Archive for November 2012

Protecting Your System and Your Network

by in , , , , , , 0


In lieu of recent network cleanup activity I wanted to take this time to remind everyone of a couple of items that will help protect your system and your networks from virus attacks.

Attaching External Storage Devices
Before attaching any external storage devices to your computer whether it's a USB thumb drive or a large external hard drive, please run a virus scan on it before making the final connection.  This will save you alot of grief in the long run.

Clicking on Unknown Links in Email
If you receive an email and are asked to click on a link, unless you're expecting to receive an email with a link you may want to contact the person who sent the email before clicking that link.  The email could be a phishing or website spoofing scam that can either load unwanted malware or virus software onto your machine, or try and get you to give up personal information.  In either case, making a short phone call or sending a quick text or email will be worth not having to rebuild you machine.

Five Security Tips!

by in , , , , 0

  1. Warning Messages:  If you don't understand a warning message, say no and contact IT support for assistance.  It's easier to go back afterward and say yes if you need to than be sorry and have to IT support rebuild your machine.
  2. Certificates:  If you don't understand a website certificate message, say no and consult IT support.  It's easier to go back and say yes if you need to than be sorry and have to rebuild your credit.
  3. Antivirus:  Running antivirus does not slow your computer down nearly as much as a virus does.
  4. Back-up:  Backing up your data may seem like a waste of time — um, until you spill coffee all over your laptop.
  5. Passwords:  Writing down your password around your desk is about as secure as leaving a $20 bill lying on the dashboard of your car. How well do you trust anyone these days?

Effectively Delete Your Files

by in , , , , , 0

When you delete a file, depending on your operating system and your settings, the file may be transferred to your trash or recycle bin.  This "holding area" essentially protects you from yourself - if you accidentally delete a file, you can easily restore it.  Unfortunately, an unauthorized person may also be able to retrieve it.  Do the files in your recycle bin include credit card information, passwords, medical, or other personal data?  Does it contain sensitive corporate information?  


Trash Bin, Recycle Bin

Empty your trash or recycle bin on a regular basis to ensure that deleted information stays deleted!

November 2012 - secureCI Monthly Newsletter

by in , , , 0

secureCI presents Ouch!

The SANS Monthly Information Security Bulletin at Channel Islands


In This Issue…
• Overview
• Precautions You Can Take Now
• What to Do If Your Device is Lost or Stolen

Losing Your Mobile Device

OVERVIEW
Mobile devices are used for communication and for obtaining and sharing information. As a result, they often contain sensitive information, including email, text messages, voicemail, calendar events, location tracking, photos and videos. If your mobile device is lost or stolen, anyone who has physical access to your device can potentially access all this information and expose you, your contacts and your organization to serious risk. In this newsletter, we discuss the steps you can take to protect the information on your device in case it is lost or stolen.

Note: Most of this advice applies to your personal devices. If your mobile device was issued or authorized by your organization and contains organizational data, then be sure to follow your organization’s policies for securing mobile devices and for reporting loss or theft.

PRECAUTIONS YOU CAN TAKE NOW
One of the most effective ways you can protect your information is to secure your device while you still have it. A great place to start is enabling some type of access protection, such as a PIN, password or pattern lock. This helps ensure that only authorized users can use and access the information on your device.

  • PIN: A PIN (Personal Identification Number) is a number you have to enter to gain access to your mobile device.
  • Password: A password on mobile devices works the same way as a password on your computer or online account. This is an option you can enable on most smartphones. A strong password affords greater security than a PIN.
  • Pattern Lock: A pattern lock is a unique pattern that you draw on the screen of the device.

Strongly consider enabling the option to wipe your device after a certain number of failed access attempts, which can protect your device if it falls into the wrong hands. However, if you do enable this feature, be cautious of curious children. Regardless of the authentication mechanism you use, make sure that you do not share your PIN, password or pattern lock with anyone else and that it is hard for people to guess.

  • Remote Tracking & Wiping: Most mobile devices support software that can remotely locate and/or remotely erase your information from a missing device. You may have to install or configure special software while you still possess the device. iPhones and iPads come with this feature, called “Find My iPhone,” and it is enabled using an Apple ID. BlackBerry devices must be tied to a BES server or similar application in order to remotely wipe your device. Android devices must have special software installed for remotely locating and wiping your device.
  • Encryption: If someone has physical access to your mobile device, they can use advanced technologies and attempt to bypass your password or PIN and access the data stored on it. Encryption protects your data against these more advanced types of attacks. Some mobile devices come with encryption built in, while others require you to enable the functionality or install encryption software. iPhones and iPads provide built-in hardware encryption that is automatically enabled. Without your password, your data is protected. The Android has built-in encryption that can be activated in the Security menu.
  • Backups: Backups help ensure you can recover your information quickly from a lost or stolen device.  Backups should be performed regularly, and can be done using the following methods:
    • Backup directly to your computer.
    • iCloud is provided as a free service to all iPhone, iPad and iPod users. The user can select to back up their contacts, email, calendar, pictures, music and other files to an iCloud account.
    • Google Cloud is a free backup service for Android devices. The features of the Google Cloud are similar to the iCloud.

By taking some simple steps now, you can protect yourself if you lose any of your mobile devices.


WHAT TO DO IF YOUR DEVICE IS LOST OR STOLEN
Follow these steps to protect your personal information if your device is lost or stolen:

  • If the missing device was issued to you by Channel Islands and/or contains work-related data, then report the  loss immediately to the T&C Help Desk (helpdesk@csuci.edu or 805-437-8552) and follow their instructions.
  • If you installed tracking software on your mobile device, you will most likely have the option to wipe your data. Wiping the device will erase all of your personal information from the device and eliminate the risk of your data being accessed. If your device was stolen, you may want to contact law enforcement before wiping the device and notify them that you have enabled location tracking on the device. If stolen, you should not attempt to recover your device yourself.
  • Contact your Network Service or Phone Provider to alert them that your mobile device has been lost or  stolen. They may be able to put a lock on your phone number to ensure no one can use your device to make  any phone calls until you get it replaced.
  • Once you have purchased a replacement, you can use your backups to recover your information.

RESOURCES
Some of the links have been shortened for greater readability using the TinyURL service. To mitigate security issues, OUCH! always uses TinyURL’s preview feature, which shows you the ultimate destination of the link  and asks your permission before proceeding to it.

20 Android Security Apps:
http://preview.tinyurl.com/27qbb6w

10 iOS Security Apps
http://preview.tinyurl.com/bumb8vv

Google Cloud:
http://preview.tinyurl.com/cy49ntb

iCloud:
https://www.icloud.com/#find

Common Security Terms:
http://preview.tinyurl.com/6wkpae5

SANS Security Tip of the Day:
http://preview.tinyurl.com/6s2wrkp


LEARN MORE
Subscribe to the monthly OUCH! security awareness newsletter, access the OUCH! archives, and learn more about SANS security awareness solutions by visiting us at http://www.securingthehuman.org. OUCH! is distributed under the Creative Commons BY-NC-ND 3.0 license.

Save your work to the network file share.

by in , , , 0

A computer user working on a critical project was saving their analysis document on their desktop. Unfortunately, the desktop was located on their local hard drive and local hard drives were not automatically being backed up. When the hard disk failed, they lost the file and had to work through nights and a weekend to make up for the lost time. CI utilizes network backups so that your important files get backed up. P.S... important files don't include things like vacation pictures, or music files which can overburden the backup system.

Paper Files Need to be Protected Too!

by in , , , , 1

You've probably heard that "To err is human, but to foul things up completely you need a computer". It's important to protect the big databases where we store our data, but we can't ignore paper records. The amount of information held on paper may be much smaller, but many of the most serious leaks happen through very human methods — reports stolen from desktops or read over someone's shoulder. Keep sensitive paper files locked away when they are not being used and don't read them in public places.

Secure Your Wireless Router

by in , , 0

When setting up a wireless network at home, it's not unusual to be able to connect to your neighbor's unsecured wireless router. Not only can you have used his bandwidth for free, but if inclined, you could have used the connection for illegal activities. If the police came looking, they may not have been able to prove the activity didn't come from one of their computers.

Properly securing your wireless network isn't difficult. Review your routers manual for changing the SSID to something unique, turning on WPA (avoid WEP) for authentication, TKIP for encryption, and using MAC address filtering.

Shh! Don't say it out loud. The cubes have ears.

by in , , , , 0


Office work spaces seem to be getting smaller and smaller. This makes it  harder to keep conversations confidential when groups of people are within earshot. When necessary, use handwritten notes for transferring/discussing confidential information, and then shred the papers when done.