A presentation for the 2011 Virginia Annual Statewide Legal Aid Conference.
You need to protect yourself and your clients' data online. We'll look at using social network sites, downloading viruses, leaving metadata in documents, having bad password practices, putting information in the cloud.
2. More than 8 in 10 US small businesses believe
their firms are safe from cyber threats yet
almost 80% have no formal security policies in
place.
You can be attacked and not even know it. Even
worse, your system could be used to attack
other people, and you may not know it.
3. What Is Cyber Crime?
●
Spam
●
Fraud
●
Obscene or offensive content
●
Harassment
●
Child pornography
●
Drug trafficking
●
Cyber terrorism
●
Cyber warfare
4. Who Is Behind
Cyber Crime?
●
Script kiddies
●
Hacktivists
●
Individual miscreants
●
National & transnational organized criminal
enterprises
●
Nation states
5. Why Should You Care?
●
Your clients trust you with very sensitive data.
●
If they become victims, your clients have less of
an ability to bounce back.
●
Systems that are used to commit crimes often
support the same organized networks that are
behind human trafficking, identity theft, child
pornography, and other issues you battle against
daily.
7. What? No Way!
●
Acting maliciously
●
Forgetting to log off
●
Losing laptops, USB keys, or smartphones
●
Storing client data in questionable places
●
Downloading viruses and malware
●
Using social network sites carelessly
●
Leaving metadata in documents
●
Having bad password practices
●
Getting tricked
11. What You Can Do
●
Log off when you leave your computer
●
Shut down your computer at the end of the
day
●
Set up your computer to automatically lock
when the screensaver comes on
13. What You Can Do
●
Pay special attention and be careful
●
Store only the client data you absolutely need
●
Encrypt your data
●
Set up phones so you can erase them remotely
●
Use strong passwords
●
Back up the data before you leave
15. What You Can Do
●
Read privacy policies
●
Develop a set of approved sites that client
information can be stored on and train staff to
not store data on any other sites
●
Don't include identifiable client information in
emails
17. What You Can Do
●
Patch software and systems religiously
●
Read before you click
●
Ask if the email or attachment seems “funny”
●
Avoid downloading screensavers, fonts, & porn
●
Use your anti-virus software
●
Ignore any website that pops up a virus warning
19. What You Can Do
●
Be careful what you click
●
Don't friend people you don't know
●
Use strong passwords
●
Avoid playing games and installing applications
●
Be very careful about what you post
21. What You Can Do
●
Clean metadata from documents before sending
electronic copies
●
Use the Document Inspector tool in Office
●
Download and use Metadata Removal tool for
WordPerfect
23. What You Can Do
●
Use strong passwords
●
Change passwords quarterly
●
Don't use a password for more than one site
●
Don't share passwords
●
Establish password guidelines for the
organization and follow them
●
Try a password manager
25. What You Can Do
●
Be skeptical
●
Don't give anyone your passwords
●
Don't click a link to your bank website
26. What If?
●
Tell your supervisor immediately
●
Be prepared to help figure out what happened
●
Notify the proper authorities
27. Who Are the
Proper Authorities?
Computer Intrusion Local FBI Office
US Secret Service
Internet Crime Complaint Center
Password trafficking Local FBI Office
US Secret Service
Internet Crime Complaint Center
Counterfeiting of currency US Secret Service
28. Who Are the
Proper Authorities?
Child pornography or Local FBI Office
exploitation US Customs and Enforcement (if imported)
Internet Crime Complaint Center
Internet fraud & SPAM Local FBI Office
US Secret Service (Financial Crimes Division)
Federal Trade Commission
Securities & Exchange Commission (if securities/investment-related)
Internet Crime Complaint Center
Internet harassment Local FBI Office