It is a dangerous world out there in cyberspace with organizations losing corporate secrets or private customer data almost daily. Protecting yourself, however, doesn’t have to be difficult and neither should it be left to those in IT. The keys to safe computing in a digital world can be yours. Eric Vanderburg, Director of Information Systems and Security at JurInnov, presents "Today's technology and you: Safe computing in a digital world" at The Union Club.

1. Today’s Technology and You
Safe computing in a digital world
May 17, 2013
Eric A. Vanderburg, MBA, CISSP
Director, Cyber Security and Information Systems

2. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Who Are We?
JurInnov works with organizations that want to
more effectively manage matters involving
“Electronically Stored Information” (ESI).
– Computer Forensics
– Cyber Security
– Electronic Discovery
– Document and Case Management

3. © 2013 Property of JurInnov Ltd. All Rights Reserved4
What are Cybercriminals After?
Access to:
– Personal information
– Patent applications
– Financial information
– M&A documents
– Intellectual property
– Client correspondence
Business disruption of:
– Calendar system
– Billing system
– Website

4. © 2013 Property of JurInnov Ltd. All Rights Reserved
90/10 Rule
Process
Technology
People
10%
90%

5. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Starts with you
• Exercise safe computing practices
• Report suspicious activity
• Notify IT/information security of potential
security incidents
• Escort guests through facilities
• Challenge guests

6. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Passwords
• Passwords are the keys to many things: your bank
account, your computer, your email, a server on a
network.
• Your password gives others the power to:
– Access your account (financial, email, etc)
– Modify or destroy your files
– Send malicious e-mail such as spam or threats in your
name
– Commit fraud while masquerading as you
– Use your computer to distribute illegally files such as
movies, songs or worse (child pornography)

7. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Passwords and Accounts
• Creating a secure password
• Passphrase: Here24octopihad5legslike*fish
• Secondary logon
• Limit administrative accounts
• Lock the computer
• Autolock
• Change default passwords
• Change passwords that you suspect may have been
compromised
• Choose recovery hints and challenges wisely

8. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Passwords
• Do not store them in obvious places
• Do not let anyone observe you entering it
• Do not share your password
• Do not reveal a password
– on questionnaires or security forms
– to anyone over the phone, e-mail, or IM
• Do not use same password for different servers/services
• Do not use written examples of passwords

9. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spotting password theft
• Email
– Large number of rejected messages
– Missing emails
– Messages in sent mail that you didn’t send
• Social media
– Posts you did not make
– Many unknown contacts

10. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
When is data really gone?
• Deleting a file does not actually remove it from
your computer
• Files persist until they are overwritten
• Full or partial files may be recoverable
• Sensitive data should be wiped
• Drives should be wiped before being reused

11. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Browser security
• Cookies
• Block pop-ups
• HTTP vs. HTTPS
• Certificates
• Fake sites
– Swapped Characters yuotube.com
– Replaced Characters wschovia.com
– Inserted Characters Gooogle.com
– Deleted Character Facbook.com
– Missing dot wwwmicrosoft.com

12. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Working remotely
• Free Wi-Fi
• Encrypt and password protect mobile
devices
• VPN
• Enable computer firewall
• Disable shares or use a homegroup (if not
on a domain)

13. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Public computers
• Limit what you do
• Erase your tracks (clear history)
– IE (Tools, Internet Options, General tab, Delete Browsing
History)
– Firefox (Tools, Options, Privacy tab, clear private data)
– Use private browsing window
• Do not save files locally
• Don’t save passwords
• Watch for over the shoulder
• Delete temporary files
• Exit programs and close browser when you leave

14. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Social media
• Privacy settings
– Default
– Per-post
• Who should be your friend?
• Geolocation
• Watch out for social scams
– Mugged on vacation
– Free stuff
– Spammed content and links

15. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Social engineering
• Social engineering preys on qualities of human
nature:
 the desire to be helpful
 the tendency to trust people
 the fear of getting into trouble

16. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Malware
• Viruses
• Trojans
• Keyloggers
• Bots
• Spyware
• Adware

17. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Why malware?
• Revenge
• Sense of power
• To prove a point
• Bragging rights
• Profit
• To attack other systems
• Because they can

18. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spyware
• Corrupts/alters the current
software
• Tracks browsing habits, sites
• Interferes with system settings
• (registry, startup)
• Steals passwords, information etc.

19. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spyware
• How does it get there?
– Email
– Instant Messaging
– Internet Browsing
– P2P Software
• Don’t take downloads from strangers
– What else are you getting with the “free” stuff
– Be cautious with bundled installers

20. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spyware
• Identifying it
– Sluggish computer
– Annoying pop-ups
– Changes to browser home pages
– Unwanted toolbars
– Unknown programs appear

21. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Preventing malware
• Safe browsing habits
• Up-to-date antivirus
• Antimalware software
• Computer firewall
• Windows updates

22. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Virus Hoax

23. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing
• False Sense Of Urgency - Threatens to "close/suspend
your account”, charge a fee or talks about suspicious
logon attempts, etc.
• Suspicious-Looking Links - Links containing all or part of
a real company's name asking you to submit personal
information.
• Not personalized – does not address you by name or
include a masked version of the account number.
• Misspelled or Poorly Written – Helps fraudulent emails
avoid spam filters

24. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing Examples

25. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing examples

26. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing examples

27. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing examples

28. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Phishing
• Treat all email with suspicion
• Never use a link in an email to get to any web
page
• Never send personal or financial information to
any one via email
• Never give personal or financial information
solicited via email

29. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spatial security

30. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
Spatial security
• Computers or whiteboard placement
• Facing away from windows or public areas
• Monitor privacy screen
• One way window film

31. Questions

32. © 2013 Property of JurInnov Ltd. All Rights Reserved
Blogs & Podcasts
• 50,000 Medicaid providers’
data breached
• Data breach threats of 2013
• Ignorance of the breach is
no excuse
• Over processing of ESI and
the Microsoft letter
• Predictive coding gets a
glossary
• LegalTech 2013

33. © 2013 Property of JurInnov Ltd. All Rights Reserved© 2013 Property of JurInnov Ltd. All Rights Reserved
For assistance or additional information
• Phone: 216-664-1100
• Web: www.jurinnov.com
• Email: eric.vanderburg@jurinnov.com
JurInnov Ltd.
The Idea Center
1375 Euclid Avenue, Suite 400
Cleveland, Ohio 44115