This document provides an overview of information security and compliance. It discusses recent threats like phishing scams and viruses, important routine measures such as using antivirus software and strong passwords, and additional good behaviors. Specific threats covered include phishing emails, ransomware viruses, and unauthorized access. The document recommends countermeasures like updating software and behaviors to avoid like inadvertently clicking suspicious links. The goal is to revise and enhance knowledge of information security best practices.
2. Introduction
Aims of the Information Security & Compliance
Course:
• Revise your knowledge of information security
• Enhance your knowledge with the latest
in information security
This lecture is divided into three sections:
1. Recent threats to information security
2. Important routine measures
3. Additional good behaviors
2
Improving your
knowledge of
information
security
3. 3
1.Recent threats to information
security
• Phishing scams
• Virus infections
• Unauthorized access
4. Risks of phishing scams
The damage caused by phishing scams that make
unauthorized use of Internet banking and credit card
information is increasing.
4
1. Deceptive
emails
2. Entering ID, password,
credit card, and account
details
Phishing site
3.
Collecting
information
4. Malicious use
of obtained
information
Genuine site
Check your
transaction
statements
for signs of
improper use.
5. How to identify suspicious emails:
Point (1)
5
Email address is suspicious.
Strange domain ending in “ru”
Attached file name
is suspicious.
This is a real email which we have received.
If an email seems
suspicious, it can
be helpful to do a
web search.
6. How to identify suspicious emails:
Point (2)
6
Email address is
suspiciously long
URL is suspicious.
“http” instead of
“https”
This is a real email which we have received.
Check URL before
inadvertently clicking.
7. Example of clever phishing site
Many recent phishing sites look exactly like
genuine sites.
Never open links in suspicious emails.
7
It’s difficult to
tell if a site is
fake!
8. Countermeasures and Behaviors against
phishing scams
8
Check that your devices
are not used without your
knowledge.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Manage your IDs and
passwords carefully.
Countermeasures Behaviors
Keep informed of the latest
threats and attack methods.
Don’t click inadvertently
on file attachments or
URLs.
9. Risks of virus infections
The damage caused by ransomware has grown
markedly since 2015.
What is “ransomware”?
9
An infected PC or files on
the PC are encrypted to
make them unusable.
à You are asked to pay a
“ransom” to regain
access to your PC or files.
Files are encrypted,
so they cannot be
used!
10. Examples of ransomware
10
Infection screen of
“CryptoLocker”
Infection screen of
“AndroidOS_Locker”
Online banking
information was also
stolen!
Nonexistent
organization,
“National
Security
Department”
11. If you are infected by ransomware
• Never pay a ransom.
• Disconnect from the network.
• Reinitialize the PC, then restore from a
backup.
11
restore
Make regular backups in case
this ever happens!
13. Countermeasures and Behaviors
against virus infections
13
Don’t click inadvertently on
file attachments or URLs.
Do not install suspicious
applications.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Make regular backups.
Countermeasures Behaviors
Keep informed of the latest
threats and attack methods.
14. Damage due to unauthorized access
14
Sending spam
emails
Hijacking of
social media
accounts
Data leaksModifying web
sites
Unauthorized access is access to computers and
systems from a network by someone not
intended to have access privileges
Viewing,
modifying, and
deleting files
Viewing,
modifying, and
deleting emails
15. Things that increase the risk of
unauthorized access
15
Continuing to use
old versions of OS
and applications
Using easy-to-guess
passwords
Repeatedly using the
same passwordConnecting to
suspicious free
public Wi-Fi
networks
Entering personal information
on sites with URLs not
beginning with “https”
Leaving
old
accounts
active
Letting someone else
use your smartphone
Not checking the
usage status of
your services
16. Countermeasures and Behaviors against
unauthorized access
16
Don’t click inadvertently on
file attachments or URLs.
Use only secure
communications channels.
Install antivirus software and
keep it updated.
Keep your OS and
applications updated.
Manage your IDs and
passwords carefully.
Keep informed of the latest
threats and attack methods.
Countermeasures Behaviors
Take care not to lose your PC
or smartphone, or have it
stolen.
17. 17
2. Important routine measures
• Antivirus software
• Updating software
• Strong passwords
• Regular backups
• Knowing the latest threats and attack
methods
18. Antivirus software
New computer viruses are discovered every day.
Set your antivirus software to update automatically!
18
It is not possible to
protect against
unknown viruses…
The virus definition
list of your antivirus
software needs to be
updated.
19. Updating software
• Set the “automatic updates” option!
• Update your OS as well as your applications!
19
Always use the
latest version!
20. Strong passwords
The common password for your Hiroshima
University ID and accounts should
– Be at least 8 characters long
– Include numerals, symbols, and both
upper and lowercase letters
– Not be an easy-to-guess character
string
20
It is dangerous to
repeatedly use the
same password!
21. Regular backups
21
Make sure to back up regularly in case your PC
malfunctions or gets infected by a virus.
※ You can use OneDrive for Business (1TB) free of charge
for your data and OS backups.
You can access OneDrive
from the list of Office 365
applications.
22. Knowing the latest threats and
attack methods
Make the
effort to keep
informed
about the
latest security
threats.
22
http://www.ipa.go.jp/security/kokokara/study/international.html
23. 23
3. Additional good behaviors
• Do not attach files to emails
• Use multi-factor authentication
• Share information with people
you know
• Report problems immediately
• Other precautions
24. Do not attach files to emails
24
Virus infections caused by opening a file attachment
are increasingly common.
When exchanging files, avoid email file attachments
as far as possible. Instead, place the file in the cloud
and send a link to the file in the email.
To: Taro Hirodai,
From: Momiji Saijo
I uploaded the created file to ownCloud.
Please check it.
Folder name: Work Folder
File name: 20170401ver1.docx
25. Use the cloud to exchange files
25
<For people without a university
account>
Check “Share with URL.”
Share by sending the URL to the
recipient.
<For people with a university
account>
Share by specifying an account
ownCloud can be used free of charge at Hiroshima
University.
http://www.media.hiroshima-u.ac.jp/services/fileshare
Files are automatically deleted after
one month, so the service is suited only
for temporary file exchanges.
26. Use multi-factor authentication
To enhance security, multi-factor authentication
can be used with Office 365 at Hiroshima University.
26
When using a smartphone mobile app,
Log in with account@hiroshima-u.ac.jp + password + smartphone
* Authentication is also possible with an SMS or telephone call.
I got hold of an ID
and password! Let
me try and log in
now!
What’s this…?
It’s asking me for
authentication to
log in…
I wonder why.
I’ll refuse.
What the hell?
I can’t log in…
Something doesn’t
seem right. I better
change my password.
27. Share information with people you
know
27
Actively exchange
information with
family and friends.
Helping the people
around you understand
security will help protect
you all from harm.
28. PC starts sending
spam emails.
unauthorized access
Data leaks
virus infections
Symptoms that indicate a
security incident
28
PC starts suddenly
malfunctioning.
Nothing happens
when clicking on an
email file attachment.
Virus detection window
appears.
It suddenly becomes
impossible to open
folder or file.
29. Promptly reporting security incidents
29
This handy card lists emergency contacts and
precautions.
The cards are distributed free of charge by the Media
Center. Carry one with you,
together with your student/staff ID!
E-mail: sec-kikou@ml.hiroshima-u.ac.jp TEL: 082-424-6082,080-1906-2982
When you find an incident,
http://www.hiroshima-u.ac.jp/en
Contact your affiliated
faculty / graduate school or CSIRT, immediately!
Information Security Quick Guide
・My web site seems to be tampered.
・My laptop was stolen.
・Suddenly my file has become inaccessible.
・I lost my USB memory containing personal
information.
・I received a complaint saying“I received a junk
e-mail from your address”.
Computer Security Incident Response Team (CSIRT)
Knowing emergency
contacts at all times is
a useful security
measure .
30. Other precautions (1)
30
Use of file sharing
software is prohibited at
Hiroshima University!
Always encrypt sensitive
information when you carry
it around.
Be careful not to lose or
misplace your devices!
Never leave
your bag
unattended!
Let's
encrypt
31. Other precautions (2)
31
When using social
media, take care not to
post inappropriate
content or leak sensitive
information!
Using public Wi-Fi networks
puts you at risk of
unauthorized access!
Avoid using them as far as
possible!
Free Wi-Fi
32. Countermeasures and behaviors
32
Many things have been explained, but fundamentally,
you can protect yourself against security breaches by
practicing “5 countermeasures” and “5 behaviors”.
5 countermeasures
5 behaviors
33. 5 countermeasures
33
Install antivirus software and keep it updated.
Keep your OS and applications updated.
Manage your IDs and passwords carefully.
Make regular backups.
Keep informed of the latest threats and attack methods.
34. 5 behaviors
34
Don’t click inadvertently on file attachments or URLs.
Do not install suspicious applications.
Check that your devices are not used without
your knowledge.
Use only secure communications channels.
Take care not to lose your PC or smartphone,
or have it stolen.
35. Conclusion
We are at the end of this online workshop.
After this, you must take an evaluation test.
16 correct answers out of 20 questions
is a pass.
If you pass the evaluation test make sure to
• 1st year: Check that your account is working.
• 2nd and later years: Update your account for the
current year
35
36. Reference documents and materials
• “Top 10 Threats to Information Security 2017,” IPA
https://www.ipa.go.jp/security/vuln/10threats2017.htm
• Trendmicro
http://www.trendmicro.co.jp/jp/security-intelligence/threat-
solution/ransomware/
http://blog.trendmicro.co.jp/archives/13041
Materials
• Human Pictogram2.0
http://pictogram2.com/
• FLAT ICON DESIGN
http://flat-icon-design.com/
• ICOOON MONO
http://icooon-mono.com/ 36
37. 37
Issued in April, 2017
Information Media Center, Hiroshima University
Attribution 4.0 International