Cultivating security: Easy Steps to Decrease Risk for Small Organizations

Tech It Up a NotchCultivating Security:

easy steps to decrease risk

2012 MAP TechWorks, a program of MAP for Nonprofits

Where did this presentation come from?


• MAP TechWorks, a program of MAP for Nonprofits, is devoted to helping nonprofits use technology to unleash mission.

• Our "Tech It Up a Notch" series is designed to help nonprofit staff learn about and discuss technology to increase knowledge, and help people feel more comfortable talking about technology together.

• Learn more at MAPTechWorks.org

Cultivating SecurityIt’s like cultivating your garden . . .

Agenda.


• Who is Roger Hagedorn?

• Background Basics

• Five Quick Tips

• Questions

Note: feel free to ask questions at any time. This session is for you.

Question:

Who is Roger Hagedorn?Network Security CoordinatorSeward Community Co-op

CISSP

www.cultivatingsecurity.com


Preface:We want IT to assist you with your mission and strategic

plans, we want it to help you be innovative and successful.

But today we’ll talk about "due diligence" levels of security: things that everyone should be doing in order to keep you,

your computers, your data, and your organization’s reputation safe.


“It takes twenty years to build a reputation and five

minutes to ruin it. If you think about that, you’ll do things

differently.”

—Warren Buffett


BackgroundBasics


Things that I hope you are currently doing:


• An Anti-Malware Solution (regularly updated)



• An Anti-Malware Solution (regularly updated)• A Firewall Solution



• An Anti-Malware Solution (regularly updated)• A Firewall Solution• A Backup Solution

“Defense in Depth”Defense in depth is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack.

SANS Institute


Defense in Depth


Tip 1: Passwords


I know: everyone’s favorite subject

But really, it’s our first line of defense in so many situations.

So let’s discuss . . .

Tip 1: Passwords


Must Nots: • Your password must not contain any part of your real

name, your e-mail name, or anything based on these.• Your password must not be any single word in any

language.• Your password must not be any fact associated with

you: your address, a pet’s name, your birth date, phone number, social security number, driver’s license number, car license number, etc. Likewise, your password should not be a fact associated with your spouse/partner or children.

Tip 1: Passwords


Musts: • Your password must be at least eight characters

long. Passwords or pass phrases 10-16 characters are even better.

• Your password must contain characters from at least three distinct character classes: uppercase, lowercase, number, non-alphabetic (@#$%, etc.).

• You will have to periodically change your password.

Tip 1: Passwords


• Never use the password you’ve picked for your email account at any online site.

• Use different ones for different situations. Avoid using the same password at multiple Web sites.

• But it’s generally safe to re-use the same password at sites that do not store sensitive information about you (like a news Web site) provided you don’t use this same password at sites that are sensitive.

Tip 1: Passwords


Consider using a passphrase:

1 “Iw20yat/SPttbtp/thbgiaoos/btagtras.”

2 “HwmyrsmtBeyuclhm?”

3 “Brown T3L3phone nickel s@ndwich”

4 R3@dy4 [gmail, shopping, surf!]

You can, of course, create your own phrase. For example, "My sister Peg is 24 years old” can become “MsPi24yo."

Tip 1: Passwords


Consider using a password vault.It stores all of your passwords in an encrypted format and allows you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or USB thumb drive.

• KeePass

• Password Safe

• LastPass

• 1Password

http://keepass.info/

http://passwordsafe.sourceforge.net/

http://lastpass.com/

http://www.shareasale.com/r.cfm?b=167384&u=421469&m=19222&urllink=&afftrack=

Tip 2: Keep Your Devices Up-to-Date


• Operating Systems: turn on Windows update

• Applications.

There are now tools that can help:Secunia Personal Software InspectorFileHippo.com’s Update Checker

• Uninstall unused applications

Tip 3: Use a Better Browser


• Avoid Internet Explorer if at all possible

• Use Google’s Chrome

• Mozilla’s Firefox is pretty good too

• Keep your browser up-to-date

Tip 4: Safe Email / Web Surfing Habits.


• Links in email: don’t click if you don’t know the sender, or if you didn’t expect the message

• The same goes for attachments in email: don’t open if you don’t know



Don’t Fall for Phishing Expeditions

Phishing: when hackers impersonate a business to trick you into giving out your personal information. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.



• Don’t Fall for Phishing Expeditions

This topic demands more focus than we can give it here. SonicWALL, the firewall company, has a great online test to see if you can be tricked. Check it out here:http://www.sonicwall.com/furl/phishing/

http://www.sonicwall.com/furl/phishing/

http://www.sonicwall.com/furl/phishing/

Tip 5: Use Admin Privileges Carefully


There are several kinds of user accounts for most systems:

• Guest (disable)

• User

• Administrator

Tip 5: Use Admin Privileges Carefully


Only computer administrators should use administrative accounts . . . and use them only when administering computers.

Administrator – disabled (too easy to guess)Guest – disabled RDHadmin – my own administrative accountRoger – the non-administrative account I use for most things

On my personal computer:

There You Have it: 5 Tips to Cultivate Security


• Better Passwords

• Keep Devices Up-to-date

• Use a Better Browser

• Email / Websurfing Safety

• Use Admin Privileges Carefully

Thank You!


Any Questions or Comments?


[email protected]

www.cultivatingsecurity.com

10 Easy—and completely Free—Steps To Keep You and Your Computer Safe Online:

http://cultivatingsecurity.com/2012/08/11/10-easy-and-completely-free-steps-to-keep-you-and-your-computer-safe-online/

mailto:[email protected]

http://www.cultivatingsecurity.com/





Cultivating security: Easy Steps to Decrease Risk for Small Organizations

Technology

Transcript of Cultivating security: Easy Steps to Decrease Risk for Small Organizations