Online Security
MY DIGITAL WORLD PROGRAMME
Presenter: —————
Date: xx/xx/2023
Online Security
Online Security: agenda
01 Introduction to online security 02 Managing personal security 03 Managing online accounts 04 Managing compromised accounts
01 Introduction to online security
Why online security?
In today’s digital world, in an almost constantly connected digital landscape, online security should be a priority for everyone who interacts with others and shares information online.
Online security refers to the rules you follow, the actions you take and the processes that happen to help ensure you are safe on the internet. Online security is our intended result of using a wide range of protective measures that enable us to perform our mission and critical functions despite risks posed by threats to our use of technology and the internet.
02 Managing personal security
Learning objective: You will know how to manage the security of your devices, applications, often known as apps, and passwords.
02 Managing personal security (cont.)
Personal devices
Your personal devices, such as cell phones, laptops, and smartwatches are powerful tools for communicating with others, connecting to the internet, and engaging in life in the digital age. Because these devices can contain so much personal information, it is important to treat them with care.
Safety and security tips
- Know your apps, the data they store, and the permissions they have. Most apps will let you know what info. they track, monitor, and collect.
- Know what passwords you have saved and other accessible personally identifiable information. Lock your device with face ID, fingerprint, numerical pin, password. When choosing balance security and convenience to your preferences.
02 Managing personal security (cont.)
Personal devices
Be careful who you give access to your personal devices
Be careful who you give access to your personal devices
- Letting other people use your cell phone gives them access to all of the apps, content, information and social media profiles that are on that device.
- Back up your devices regularly. If a device is lost or stolen, you can use the saved backups to restore access to your accounts and information. If your backups contain sensitive data, consider encrypting them.
02 Managing personal security (cont.)
App Family Link
02 Managing personal security (cont.)
Public and shared devices
Shared devices include devices at home or in an office setting where multiple people use the same device.
Public devices include devices in a public location, such as an internet cafe, public library or school computer lab. Using public devices is like using other public resources. It can be convenient, but it may also come with added risks. And just like with other public resources, it is important to be careful while using them.
02 Managing personal security (cont.)
Safety and security tips for shared devices
- Turn off autofill and password-storing features.
- Consider using private browsing mode, a feature available on most internet browsers. Private browsing mode prevents the browser from permanently storing browsing history, cookies, form inputs and other site data. However, private browsing mode does not hide user activity from your internet service provider or the websites you visit while in private browsing mode.
- If you do not use private browsing mode, consider deleting your browsing history when you are finished browsing the internet.
02 Managing personal security (cont.)
Safety and security tips for shared devices
- Avoid banking, paying bills, shopping or other sensitive business on a public device.
- Be sure to log out of your profile when you are done or if you leave the device unattended, even for a short time.
- Consider implementing additional security settings to protect young children, such as content filtering.
02 Managing personal security (cont.)
Wireless networks
A wireless network is how most people access the internet. It is a computer network that uses wireless data connections between network nodes. Public wireless networks are convenient, but present additional security risks since they are open to the public.
02 Managing personal security (cont.)
Safety and security tips for public wireless
Use HTTPS instead of HTTP, sometimes appearing with a green lock icon in website URLs. This lets you know your connection is likely safe and secure. But not everything you do on the internet is going to be secure this way. Avoid banking, paying bills, shopping, accessing personal accounts, social media or private information on a public wireless networks as they can be compromised. The only true way to be safe on a public wireless network is to utilize a VPN connection, which simulates a private encrypted network.
02 Managing personal security (cont.)
Apps
An app is an application as downloaded by a user to a mobile device. To be safe, only download applications from reputable vendors such as Play Store, App Store.
02 Managing personal security (cont.)
Pay close attention
- If the app asks access to location, contacts or calendar
- If the app asks permission to send messages or post to your social media profiles
- Third-party apps can potentially compromise your privacy.
- In some cases, data needs to be shared for an app to perform its intended function(s).
02 Managing personal security (cont.)
Web browsers
A web browser (such as Chrome, Firefox, Safari) is an application that gives you access to the internet.
02 Managing personal security (cont.)
When browsing the web:
- Check domain name websites to ensure that you are on the correct website.
- Update your web browser(s) regularly to help protect against security risks from outdated software.
- If you are in doubt about whether a website is legitimate, try doing a web search for that website to find out more information about whether it is a legitimate or reliable website.
02 Managing personal security (cont.)
Passwords
A password is a sequence of characters which may include letters, numbers or symbols used to access a device or personal account on a website.
A passphrase is a longer sequence of characters, numbers or symbols, often crafted as a phrase or complete sentence, used to access a device or personal account on a website.
Tips
Create a separate password or passphrase for every account. If that one password is compromised, then all the accounts will also be compromised. Never use personal information, like birthdays, email addresses or usernames, that are publicly available. This makes it easier to guess passwords. Avoid using words that can be found in the dictionary. Try to include lowercase and uppercase letters, numbers and symbols. Use a longer password with at least eight characters. In general, the more characters in a password, the harder it is to guess or crack.
02 Managing personal security (cont.)
Other safety tips related to passwords
- Never share your passwords with anyone
- Do not post your passwords in an easy-to-find location
- When available, set up alerts when someone tries to log in to your account from a new device or web browser. These alerts can give you device and location information for the attempted login.
- When available, set up multi-factor authentication (includes two-factor authentication and two-step verification).
02 Managing personal security (cont.)
Two-factor authentication
Two-factor authentication is a security feature that helps protect your accounts and your passwords.
Factors
Knowledge: username & Password, PIN Possession: Cellphone, authenticator apps Inherent: fingerprints, eye scans, and face or voice recognition
Two-factor authentication uses two distinct authentication factors to log in
Multi-factor authentication requires users to provide multiple of above factors to log in
02 Managing personal security (cont.)
Setting up two-factor authentication on Facebook
Setting up two-factor authentication on Instagram
Setting up two-factor authentication on Whatsapp
02 Managing personal security (cont.)
Activity
Rating passwords
- Provide three examples of strong, medium and weak passwords or passphrases (one each) per table.
- Explain what makes each password strong (e.g., longer, passphrase, random) or weak (e.g., includes personal information, dictionary words, easy to guess).
- How can we improve the “weak” passwords?
03 Managing online accounts
Learning objective: You will be able to use Security Checkup features to manage your online accounts.
03 Managing online accounts (cont.)
Password management tools
Factors
A password manager is an encrypted digital vault that stores login information for all of your digital accounts including apps, social media and other websites. Some password managers also utilize a password generator to help you create new passwords.
A password generator is a program or service that automatically creates randomized, strong passwords to ensure that you are using unique passwords for each account.
When using password-management software, you will still need to memorize a single master password to access your information.
Make sure that your master password is extremely strong, but also make sure you have it memorized.
03 Managing online accounts (cont.)
Proactive account management
Steps you can take to be proactive in managing your online accounts
Passwords
know how to change your passwords and be sure to change them after any incident and every three to six months
Engaging with strangers online
If someone seems suspicious, try to verify their identity & then report suspicion
Managing personal information
oversharing can be a potential security risk, both online and offline
Location
Editing location services and third-party application access
Managing social media profiles
You can unfriend & block users & block, delete, filter, hide or pin comments
03 Managing online accounts (cont.)
Activity
Security checkup
In this activity, you will review your security settings on your selected social media profiles.
- Get alerts when someone tries logging into your account from an unrecognized computer or mobile device
- Learn how to protect your password: enable two-factor authentication, an optional feature that adds more security to your Facebook account
04 Managing compromised accounts
Learning objective: You will recognize when your own or others’ accounts may be compromised and know what steps to take next.
04 Managing compromised accounts (cont.)
Security threats
Hacking is unauthorized access to your accounts or devices. There are different methods for hacking, including brute force, phishing and scams.
Once a hacker has access to your device or personal accounts and information, they may try to:
- Install malicious software (such as spyware or ransomware)
- Modify your network connections or device settings
- Steal personally identifiable information, including passwords
- Watch what you are doing online, or in-person via your webcam
04 Managing compromised accounts (cont.)
Spotting compromised accounts
Notice unusual behavior
- Applications or programs crashing or taking a long time to load
- Increased attempted logins from unknown devices or locations
- Increased data usage for unexplained reasons
- Significant slow-down on your device, programs or websites
- Unexplained online activity
04 Managing compromised accounts (cont.)
Recovery steps
Recovery steps will be different depending on whether you can still access your account and variety of other factors.
01 Contact the account provider
- If you can still access your account, the provider will give you suggestions on the next steps to take. You will likely need to give them additional information to verify your identity and restore access to your account, if it is locked.
02 Change passwords and settings
- Change the password of the compromised account and other accounts that use the same password, if any. Check the settings of your account to make sure they have not been manipulated.
03 Notify others
- Let friends and family know that you have been hacked
- Sometimes hackers will send messages to friends from your hacked social media accounts. These messages may contain inappropriate content or malicious links, potentially compromising others’ accounts as well.
- If appropriate, notify law enforcement or other authorities of online harassment
04 Managing compromised accounts (cont.)
Report compromised account on Facebook
Report compromised account on Instagram
Report compromised account on WhatsApp
04 Managing compromised accounts (cont.)
Activity
Compromised account scenarios
SCENARIO I: Alem logged on to her social media account and noticed a message from her friend Fenet. The message from Fenet said that her account was hacked and that Alem’s might be hacked too. The message included a link to an external website where Alem could put in her login information to check if her account was also hacked.
Discussion questions |
Was Fenet’s account hacked? How do you know? |
What should Alem do next? |
SCENARIO II: Nebil turned on his laptop to check his email and noticed that it took a long time to open his web browser. He tried to open a word processing program to draft an email, but it crashed before he could open the program.
Discussion questions |
Was Nebil’s laptop compromised? How do you know? |
What should Nebil do next? |
04 Managing compromised accounts (cont.)
section FOUR: recap
Check for understanding
THANK YOU !