3. 3 ways to avoid one of
“those” days.
1. Defend your computer
2. Protect data and sensitive information
3. Protect devices and data on the go
4. #1: Defend your computer.
Do 3 simple things:
1. Install all updates
2. Log off when you leave your desk
3. Lock up your laptop when you
leave work
5. #2: Protect sensitive data.
Think before you enter sensitive data
Be suspicious of attachments and links
Look out for scams and fraud
Create strong passwords
6. Think before you type.
Look for https (the “s” is for secure)
A closed padlock means secure, too
Are there signs the site is trustworthy?
7. Think before you click.
Be suspicious and aware of:
E-mail and IM attachments and links
Messages within social sites
8. The tricks that make you click.
Alarming messages
Misspellings and grammatical errors
Great deals
Requests for sensitive info
9. How to avoid the bait.
Confirm that the message is real
Type the Web address yourself
Use a browser with safety features
10. Passwords lock data doors.
Keep them secret
Change them often
Make them strong
11. Which passwords are strong?
1. 555.12.999
2. 06/04/79
3. Exp3d!ti0us
4. Ambl!anc3
5. 135781113
6. MsAw3yOiD
13. #3 Protect devices on the go.
Do they have the latest protection?
Guard devices like you do your wallet
Don’t hand-carry sensitive data
Use caution if using a thumb drive in
another computer
14. On the go: wireless hotspots.
Connect securely
Know who you’re connecting to
Save sensitive uses for more trusted
connections
15. Sometimes things go wrong.
How do you know a PC is infected?
Your computer might run slowly
Or crash often
Or show other unusual behavior
Contact our IT department immediately
16. You lost WHAT?
Follow corporate IT policy
Report it immediately. Or sooner
Change all passwords
Mobile phones: get help wiping data
This presentation is part of the Microsoft Trustworthy Computing Internet Safety at Work Kit for large organizations.
It introduces employees in your organization to ways they can help keep company, customer, and personal information safe when using the Internet from their corporate desktop or mobile computers and phones.
This is a hidden slide and should not be a part of your presentation.
HIGH LEVEL OUTLINE for this presentation which covers three ways to protect data online:
Defending your computer.
Protecting sensitive data.
Protecting devices and data on the go, away from work.
As you proceed through the slides, you’ll get practical specific, advice about how to do each one.
LENGTH: As written, the presentation is about 20 minutes long.
SUPPLEMENTAL MATERIALS: You may want to distribute the card “Top Tips for Internet Safety at Work” at the end of your presentation.
CUSTOMIZING THIS PRESENTATION:
You may want to insert information specific to your organization at certain points. For example:
After the title slide: You may want to kick off your presentation with the video included in this kit (Slide 3).
Slide 6 (Defend your computer): An opportunity to give an overview of your company’s/organization’s key IT policies.
Slides 16 & 17 (When things go wrong): You may want to edit these to be consistent with your own policies and procedures.
Before Slide 20 (the last slide): If you haven’t already, you may want to show the video here to recap your presentation.
Please see the card that came with the thumb drive for more information about this kit and how to make best use of it. (If you’ve misplaced it, the Internet Safety at Work Readme has all of the information.)
PREPARATION NOTES:
Before you begin, you may first want to show the three-minute video, “Stay Sharp on Internet Safety.” (You can also show it before Slide 20 as a recap of your presentation.)
This is a hidden slide. If you want to show the video, before the presentation right-click the slide, and click Unhide to make the slide visible in the presentation.
You may want to make a test run before your presentation to ensure the video is functioning properly.
To show the video:
Make sure that both this presentation and the video are copied to the same directory on your computer so you can run the video right from the deck.
Double-click the link in the slide to start the video.
When it is complete, make sure your mouse is not hovering over the video image, but rather in the white space around the video. Then click to continue with your presentation.
In the world of online security at work, none of us want to stand out like this. But these are the kinds of things that happen in companies everywhere:
A thief steals a company laptop or mobile phone.
Someone opens a virus-laden e-mail attachment from a friend or colleague—or someone posing as that friend.
An employee loses customer data on a thumb drive or to a computer virus or other malicious software.
These kinds of things are happening in organizations everywhere, and in the end, the company pays the price in reputation, customers, liability.
So, for the next 20 minutes or so, I’m going to talk about things to do so that you and our company have good days—and not bad ones.
We’ll cover three areas:
How to defend your computer.
How to protect company, customer, and personal data and sensitive information.
How to protect devices and data when you’re away from the office.
These are easy things. And they work really well if you do them all the time.
PREPARATION NOTES:Here’s an opportunity to add an overview of how your company works to protect computers, laptops, mobile phones, and other devices against viruses, spyware, and other threats to network security and sensitive data.
First, let’s talk about the three simple steps you can take to help guard your computer.
1. INSTALL ALL SECURITY UPDATES that our IT department requires. These are our first line of defense and include:
Windows and Office updates.
Browser updates.
Antivirus and antispyware software. (To make sure you update them regularly, take advantage of automated updates.)
Software that you use to connect securely from remote locations.
Settings for e-mail filters.
Two other easy things you can do to help keep your data safe:
2. LOG OFF your computer.
3. LOCK UP YOUR LAPTOP.
2. Defending sensitive data is the most important area we’ll talk about today. There are four basic strategies:
Think before entering sensitive data on Web sites.
Be suspicious of attachments and links.
Know what phishing and scams look like.
Create strong passwords.
For starters, before you enter sensitive data on a Web form or page, look for two things:
1. Signs that the site uses data encryption:
https (“s” is for secure).
A closed padlock. It must be here, beside the Web address, or in the lower right corner of the window.
2. Signs of a trusted site, such as the green address bar in Windows® Internet Explorer®.
The graphic in the slide shows what each of those things looks like in your browser.
That’s the first strategy for protecting sensitive information. Another precaution you can take is to think before you click.
BE SUSPICIOUS OF ATTACHMENTS AND LINKS. There are several reasons to use caution:
Senders can be phony. A virus (the colds and flu of computing, designed to spread to other computers) may have sent the mail you just received.
Spyware can hide in e-mail attachments. Open one and you may download spyware which can track what you do on your computer. It may enable criminals to collect company or personal information, record account numbers and passwords as you type, or bombard you with pop-up ads.
Click links or download videos and photos and you could be downloading a virus along with them.
Links can go to phony Web sites.
Toll-free numbers can go to fraudulent call centers.
Keep in mind: If you click, you catch.
MESSAGES ON SOCIAL SITES:
Just because the e-mail message says it’s a LinkedIn update, doesn’t mean it is.
Messages you get when you’re using a social site such as Facebook, LinkedIn, and Twitter can have viruses or be trying to entice you to divulge sensitive information, too.
TO REPEAT: “THINK BEFORE YOU CLICK” IS A BEST PRACTICE FOR PROTECTING SENSITIVE DATA, but you also need to be on the lookout for scams and fraud in e-mail and instant messages.
Phishing scams, for example, are a sneaky form of spam designed by criminals to fool us.
It can look like a message from a company you trust—supplier or company’s bank, even from within your own company.
It may ask you to reveal sensitive data.
It can be very convincing.
To protect yourself, LEARN THE SIGNS OF PHISHING:
Alarmist messages: When we’re alarmed, we sometimes put our suspicions aside.
“Your account will be closed if we don’t hear from you.”
“A virus has corrupted our database. Please re-confirm your information NOW.”
Misspellings and grammatical errors.
If a deal sounds too good to be true, it probably is.
Requests for sensitive info (for example, account numbers or help in “transferring funds.”)
It’s important to note that reputable companies DON’T send e-mail that asks for sensitive info.
DON’T THINK THAT YOU CAN BE FOOLED? WOULD YOU FALL FOR THIS?
A newly-hired COO received e-mail from what looked like his company’s travel agency. He was asked to click the link and make sure his details were accurate.
He did and went to an official-looking site where he found his personal data.
He was asked to download software that would link his Outlook e-mail account to the travel agency’s booking system. In so doing, he downloaded Trojan horse malware which spread quickly through his new company.
THOSE ARE SOME OF THE PHISHING TRICKS. Staying alert to the warning signs is your first defense. But what else can you do if you get a suspicious message?
CONFIRM WITH THE SENDER THAT THE E-MAIL OR INSTANT MESSAGE IS REAL
Call the company using a number you already have for it.
Or check it against what you find on Bing, Google, or an online phone directory.
To visit the site, TYPE THE WEB ADDRESS YOURSELF instead of clicking the link in the message.
Or, use your own bookmark or favorite.
USE A BROWSER WITH SAFETY FEATURES
Such as the anti-phishing feature (SmartScreen® Filter) and the pop-up blocker that’s on by default in Internet Explorer 8.
If you’re ever in doubt about a site, consult a Web site that identifies known scams:
Such as www.snopes.com.
Another way to protect sensitive data is to use strong passwords.
You lock your house, your car, your bike. You also need to lock up corporate assets, client info, accounts, computers, mobile phones, etc. To do this on your computer:
KEEP PASSWORDS SECRET
If stolen, everything they protect is at risk.
Don’t share them with friends, colleagues, or businesses.
Don’t use the same password (or simple variations) for different accounts or services.
Don’t store passwords on your phone or in a file on your computer or on a post-it on your computer. It’s okay to store them on a well-hidden sheet of paper.
Don’t let someone trick you into revealing them.
CHANGE THEM OFTEN: Change the important ones regularly—like the one for your computer or mobile phone.
MAKE THEM STRONG
At least eight characters. Upper and lower case letters, numbers, and symbols.
Easy for you to remember and hard for others to guess.
Avoid number sequences, your pet’s name, birth date, Social Security numbers, and the like.
Don’t use words that you can find in the dictionary.
Avoid using only look-alike substitutions of numbers or symbols.
Choose a sentence that’s easy to remember and difficult for others to guess and use it as the basis of a password. (See below for an idea about how to present this.)
CUSTOMIZING THE PRESENTATION: Ask the group to create a phrase that’s eight words or longer—like the first line of a favorite song. Take the first letter of each word to make the password. Substitute numbers or symbols for some of the letters—like “3” for “E” or “!” for “L.”
CUSTOMIZING THIS PRESENTATION
This is an opportunity for the audience to test their password knowledge. There are several ways you can handle this:
If you have a white board or flip chart, you can do this as a group activity: One password at a time, ask the group to decide whether it’s strong or not and discuss why.
If people have paper and pen, ask everyone to do this as a task either by themselves or in pairs.
Or simply give everyone a minute or two to think about which of these are strong, and which weak.
When you’re ready to see the results, go to the next slide.
EXPLAINING THE ANSWERS:
WEAK. Only numbers, possibly a Social Security number, which criminals can easily find online.
WEAK. A date—birth or anniversary date, for example—can be known and easily found by a criminal.
WEAK. Don’t use words you can find in any dictionary in any language (expeditious). Criminals will not be fooled by common look-alike replacements such as “3” for “e”.
STRONG. Letters, symbols, numbers, not a word found in the dictionary.
WEAK. Only numbers. Avoid sequences (or repeated numbers, like 22222222).
STRONG. A sentence that’s easy to remember, but difficult for others to guess.
Eight characters or longer.
Take the first letters of this sentence: My son Aiden was 3 years Old in December.
Add complexity by mixing upper and lower case letters, symbols, and numbers.
Having reviewed many ways you can protect sensitive information, let’s look at the third way to avoid a bad day…
…protecting devices when you’re away from work
These include laptops, thumb drives (USB or flash drives), mobile phones.
DO YOUR DEVICES HAVE THE LATEST PROTECTION?
Make it part of your travel routine. Update before you leave.
GUARD YOUR DEVICES LIKE YOU DO YOUR WALLET.
For example, lock your mobile phone when you’re not using it.
DON’T HAND-CARRY SENSITIVE DATA.
On your laptop or thumb drive.
It’s not worth the risk. If you lose it, anyone can access it.
If you must take sensitive data, encrypt it.
However, encryption only slows access to data; it doesn’t prevent access from a determined hacker after really valuable data.
IF YOU USE YOUR THUMB DRIVE IN ANOTHER COMPUTER:
That computer may be infected and could corrupt the thumb drive and ultimately your computer.
When you re-insert the drive into your computer, click the Close button in any message that pops up so you don’t give any malware a chance to run.
But you need to do more than protect the physical devices when you’re on the road…
…Wireless hotspots can be risky, so here are ways to connect to the Web more safely:
CONNECT SECURELY. Choose:
The most secure connection, even if it means paying for it. Ask about it before you connect.
WEP (at least) that encrypts (or scrambles) data as it travels between your laptop and the wireless access point. (WEP stands for Wired Equivalent Privacy. It is a system of data encryption that prevents access to a wireless network.)
A password-protected connection, ideally one that is unique for your use.
KNOW WHO YOU’RE CONNECTING TO
Confirm the exact spelling of the network you’re connecting to. Beware of clever (slightly misspelled) fakes. For example: HLTONHOTELSNET vs. HILTONHOTELSNET. (There’s no “I” in the first Hilton.)
Check the privacy statement on the network's Web site. No privacy statement? Wait until you return to the office to conduct sensitive business.
SAVE SENSITIVE USES FOR MORE TRUSTED CONNECTIONS
Don’t bank or make other financial transactions at a wireless hotspot.
Don’t download, install, or update software.
Use e-mail with the understanding that it can open the door to illegal access to corporate networks and data.
Turn off the wireless connection when you’re not using it.
INFECTED PC
Despite all our best efforts, sometimes a virus or spyware can slip through. How would you know?
Your computer exhibits unusual behavior: slows to a crawl, crashes often. Programs don’t save files properly. And so on.
CONTACT THE IT DEPT
If you have the slightest suspicion that your computer or other device might be infected, contact IT. They can help you fix the problem.
The security of sensitive data on your computer depends on this, and possibly the security of the company network.
IF A DEVICE OR DATA GOES MISSING:
Make sure to follow corporate IT policy when this happens. This might include:
Reporting it immediately.
Changing all passwords.
Getting help from IT in remote wiping of data on mobile phones.
CUSTOMIZING THIS PRESENTATION
You may want to adjust this slide so it’s consistent with your organization’s IT policies.
We want all of you to have THESE kinds of better days. In the last few minutes, we’ve covered three ways to avoid a bad day:
Defend your computer, protect sensitive data, and protect devices when you’re away from the office.
Remember these top tips:
Keep up with updates.
Think before you share sensitive information on Web sites.
Think before you click links or open attachments.
Watch out for e-mail scams and phishing.
Use strong passwords. Keep them secret.
On the go: be on guard, be wireless-wary.
PREPARATION NOTES: At this point, you may want to:
Distribute the TIP CARD, “Top Tips for Internet Safety at Work,” and review it with the group.
If you haven’t already done so, show the video (hidden Slide 3), “Stay Sharp At Work,” as a recap of your presentation.
Thanks for your time.