>> CINDY SOBIERAJ: Today's webinar is titled: Digital Self Defense: Tips, Tools, and Best
Practices to Stay Safe Online. Our presenter is Ben Woelk, president and manager of the
security management at RIT, where he developed a leading security awareness program.
Ben is a member and former co-chair of the EDUCAUSE security awareness and training working
group of the higher education information security council. He's also former director
and community affairs I'm sorry. Former director and community affairs committee chair for
the society for technical communication and a current scholarship committee chair.
Ben is a certified information systems security professional. A certified professional technical
communicator accredited trainer and an iTIL, Version 3 certified.
He holds degrees from the University of Florida, Trinity International University and the University
of Rochester and an enhanced certificate in technical information design from RIT.
Ben is also adjunct faculty at RIT, teaching classroom and online courses computing security
fundamentals and technical communication. Prior to joining RIT, Ben provided technical
communication and change management consulting to number of area Fortune 500 companies. His
current interests include working with other security awareness practitioners to develop
effective security awareness programs and providing mentoring and coaching to new and
aspiring introverted leaders and speaking of presenting workshops on introverted leadership
creating security awareness programs and technical communication.
Thank you for joining us today, Ben. This is your second time back with us, and we're
thrilled to have. Let's get going. >> BEN: Okay, thanks, Cindy, and thanks everybody
for joining us today. It's a rather daunting introduction but we'll move past that.
Today we're going to talk about digital self defense and digital self defense is what we
branded our security awareness program here at RIT, and this is a slight variation to
in person class we provide to staff five or 6 times a year. We'll save the questions at
this time end but we'll have a couple of times of interactivity through the presentation.
So we're going to start with a cartoon, I'll read it for you but it has data security as
the announcement of what the event is. And in this corner, we have firewalls encryption,
antivirus software, et cetera, and in the corner, we have Dave.
I apologize to the Daves that may be on the call.
In general, what this cartoon is telling us that it doesn't really seem to what technical
concerns we have in PlayStation or what we do to protect other people or even ourselves
'cause we always manage to make a mistake at some point or another, and we're also faced
typical human adversaries and they are very creative and they will find new ways to attack
us as well. So I'm going to postulate that you are all
are targets, every single one of us. When you take a minute to enter your ideas into
the chat about why you think you personally might be a target and we'll share some of
those ideas. >> BEN: So we're getting a good variety of
responses. A lot of it, honestly, just comes down to the fact that we're online and we're
vulnerable and that we do a lot of shopping and other types of things where we where it
may put our identity on the risk. This is a word cloud. It's not one I put together.
So when people ask me about specific things in there, like "bogies," I don't really
have what they meant by that but the idea here is to give you an idea of all the possibilities
why you might be attacked and why, again again, why you're a target again.
So basically it doesn't matter if you have a million dollars in your bank account it
doesn't if you have $1,000 or less in your bank account you're still going to be targeted
by online scams of some kind or other because they have good return on their investment.
So another thing to enter in the chat here this is prefacing a little bit of research
I'll have that going to share in one slide and it's not a bunch of research but Google
did some research a couple of years ago they published, I think, in the summer of 2015
they interviewed security experts who had ideas of what people should do to stay on
safe online, but they also interviewed normal people and for the we'll is normal and the
question I have for you all, what would you tell someone to do to Stay Safe Online? What
are the biggest things they need to do. And, again, you can enter your recommendations
into the chat on that as well. >> BEN: And there are really no wrong answers
with this but again I haven't seen what y'all have been putting in the chat yet.
>> BEN: So it looks like most of what we've got up here so far has to do with passwords
and what they call authentication. However, the lasting one keeping your operating system
and B I/OS up to date and this is the second time I've presented in the last 3 years since
that research essence come out where anybody has actually come up with that answer so congratulations
on that from the security expert's view that's the thing you need to do. To install your
software updates. My computer security says never give that
as one of the things you should Stay Safe Online so given the if you plan to be experts
on this and normal people don't normally answer this question this way tells us there's a
real gap in communicating what people really need to do to Stay Safe Online.
Now, the reason that it's so important to install software updates is because what will
typically happen is that someone will discover a vulnerability or a way to exploit or break
into a program I mean, they're all building millions of lines of code and all it takes
is a little error or something that when the excuse me, when the program was developed
wasn't a problem that could be now. So what happens with the software updates is the vendors,
whether it's Adobe or Microsoft or something else, they release these patches or software
updates and this addresses those holes or vulnerabilities or weaknesses, and they said
that's really the most important thing to do.
Now, looking at the rest of the list you can see on the nonexperts top online safety practices
which we're assuming here. You think intestine software virus is on the list and other things
primarily about a couple of them are about passwords. There's about one only visiting
websites they know that makes for a very small internet and maybe safe but I think it kind
of ruins the experience, and to not share personal information which makes perfect sense.
(Coughing.) >> BEN: On the right side, the security experts
top online security practices most of those are around passwords or around passwords of
some type and we'll talk about these things and the other is install software updates
but what's interesting is that the using antivirus software is not on that list of the top 5
things that the experts think you should do, and we still have a requirement for doing
that at RIT and you should still have it, but I think part of the issue here is that
people may assume that having antivirus software protects them completely, while on a typical
day it might recognize maybe 65% or 85% of the different threats out there so it doesn't
really provide the level of protection that we might expect.
There was a really interesting survey and the results came in kind of surprisingly.
So in terms of protecting your computer and information the links on this slide are are
two resources here at RIT and what the information security office has provided. And we're going
to cover a couple of these things during this presentation today but a good part we're not
going to do but this is more information about things that you need to think about. Policy
and standards are things that you will probably run into in your workplace where you have
requirements about what you need to do in terms of using whatever the computing structure
that you have there. I have another cartoon, and some of you have
probably seen this but we're going to take a minute on this one and give you all time
to read through it. It's pretty dense. I think you can probably read it unless you're viewing
off a mobile device. But let's take a minute and then we're going to talk about what this
cartoon means. >> BEN: Like I said, a very long cartoon.
It gets a little confusing because they talk of bits of entropy, and that gets into complexity
and I'll talk about that in a minute but it's not something that you really need to be aware
of that part of that. What they're showing it here is the way security
experts have told people they need to construct passwords in the last 15 or 20 years is wrong.
They told us they need to be very complex now, troubadour and 3 is not completely because
the idea is they made us put together passwords so they're hard for humans to remember. And
because of that, we end up using the same password over and over again and make a slight
variation maybe it would be Troub4dor & 3 & 4, and people will save it on their desktops
and an Excel file and what happens you got a very limited amount of the passwords our
using something to remember those passwords by which isn't secure.
What's interesting correct horse battery staple which are four common English words -- if
you make it together, it makes a really strong password. I wouldn't use correct horse battery
staple because it's been out for a while and I'll tell you why it's really good news that
this cartoon is talking about. There's a password staple but what this kind
of does kind of measure how strong is to break based on its complexity. Now, it's a little
confusing because you could put in the word password and it would say it would take how
many things to break it something very simple so it's really only looking at things in terms
of complex not use of common passwords so if you look at the screen you can see it's
got this brute force search space analysis and you'll see that change as we go through
the example, but down at the bottom you're going to see time required to exhaustively
search this password space and that means how long to break the password and they've
got a couple of scenarios whether it's one computer online attacking you or it's somebody
has actually gotten access to your computer directly and then they've got this massive
crack erase and massive computers and they have a botnet all trying to break that password.
So let's see this haSAK.com shows us here. So 6 letter passwords, very basic password.
It's all lower case. Now, if you look at it, you'll see in that search space analysis it
says it has 6 characters and the search space is 26 because there's 26 different characters
in our alphabet. But the more important thing is when you go and look how long it takes
to break the thing if you look especially at the second tubing I think they're probably
more relevant your offline fast attacks scenario is.00321 seconds. So much faster than I was
even able to talk about it. So that's with 6 letters. So what we're going to do now we're
going to increase the complexity a little bit. And we're going to do that by adding
a number on substituting a number for the 0 because I want to keep it the same lengths
right now. So what you see the search space depth you've got 26 letters and 10 different
numerical characters to be removed and there's a lot of things for cracking tool to search
through and we've updated it to .0224 seconds so we're like 7 times more secure than we
were the first one but, obviously, not very helpful. At all. So what else could we do
to make this password stronger? You can see that we've got the lower case is checked,
the digit is checked and we'll add a symbol and make one of the letters upper case and
let's see what it does. Changing one letter to upper case all of a sudden, we're at .577
seconds. Still not good but much, much stronger than we were before. And if I make one of
these letters a symbol, all of a sudden, we're at 7.43 seconds. So it's far more far stronger
than the password was that we talked about initially. It's still not going to do it.
Obviously, you know, a 6 character password if they've got access to your computer it's
going to take 7 seconds, roughly, to break it. And hardly any time at all they've got
multiple computers that are trying to break into it.
So we're going to talk about what we can do to make it stronger. I've done all the complexity
things. We've got the upper case and the lower case and the digits and the symbols but what
I want to start doing now I want to make it a little bit longer. So right now it's at
6 so we're going to go to 8. And let's move that to 18.62 hours for the offline fast attack
or 1 minute with a massive cracking erase scenario which sounds really exciting in theory.
We're going to go to 10 characters. Now, it's gone to 19.24 years for the offline fast attack
and a week on the massive crack erase scenario. Let's go to 12 characters and see what has?
So by the time you get to 12 characters even in this massive cracking erase scenario they're
at 1.74 centuries to break that password so not something we have to worry about and 1.74,000
centuries in terms of the offline fast attack scenario where somebody has got access to
your computer. So what this really tells us in I'll talk about it in a little bit more
is that complexity was really important but where we saw the biggest games and a strong
password was by making it longer. Now, if I tell people oh, you're going to be perfectly
safe which I'll never say but if you'll be safer using a 201character password you got
to be out of your mind I'm not doing every 20 character password I know I'm supposed
to have a different one for each one but that's just way too much trouble so let's talk about
some of the options here. Let's talk about something called a pass phrase. Now, the text
I have it was a dark and stormy night which should be familiar to many of. That comes
from a couple of places. One if you're a peanuts fan there's a cartoon Snoopy's on top of the
dog house, typing out: It was a dark and stormy night. It's actually Bluwer Lytton fiction.
It's by a late Eighteenth Century Englishman named Bluwer Lytton, and he put together a
one sentence introduction to a novel, which I'm not reproducing here but it went on and
on and on, and it's really regarded as the worse introduction to a novel in British history.
So, of course, what they did they made a contest and every year they have a contest where someone
submits the worse possible opening to a novel and they kind of rate it and score it and
whoever wins the trophy has got the worse introduction fun fact but, obviously, not
critical to what we're doing. So I'm going to use it with a dark and stormy
night for my pass phrase and I'm going to turn it into something that's actually useable
and would work for us in the computer age here. I need to increase the complexity. We've
got one upper case and all lower case letters so I'm going to change it to it was a dark215&StormyNight
and it gives us special characters and it gives us all of those different elements that
we need. Now, what's interesting is that as you've
seen looking at the previous example with the haystack thing that length is really far
more important than complexity when you're constructing passwords.
So looking at this pass phrase in that calculator, even with a magnification cracking scenario
it's at 89.14 trillion, trillion centuries to break that password. So I think we aren't
going to worry about that one too much. So that's great. Now all you have to do is have
a 25-character pass phrase for every account how hard is that going to be. That's not going
to a very good thing. So we're going to talk about something called
a password manager, and I'm going to jump because I've got a poll question here basically
ask do you use a password manager? And I would like you to complete the poll while I'm talking
about it here, but what a password manager does it manages your passwords so the examples
we have up there KeePass, Password Gorilla, LastPass are all examples of different password
management tools, and the way they work and I used LastPass about 10 years now. The way
they work is you construct this really good pass phrase kind of as your key to your Vault
where you're saving all these other passwords and it will save all the passwords for you
for all the websites that you go to. It will create complex passwords which are going to
be long passwords which have all the complexity that we know that we're supposed to have and
we'll basically provide a way for you to have a password manager on your desktop or with
your browser and be able to have a different password for pretty much every single account
you have online which is the ideal thing because you don't want to use your banking password
for your social media account because if somebody breaks it or tricks you into giving it up,
they're going to have access to your bank account.
So how did we do on the poll here? Do we have any responses yet?
>> CINDY: I'm opening it now. >> BEN: It looks like we've got a very small
percentage of users that are currently using the password managers and nobody said not
sure which is probably a good answer. (Laugh.)
>> BEN: But it's something that I haven't seen a lot of people do somebody told me about
it. They said it's really going to revolutionize the way you use the internet because now you
can have all of these different passwords. And, of course, the big question that comes
up how do I know my passwords are safe doing something like this? Because, obviously, if
you use something like LastPass -- it's a vault that's online and
it's storing millions and millions of different passwords so it's going to be a big target
so what happens with this is that the passwords are stored in an encrypted format. It's a
strong encryption and, yes, there's always a risk with information security. I will never
tell somebody you're going to be 100% secure. We just can't ever say that, but what the
tradeoff has been that I've seen is this helps you use more passwords, which we know is strong
which we know is a good practice. It's stronger to do and you've got some risk in terms of
passwords being exposed but it hasn't happened so far. I mean, lots of people are trying
to get into it and it's the kind of thing if it does happen, you're going to get a notification
and you'll have to change some passwords but again in terms of your working life it's a
lot easier to do this. So I have no stake in these password manager companies but I
do recommend one that you take one of them at least.
And the next thing I want to talk about is something called Multi Factor Authentication.
Now, I think the Google search might have called this two factor authentication. I don't
know, but Multi Factor Authentication. And some of you may recognize some of the pictures
on the slide. But Multi Factor Authentication is normally when you go online you have to
indicate who you are and something that indicates your secret passwords so that you can get
in. So that's they only call it one factor and only using one thing to prove who you
are. With Multi Factor you have something else so you have this password you know and
you have something else which is used to log in.
Now, with things like the Google Authenticator, which is the G in Duo, these are online these
are actually apps for your smart phone and mobile device and they work in conjunction
with the site that you're trying to log into so make sure when you log in to a specific
website and for RIT we've protected our Oracle information or my info site for those of you
who have been at RIT and to log into that now you have to have your user name and your
password and you have to interact with Duo and it's very simple because you basically
on the screen you're logging in and it says Duo, send me a push or Duo call my L.A.N.
line and you've got a smart phone and it buzzes and you say, yes, and you get to log right
in. Some of the other examples in here there's a YubiKey, which is a way of storing passwords
credentials that you use to log into a cower there's an RSASecurID and I had one 20 years
ago when I was doing consulting and that number would change every minute and you would have
to enter that number every time you logged in.
The other thing on the slide, Turn It On, that gives instructions for about 100 different
websites in terms of turning on two factor authentication, and it's probably the best
way to protect yourself. Again, security usually makes things a little
harder to do but it's always that tradeoff between your protection and things being a
bit harder. So my next question take a minute here into
the chat, what do you think the most common way is of getting a password. What are your
ideas on that? I'm going to answer Christina's question right now because we're in the space
right now. In terms of passwords, personally I use last
price and that has troubled in price over the last year. It's $24 a year for using it
on your computer and unlimited mobile devices so you're talking $2 a month for the protection.
There's an open source one called KeePass, which I know people who have used it for years.
I'm not really fond of it because it's open source and open source to me means that the
documentation is terrible because it's put together by a group of programmers and they
understand it. But KeePass LastPass, Password Gorilla. There's another one out there that
I'm not remembering right now, but I typically, what I would do I would search Ghoul for password
recommendations and get past the paid ads and look for the ones that may actually do
some review on it, but the important thing is you use one.
So what did we have in terms of common ways of getting passwords? What did people enter
in the chat? You're just asking for it, spoofing spoofing in the sense of pretending that you're
somebody else. Asking for it, address, pet's name or kids' name. Absolutely, people love
to use your pet's name as passwords and they also you have to post pictures of their pet
so it's not real hard to figure out but in general the and the other question that came
up here and I'm trying to read the chat one and talking which is a mistake but the dash
link the one I can't remember the name of it was, and I personally have not looked into
that very much, but the key things you're talking that I'm seeing in here so far they're
trying to fool people into giving up their passwords and that's the far most effective
way to do it there's very little risk to the attacker they want have to be clever or buy
tools to figure it out or break a password like we showed earlier. The easiest thing
is just asking for that password. Now, the nice thing about the Multi Factor
Authentication is that even if you give up that password, because it's requiring that
other piece of information, they don't have actions to it. So your account is still protected.
So that's the really that's why we think it's such an important thing in terms of protecting
account credentials. And the other trick, of course, is people
said spoofing and I'm going to use phisching in terms of people fooling you into giving
up your password. The tricky part is finding out if it's a issue if fishing account, and
if you don't have a PayPal account and you get an email from PayPal, it's obvious it's
not yours. For years it was easy to tell because the grammar would absolutely be terrible and
as long as you're not in too much of a hurry you could tell something was wrong with the
request that had come in. But essentially those kind of problems have been taken care
of because attackers can now buy kits online to do phisching attacks and it takes care
of these nice templates making it easier for you to fool with. So the rule of thumb we
have and I've got the slide out of order. Don't give up your password. No one legitimate
is going to ask you a password send you an email to ask for it. They don't need it to
reset it so just don't do it, so that he gets this slide I have up here the one on fraud
scams and malware gets into the other types of social engineering types of attacks where
they try to trick you into doing things there's been a lot of talk, you know we've all seen
lots of things about the elections lately about Russia attempting to do social engineering
and that has been their practice for many, many years. It's like we've finally woken
up this time. But the big deal is to trick people into doing things or get people to
do things they wouldn't normally do. So the kind of things we see in fraud, scams
and malware malware is malicious software which usually would be an attachment or something.
But we see requests like they came from the president's office asking for a copy of everybody's
W2 Forms. Or can you transfer the $500,000 amount and do a wire transfer quickly. We're
behind we need to get this thing paid and it looks like it's come from the chief financial
officer requesting somebody do that, and it's all where they try to trick people and it's
all different types of attacks. Say I'm a small nonprofit locally we've seen a steady
stream of fake invoices trying to trick our treasurer looking like it comes from the president
and tricking the treasurer into paying something. This is not just directed against long groups,
it's pretty much directed at all of us. The rule of thumb you don't want to take the bait
and don't give up your password and this section we're going to talk now of protecting your
identity and your online safety when you're doing social media and things like that.
So the newer threat we've seen that started probably about 2 years ago and we're seeing
more and more of is something called Ransomware and you can see this is a screen shot and
I think it says you have to pay $300 or 250 or something like that to get your files back.
But the way Ransomware works is that they trick you into installing a piece of software,
malicious software and that software goes and encrypts all the data on your computer,
and the better ones, air quotes around that, if you're connected to a network share or
a portable hard drive, it will also go in and encrypt that information as well. So the
problem is that once it's done it's too late to do anything about it and if you're lucky
maybe you're antivirus detected it before it started maybe you've unplugged your computer
really quickly and it didn't get very far into it. And you still have to figure out
what happened after you plug it back in but the key once you've been attacked it's too
late and you want to see things about the last year or two about the police departments
had their data encrypted and having to pay a large amount of the money. A large health
care system was attacked in the United Kingdom years and I believe to pay a lot of pounds
to get their data unlocked again. So the real issue is how do you protect against something
like this? You have to protect against it ahead of time. You have to back up your data
and we're all Leah about this sort of thing and it's like oh, we know we'll be okay and
we know our hardware might crash sometime but, of course, we're going to get some kind
of warning that it's going to happen which, of course, doesn't happen, and even online
accounts like Dropbox and things like that some of this Ransomware is sophisticated to
reach up into those accounts and encrypt it also. Best rule of thumb with protecting yourself
against Ransomware making sure you have a copy of your data and that means regular backups
and it means not just having a portable hard drive connected to your computer where you
copy files over. You actually need use some kind of a program for it. But so Ransomware
is probably or one of the scariest things come down the line last year.
Now, this point in time I usually pop up this slide and some of my audience I'm sure is
old enough to remember this, but these are the old duck and cover drills where everybody
hid under our seats to protect themselves from atomic bombs which, obviously, wasn't
going to do any good but it made us feel like we were doing something and I got a lot of
people in the audience who look like deer in the headlights and I want to talk about
some of the things you can protect yourself rather than telling you all the bad things
that can happen. Again, the Number 1 thing don't get hooked.
Never respond to email requests or phone calls or text messages or anything health that are
asking for your password. That's an easy one. If we just did that we'd be in great shape.
The other question I've got as we launch into this is I'm assuming most of you have mobile
devices, smart phones or tablets of some kind or other. The question I have for you we have
a question, yes. Is do you have a mobile security app on your phone? If you do, please it's
a poll so please answer the poll. I'm interested to see what the responses are here. 'Cause
I know how it goes when I'm doing this as a live in person.
>> BEN: It's not looking too good for the yes but someone it has. 2 people. So here's
part of the issue we have and all of you know this. Especially if you're an iPhone users
and I don't want to bash Apple on this but Apple has never made but they made things
easier for users and they've given a nice interface. They don't talk about security
very much and iPhones can be attacked and androids can be attacked and pretty much any
of the operating systems that are out there on smart phones and tablets and the things
like that. The list here is kind of a short list like the things like find my iPhone but
some things are actually apps that you can add from your marketplace or your Google Play
Store depending what you're using and they provide additional security. They'll scam
the applications that you're trying to install. They'll make sure they're okay and they'll
tell you if you've got weird permissions you're asking for if they're able to do things more
often than not. Again, I encourage you to research various, you know just do your Google
search of mobile security apps for whatever kind of device you have and see what the recommendations
are. You'll find that will secure things and the reason why this is so important I think
most of us are aware that over the last several years there have been far more smart phones
and iPad things and tablets stolen than regular computers and what it means for the cybercriminal
who's out there trying to trick us and get our money they're going to go after those
mobile devices. That's where people are and that's where they're going to invest their
money. And they're not as easy to protect. One of the questions I typically ask in the
class is how do you tell where a link goes to on a mobile device? And we're not going
to ask it as a question now but what happens is you can't hover your cursor over it like
you would over a computer. You can't really hover your finger over it either, and if you
just touch the link it takes you there. If you find out where it goes you actually have
to push down on the link with your finger and hold it down until it shows you where
it goes. And that is not a good design. Obviously, if you let up on your finger too soon it's
taking you to that link. So this is one of the reasons, I think, that mobile devices
are attacked so much 'cause they're just harder for us to think about defending.
Now, what's interesting is that Google question that came up really easy where the most important
thing to do was to install software updates we do that on our phones. We know we need
to do that on our phones. We get them daily for all these different apps so it's the same
thing with your computers you want to make sure things are kept up to date.
So I'm going to talk about a few other things here about protecting your information. Great
drawing created by a student who worked in our office at one point in time and it's very
it's a good illustration what's out there because something may appear to be a sheep
but it's really a wolf in the background and you cannot tell by what you see online. You
cannot tell. Friend requests hey, great. But who knows what they're really like. It's not
saying criminals can't look great either for that matter.
So my Number 1 rule of thumb we can never assume on privacy whatever we share online
we have to assume at some point it's got to be revealed. We had no control over what happened
with Equifax with them revealing all of those passwords or Yahoo! I think they revealed
2 billion passwords. They had 2 billion passwords. They revealed every account password they've
had and we have very little control but we do have control over the types of information
we share and that really comes into social media. A lot of times you'll sign up for Facebook
or some other social media account and it may ask for your birthday or hometown or ask
you where you went to school. You can provide that information but you need to think about
the types of information it's asking for and makes sure you're comfortable with providing.
But again, even if it says it's secure and private you've got to assume at some point
it will be revealed. The next screen which is probably not readable
is privacy settings that's actually from my Facebook account and what was interesting
about this is when I went down and I looked at who can look me up and the second thing
on there said who can look you up using the phone number you provided and it said everyone.
I never remembered giving Facebook permission to do that. So that must have been a default
setting, and what I recommend is that every few months go into your privacy settings in
these different social media accounts, make sure that nothing has changed and make sure
that they're all settings that you're comfortable with and change them now if they're if you're
not comfortable with them. Do what you can to protect your information.
Now, something they also provide that are good are log in alerts which you can sign
up on the various social media accounts. I was speaking in a conference in New England
in the fall and while I was there I got 6 or 7 messages from Facebook that somebody
was trying to log into my account. And they knew actually, I think they were coming from
Australia of all places, but it alerted me that was happening which was a little discomforting
but also told me I didn't need to change the password but the good news is when you log
into Facebook and let's say you log from out of town you'll get these alerts because you're
not the internet the IP address that you are connecting from and it will let you know.
A couple other tips here use something called Google alert that you can set up. You can
monitor used of your name and put in your email address and anytime that appears online
in this place Google indexes it will give you a report on that. And you can aggregate
it so you can get it maybe once a day and you can use this alert to follow various subjects,
sports teams, all sorts of things like that as well. So it's got some things it's got
some play value also. Google also has my account dashboard -- if
you're a Gmail user, which is probably 90% of the world, at least at this point, one
thing you can do is go to is go to my account dashboard and it will allow you to do a security
checkup and privacy checkup and I encourage you to do that again just so you know what
you're sharing. You can see below privacy checkpoint it will show you the activity which
has been associated with your account and if there's things on there that you haven't
done then that account has been hacked at some point.
Another nice trick which somebody told me about is doing something a Google reverse
search. I don't know how many of you have used LinkedIn and I will connect with anybody
and it looks pretty bizarre. There's fake accounts on LinkedIn and like fake accounts
on Facebook and others, and it will allow you to select the imagine depends on if you've
got Chrome and it will show you all the places that image is used. I've got a connection
request from probably one of these people right here on the right here but that same
picture was used with at least 4 different LinkedIn accounts so it's so it's a generic
picture so maybe it's one of those people but it's a good way to check to see it's the
image that's commonly used on the internet and they're using it for a fake account and
they want you a fake account because they want to get you over to your connections.
So another issue and again, it's not typically an issue with faulty or staff or audience.
You want to protect your your only image is what they see about you online. This example
here is from a poster from the University of Wisconsin and would you hire this guy and
somebody's told me at one point they think it would be milk. I'm not buying it. But the
idea again is that understanding whatever you do online people are going to make decisions
about you and make judgments about. So that is the presentation and I'm going
to pop up my next which is my website, while we're talking here, but what questions do
you all have? And thank you for the opportunity. >> CINDY: Thanks, Ben.
There are a couple coming in. So if you have additional questions, folks, please send them
in through the chat box. A couple of things that have come up what if you do not put your
portable hardware drive online. Will the Ransomware still attack it?
>> BEN: As long as the portable hardware drive is connected to your computer, yes. Depending
on the strain of Ransomware, it will go into everything you're connected to. So the idea
if I was using a portable drive for backups, I would back up and then I would unplug it
and I would plug it back in when I'm going to use it, you know, back up to it again.
Typically, my experience we use those as additional space and not backup space. We really need
to think of it as an opportunity to back it up and again, back it up and just disconnect
it and it's not going to jump into it if it's not connected.
>> CINDY: Okay, a question from Pete. What's an example of a mobile security app?
>> BEN: Well, depending on your phone and depending on how old it is, you will kind
of dictate what you really need. So one example of a mobile security app is something called
LastPass and not LastPass I've got that wrong. Lookout. It's called Lookout. Lookout what
it does you stall it from your app store and it scans all the applications that you install
to make sure there's nothing malicious in them or whether they're asking for weird permissions
like why do they need access to your computer and that sort of thing. Lookout also has the
built in thing that iPhone users have enjoyed where you can find your phone through Lookout
and what you can do is you can bring up a map and it will show you where your phone
is within 75 feet, I think, it is. And you can also get it have your phone emit a high
pitch squeal noise, and that will help in terms of trying to find it.
The main thing it does is it looks at your applications and make sure none of those are
malicious and they do sneak out occasionally where they are bad. I used a program by Sophos
for my smart phone, and it was very aggressive in terms of what it would warn me about and
it would start talking about low reputation application and it told me Google Play was
a low reputation application and a bunch of other things and it was probably a little
bit too hypersensitive so I had to kind of turn those notifications down some. But the
idea it's a third party application that you would add to your smart phone or other mobile
device. A very long answer to a short question. >> CINDY: That's okay. Thank you.
Adam has a question. What is the best way to implement a safe home network where my
spouse and I can count on safe robust backups that can be automated by software and then
what software might that be? >> BEN: Yeah, I think this is probably a question
is a little bit beyond the scope of what I was prepared to talk about. But in general
you want to use a router and some of the I'm trying to remember whether our router does
this or not I've got what they call a Cloud drive which essentially allows me to back
up to it in the house. I've got the system set up to back up to it and then it will back
up that data to the Cloud and I don't do not remember what the cost is per gigabyte or
whatever or storage but storage prices are going down and down. But ideally what you
do to protect your data is you make you get a copy of it and you have that copy somewhere
besides where the computer is located because there should be a break in or fire or anything
else, you don't want to have lost every bit of digital information you have. We've become
too dependent on it. >> CINDY: All right, um, question on that
came in from I don't know who did that come from? Jim? Is there value to use the traditional
antivirus software that works on a mobile device?
>> BEN: Yeah, so when I'm talking about a mobile security app, they will have antivirus
built in. Cybercriminals are still crafting malicious software to attack phones. A banking
Trojan a couple of years ago, which was still out there and I'm drawing a blank on the name
of it, but what the Trojan means it's like the Trojan house it looked like something
else and there was a banking Trojan and what it did it captured all your banking activity
online. It didn't worry about anything else you were doing but anytime you went to a bank
it would capture that information and send it out to somebody. The antivirus I think
what you'll find I'm not sure you can get strictly an antivirus for your phone at this
point. They'll all be more robust security suites of software.
And the good news is most of them are free. Or at least have free versions, and the reason
for that is it is it helps all of us to get this security software out in the marketplace
because it reduces the amount of the attacks that go on.
>> CINDY: Thank you. Another question came in from Adam. Do you
know if Mint.com is a good third party app for a bank security?
>> BEN: It's not anything I have used but my rule of them point of view I want to get
a good idea how many people are using it. I'm not aware of any breaches which is what
they would call the releases with Mint.com, but they be associated with Intuit which has
Turbo Tax and there have been occasional problems, but I'm a Turbo Tax user myself and I haven't
worried about that. The biggest issue is people asking for passwords and people giving them
up. In terms of Verizon security and privacy app,
I'm not familiar with it. I tend not to use I have Verizon but I tend not to use their
built in stuff. I don't like it. It takes up room that I would rather use for something
else. But in general I'm going to give you the same response. Do a Google search and
look for reviews and see what they have to say about it, and, unfortunately, it's going
to be pretty much my responses to any specific security app or software questions today because
it changes. It changes monthly depending on which one is more effective.
>> CINDY: So if I've got malware on my device, what do I do?
>> BEN: Take it to somebody to look at. If you're associated and I can't tell you exactly
who to take it to look at. If you're around here around RIT in the community I think you'd
probably go to the digital den and ask them for their recommendations on it. Worse case
you just reset the device and wipe and return it to factory specs and that should take care
of any malware that's on the device. >> CINDY: Okay. Here's a question that came
in about looking for advice for parents to communicate to young adults and students about
not sharing their personal online ID, if they're uncomfortable doing it. Any thoughts for frustrated
parents out there? >> BEN: Yeah, a couple of things. Parents
don't tend to use the same applications they're kids do and I think that's deliberate on the
part of the kids. But they'll use things like Snapchat which is supposed to be this very
brief period of time a picture is available or something like that. But people can take
a screen shot of it. They can take a picture of the device that the picture came in on.
There's also been cases where it's like oops, somebody broke into the Snapchat servers and
they found all this information that was really supposed to be ephemeral.
The best place I would tell you to look is go to a website called Stay Safe Online, and
it's a Government website that's set up and it has a whole section on parents and teens
and preteens and what kind of information to share with them. I think that will be your
best option to Stay Safe Online. >> CINDY: Okay, thank you.
Are there any additional questions? If not, we're putting that website for Stay Safe Online
into the chat box. So I guess if there are no additional questions
we will wrap up. So thanks to Ben for coming back and being
a presenter for this second time. If you do have a digital question, you can email at
to lumbar RIT.EDU_alumni with the hash tag meRIT with the webinars, and we'll try to
get you some information for the panelists today.
As a reminder all of you will receive an email from us in the next few days with a link to
today's webinar recording. Ben I can't think you enough for being our
presenter today and thanks to all of you out there for participating in today's webinar.
Our next webinar is Thursday, March 8th, called Build a Better Brand from the Office of Career
Services with Kris Stehler. Look for your special invitation and your email coming shortly.
Again, thanks to everyone for joining. You can exit this webinar by simply closing the
WebEx window and has do let us know what you thought of the webinar with by taking the
brief survey which pops up when you exit the webinar. Thanks. And have a great day.
For more infomation >> Digital Marketing Workshop Highlights Areva Digital - Duration: 1:38. 
For more infomation >> Question 11 - Melissa Lee to the Minister of Broadcasting, Communications and Digital Media - Duration: 4:55. 
For more infomation >> Volker Jung - Zwischenfazit des Digital-Workshops am 23. und 24. März in Frankfurt - Duration: 1:07. 
For more infomation >> DIGITAL MARKETTING Fashiontech - Duration: 0:31. 
For more infomation >> Gender Diversity Matters - DWP Digital and Department of Health event - Duration: 2:18. 
Không có nhận xét nào:
Đăng nhận xét