VIDEO: The Evolving Insider Threat- Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center
This video from RSA Conference 2013 discusses:
- Who typically commits insider crimes – and how;
- How employees are being victimized from outside;
- Why our critical infrastructure is at heightened risk.
Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.
February 23, 2013
Ah, public WiFi. nothing beats sitting in Union Square, San Francisco, with a Latte, a scone and free, public Internet access. I’m here attending RSA Conference 2013 where I’ll be speaking on security risks related to use of social media in the workplace. Thinking about information security started me thinking about how secure I was as I checked my email over a free, public WiFi network.
These days, Wi-Fi hotspots are ubiquitous. One can find free access in airports, universities, public parks, hotels, coffee shops, and libraries. While convenient, these hotspots are usually not secure. Hackers know this and may be sniffing the network for their next unwitting victim. so, how can one protect oneself? Short of ensuring a fully-encrypted VPN connection, one may never be truly secure. Here are some tups for improving your security and privacy when using a public hotspot.
Don’t Assume a Wi-Fi Hotspot is Secure
As noted above, most public Wi-Fi hotspots are not secure. They don’t encrypt information you send over the internet.
If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. They could hijack your session and log in as you. New hacking tools – available for free online – make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
An imposter could use your account to impersonate you and scam people you care about. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.
Protect Yourself When Using Public Wi-Fi
So what can you do to protect your information? Here are a few tips:
1. Make yourself a hard target. Take precautions to minimize risks associated with free public networks.
2. Limit information sharing to secure web sites. When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. .
3. Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
4. Do not use the same password on different websites. A recent story about a journalist illustrates how once hackers access one account, say Gmail, they can use that info to access all your other accounts.
5. Many web browsers alert users who try to visit fraudulent websites or download malicious programs.Pay attention to these warnings and avoid sites that cause red flags to go up.
6. Keep anti-virus and browser software up to date. If you get a notification that an update is available, install it. Typically updates patch vulnerabilities that have been identified.
7. Use a Virtual Private Network (VPN) connection when available. Many commercial ISPs and corproate networks offer a VPN connection to provide secure access for their employees who work
remotely. VPNs encrypt traffic between your computer and the internet, even on unsecured networks.
8. Some Wi-Fi networks use encryption: WEP and WPA are the most common. WPA encryption protects your information against common hacking programs. WEP may not. WPA2 is the strongest. If you aren’t certain that you are on a WPA network, use the same precautions as on an unsecured network.
9. Some browsers offer “add-ons” like Force-TLS and HTTPS-Everywhere for Firefox. These add-ons are free and force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure.
10. Be aware of your surroundings. Don’t leave devices unattended. Don’t key in user names and passwords in plain sight of IDE sitting around you.
I don’t guarantee that just by following these steps you will be totally secure. But, the harder you make it for would-be attackers to access your information and device, the more likely they will be to move on to an easier target.