technology guide three protecting your information assets

TECHNOLOGY GUIDE THREE

Protecting Your Information Assets

TECHNOLOGY GUIDE OUTLINE

TG3.1 Introduction TG3.2 Behavioral Actions to Protect Your

Information Assets TG3.3 Computer-based Actions to Protect Your

Information Assets

LEARNING OBJECTIVES

• Identify the various behavioral actions you can take to protect your information assets.

• Identify the various computer-based actions you can take to protect your information assets.

Behavioral Actions

• Do not provide personal information to strangers in any format.

• Protect your social security number.• Use credit cards with your picture on them.• Use virtual credit cards.• Know your credit card billing cycles.

Behavioral Actions (continued)

• Limit use of debit cards.• Do not use a personal mailbox at home or at

an apartment.• Use a cross-cut (confetti) shredder.• Sign up with a company that provides

proactive protection of your personal information.

Computer-Based Actions

• Never open unrequested attachments to e-mail files, even those from people you know and trust.

• Never open attachments or Web links in e-mails from people you do not know.

• Never accept files transferred to you during Internet chat or instant messaging sessions.

• Never download any files or software over the Internet from a Web site that you do not know.

Computer-Based Actions (continued)

• Never download files or software that you have not requested.

• Test your system.• Run free malware scans on your computer.• Have an anti-malware product on your

computer and use it (ideally at least once per week).

• Have a firewall on your computer.

Computer-Based Actions (continued)

• Have an antispyware product on your computer.

• Have a rootkit detection product on your computer.

• Have a monitoring software on your computer.

• Have content filtering software on your computer.

• Have antispam software on your computer.

Computer-Based Actions (continued)

• Have proactive intrusion detection and prevention software on your computer.

• Manage patches.• Use a browser other than Internet Explorer.• Travel with a “sterile” laptop or no laptop.• Use two-factor authentication.• Use encryption.

Computer-Based Actions (continued)

• Use laptop tracing tools or device reset/remote kill tools.

• Turn off peer-to-peer (P2P) file sharing.• Look for new and unusual files.• Detect fake Web sites.• Use strong passwords.• Surf the Web anonymously.• E-mail anonymously.

Computer-Based Actions (continued)

• Adjust privacy settings on your computer.• Erase your Google search history.• Personal disaster preparation: backup,

backup, backup!

Wireless Security

• Hide your Service Set Identifier (SSID).• Use encryption.• Filter out media access control (MAC) addresses.• Limit Internet Protocol (IP) addresses.• Sniff out intruders.• Change the default administrator password on

your wireless router to something not easily guessed.

Wireless Security (continued)

• Use virtual private networking (VPN) technology to connect to your organization’s network.

• Use Remote Desktop to connect to a computer that is running at your home.

• Configure windows firewall to be “on with no exceptions.”

Wireless Security (continued)

• Only use Web sites that use Secure Sockets Layer (SSL) for any financial or personal transactions (discussed in Chapter 3).

• Use wireless security programs.