2012 NATIONAL CYBERSECURITY MONTH: Purdue Experts Present Social Networking and Mobile Device Security Program - 10/11/12

National Cybersecurity Month, observed annually in October, is intended to educate Internet users about the most effective ways to keep their cyber-world lives, data and personal information safe and secure from hackers and identity thieves.

This year’s NCSM theme, “Our Shared Responsibility,” emphasizes that security for all users of digital technology and devices — computers, tablets, smartphones and social media — starts with the individual user. As a shared resource, the Internet can be safe for all users only when all users adhere to prescribed security practices.

Purdue did its part to convey that message when it kicked off Cybersecurity Month on Friday, Oct. 5 with a full day of programming presented by several of Purdue’s IT and data security experts.

The day began with a keynote address by Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security (CERIAS) and professor of computer science. Spafford was followed by an hour-long talk on security perspectives for 2012, presented by David Shaw, chief information security officer for IT Security and Policy. Finishing the morning was a panel composed of Kyle Bowen, director of informatics at ITaP; Spafford; David Shaw, CISO at ITaP; and assistant professor Lorraine Kisselburgh of Brian Lamb School of Communication covering the pros and perils of social networking.

The afternoon sessions separated into two tracks, one devoted to cybersecurity awareness and the other with a focus on cyber security tools.

Social Networking Security

The first session of the security awareness track was “Social Networking Security and Privacy,” presented by Keith Watson of CERIAS. Watson’s presentation focused on many of the popular social networking sites, such as Facebook, LinkedIn and Twitter. He stressed the risks inherent in those sites and the importance for users to protect their passwords and personal information.

“Assume the worst case scenario is possible,” he said. “Then prepare for it. Make sure you have a way to recover your account and your data.”

Watson stressed that people need to be able to manage their passwords.

“Don’t get in the situation where you’re using the same password everywhere,” he said. “That makes it easy for a hacker to recover it and use it to access your other accounts.”

He also talked about network privacy. 

“Do not ‘friend’ or ‘connect’ with people you have not met in person or know well,” he said, adding, “Having a lot of (Facebook) friends can work against you.”

Watson’s Social Networking Security and Privacy PowerPoint presentation is available in its entirety on the Cybersecurity 2012 page of the SecurePurdue website. He also provided the URL to a guide for Facebook security, Own Your Space.

Mobile Device Security

The afternoon’s social networking track ended with a one-hour program on security for mobile devices. It was presented by Mike Hill and Preston Wiley of the Center for Environmental and Regulatory Information Systems.

As the use of Mobile devices — such as Smartphones, androids, and tablets — becomes more ingrained in our daily lives, consumers’ reliance on them is exponentially expanding, they said. Yet because of the number of mobile phones, their convenience, and their many uses, keeping them secure requires special precautions.

A mobile device is constantly connected to the Internet,” Wiley said, “and because it’s small, it’s easily stolen or lost. Unfortunately, to be more secure is to be inconvenienced.”

Hill added, “Apps make our lives easy, but they also make them scary when you think about how much is stored on the devices and that they could be compromised.”

Hill and Wiley presented these 10 tips for keeping mobile devices secure:

  1. Lock device with a passcode (pins, pattern, facial recognition, password).
  2. Keep apps up to date using official sites (Google Play or Apple App Store); beware of third party apps from unofficial sites. When you allow unknown apps on an android, you allow them from ALL sources. Turn on this option only if you need it, and turn it off when you don’t.
  3. Disable network services. If you’re not connected to a network, the device is looking for one. Beware of open networks. If using Bluetooth, turn it off or set it to non-discoverable.
  4. Beware of QR codes.
  5. Update the operating system. Lots of times when upgrades come out, it’s to address a security issue.
  6. Configure location services, but beware of disclosing location publicly. If you don’t use it, turn it off. (See the Please Rob Me website.)
  7. Back up the device. Don’t risk losing irreplaceable information, and take care of sensitive data stored on the device.
  8. Erase the data on your device before you return it, repair it or resell it.
  9. Find your device after you lose it. It might be found by locating it on a map, displaying custom message, remotely locking or wiping it. Place the device in “lost mode.”  Create an “In Case of Emergency” (ICE) contact on the phone.
  10. Secure browser settings. Recommended settings: block popups, enable private browsing, enable fraud warning, disable auto fill, disable location services, clear history and cookies.

The presenters invited the audience to check for a new Serious About Security Podcast every two weeks, a service of CERIAS. Hill and Wiley’s PowerPoint file, Tips on Security Mobile Devices, also is available on the Cybersecurity 2012 page of the SecurePurdue website.

Look for a wrap up covering Track 2 of the Oct. 5 cybersecurity program, “Technical Cybersecurity Tools,” in the Oct. 18 edition of Business @ Purdue News.