Easy for attackers to extract
● High risk of accessing sensitive accounts such as banking, credit card etc.
Ad blockers and Anti-tracking browser extensions
● Protect your privacy
● Helps stop malicious ads
● Can lead to bad external sites
Helpful browser extensions
● AdBlock Plus (ad-blocking & anti-tracking)
● uBlock Origin (ad-blocking & anti-tracking)
● Disconnect (anti-tracking)
● Ghostery (anti-tracking)
Regularly clear browser cache & cookies
● Flushes out saved information that may not be needed anymore
● Helps to keep your privacy more secure
● Helps to keep your browsing experience fresh and clean
Recommendation:
❏ Chrome: Settings -> More Tools -> Clear Browsing Data❏ Firefox: Settings -> Options -> Privacy -> remove cookies❏ Safari: Settings -> Preferences -> Privacy -> remove web data❏ IE: Settings -> Safety -> Delete browsing history
http://www.wikihow.com/Clear-Your-Browser's-Cookies
Don’t use an Administrator account for everyday use
● If you’re an admin user, software (good or bad) inherits those privileges when run
● Allows full access to your filesystem, OS, and the ability to change many important things
Recommendation:
● Regular account for daily tasks
● Administrative account for software installation and system updates
Antivirus & Personal Firewall
● Antivirus is not the catch-all, but can help with known malicious attacks● Keep definitions and antivirus software always up to date● Run regular full computer scans● Ensure AV is always running● Always ensure your computer’s firewall is enabled and active
Good (free) antivirus software solutions
● Windows Defender (PC only, included since Win 8)
● Sophos Home (PC & Mac)
● Malwarebytes (PC & Mac)
Unknown/Suspicious Flash Drives
● Found, picked up, someone untrusted asks you to plug it in
● May appear to be a flash drive
● Can do malicious things, steal data, install malware etc.
Proper device disposal
● Always securely wipe or destroy the hard drive before selling or disposing of a computer
● If not wiped securely data can be recovered easily● Ensure all media types are removed/disconnected before disposal (eg. flash
drives, memory cards, CDs)● Physically destroy if wiping is not an option
Free utilities to securely wipe hard drive
● Darik’s Boot & Nuke (DBAN)● Active KillDisk● Disk Wipe● Eraser
Data backup
● One of the most important tasks for digital safety
● Create a schedule to do regular backups of important data
● Extremely valuable if primary data loss occurs
Paid Solutions● CrashPlan● iDrive● Carbonite● Acronis True Image Cloud● SOS Online Backup
Free Solutions● External hard drive + built in OS
solution● Google Drive 15GB free● Dropbox, Box, etc.● Manual backup to external media
Be wary of links and attachments in emails
● Even if the sender is known and trusted● If it’s not expected, contact the person to verify● Never follow instructions on emails that ask you to input credentials● Suspicious file names: invoice, receipt, bank statement● Suspicious file types: .doc, .docx, .pdf, .xls, .xlsx, .exe● Suspicious subjects: Shared Document, Need Help, Account Verification
Scam support phone calls
● Someone calls claiming to be from “Microsoft”
● Pop-up saying a virus or malware was detected, please call
● This should spark a red flag immediately
Wireless Networks
Home wifi best practices
● Password protect your wireless network
● Use a strong password to secure your network (at least 16 chars)
● Use strong encryption (WPA2)
● Change default username/password on your router
● Ensure WPS is disabled
● Only share password with trusted individuals
Public wifi
● Avoid public wifi if at all possible● Ensure computer is up to date, AV
running and firewall enabled before connecting
● Use a VPN if connecting to public wifi● If no VPN, always avoid sensitive sites
such as banking, credit card etc.● If no VPN, avoid logging into sites such
as social media, email accounts etc.
Passwords
Use strong passphrases● Think passphrase not password● Use different passwords for every account● Never use the same password you use for things such as email or facebook
for your sensitive accounts such as banking, credit card etc.● Regularly change your passwords
Use a password manager
● Keeps your account information in an encrypted database● Only have to remember one very strong and very long passphrase● Most have an auto-type feature that doesn’t require you to type in anything● 2 different types: Local file based and Cloud based
Local password managers
● KeePass (free)
● 1Password ($49.99)
● Roboform ($29.95)
● SplashID ($19.95)
Cloud based password managers
● LastPass (free or $12/yr)
● Dashlane (free or $40/yr)
● Sticky Password (free or $20/yr)
Two-factor authentication
● Something you know + something you have● Requires a second form of authentication to establish a login● Usually in the form of application on your mobile phone
1 32
Services that support two-factor● Google (Gmail, Drive etc.)
● Facebook● Twitter● LinkedIn● Some banks (Chase, Wells Fargo)
https://twofactorauth.org/
Mobile Devices
Apps
● Only install apps from the official stores (Apple App Store or Google Play)● Be wary of sketchy looking apps that may look out of the ordinary● Review permissions on all newly installed apps to ask yourself the question:
“Does this app really need to access things such as my camera and account information?”
● Pokemon Go
SMS & Social Media
● Be wary of text messages you may receive that are asking you to update or are providing suspicious information with a link included.
● Be mindful of what you post on social media● Review privacy settings of social media accounts to ensure that your data is
only accessible to those you want it to be
Updates & Patches
Updating best practices
● Important to keep your computer OS, software, and mobile apps updated to the most current version
● Plan a certain time and day of the week to check for and apply updates to your computer and applications
● Install software to check for updates and help notify you when they are available
Helpful Software
● Secunia Personal Software Inspector● Glary Utilities (Pro license available for free)