Technology Devices
Security and
Common Sense
Rita Reynolds
How Bad Is It?
The next few slides will show recent
breaches where at least one event
has affected each of us!
 How many of you have received new
credit cards this years, as a result of
a breach?
 How many of you have received
credit fraud protection as a result of
a breach?

How Bad Is It?

This week!
 Unusual
activity
 Investigating
 More than likely
breached
How Bad Is It?

Home Depot – September, 2014
 56
million credit cards breached
 Former employees not surprised
 Used outdated security software

JP Morgan – September, 2014
 Over
75 million households affected
 Went undetected for weeks
 Took names, addresses, phone numbers
and email addresses
How Bad Is It?
Crafts store Michaels confirms 3
million credit card numbers stolen in
hack
 Discovered in January 2014
 Occurred from June 2013 – Feb 2014

How Bad Is It?
Target (Dec 2013 – 40 million)
 Neiman Marcus (mid 2013 – 1
million)
 Horizon Blue Cross Blue Shield (New
Jersey – 870,000)
 Paytime (April 2014 – 80,000)

How Target was Breached
Partly from the retailer's failure to
properly separate systems handling
sensitive payment card data from the
rest of its network.
 Hackers broke into the retailer's
network using login credentials
stolen from a heating, ventilation
and air conditioning company

So Why Be Concerned?
1.
2.
3.
4.
5.
You get an email from HR that the
payroll service you use has been
hacked
Cancel your account
Set up a new account
Set up fraud protection
Call your spouse
So Why Be Concerned?
6.
7.
8.
9.
Determine there are multiple
accounts your check goes into –
close those accounts
Set up new account
Set up new withdrawls to pay bills
(maybe you had five)
You miss one – your bill is overdue,
you get hit with a late payment
So Why Be Concerned?
10. You
call the bank to see if they will
waive it
11. Suppose you were working on
refinancing your mortgage
12. Oh yea, now you have to wait for
new checks to come
13. And it goes on and on……
Why Educate Your Staff
Increase awareness of employees…
 Which leads to increased security of
county property by

 Departmental
Presentations
 Video Awareness (CCAP has a security
awareness video available)
http://www.pacounties.org/MembersOnly/Pages/TechnologySecurity.aspx
Why Educate Your Staff
 Reading
Materials
https://www.staysafeonline.org/stay-safe-online/
http://www.staysafeonline.org/stay-safe-online/resources
 On
the go security tips – click the
image!
Tips to Education
Robust Information Security Policy
 Strong Password Policy
 Educate little and often
 Work Closely with Other
Departments
 Provide Feedback
 Create a Culture of “Your Personal
Responsibility”

Protecting Yourself
Your Computer
 Your Passwords
 Your Online Accounts
 Your Data
 Your Credit And Debit Cards
 Your Cellular Telephone
 Yourself from Telephone Attacks

Protecting Your Computer
Use a shredder (cross-cut)
 Don’t keep personal information on
your hard drive
 Turn your computer off
 Turn wi-fi off when not in use

Protecting Your Passwords

How secure is my password
 https://howsecureismypassword.net/
 More
secure passwords include
Non-dictionary words
 Numbers
 Mixed Case
 Special Characters

Protecting Your Passwords
Password1
Protecting Your Passwords
Someone who I know that takes this seriously
Protecting Your Passwords

LastPass
 Have
to pay $12.00 per year
to use
 Works on mobile devices
 Easier to Use
 When setting up Passwords,
gives you a warning when
using a weak password
Protecting Your Passwords

KeePass
 Free
 Not
stored on
internet
Protecting Your Data

Buy or provide a USB drive that can
be encrypted
Practical Tips
Events out of the Norm
 Training that is memorable
 Unannounced trainings!
 Repetition
 Is something missing
 Clean desk/office/printer approach

Protecting Your Data

Back up your data
 To
the Cloud
 To an external device like an encrypted
USB drive
 Store in Safe Deposit box or other
secure location
 Perform backups on a regular basis
(monthly)
Protecting Your Online
Accounts

Use three different emails
 One
for work (set for you)
 One for personal communication and
official business
 One for fun stuff (newsletters, online
shopping, social networks
Protecting Your Online
Accounts

Use two step verification
 Examples
include Facebook and Google
 Factor one is something you know
 Factor two is something you have
Protecting Your Online
Accounts

Credit Report – one time each year
from three major credit services
 https://www.annualcreditreport.com/
 Equifax,
Experian, and TransUnion
 Look for accounts you did not sign up for
 Delete all unused or older accounts,
except for maybe the first one (as that
helps determine your credit score)
Protecting Your Credit and
Debit Cards
Set up a separate bank account that
you use for online transactions. Only
transfer in enough money (or a little
more) for the online transactions you
are doing.
 Credit Opt Out

 Optoutprescreen.com
Protecting Your Credit and
Debit Cards

Fraud Alert - If suspected abuse set
up 90 day fraud alert
 If
any accounts are attempted to be
opened up, creditors are required to
contact you
Protecting Your Credit and
Debit Cards

Freeze your Account - Anyone can
freeze or unfreeze their account,
stopping credit bureaus from
releasing your report without your
consent. Price varies by state, but
generally costs about $10.
Protecting Your Cellular
Telephone
Password – lock your phone! Always!
 Use Location App

 Device
provided – each make provides
free location apps. They are device
dependent.
 Cerberus – stronger location tracking
app.
Cerberus
Track
 Location history
 Lock with a code
 Send SMS
 Record Audio
 Take a picture
 Capture Video

Protecting Your Data From
Internal Attacks

Why
 Disgruntled
employee
 Competition
 Unaware
 Illegal
activity
 Addictions
Protecting Your Data From
Internal Attacks

How
 Secure
your wireless
 Don’t give out your Password
 Turn Your Computer Off (camera)
 Policy…policy…policy
In Closing
As the Edward Snowden scandal
highlighted, if a disgruntled worker is
determined to unearth critical information,
it is not that hard to do so. Snowden was
an IT contractor, but he gained access to
files he should not have, by simply asking
his colleagues to share their passwords
Questions?
Presenters:
• Rita Reynolds, CCAP CIO
[email protected]
Contributors:
• Mark Proper
• Kathie Zullinger
• Mary Jane McCluskey