 Welcome to TechSoup Talks. My name is Kami Griffiths, and today's webinar is Security Basics. Keep your computer safe. We'd like to thank ReadyTalk for sponsoring this webinar series. And also thank Mary and Mary for being our presenter. I'll introduce her in just a second. To get us started, I'd like to tell you a little bit about TechSoup. We're working towards a time when every nonprofit and social benefit organization on the planet has the technology resources and knowledge they need to operate at their full potential. So for those of you who are new to TechSoup, I want to point out some things that on our homepage, so techsoup.org, we have a learning center with articles that you can read about technology topics, a whole slew of products that are donated to us by companies like Symantec, Microsoft, Adobe, and redistributed to nonprofits and libraries. You can also, we have a special program just for libraries and a digital catalog, a couple of newsletters, and a bunch of community forums. So if you haven't yet spent much time on our website, please go to TechSoup.org. Now I would like to get started with introducing our speaker, some Mary and Merritt. Can you please introduce yourself? Hi everyone. Yes, this is Mary and Merritt from Symantec, or you may know us better as the makers of Norton, and I'm the Internet Safety Advocate. So I'm going to present today on a wide variety of topics in the area of cybersecurity, and I hope to answer a number of questions you may have or address some of the myths that are out there. First let's just go through a quick agenda about the sorts of things I want to talk to you about. We'll look at the threat landscape. So a wide variety of different kinds of security threats are out there, some of which you may already be very familiar with, but some of the terms, how they infect computers, it may be new. We'll look at how computers are getting infected because there are a variety of ways that you can run into trouble, and even when you think you're doing everything right, you can still get infected. So we'll look at some of the ways that things can go wrong, and I think raise your awareness about some of these vectors. Now what's driving the growth in malware? We'll talk about the underground cyber-criminal activity. Open your eyes to how major a problem that is, and I think that also goes a long way towards explaining why there's so much trouble in the land of cybersecurity. We'll talk about ways to stay safe, probably one of the most important things we can talk about. What to do if you actually discover malware or other forms of infection on the systems you manage, places to turn, and then resources, both from Symantec and other groups. So we have a poll here. This is one of the things that I want to talk about. Take a moment and tell us, does your organization have an acceptable use policy, some form of a greed upon how we're going to use computers in our organization? So take a moment and tell us yes or no. I'm just waiting for the numbers to add up. I see some of you are responding in chat. I think you can poll directly on the screen. Is that right, Tammy? There we go. Okay, I'm going to close the poll. Okay, so look at this. Almost 70% of you already do have an acceptable use policy in place, but a third of you still might want to take a look at that and see what benefits you could have both from the security point of view, also from an employee point of view, in terms of everyone understanding what their role is, and then reducing legal liability. But we'll talk a little bit more about that in a bit. Okay, another question. Do you provide internet safety training for your employees and volunteers? So again, simply yes or no is something that you are doing on a regular basis. My goodness, so as we get to the close of this poll, I'm seeing sort of the flip trend whereas most of you have already done a pretty good job when it comes to using an acceptable use policy. It looks like establishing a standard practice of internet safety training is something we're going to have to aspire to. So Kami, what did it come out to? 80% have not provided internet safety training for their employees and volunteers. I understand we're all very busy, and especially with volunteers who mainly give us a few hours a week, it might be a difficult task to take on. But the good news is there are so many forms in which internet safety training can take. It can be in the form of a webinar. You can have speakers come in. You can distribute materials for people to read. So I don't think it should be as daunting a task as it may feel most of the time, but it is something we should attend to. So let's go forward. I said we were going to talk about the threat landscape. Now, Symantec or Norton, we did this big global study last year. Well, this year actually, we talked to 7,000 adults in 14 different countries. And we asked them about their own experiences with forms of cybercrime. So 51%, just over half, have already had a computer virus or some other form of malware get onto one of their computers. 10% of people have experienced an online scam. Now an online scam could be something like a fake work at home, or it could be the falling for some kind of offer online. They can take a lot of different forms. We'll talk a little bit more about that. A phishing attack, phishing with a pH is when somebody makes you an offer like in an email and then you click a link and it takes you to a dangerous website or to download something that insects the computer. So you were tricked into opening something by a lure, something that reeled you in, kind of like the fisherman with some kind of attractive lure on the end of the phishing pole. Now social networking hacking like Facebook or MySpace, this is new and on the rise. And on the right you actually see a chat from somebody's infected Facebook account, and that I pulled off of an MSNBC site. But the gentleman involved, his name was Brian Rupberg. He's actually somebody in my social network. So when he got hacked, I actually saw this appearing in my news feed and knew that something was wrong. So I was able to contact him, but he already had been made aware. What happened was somebody hacked his email and because he shared the password across everything he had, they were able to get access to his Facebook and post messages, hey, I'm in London, I was robbed, I have no money, please help. So this is a relatively new phenomenon, but one you will see more of. The next of course, online credit card fraud, identity theft is so incredibly common just here in the U.S. 10 million people in a year's time will experience it. So it's certainly something that people are aware of already. And the last one is sexual predation, which is something parents worry about so much with their kids. But look, 7% of adults have experienced some contact or aggressive activity from a predator online. So pretty upsetting experiences as you might imagine. So there are a lot of different kinds of malware. Now remember that half of the people have had some kind of malware again onto their computer. And you hear a lot of different terms out there in the news and it can get a little confusing. So one of the things we'll do right now is just talk about some of the common categories. Now for years now, more than 10 years we've known about computer viruses. And simply a virus of this kind is a program that can spread from a computer to another. And it used to be, and I'm talking way back in the olden days, a computer virus had to spread because somebody took a floppy disk with a computer virus on it and put it in a new computer. We used to call that the sneaker net. Then of course the internet comes along and all of our computers are connected one to the other. So a new form emerged, the worm. The worm was a virus that could spread on its own. And an example would be it would scan your hard drive looking for your address book and then copy itself off in an automated email to everyone in your address book hoping that they would open the attachment or download the file and get infected. And then we have something called the Trojan. We see a lot of those right now. This is a virus of many different forms but it's hidden in an offer of something good. And like the Trojan horse of your where you see a little image here of the soldiers hidden away inside tricking the people of Troy, we very often see these scam emails and offers going to children, an offer of a free download of a screen saver that they download the file and open it up and of course malware now gets onto the computer. The next one, the bot, robot network. So let me just take a moment and explain and I have a little diagram here. This is some very quiet malware that will get onto a computer in order to behave at the command of a remote criminal. So the criminal or bot herder can actually control a network of these infected computers and he may use them to send out spam. So that's the explanation of why 90% of all email in the world is now spam. He may use it to attack a computer server, perhaps of a corporation, take down a website. But the idea here is mostly that the person whose computer is infected may never realize it until law enforcement knocks on their door to say, hey, you've been sending spam or you were involved in a denial of service attack. And some of my friends over at Comcast which is the largest ISP in the United States, they've told me that as many as 15% of their customers who connect to their server are infected with bots. So definitely a big problem, but one you may not even be aware about. There was a comment in the chat, did I say that 90% of all email is spam? I sure did. And in fact, Message Labs, a division of Symantec puts out a regular spam newsletter that tells you what kinds are out there. So it's certainly a big problem. One you may not see because your ISP, your email provider are doing such a good job of pulling it out of your feet. So what's a keystroke log? Your last one, as the term implies, this is something that gets under your computer in order to silently record your logins to your online bank, your Facebook logins, etc., and send it off to the Internet. It can also be a physical device. You can buy them not in the United States but elsewhere. And it could simply be connected between the big computer you have and your physical keyboard. More difficult on a laptop where you would notice an additional cord, but something to be aware of. It's usually in program form. Okay, so let's move forward. So how does all of this happen? Well, as I mentioned at the outset, there are a lot of ways you can get infected with these various forms of malware. So the first and almost a traditional form is an emailed link. You would click on a dangerous link and it would take you either to an infected website where automatically they've exploited a hole in your browser and put something on your computer or they would entice you to download something at that site. There's a number of different ways it might occur. Instant messaging, I can send you files and instant message. I can send you links. Twitter as well. Facebook, if you get infected, somebody can put a dangerous link into your Facebook feed enticing all of your friends in your social network where one would hope you could trust each other, trying to entice you to click on the link and get infected. We're even seeing this in YouTube comments, which of course is something we should tell our children about since for children, YouTube is one of the top four destination sites at all time. And then pretty much stands the reason. Infected devices, just like the original days of the sneaker net, anything I can walk around with and insert into a computer's drive or connection where it will get read could be a potential source of infection. So I mentioned USB sticks or thumb drives, memory sticks, or sometimes called any form of disk that you're walking around with, even laptops that people connect into your network. And then surprisingly, we're even seeing digital photo frames coming direct from the factory with viruses installed on them. And this is usually not malicious, but rather sloppy manufacturing. We see fake work at home schemes as I mentioned. This is one of the ways people get wrapped up in cyber crime and they may not even realize it. I'll talk to you a little bit more about that in a moment. Online auctions. You legitimately went to an online auction site to bid on something. You didn't win. You get an email from somebody saying, oh, I have another of what that item was that you were bidding on. Go to my auction site to bid. And of course you're at a fake site. You put in your credit card and you've been scammed. Even online dating, and this is something of concern for our senior citizens who believe it or not are turning to online dating. There are lots of scamsters out there who are going to try to get money from you or in other ways take you. Fishing attacks, we talked about that. But something that anyone running a nonprofit or small organization should be aware of is a term called spearfishing. And just like the image that comes to mind of somebody standing in a stream with a large pole spearing their fish, this is a very targeted attack on an individual. And what these criminals will often do is find online the list of all the executives or the big donors to an organization. They'll figure out the email because very often on your Contact Us page you tell people what format your emails take, first name, underscore, last name at the organization. And then the cyber criminals will literally target fake emails to you saying they're from the bank, they're from the big giver, they'll use names and terms that might look familiar to you, they'll appeal to the type of agency you are, all in order to get you to click a link or download a file and now they can either have access to your computer or use a keystroke logger or some other way to now access your banking for example. So spearfishing definitely something people should be concerned about. Fake antivirus pop-up alerts, what I mean by that is this is when you might see a pop-up like I've got a little image here. And very often what these look like, oh I'm sorry that's not what that is, that was a fake link. A fake antivirus pop-up alert is going to look like it comes from Microsoft or Symantec or Norton or McAfee or one of the vendors, it's going to say you have a virus. Click here to run a full scan and then people fall for it. They run the full scan and naturally are told that oh you didn't just have one virus, you have 30 viruses. Click here to clean up your system and pay us $30 for our software. Of course the people who fall for this now have downloaded malware onto their computer that will be very difficult to get rid of. They've also given their credit card to a cyber criminal, so a whole host of problems. Next, if you've lost an employee either by their own volition or for another reason, you've got to pull their access. You've got to make sure they can't pull sensitive files or get into the banking, just dance to reason. And then skimming is something where if you use a debit or credit card at the gas station or in a restaurant, we've seen people using devices to steal credit card information. So you certainly want to exercise great physical control over your credit cards and debit cards. I hope that makes sense. So I'm going to go forward. So why is malware growing so dramatically? I mean we used to see like 10,000 new virus types each week. Now we're up to 50,000 each week and I expect it will double by next year. And the reason for this growth is the development of the underground cyber crime economy. So you have now very organized people all over the world creating toolkits that can be purchased online to send out spam, to infect people with these bots, to send out all kinds of phishing emails. And it's so big, the Department of Homeland Security even estimates it's larger than the international drug trade. I think it's pretty scary. And so you've got hackers with some level of computer skills and a desire to make money. So this organized online buying and selling takes place in back alleys of the Internet like Internet Relay Chat where we can actually, those of us in the security industry, can see people buying and selling huge databases of stolen credit cards including the 3-digit security code. We can see people benefiting from hacked databases of hospitals and other offices where they might get name, address, social security number and other valuable information. So the motivation of course is there's very low risk of getting caught especially for people sitting in Eastern Europe but it's high reward. So let's take a look at an actual example. The Zeus Trojan which is just the name of a specific type of Trojan malware that was out there was developed in Eastern Europe by a group of individuals to attack small businesses and nonprofits in the United States. So they actually had tried to get about $200 million. They ended up getting away with $70 million. Not a bad take. The group of individuals that you see here from the FBI's Most Wanted poster these are students in the United States on student visas most of whom were from Eastern Europe some from the UK who were the mules. And the mules, that's the term used, these are the people at the tail end of the scam. These are the people with fake passports opening up bank accounts so that once this Trojan malware got onto the nonprofit's computers gathered the bank login credentials, these people or the hackers in Eastern Europe did bank transfers to legitimate US banks of all the money in the bank account. And these individuals then took the money out of the US bank account where it went, took a percentage for themselves, and then wired the rest of the funds off to the cyber criminals. So the mules at this tail end of the whole scam, they're the ones who get caught but the money has now left our shores. Pretty horrifying stuff. In the next phase what I often talk to people is that there's really three phases that we've seen in cyber crime. The first was the fame and fortune where the virus writers were just trying to show off their computer skills. And then we moved into the fortune phase which we're in now where it's all about money. But we've just seen a proof of concept of a virus type called Stuxnet. This was a virus written specifically to find and infect organizations that were running some Siemens control and automation software. And you're thinking, well I've never even heard of Siemens control and automation software but if you ran a large infrastructure organization like a nuclear power plant or the electric grid for a major city, you might be a customer of the Siemens control and automation software. And when semantic researchers looked at where these infections occurred, they found that over 50% of them were in Iran. So the reason I bring up the Stuxnet virus is that it's the first evidence of what we suspect is state sponsored terrorism using malware because that software could literally take down a nuclear power plant in another country. Pretty scary stuff and definitely something that companies like Symantec are paying a great deal of attention to so that we can stop it. Good news for consumers. You've been protected from Stuxnet for nearly a year now. So let's move forward. So most importantly, how do we protect ourselves? Look, Internet security is more than just antivirus and it must be on all computer systems. So if you were to look for example at an Internet security suite from any major vendor, it would include antivirus, a firewall, anti-spyware protection from identity theft and so forth. And in fact, ours even includes some password encryption so that you can have your password very protected from even the risk of a keystroke log or on your computer. But we need to create a culture of security in the organization. It's not us versus them. And what I mean by that is not us versus cyber criminals which hopefully we already feel, but very often individual employees reject the idea of IT and any kind of control on what you're doing. It's a mistaken belief that for example, if the policy at work is to restrict access to Facebook that IT doesn't get it, it's not cool, they don't understand. You've got to work with IT. You've got to respect security and the need for security practice in the organization but bring IT in on the discussion and figure out how you're going to achieve that right balance. And that's why we have to explain the why to our employees because they can take safe computing they learn at your organization. They can take it home where their families are, where the kids are who often compromise the work laptop brought home or infect the home's wireless network. Very often the things that your employees know that they're not talking to their kids about and it would be good for them to do so. And I think that as we improve security at work we can improve it for everyone across the board. So I do recommend creating a security policy that should be part of your acceptable use policy. And I understand from Cami that some examples will be made available but I'll talk a little bit more about that in a bit. You do want to talk about security, have a policy, enforce it, figure out what the rules of the road will be for full-time employees versus visitors, versus volunteers, etc. There's some nuance there that you will have to give consideration to. I do recommend separating systems where possible. And in fact there's a banking organization for small business that really does recommend the computer that does financial transactions be completely isolated from the rest of the network to prevent the possibility that one employee's failure to adhere to policy or a simple mistake shouldn't infect the financial backend. And of course just as you would manage your financial systems with control so that one employee obviously can't steal from you, you want to address the same kind of controls in a security fashion. So you want to make sure that you, for example, don't allow that computer to be used for downloading music files, or email, or social networking, some things to think about. And then backing up, boy, it's an old piece of advice, probably not that new, not that exciting, but probably the most important thing you need to take away today. And the reason I say that is with malware coming at us on such an onslaught, on such a daily basis, even when you are fully protected, even when your virus definitions are completely up to date, there is always the possibility that a threat can still get onto your systems for a variety of reasons. And sometimes with these really pernicious forms of malware where that can shut down your antivirus or your Internet security software, prevent you from getting to the website where help may exist, you may need to revert your system. So certainly backing up your data in more than one form, perhaps look to the cloud so that if your physical data backup got compromised in some way, you would have that redundancies, the term that people often use. And then you might also look into what others are doing. Some people use web filtering, preventing people from going to dangerous sites like porn sites. You can object to porn sites because it's a distraction at work, or because it exposes people to illegal content, or it creates an environment harassment, but you may not also be surprised to learn that porn sites are often infected with malware. So another good reason to perhaps prevent people from going there. All right, so acceptable use policies. And I will admit that I have the benefit of working for a large organization, so I've never had to create an acceptable use policy, but they are typically worked on in conjunction with IT and HR, and definitely approved by your legal advisors. And some examples of things you would want to look at are what you're going to restrict. So for example, you might say you can't take the laptops home, or any device storing donor information is only allowed in the hands of people with locked offices. I mentioned the porn sites or online shopping. These just simply may be a distraction at work and not what you've paid for your Internet access for. But another important one is installing software other than that approved by IT. And if you've got for example a lot of younger volunteers or employees, they may be using the significantly better bandwidth at work to download music. And they may be using peer-to-peer file sharing networks in order to do so. That's a notoriously insecure form of software to have on any important networks. So I would definitely encourage people to recognize that risk and fight against it. Conducting financial transactions, as I said, you might want to restrict who can do it and where they can do it, and make sure that people don't simply log in to the online banking at a computer other than the one that's already been set aside for this activity. Email, social networking, and so forth. I would also remind employees that email, instant messaging, other things done on work computers is company property and monitored. That may not be your current policy, but perhaps it will be in the future. And the reason that companies more and more are monitoring not just email, but instant messaging, because as I said earlier, I can transfer files to you through instant messaging. And so if you're worried about corporate property, marketing plans, and other secured documents leaving your facility, those are places you need to be monitoring. And then lastly, just like we do with our children, if they break rules, it's really important to say, what will happen if the policy isn't followed? Is it grounds for being let go? Will your access rights be taken away? Or what have you? And as I mentioned, Cami will be sending out an example of an acceptable use policy. And I know that there are more available in other locations online. So we talked about these fakes by where or anti-virus alerts appearing on your computer. But if you don't see something that visible, there are other ways you might suspect you've been infected with malware. So you may see strange pop-up ads, regardless of where you're browsing on the Internet. Or your browser itself may be hijacked, which means your homepage isn't what you set it to. And wherever you try to put in to click a link or to go where you want to go, you end up somewhere else. Your computer may be slowed down because there's millions of spam messages being sent out from your computer. Your anti-virus isn't working. And no matter what you do, you can't get it to open, or you can't get to the vendor website for help. You see lots of activity, meaning the little blinking light on the hard drive is going like mad. You're not actually doing anything. Strange icons in the tool tray down at the bottom, and you try and click on them, and they disappear, then they come back. You try to do a web search, and it's not working. And instead of getting the traditional problem page, when something's not working in search, you get that 404-page error message. But if you have malware, you may see something else. It may talk about a special tool bar, but you have no idea what it's talking about. Or you're simply maybe getting lots of bounce back emails or sent email messages that make no sense to you. So what do you do if you are infected, either because you saw that evidence, or you scanned your computer using your security software and discovered it? Well, definitely you first report to IT, whoever that IT person is, if you have a dedicated person, an outside consultant, even an individual in the organization, but get help. You want to determine how widespread is the infection, just the device you're on, an account was compromised, the whole network's been shut down, your website's been compromised or hacked. Disconnect an infected device as well from the internet while you're working to clean it up. Even though, and here's the great irony, very often the tools you're going to need are only available online. So you may even need to go to a clean system in order to download tools and then bring them over to the infected system on some form of portable media. So determine the availability of a backup or store points that's built into Windows or other forms of restoring to a clean system because you want to know what options you have. And hopefully you won't need to revert to those emergency methods, but it's good to know what you can do. So then you move ahead to identifying and removing the malware because once you know exactly what you have, you'll know what steps to take. You'll scan with the security software, or there's even online scanners that you can use. And it's not a bad idea to scan with multiple tools simply because there are so many unique threats out there. There are very powerful malware removal tools available from us at Norton. There's one called the Norton Power Eraser. But you should know that these things are not only so powerful, but they can remove things you didn't want removed. So it's important not just from us, but from Microsoft or McAfee or any of the other vendors that you know as much as you can what your infection is so that you can choose the right method. Then last, once the crisis is over, you want to determine how the infection occurred, communicate it as much as you can so that people will not fall for the same scam, clean their own systems, and so forth. And then if you believe that you did get some malware on your computer that might have stolen passwords and so forth, you're going to change logins and otherwise protect your financial institutions and accounts. So I'm just going to go forward. So social networking, which if I'm managing a small nonprofit, an organization, it's a great way of communicating what your charter is, and getting members, and getting involvement. So it's certainly for most of us an important part of our marketing mix. But there are risks. As I've mentioned, there can be dangerous links and hacked accounts. Just so you know, Norton has a free Facebook application that will on an ongoing basis scan all the links that appear in your newsfeed looking for dangerous ones that lead to malware. So it's free, and it's the Norton Facebook app. So definitely take a look. Other things that people do in social networking that you should be concerned about, and they share information incorrectly. They overshare putting themselves at risk. We've seen people sharing their holiday plans, their vacation plans online, only to come home to a burglarized home. So you certainly would want to be cautious about promoting that, hey, we're all going for an off-site, and then worry about the physical things left behind at the office not being secured. People also post a lot of inappropriate things mixing that funny blend of personal and private that happens in social networks. You know, you've friended all your coworkers and your boss, but now you're putting up things that perhaps don't need to be shared. So use the privacy settings, or don't post these things. Pay attention to the public image that you're presenting, as well as things that could become an HR issue at the office. And then benefit of the acceptable use policy of course is that it prevents people from saying they simply didn't know that what they were posting in Facebook after friending everyone in the office was going to offend or upset people or simply seem insensitive. So at the outset I mentioned that there are a lot of great resources available, and not simply from Symantec and Norton, but of course that's what I'm highlighting here. The Symantec Security Response Blog is a great place to go to learn about the very cutting edge research or the newest threats, to really hear directly from the Brainiacs in our research group about what's going on. We also have user forums where you can get advice from the product team directly on a wide variety of issues and concerns you may have, and also your fellow Norton product users are extremely informed about how to use the product in the best possible way, how to deal with any issues that might be popping up. Now the Norton Family Resource is definitely on the consumer side, and here we have articles with videos and other resources and downloads for people. And one good example is we have this little Family Online Safety Guide. It's about 45 pages long, and you can order free copies of that. We also have a version for senior citizens. You just shoot us an email and we can send you copies for your organization to put out on the counter. You can distribute to employees, or for your school, your church, your other social organizations. So that's something to know about. The Every Click Matters website is a very fun consumer website with videos that, with humor, are intended to educate people about cybersecurity. And in the little image shown here, that's Dolph Lundgren, and he's with a little plastic unicorn. And so what that video is, Dolph Lundgren represents the computer virus, and the unicorn represents your computer. So obviously these are a little silly, a little fun. We've got some with, oh gosh, I'm blanking on his name. David, he was on the Lifeguard TV Show. Okay, of course my brain completely went blank. But go to the video website at everyclickmatters.com. You can learn a great deal about what's going on with cybercrime as well as share them with kids. Oh thank you, in the chat they're saying David Hasselhoff. Yay, see? Everyone's helping me out. That's wonderful. So there's some fun stuff there and I encourage you to take a look. Now when it comes to malware removal, I mentioned the Norton Power Racer, and Microsoft of course also has theirs, worth bookmarking those pages and taking note of where they are before you need them. Now the Federal Trade Commission also has a terrific and free book that I have an image of here. It's called NetCetera. And it's incredibly helpful in educating kids about the Internet and being safe. So also a great resource you can order both copies for your organization. And then we have the National Cyber Security Association and their website, which these are all hot links and you can get a copy of this presentation. They have a number of great resources for organizations who want to learn more about what they can do, what policies to set in place to keep themselves safe. So that's the end of my presentation. And just to sum up where we've been on this road, we've talked a lot about the various forms of malware. What is it? Where it comes from? I'm sorry, I don't see the slide appearing on the screen. There it is. Sometimes you have to push these slides into place. So malware, what is it? Where does it come from? How to stay safe? All the different forms from keystroke loggers and botnets, viruses and trojans. Cyber criminals, how do they work and why? We've talked about the financial motivations for these people. It's estimated that if you're a four-year college graduate, IT guy in Eastern Europe who might make $15,000 a year doing real work, if you go into cyber crime, you might make $700,000 a year. And the likelihood of getting caught and being convicted in a place like Estonia is pretty minimal. So you can understand the appeal and therefore the growth in this whole cyber crime industry. We talked a lot about what to do if you get infected, where to turn, where to get help, some of the ways you might even recognize being infected. So certainly I hope you found that helpful. Acceptable use policies, a good starting place. And also we saw from the poll I would encourage people to think about how you're going to train the people internally about Internet safety, especially when it is complex. It is a mutating threat on a daily basis. But just because it's hard doesn't take away the fact that it's incredibly necessary and a best practice. And then of course, we reviewed additional resources. I encourage you for questions that may come up after we do our Q&A here. My email address is posted. It's maryon at norton.com. And you can also follow me on Twitter at maryon merit. M-A-R-I-A-N and then M-E-R-R-I-T-T. So I'm going to turn things over to Kami to help us with some Q&A. Kami, excellent. Thank you, Marion. So much interesting information. A little bit scary, but I think we should all feel empowered to do our part to make sure our systems are clean and that this isn't being propagated. We have lots of great questions. I'm just going to start listing them off and we'll get to as many as we can. So we had a question from Maria early on in the presentation, how can we differentiate between real and fake antivirus pop-up alerts? Oh, great question. Well, what you can certainly do is when you see an alert that does not look like it belongs with your product, you can close the alert, disconnect from the Internet, and run a scan with your own antivirus software. That's a good method for figuring out what an alert would look like from your own legitimate software and making sure that you don't inadvertently fall for one of these scams. And I've got to tell you, a lot of kids fall for these. A third of kids in a global study have already downloaded viruses and they're not going to tell their parents they did it. So when people say our home computers all got infected and we don't know how, that very often can be the culprit. And a similar question, but this is from Peter and has to do with spearfishing. They're concerned about spearfishing. Can you usually tell a fake email from the email address domain name? It's a very good question. Unfortunately, no, there are some relatively simple ways that people can spoof where an email is coming from. The important thing to remember is if someone is asking you to download an attachment and it seems out of character, it's as simple and low-tech as picking up the phone and contacting the person just to double check. Same with a link. If it seems out of character, then you should be careful. You can also protect yourself when you see what the link is. You can look at the link and try and make some best estimations about whether or not it's legitimate, but it's hard. I think people should recognize that you may not always recognize a dangerous and fake web address just as you may not recognize a faked email address. This question from Ryan has to do is when you were talking about doing your financial management on a separate computer, then you might download music and do other activities that would put your computer at risk. I think he was misinterpreting that as a separate server and that they don't have the infrastructure to have a separate server for their accounting. So if you could just clarify what the best practice is. Now I may not be as familiar with how people are managing their financials, but assuming that you're doing a lot of this online connecting to your bank, you don't need anything more than a separate laptop even, but you want to make sure that it is not connected to the rest of the network where if what's just assumed, the whole network got infected with malware, your objective is to isolate the financial computer from that possibility. So you would want a different form of getting to the Internet perhaps than a shared network. And you can get more information on these best practices for small organizations directly from the Small Business Banking Association. So one question from Lewis, if you had any suggestions for low cost training in Internet safety, or as I imagine even this webinar could be useful information for staff, but what other training is out there for folks? Well, I think that there are a number of organizations, for example, that will go into schools and talk about Internet safety, and they're available as well to go into organizations. You can talk to local law enforcement like their officers, for example, will do this, or your district attorney's office has a high tech crimes unit that can talk about this. You can reach out to the local representatives of your security providers. So for example, if there's a semantic rep in your area, they can provide this kind of security. Or it may be as simple as sharing this webinar or sharing some of the online resources and having discussions. Do a lunch and learn with your employees and talk about these issues. Maybe ask an interested employee within the office to talk about the topic and have them watch the webinar and prepare something for the internal folks. So there's a number of different ways you can co-cut depending on the size of your organization and what resources may be nearby. This is a good question. It is basic, but I think I want to hear your answer just where do the viruses come from? Well, the computer viruses can come. You mean where do they come from? Who's creating them? Or where do they come from? Like how do they get onto the computer? Who's creating them? So these are the cyber criminals that we're talking about who are making money, making that $700,000 a year. You can go on the Internet, believe it or not, and purchase a toolkit so that even with a minimum of hacking or computer programming skills, you can get into the virus-riding business. These people can purchase these kits online, make a few changes either to what the opening gambit is in the email that it's attached to or what the threat will do when it gets onto your computer. And now they've created a unique piece of malware. They may send it out by renting space on one of these bot herds we talked about. Remember the image of the distributed network of computers being controlled by a bot herder? Those bot herders are advertising time on their networks for sale. So they could ask for their new virus to be distributed by spam messages distributed out through that bot network. It gets pretty complicated because of all these variations. And because there are so many people doing this for profit, there's a lot of activity online. Great. So Daria's question, is it true that clicking on alert can download virus? Should we use Task Manager to close it? I think this is a good question. I think it's confusing. Sometimes the X in the upper right corner may be part of the image and therefore you're clicking on it. What would your recommendation be? That is a good question. So closing it may be best done in Task Manager which of course everyone knows, Control Alt Delete, great way to get to Task Manager. You can sometimes also right mouse in the tool tray and get there as well. The Task Manager enables you to close processes or individual programs running. Sometimes this is a good resource simply because things stop working, stop responding, and sometimes you have to close them that way. But it's also a way of addressing malware. So one question that Richard had, and this is specific to Comcast, his provider, what does Comcast do when it finds a bot on a customer's account? Do you know service providers do anything to assist? That is such a good and timely question because imagine that you are the ISP and you've got all of these customers who are literally in pain but they don't know it. Their computer has been compromised by a cyber criminal and is being used in some kind of nefarious scheme. It also affects Comcast's own security having all these infected computers. So they've just started a program. They've been testing it for a while where if you're on an infected computer and you connect to Comcast, they're going to pop up an alert. And as you might imagine, because of all the scam and virus alerts, trying to find that balance and achieve an alert that would be trusted by their users took some doing. But they've done some testing and they think they've got it. What they're going to do is help the user clean up their system for free. So they'll first alert the user that you have a botnet on your computer and then they'll direct them to some do-it-yourself cleanup tools. And if that doesn't work, they have some additional resources available for their customers. But their goal, they're not there yet, but their goal is to help the customer clean it all up so that they can get everybody connected to one another on clean systems. But of course, they're going to have to look at some point whether or not they want to prevent people from getting on to their network if they've got a bot. They're not planning that just as yet, but obviously that's something that they have to look at. And did you happen to talk about drive-by attacks? So drive-by attacks, simply by having the misfortune to visit an infected website, you can get hit with malware. There are so many ways that malware or viruses sitting on an infected server that's presenting you with a website can get into your computer. And let's just think for a moment, your browser, if you don't have the latest version of the browser, you may have a browser with security holes that can be compromised by the malware. And that becomes literally a doorway for them to jump onto your computer. Or the website may require the use of Java. Java scripting is a big part of a lot of websites we go to if your Java is not up to date. So you start to realize that it's not simply making sure that your operating system is patched to be safe, but you want to make sure that your antivirus, your security software is completely up to date. You want to make sure that your browser is the latest version. And for this reason, a lot of people have turned to other browsers as a method of dealing with problems associated with some of the most popular ones. And that's one strategy as well. But you want to make sure that all of the, I like to refer to them as helper apps, all the little programs that help a great Internet experience make sure that they are protected with the latest versions too. This is a question from Jessica about, she installed Winamp, the search tool attached to Internet Explorer. And it seems impossible to remove. Are there places that you can check to remove tools like this? Exactly. There are a number of great resources. Sometimes it's as simple. If you know the program that's on your computer that you're trying to get rid of, you can do a search and look for places online. The user forums also on our site, on other sites, there are people who've had those similar problems. And then there are some other hobbyist websites out there. I think I saw one mentioned in the chat, Bleeping Computer. These are good places to look for help in removing malware. Now sometimes the steps for getting rid of things can be a little involved. And so you may still want to bring in an outside computer or IT consultant to assist you. So one question I know is answered in the chat too, Diane, which I thought was a good one to bring up. If data is compromised, wouldn't backing up data and secondary backup data on the cloud, for example, also potentially be compromised? Sure. And the issue is when do you actually catch it? So if you go too long between making sure your system is clean, you do run the possibility of backing up the infection. And boy, that can be a real challenge to deal with, but it's not impossible to recover from these things. It just goes to the point, a lot of people not only on a regular basis are scanning their entire networks, but in shared environments like in libraries. I know that some people do what's called re-ghosting the computers on a regular basis. Now ghost actually is a brand name. It's a product from Symantec. But we're talking about reverting the computer to the original installation of operating system and Microsoft Office or what other programs are to undo whatever damage has been done by the clients sharing those computers. It doesn't work in every scenario, but it is a method of undoing the damage when lots of visitors have access to your computer. A question from Diane is Norton 360 sufficient to deal with these threats on personal computers? Definitely. Norton 360 is a comprehensive suite, and it includes pretty much everything you need on PC security. It also has, as I mentioned, this identity save which allows you to store and encrypt all your passwords and then help you automatically log them in. But what Norton 360 also has is online backup. And online backup is great because for many of us we've got photos, we've got music files, we've got important financial documents that we would really hate to lose if something were to happen to our computer. And you can upload those in a very secure fashion to the Norton servers. A question from Nancy. Can viruses spread through Wi-Fi? Definitely. Definitely. Wireless connections are just networks, and they share all kinds of attributes. And if you've got malware on the network, then they can spread. They can spread in so many different ways, and that's one of the reasons that when people are sitting in airports and they open themselves up to the wireless network, you want to make sure that you protect yourself with Internet security. Primarily you're worried about intruders. You're worried about people trying to hack your computer more than just malware, but the possibility still remains. And so in those instances you recommend that people don't do secure, like banking or credit card transactions? If you are on a trusted wireless network, and by that I mean one where you're using good security protocols, you've made sure that everyone using it needs to log in with a unique and lengthy password. It's protected from outsiders trying to get on. People war driving, which is where they just park outside your house to use your open network for their own purposes, you can feel pretty secure about it. But if you're sitting in your local coffee shop, that is definitely not the time to take advantage of a public wireless network for any kind of financial transaction. I'm not sure if you're familiar with this program called Steady State. It's from Microsoft. I am not. Okay, because it's a program that many libraries use on their public computers. I'll pass that question up and maybe that, Virginia, you could post that in the community forums and we can answer that one. Salo has a question, should you trust your Internet provider's free antivirus software? Well, I think the main thing is to make sure you have more than antivirus. And it's great if they're providing you free antivirus. But look for Internet security because you want to have the full suite of protection. So you want to have the antivirus. You want to have the firewall in there, the identity protection to make sure that what you're doing online is protected. One of the things that the Norton products do, and I'm sure our competitors do as well, is as you visit different websites, the security software is monitoring the safety of the site you're going to and making sure it's not a fake website, making sure that it's a safe and trusted website to prevent you from getting infected simply by going to the wrong place. So this will be the last question. There's been a couple questions related to this security software slowing down computers and some reviewers saying that Norton AV is resource intensive. Is that true? What recommendations would you give for people who just can't have a big program on their computers because their computers can't handle it? Okay, so it's true that in a few years ago, security software across the board was getting very bloated. There was almost an arms race of people adding features and functionality beyond what customers truly needed, video inserts and things, all kinds of fancy bells and whistles. But there's been also in the last two years of the Norton products huge strides made. And in fact, you'll see it in the product reviews. So our products are very light. They're quick to install. They install in less than a minute. They do not contribute to the overhead on the product. And in fact, we've taken it so seriously that by clicking there's a little arrow in the user interface and it's kind of cool. It flips the whole interface around and shows you exactly which programs are draining system resources and it shows you what percentage is from Norton and what percentage is from other programs. It's a great way to get a better understanding of what's going on on your computer, dispelling the myth that antivirus might be the issue. And we also take advantage of background scanning. And what I mean by that is it's very important to regularly scan your systems to look for infections. Many people used to set aside a particular time a day when they would do it. But ours now is incremental and background scanner. So anytime we detect that you are not using the system, you've got to make a phone call. You stepped away for lunch. We take advantage of that quiet time to run the scans. And so we really don't interrupt your work and we've really minimized the impact on the computer's performance. So I really would encourage people to try the trialware, try the product. I think you'll be pleasantly surprised by the strides made. And again, by learning more about what programs on your computers are degrading performance, you can figure out what's going on and have better control. As I mentioned during the malware thing, a slowdown computer may be the sign that you've got malware on the computer. So again, more information can't hurt if you suspect something's going on. Thank you so much, Mary. And that's all the time we have. So for those of you whose question didn't get answered, we apologize. But please post those to our community forums. We have a couple of webinars coming up. Is FileMaker right for your organization? We'll be on November 18th. And manage your data, donations, and more with City Serum. We'll be the week following. And we'd like to thank ReadyTalk. This webinar has been made possible by ReadyTalk, which has donated the use of their system to help TechSoup extend awareness of technology throughout the nonprofit sector. ReadyTalk helps nonprofits and libraries in the U.S. and Canada reach geographically dispersed areas and increase collaboration through their audio conferencing and web conferencing services. So thanks again to everyone for attending and asking such great questions. We did record this webinar. You'll receive a link to it this afternoon in an email from me with the PowerPoint, the audio file, and all the links that we discussed. So thanks again, Mary, and so much. This was really, really great. Well, thanks for having me. It's a pleasure talking with all of you. And I'd like to thank Kevin and Gary for answering questions on the chat. So feel free to email me, everyone, if you have questions. If not, fill out that survey that pops up when we close this window and have a wonderful day. Thanks, everyone. Bye-bye. Thank you. Please stand by.