COMPUTER SECURITY - GONE PHISHING. American College of Trust and Estate Counsel. Big Ten Regional Meeting. Chicago, Illinois.

Size: px
Start display at page:

Download "COMPUTER SECURITY - GONE PHISHING. American College of Trust and Estate Counsel. Big Ten Regional Meeting. Chicago, Illinois."

Transcription

1 COMPUTER SECURITY - GONE PHISHING American College of Trust and Estate Counsel Big Ten Regional Meeting Chicago, Illinois December 6, 2008 Kenneth P. Barczak Schober & Radtke S.C W. National Avenue New Berlin, WI (262)

2 TABLE OF CONTENTS A. Computer Security Threats Malware issues... 1 a. Hoaxes... 1 b. Botnets... 2 c. Types of botnet attacks ) Spam distribution ) Installation of keylogging software ) DoS (Denial of Service) Attacks/DDoS (Distributed Denial of Service) Attacks Theft, physical destruction, or loss, of data, computers and related hardware Hacking/crimeware Remote access computing... 4 a. WiFi hot spots/wired networks... 4 b. Home WiFi networks Social engineering/phishing/identity theft... 5 a. Social Engineering... 5 b. Phishing/Identity theft Web 2.0 applications - social networking... 6 B. Implementation of Best Practices Determine the gateway Protect the gateway... 8 a. Install... 8 b. Maintain a password policy... 9 c. Review metadata policies... 9 d. Consider Web 2.0 technologies e. Secure remote access connections ) Remote access/remote devices ) Types of remote access connectivity a) Wireless b) Wired c) Aircard ) Methods of remote access of data/applications a) Web based VPN b) Client based VPN c) Microsoft Terminal Services d) MPLS VPN e) Home VPN access f) UTM appliance connectivity ) Endpoint security a) Network access control b) Remote Wipe c) Minimum endpoint security ) Endpoint extension a) Cloud computing b) Virtualization i

3 3. Establish a backup/restore procedure a. Types of backup ) Full - normal ) Incremental or differential ) Immediate ) Disk vs. Tape ) Mirroring vs. RAID b. Types of hard drives to be utilized for backup procedures ) Direct attached ) Network attached ) Portable storage ) Online storage c. Restoring - the Key to the process - the need to reconstruct the data d. Imaging e. UPS (Uninterruptible power supply) Implement a computer use policy a. Review social engineering components b. Provide adequate training c. Exercise common sense C. Information Technology Personnel Responses to Computer Security Issues - Based on Firm Size D. Ethics ethics Metadata ethics Online Backup Systems ethics General sources a. American Bar Association Legal Technology Resource Center b. Legal Ethics.com E. ACTEC Website Presentation outline Computer Security: Fact or Fiction Computer Security link Technology in the Practice minutes F. Conclusion G. Informational Sources TechnoLawyer Free Newsletters via The Lawyer s PC Annual Law Firm Software Directory ABA Techshows International Legal Technology Association ADDENDUM - Links ii

4 COMPUTER SECURITY - GONE PHISHING American College of Trust and Estate Counsel Big Ten Regional Meeting Chicago, Illinois December 6, 2008 A. Computer Security Threats Computer security threat considerations have escalated over the last decade from concerns related to floppy disk exchange/transfer management, to exercising caution in opening attachments, to the point where they now encompass the following areas: - malware issues - theft, physical destruction, or loss, of data, computers and related hardware - hacking/crimeware, - remote access computing - social engineering/phishing/identity theft - Web 2.0 applications - social networking 1. Malware issues Although one of the most commonly used security threat terms is "virus," viruses actually mean different things at different times. The more appropriate terminology that gives a comprehensive overview of these concerns is malicious software (malware). Malicious software includes viruses, Trojan horses, worms, rootkits and bots. It generally has two components: a payload (i.e., a virus) and a propagation mechanism (the replication code that spreads the virus). Usually attacks are blended, exploiting technological vulnerabilities and social engineering, and challenging both and Web security. The total number of variations of malware is anticipated to reach one million by a. Hoaxes Hoax messages, which, unlike malware, are not capable of infecting the computer, still exist. They are, however, far less prevalent in scope, since a hacker s resources can be better spent on exploits culminating in monetary gain. 1

5 b. Botnets Of particular threat concern is the proliferation of (ro)bot malware, consisting of software which, once successfully installed in a computer, allows an unauthorized person remote access to the computer via the internet, resulting in issuance of remote commands. A botnet (robot network) consists of a large number (in the thousands) of compromised computers. Whereas, in prior years, virus infiltrations were primarily designed to shut down the computer, botnet installation will not disable the computer, and will remain transparent to the user, since the infected computer must remain functioning and connected to the internet for the botnet to work. c. Types of botnet attacks include: 1) Spam distribution A large percentage of spam comes from networked botnet computers. A botnet can use an infected computer to harvest addresses from the user s contact lists, and thereafter send massive amounts of spam, or phishing, s. Spam remains a major presence on the internet today. 2) Installation of keylogging software Keylogging (or keystroke monitoring) is a method of capturing information and recording user keystrokes through software programs downloaded from the internet or also through physical access to the computer. This type of malware can capture user IDs and passwords sent to web protected sites, such as online banking. The individual user names, passwords, and bank pin card numbers of the computer s owner are sent to a hacker s website. 3) DoS (Denial of Service) Attacks/DDoS (Distributed Denial of Service) Attacks The botnet instructs infected computers to contact a specific corporate server or website repeatedly, causing service to authorized users to be delayed or prevented, and, because of the sudden increase in traffic, the site may shut down. Hackers look for computers, including desktop computers in homes and low-profile small offices, that are permanently connected to the internet and not protected by firewalls. 2

6 The threats are real - evidence the following: Example: In 2008, the Storm Worm Virus spread through spam s which directed the recipient to click on a link to view an article about the FBI vs. facebook. Clicking on the suggested link downloaded malware onto the internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet. The Storm Worm virus has also been spread in s advertising a holiday e-card link. Example: In 2008, CNN was targeted by a DoS attack in an attempt to interrupt its news Web site. Example: In 2008, a DDoS denial of service attack hit government websites in the former Soviet republic of Georgia. Example: In 2007, the Storm Worm Virus, again, spread in the form of a spam with subject lines like: Are you ready for football season?; Free NFL Game Tracker; Football Season Is Here!; and Do you have your NFL Game List? The contained a link to a web page with actual game results, with the lure being a Game Tracker button in the upper right of the web page meant to draw users into downloading the free 'Game-Tracker' tool, however all URLs in the page linked to a malicious file pointing to a "NFL Tracker" Storm Worm trojan download. 2. Theft, physical destruction, or loss, of data, computers and related hardware Numerous incidents of theft, or loss, of laptops, Blackberrys, PDAs, USB sticks (i.e., thumb drives), and portable hard drives have been reported. Example: In 2008, London - A computer containing banking security details of more than 1 million people was sold on ebay for $64. The computer contained account numbers, passwords, cell phone numbers and signatures. The computer was sold without wiping the internal hard drive. Example: In 2008, a survey commissioned by Dell indicated that, at airports included in the survey, over 600,000 laptops are lost each year. The majority of them had not been reclaimed. 3. Hacking/crimeware Hackers were once comprised of a group of young computer-savvy individuals whose primary motive was to gain notoriety through sophisticated computer 3

7 exploits. As evidenced by the proliferation of botnet attacks, the most apparent trend is the change in the underlying motivation behind the attacks. The attacks are now classified as crimeware incidents - attacks bent on obtaining personal and financial information on individuals and businesses driven by a profit motive. Example: At the ACTEC 2006 Annual Meeting in Scottsdale, AZ., at a Computer Workshop - Paul Cook, a representative from Microsoft, spoke on the topic: Computer Security: From Y2K to Windows Vista - Are We More Secure? In the presentation, the following examples of information available for sale on the internet black market were provided: customized Trojan program, which could be used to steal online account information - cost - $1,000 - $5,000; credit card with PIN - $500; driver s license $150; birth certificate $150; social security card $150; Paypal account log-on and password $7. 4. Remote access computing Mobile devices are exposed to a variety of threats. Remote access to the office through laptop computers or Blackberry and other PDA devices has magnified the perimeter over which malware can be introduced to the internal office network. a. WiFi hot spots/wired networks WiFi hot spots in airports, cafes and kiosks, as well as hotel wired and wireless networks, are often unencrypted, insecure connections with improper configuration of firewalls, or the total lack of end-user device security. The increased use of wireless connections to the internet has also increased the risk of MitM (man in the middle) attacks. These occur in a public setting when an hacker in proximity to a laptop user creates a soft WiFi network access point connection to intercept the user s requested connection to a targeted website. The hacker then connects to a real access point through another wireless card, thereby offering a steady flow of traffic through the transparent hacking computer to the real targeted website. In actuality, the user, by connecting to the soft access point, is communicating with the hacker s laptop computer. The hacker intercepts all requests, and the hacker can then obtain identity information from the communications relayed between the user and the targeted website. b. Home WiFi networks Home WiFi networks possess security risks since most WiFi routers use default security settings that come pre-installed by the vendor and many end 4

8 users do not reconfigure these settings. An attacker can gain access to the administrative console of the router through the default password provided by the vendor, and can download malware to steal personal information for identity theft. 5. Social engineering/phishing/identity theft a. Social Engineering Social engineering (in contrast to physical computer security) encompasses the art and science of psychological tricks to get the desired results from human beings and to make them commit to unauthorized operations. The goals of social engineering are the same as traditional hacking, with emphasis on implementing social skills and exploiting human tendencies. Also, cultural analysts generally divide today's employees into three generations: Baby Boomers, Generation X and Generation Y, each with distinct behavioral patterns that affect risk levels in different ways. Example: Social engineering the USB way. Conference attendees are increasingly becoming unwitting distributors of malware. USB sticks (i.e., thumb drives) distributed at conferences may contain malware that could infect victims computers and connect them to botnets. Attendees generally readily use such free devices due to their utility, and eventually insert them into firm computer USB slots, thus infecting the computer. The issue is usually not with the vendor who distributes the USB drives, but rather with the source of the wholesale distributor from whom the conference vendor obtains the drives. Example: In 2003, London survey of the origin of user passwords. The most common password was "password" (12 per cent) and the most popular category was the user s own name (16 per cent) or date of birth (8 per cent). Two thirds of workers had given their password to a colleague and three quarters knew their co-workers' passwords. In addition to using their password to gain access to their company information, two thirds of workers used the same password for everything, including their personal banking, website access, etc. b. Phishing/Identity theft Phishing/Identity theft attacks are the most prevalent form of the use of social engineering to steal personal identity data and financial account credentials. Social engineering schemes use spoofed s to lead users to counterfeit websites designed to trick recipients into divulging 5

9 financial data such as credit card numbers, account usernames, passwords and social security numbers, thereby having the user surrender private information that will be used for identity theft. Sites utilized for phishing attacks have included Citigroup, Bank of America, ebay and PayPal. Example: In 2008, Thirty eight individuals in the US and Romania were charged with identity theft, alleging they used complicated internet phishing schemes to steal thousands of credit and debit card numbers. Example: In 2008, messages were distributed that appeared to be official subpoenas from the United States District Court in San Diego. A link embedded in the message purported to offer a copy of the entire subpoena. A recipient who tried to view the document downloaded and installed software that secretly recorded keystrokes and sent the data to a remote computer over the internet, allowing a criminal element to capture passwords and other personal or corporate information. Another piece of the software allowed the computer to be controlled remotely. 6. Web 2.0 applications - social networking The current phase of internet (Web) usage is commonly referred to as Web 2.0. Features of this phase include social networks, online media access (music, video, etc) through peer to peer (P2P) file sharing, and RSS (Rich Site Summary) feeds such as blog entries and news headlines. The risks associated with Web 2.0 applications include vulnerability as targets for phishing scams, malicious code attacks and information exposure, not to mention associated loss of productivity. The following list of Web 2.0 technologies are presently in the mainstream: Peer to Peer (P2P) File Sharing Examples: Torrents, Kazaa Social Networking Examples: MySpace, YouTube, FaceBook, blogs Instant Messaging(IM) Examples: Yahoo/IRC (Internet Relay Chat), and phone texting Removable Media Examples: USB sticks, Camera/phones, ipod/pda, laptop, Wifi Note: Linkedin.com, a well known social networking site, is generally considered an acceptable application. 6

10 B. Implementation of Best Practices Currently, managing computer security involves the following considerations: 1. Determine the gateway First, prepare an inventory of the various hardware devices utilized in the firm. Establish logs of when these items were acquired, purchased or leased, and their specifications. Include all remote access devices such as laptops, Blackberrys, and iphones, and all peripherals such as USB sticks, portable hard drives, Bluetooth and CD devices. Next, determine where the attorneys in the firm practice - remote offices, home, hotel rooms, airports - and the percentage of time working in each of these venues. This evaluation will determine the gateway that provides access to all of the firm s data and applications. Available software and hardware technologies and products must then be examined to protect the gateway. These issues are managed in the larger firms through IT departments numbering in the range of 10 full-time personnel to over 80 personnel, depending upon the size of the firm, with implementation of services being, for the most part, transparent to the attorneys in the firm. In a small firm setting, there is rarely an opportunity to have IT personnel on staff, therefore outsourcing of this management is prevalent, along with coordination with an on-site staff person, or attorney, knowledgeable in the technology area. In any such examination, the primary question to be asked is - why would any component of the gateway be given less credibility than any other in the examination process? For example, why would examination of the use of USB sticks be given less credence than the use of the file server at the main office, or why would examination of working at a remote site, such as a hotel room, be given less credence than working on a network connected computer at the main office? The fact is that there are widely different approaches taken when it comes to gauging the importance to be given to any of these various scenarios, and yet they are all part of the same gateway, and the only component that is required by malware for it to become operative is an entry point to the gateway. Therefore, when examination of the gateway is undertaken, give as much credence to one area as the other, obtain information regarding the available protections provided by vendors, and make any final decision based upon the usual budgetary parameters. IT personnel will always be able to find software and/or hardware applications to meet any security specifications - it is the implementation of these security based applications that will become a trade off of risk vs. productivity, 7

11 requiring a balanced approach of convenience vs. security. The following section examines available alternatives to providing appropriate computer security for the firm. 2. Protect the gateway a. Install: - antivirus software - anti-spyware and adware software - anti-spam software - a firewall - the latest updates Establish an anti-virus policy which would include not allowing the downloading of executables and documents directly from the internet, the running of unsolicited executables/documents/spreadsheets within the firm, and the playing of computer games or using screensavers which did not come with the operating system. Download updates on Microsoft's monthly Patch Tuesday. Be aware of conflicts in executables arising between different software applications when implementing new applications on the system. Wait until service pack 2" before upgrading an application to avoid being an unwitting beta tester of the product. Implement acquisition of a unified threat management (UTM) hardware appliance as another layer of security. This appliance is the next-generation network firewall. UTM appliances provide network level and content level protection through a combination of network-based zero day antivirus, antispyware, spam filtering, web and filtering, firewall, IPsec/SSL VPN, intrusion prevention, and traffic shaping capabilities. For small offices without in-house IT personnel, applying patches and updates to a single appliance is manageable. Utilize a purpose - built solution (ex. - Postini for spam protection - to allow for filtering prior to the spam reaching the UTM device) to supplement UTM appliance capabilities and to better utilize bandwidth for implementation of other applications on the UTM device itself. Recommendations: S Install the latest updates S Review protection of desktop, network, and peripheral devices 8

12 S Install an anti-malware suite for desktops for inside-of-thenetwork protection S Use a UTM (unified threat management) hardware device for the server for outside-of-the-network protection. These devices are affordable for any size firm b. Maintain a password policy Choose strong passwords - always combine letters, numbers, and punctuation. A strong password is a very powerful tool in the security arsenal. Consider the utility of using a passphrase vs. a password - usually a personal preference policy. Store passwords securely - encrypt and password-protect the file in which the passwords are saved. Consider downloading Counterpane Labs' free Password Safe utility, which utilizes Twofish encryption to encrypt the user name and password database. Use passwords securely. Use a different password for each system. Use different passwords to protect all critical accounts. Review the need for a second form of authentication, i.e., two factor authentication (also called strong authentication) - something you have (the device) and something you know (the device password). Example: Two factor authentication could require : (1) utilization of a one time password generated by a hardware key fob or token - either time based or event based, combined with (2) a personal secret PIN or password to provide authentication. The user is generally locked after a number of unsuccessful login attempts. Recommendations: S Create strong passwords. Use multiple words, mixed-case alphanumerics, and at least 12 characters to secure your passwords S Consider two factor authentication for remote access connections c. Review metadata policies Over the last several years, articles have been published emphasizing the need to review documentation to be transferred to opposing counsel (or even clients), by way of or otherwise, so that such documentation is clean from internal revisions, comments, and similar in-house product prior to being transferred out of the office. The nomenclature describing 9

13 the existence of the above documentation has come to be known under the term metadata - data about data. Metadata portrays how - when - and by whom - a specific set of data was gathered, and how the data is formatted. Metadata in itself is not malicious - ex. - consider Knowledge Management usage of metadata technology. Metadata software can be programmed with a prompt dialog to warn the user that the user is about to a document containing metadata. Affirmation of the existence of metadata concerns, along with a review of existing software solutions, should suffice to allow for requisite controls based on the desires of the user. ACTEC fellow John Rodgers, a member of the Technology in the Practice Committee, is in the process of preparing materials as part of a panel presentation on electronic data and related e-discovery issues at the upcoming 2009 ACTEC annual meeting. Recommendation: S Use metadata software that contains a prompt dialog d. Consider Web 2.0 technologies Realize the far-reaching nature of social engineering and social networking. Recognize the potential of productivity downtime with social networking sites. Facebook is noted to have over 100 million active users. Micro social networks based on specific areas of interest are also being established. Recommendations: S Maintain Web filtering policies S Block instant messaging e. Secure remote access connections 1) Remote access / Remote devices Remote access generally is thought of as the ability to access firm data and/or applications from other offices, hotels, airports, cafes, as well as from home. It could also be considered to be internal 10

14 office wireless connections to the network, although this is not a common usage of the term. Remote devices primarily include laptops, Blackberrys and PDA s, and would also include smartphones, WiFi connections, USB sticks, portable hard drives, firewire, Bluetooth and CD devices. 2) Types of remote access connectivity: a) Wireless b) Wired Public hotspot WiFi connections generally lack necessary encryption since they need to be open to all users. Unless virtual private network (VPN) or secure Web browser (HTTPS) connections are utilized, another wireless user in close proximity can monitor all localized wireless internet traffic, including passwords and messages. When searching for a wireless network, do not connect to an unsecured computer-to-computer network, also known as an ad hoc network, since this type of connection is not governed by a router and could connect directly to a computer operated by someone in the nearby vicinity. While there are published procedures to establish secure connections at any hot spot, best practice would be to avoid using remote access to the firm from any hot spot connection. Home user WiFi connections are generally less of a concern than public hot spots, and there also are published procedures available to establish secure home WiFi connections. However, as previously noted, since many home WiFi routers use default security settings that come pre-installed by the vendor, be certain to reconfigure the settings to establish another layer of security. Without this reconfiguration, administrative access is available wirelessly on most of these devices. Wired ethernet (hard wire plug-in) connections at a remote location (ex.- hotel) could be considered more secure than WiFi wireless connections, since the connection is directly from the laptop computer, with its own software firewall and antivirus applications, to the switch at the remote 11

15 location internet site. However, there is no consensus regarding this view, as some experts argue the reverse is true - that WiFi connections offer a more secure setting than wired connections. Wired connections at a home location could also arguably be considered more secure than home WiFi wireless connections, since the wired connection is generally made from the home computer, equipped with a software firewall, to a modem, or also to a router with firewall protection, and then to the cable connection. c) Aircard Usage of a wireless broadband aircard (cellular) connection for remote access is also recommended by IT administrators familiar with remote access security concerns. Aircard signals are like cellular voice signals, and communicate over different frequencies than the prevailing wireless WiFi connections, and the aircard could be used any time, anywhere. 3) Methods of remote access of data/applications For remote location users, once the internet connection has been made through the type of available connections as noted above, a method of accessing the data and/or applications at the firm needs to be established. The most common method of access is accomplished through the implementation of an encrypted point-topoint Virtual Private Network (VPN) connection. Several prevalent VPN based connections are available. a) Web based VPN Web based VPN connections operate through the SSL/TLS protocol - application layer protocol. With web based connections, data and applications remain at the firm, the remote user works with screen shots forwarded to the web page, and only applications compatible with the web based connection are available to the user. Examples of Web based VPN connections are Citrx for a larger firm and GoToMyPC for smaller firms. 12

16 b) Client based VPN Client based VPN connections operate through SSL(TLS) or IPsec protocol - tunneling layer protocol. A direct connection is established through the firewall, and full, or predefined, access to data on the firm server is made directly available to applications on the remote device, along with the attendant security risks of opening the server to the remote connection. In the client based VPN context, the availability of split tunneling, which would allow a device on the remote end of a VPN tunnel to simultaneously exchange network traffic with both the shared (public) network and the internal (private) network, would create a shared environment and potentially compromise access to the firm server. Therefore, split tunneling should be disabled to provide greater security over the connection. An example of a Client based VPN connection is the Cisco ASA remote VPN server. c) Microsoft Terminal Services Not previously considered to be a true VPN connection, Remote Desktop Protocal (RDP/RDC) is the protocol utilized for this data access alternative. This choice is considered by many IT administrators to be a less costly alternative to Citrix, and in the right circumstances is seen as an appropriate alternative. Similar to a web based VPN connection, the user obtains screen shots from the firm server. Recognizing previously documented inherent security problems with this method, Microsoft has established a Terminal Services Gateway client in the Windows 2008 server, providing a VPN level of protection to the connection. d) MPLS VPN Multiprotocol Label Switching provides a virtual private network VPN capability for large firm implementation, providing the capability to consolidate multiple local access circuits that have been dedicated to distinct types of throughput, such as data, internet, voice, and video, to a single port connection without compromising security or performance. 13

17 e) Home VPN access In addition to the method of VPN connection to be established, home remote VPN access has an additional concern due to the fact that home computers are generally utilized by other family members and could have malware placed on the computer through that usage, which malware could thereafter be allowed into the firm network through a VPN connection. For home remote access, consider utilizing a separate computer solely for VPN connection to the firm. f) UTM appliance connectivity 4) Endpoint security Unified threat management appliances acquired to protect the gateway, as noted above, are also capable of establishing a secure VPN connection to the firm. VPN connections provide secure encryption from point-to-point, however the true gateway endpoint must still be determined, since VPN security is only as strong as the methods used to authenticate the users (and the devices) at the remote end of the VPN connection. This would require the need to review endpoint security issues. Endpoint security is a strategy in which security software, through a process of network access control, is distributed to end-user devices, but centrally managed. a) Network access control Through network access control (or network admission control), a client program is installed on, or downloaded to, every endpoint, i.e., every user device that connects to the firm network. Endpoints can include PCs, laptops and handheld devices. A server, or gateway, hosts the centralized security program. Network access control allows only compliant and trusted endpoint devices onto the network by establishing a pre-connect security assessment - before connection to the firm is allowed. This assessment could include the placement of keys in the registry to validate the remote device in order to ensure compliance with firm computer security policies. The assessment can 14

18 also include examination of the configuration of the remote device, including the presence and status of behavior blocking, personal firewall, antivirus, and patch software. The procedure could include an automatic remediation process which would send updates and patches to the remote device so that compliant connectivity could then occur. Granular methods of control are available. b) Remote Wipe In the event that a remote device has been lost or stolen, remote wipe capabilities are available for Blackberrys, iphones, laptops and USB sticks. c) Minimum endpoint security 5) Endpoint extension At a minimum, the remote device should maintain updated antivirus and, if available, firewall applications to secure the true endpoint and ensure secure access to the internet, and thereby the firm, by way of wired, wireless, or aircard connectivity. The endpoint is soon likely to move again, as vendors continue to introduce concepts such as Cloud computing and Software as a service (SaaS), coupled with Virtualization of servers and desktops. a) Cloud computing Cloud computing is a computing paradigm in which tasks are assigned to a combination of connections, software, and services accessed over a network. This network of servers and connections is collectively known as "the cloud." Using a thin client or other access point, like an iphone, BlackBerry or laptop, users can reach into the cloud for resources as they need them. For this reason, cloud computing has also been described as "on-demand computing." b) Virtualization Virtualization for servers and desktops is meant to replace the current patchwork of desktop, handheld and server 15

19 operating systems - not to mention the variety of management, integration, disaster recovery and backup software that keeps most current data centers running - with a Virtual Data Center Operating System (VDC OS). The system will function as an internal-cloud computing model, allowing users to access data from anywhere, with anything, resulting in virtualization of applications, data, hardware, software and storage. Recommendations: S Maintain updated antivirus and, if available, firewall applications on the remote device S Use a UTM (unified threat management) hardware appliance S Review bandwidth requirements and usage when considering UTM acquisitions S Use secure encrypted point-to-point SSL or IPsec connections S Do not allow split tunneling on the VPN connection S Leave data and applications on the server S Use two-factor authentication for remote access S Do not access the firm remotely from airports and cafes S Use an aircard vs. WiFi S Reconfigure home WiFi router default settings to establish another layer of security S Use a separate computer for home access to the firm S Implement remote wipe on wireless devices S Find the true endpoint - consider placing an endpoint security agent on it 3. Establish a backup/restore procedure Backup/restore considerations constitute a major component of computer security. Security threats, as well as disaster losses, could render a firm unable to function if adequate storage capacity and redundancy did not exist. Backup concerns include protecting systems, firm and client data. Continuous data protection is available in most backup applications, generally capturing data changes within moments of the change. Backup includes the backup of laptops and USB drives. The key to a well implemented backup strategy is to utilize multiple layers of backups. The essence of successful backup is successful restoration. a. Types of backup 1) Full - normal Have backup software scheduled to do a full backup (not an 16

20 incremental backup) nightly. These backups also provide the ability to recover a file that was accidentally overwritten or deleted. Full backup is the fastest to restore. 2) Incremental or differential Distinctly different methods of intermediate backup of less than all of the data. 3) Immediate Additional contemporaneous backing up of an extensive file as it is being worked on (i.e., copy to a USB stick). 4) Disk vs. Tape There is increasing frequency of use of disk backup for archiving as well as first line backup - restoring data or files from disk has come to be considered as easier and more reliable then tape. 5) Mirroring vs. RAID Mirroring (RAID-1) - a server has its data duplicated on two different drives using either a hardware RAID controller or software. If either drive fails, the other continues to function as a single drive until the failed drive is replaced. The drives are generally hot swappable. RAID-5 - simultaneous use of two or more hard drives. The array distributes data across several drives, redundantly, however the operating system considers the array as one single disk. Parity is used to maintain data. If one drive fails, once the bad drive is replaced with a new one, the RAID "floods" all the data back onto the new drive from the data on the other adjacent drives. b. Types of hard drives to be utilized for backup procedures: 1) Direct attached Direct attached drives are attached to the PC via a USB 2.0, FireWire, or esata connection. The storage drive is used to back up the internal disk inside the computer connected to the drive. 17

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

How to stay safe online

How to stay safe online How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire

More information

Business continuity. Protecting your systems in today s world

Business continuity. Protecting your systems in today s world Business continuity Protecting your systems in today s world Introduction Lee Drake, OS-Cubed, Inc. Contact: ldrake@os-cubed.com Phone: 585-756-2444 30 years of support LOL Cat warning Warning this presentation

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Basic Security Considerations for Email and Web Browsing

Basic Security Considerations for Email and Web Browsing Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable

More information

Key Steps to a Secure Remote Workforce

Key Steps to a Secure Remote Workforce Key Steps to a Secure Remote Workforce Telecommuting benefits the employee and the company, the community and the environment. With the right security measures in place, there s no need to delay in creating

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

PROTECT YOUR COMPUTER AND YOUR PRIVACY! PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows Compulink Business Systems, Inc. 2645 Townsgate Road, Suite 200 Westlake Village, CA 91361 2013 Compulink

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

Compulink Advantage Online TM

Compulink Advantage Online TM Compulink Advantage Online TM COMPULINK ADVANTAGE ONLINE TM INSTALLATION, CONFIGURATION AND PERFORMANCE GUIDE FOR WINDOWS (Revised 07/08/2011) 2011 Compulink Business Systems, Inc. All rights reserved

More information

Best Practices for Secure Remote Access. Aventail Technical White Paper

Best Practices for Secure Remote Access. Aventail Technical White Paper Aventail Technical White Paper Table of contents Overview 3 1. Strong, secure access policy for the corporate network 3 2. Personal firewall, anti-virus, and intrusion-prevention for all desktops 4 3.

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Is your data secure?

Is your data secure? You re not as safe as you think Think for a moment: Where do you keep information about your congregants or donors? In an Excel file on someone s desktop computer? An Access database housed on your laptop?

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org

INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12. Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015

Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District 2014-2015 Computer Network and Internet Security Awareness and Responsible Use Indian River County School District 2014-2015 1 Through the availability of electronic resources provided by the School District of

More information

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition Why Switch from IPSec to SSL VPN And Four Steps to Ease Transition Table of Contents The case for IPSec VPNs 1 The case for SSL VPNs 2 What s driving the move to SSL VPNs? 3 IPSec VPN management concerns

More information

Desktop and Laptop Security Policy

Desktop and Laptop Security Policy Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

For assistance with your computer, software or router we have supplied the following information: Tech Support 1-855-546-5000, press 1

For assistance with your computer, software or router we have supplied the following information: Tech Support 1-855-546-5000, press 1 For assistance with your computer, software or router we have supplied the following information: Tech Support 1-855-546-5000, press 1 Talk America Services Customer Service 1-855-546-5000, press 3 TALK

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

Basic Computer Security Part 2

Basic Computer Security Part 2 Basic Computer Security Part 2 Presenter David Schaefer, MBA OCC Manager of Desktop Support Adjunct Security Instructor: Walsh College, Oakland Community College, Lawrence Technology University Welcome

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

AVG AntiVirus. How does this benefit you?

AVG AntiVirus. How does this benefit you? AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to

More information

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.

Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc. Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Countermeasures against Spyware

Countermeasures against Spyware (2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?

More information

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details: Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for

More information

Data Loss Prevention in the Enterprise

Data Loss Prevention in the Enterprise Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there

More information

Countering and reducing ICT security risks 1. Physical and environmental risks

Countering and reducing ICT security risks 1. Physical and environmental risks Countering and reducing ICT security risks 1. Physical and environmental risks 1. Physical and environmental risks Theft of equipment from staff areas and Theft of equipment from public areas Theft of

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Network Security for End Users in Health Care

Network Security for End Users in Health Care Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information

More information

WHITE PAPER. Understanding How File Size Affects Malware Detection

WHITE PAPER. Understanding How File Size Affects Malware Detection WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through

More information

Email Security. 01-15-09 Fort Mac

Email Security. 01-15-09 Fort Mac Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging

More information

DOL New Hire Training: Computer Security and Privacy

DOL New Hire Training: Computer Security and Privacy DOL New Hire Training: Computer Security and Privacy Table of Contents Introduction Lesson One: Computer Security Basics Lesson Two: Protecting Personally Identifiable Information (PII) Lesson Three: Appropriate

More information

Cyber Security Best Practices

Cyber Security Best Practices Cyber Security Best Practices 1. Set strong passwords; Do not share them with anyone: They should contain at least three of the five following character classes: o Lower case letters o Upper case letters

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

Tips for Banking Online Safely

Tips for Banking Online Safely If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE About the Author. Acknowledgments. Introduction. Chapter 1 Understanding the Threats. Quantifying the Threat.

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

The evolution of data connectivity

The evolution of data connectivity Leveraging the Benefits of IP and the Cloud in the Security Sector The CCTV and alarm industry has relied on analogue or Integrated Services Digital Network (ISDN) communications to provide data connectivity

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT

A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT A GUIDE TO SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT TECHNICAL DOCUMENT TECHNICAL DOCUMENT SECURITY AND PRIVACY IN A HOSTED EXCHANGE ENVIRONMENT 2 OVERVIEW When it comes to deploying Microsoft

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Data Security and the Cloud

Data Security and the Cloud Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW

More information

BOWMAN SYSTEMS SECURING CLIENT DATA

BOWMAN SYSTEMS SECURING CLIENT DATA BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Learn to protect yourself from Identity Theft. First National Bank can help.

Learn to protect yourself from Identity Theft. First National Bank can help. Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

TMCEC CYBER SECURITY TRAINING

TMCEC CYBER SECURITY TRAINING 1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.

More information

IT Services Qualifying & COP Form Training. April 2011

IT Services Qualifying & COP Form Training. April 2011 IT Services Qualifying & COP Form Training April 2011 1 Agenda Purpose for the COP Form & How it Should Be Used Customer Opportunity Profile (COP) Form Identifying Virtualization Opportunities Identifying

More information

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9 Security CLOUD VIDEO CONFERENCING AND CALLING Whitepaper October 2015 Page 1 of 9 Contents Introduction...3 Security risks when endpoints are placed outside of firewalls...3 StarLeaf removes the risk with

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE

HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE This plan describes the standards for the security of all data contained in the Philadelphia Continuum of Care Homeless Management Information System

More information

Protect your personal data while engaging in IT related activities

Protect your personal data while engaging in IT related activities Protect your personal data while engaging in IT related activities Personal Data (Privacy) Ordinance Six Data Protection Principles Principle 1 purpose and manner of collection of personal data Collection

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices 8-27-2015 4-007.1 Supersedes 4-007 Page Of 1 5 Responsible Authority Vice Provost for Information

More information