Webinar 01: ICT Security Basics

As we go through our day-to-day activities using today’s technology, have you ever questioned how safe your identity is from the online world?
The security of information and communications technology (ICT) has continually been a very significant topic. Considering the recent attempts to disrupt banking services, data theft, the defacing of government websites (like the COMELEAK incident), and other malicious attacks on government services and private enterprises, ICT security is getting the attention that it has long deserved.
The UP Information Technology Development Center (UP ITDC) recently held a webinar to discuss issues related to ICT security. The main goal of the webinar was to disseminate information about protecting computer systems and mobile devices from data theft and damage to hardware, software, or information, as well as from disruption or misdirection of the services they provide. Held on 15 January 2018, topics discussed in this webinar were: (i) securing personally identifiable information (PII); (ii) protecting yourself while using public WiFi; (iii) protecting devices from malicious attacks; and (iv) securing one’s online identity (social media security).

 

The main resource speaker was UP ITDC network systems trainer Noel Benedict Ramos. Serving as panelists for this webinar were AJ Dumanhug, Gabriel Villorente, and Noel Feria, all from the UP ITDC.

 

Securing Your Personally Identifiable Information

Ramos defined Personally Identifiable Information (PII) as any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual. He explained that if this information is lost, compromised, or disclosed without authorization, it could result to substantial harm, embarrassment, inconvenience, or unfairness to an individual.
Examples of PII include biometric information (fingerprint, facial recognition, iris recognition). Among the unique identifiers cited were: (i) personal information; (ii) full name (if not common); (iii) home address; (iv) email address; (v) date of birth; (vi) place of birth; (vii) phone numbers; (viii) login name/screen name/nickname/handle; (ix) relatives (mother, father, siblings).
Disclosure of PII, according to Ramos could either (i) lead to unauthorized access to your devices/files; (ii) result in attackers gaining access to your personal accounts (social media, email, etc.); (iii) lead to personal harm to a person who private information was revealed to people who weren’t supposed to see it; (iv) lead to financial loss (in the case of credit card/bank information loss); or (v) result in phishing attacks, scams, and identity theft.
Notable and celebrated cases of attacks cited were on Sony, Yahoo, and JP Morgan Chase.

 

How to secure your PII

Ramos gave a few guidelines on securing one’s PII: (i) don’t post identifiable info on your social media accounts (e.g., pictures of passport, driver’s license, etc.); (ii) hide pertinent information from being seen on your (social media) accounts (e.g., change your settings to hide your birthday); (iii) know where your PII is stored, ensure that only those who have a business need to access the data have relevant rights; (iv) do not allow smart devices to track you (e.g., posting a picture with your location); (v) make sure that the websites that you use have SSL (secure socket layers) and secure enough to protect your PII; and lastly (vi) cover your laptop/phone/tablet camera when not in use.

 

Protect Yourself While Using Public WiFi

People have become so dependent on technology because it is commonly used for work, school, communication, and entertainment. In this day and age, it has become so easy to gain connectivity because of a number of options—free WiFi in malls, coffee shops, restaurants, hotels, airports, etc. Ramos explained that all these perks come at a price.

 

Risks of connecting to free WiFi

According to our resource person, the features that make free WiFi desirable for consumers are the same ones that also make them desirable for attackers. Ramos explained that many free access points require no authentication to connect, and this creates an opportunity for attackers to get unfettered access to unsecured devices on the same network. He said that the biggest threat to free WiFi security is the ability of the attacker to position himself between you and the connection point. Ramos explained that instead of communicating directly with the free WiFi hotspot, the user sends data to the attacker, who then relays it on. These data can either be the user’s important emails, credit card information, security credentials to your school/business network, etc. According to Ramos there are instances where attackers also use free WiFi connections to distribute malware and viruses disguised as software updates. He further explained that as mobile WiFi becomes increasingly common, we can expect internet security issues and public WiFi risks to grow over time. However, Ramos stressed that this does not mean that we have to stay away from free WiFi.

 

Protect Devices from Malicious Attacks

The use of a VPN (virtual private network) is one way to protect devices from malicious attacks. Ramos explained that VPN services encrypt messages going in and out of your device, so even if attackers get hold of your data, they could not make any sense of it. VPN services cited as examples were: (i) IPVanish, (ii) Hotspot shield VPN, (iii) Cyberghost VPN, (iv) OpenVPN for Android, and (v) GhostPath. Ramos also suggested that it will be safer to use SSL connections for the websites that one visits. He also recommended that sharing on devices be turned off when not in use. Similarly, he urged users to keep WiFi and Bluetooth off when not in use, and avoid sharing sensitive data when using public WiFi.

 

Summary

In concluding this webinar on ICT Security, Ramos recommended (i) to always keep one’s PII safe; (ii) understand the risks of connecting to public WiFi [hotspots] and keep necessary precautions. He explained that to stay protected, always make it a point to get security updates, anti-virus and anti-malware software for all your devices. Villorente stressed that one has the responsibility to whatever one brings or share to one’s own office network. Ramos strongly recommended users to make sure to always create backups to your computers and devices. Feria reminded the audience to share this information to everyone.