2 hours 27 minutes
come back to intermediate endpoint security course. In this lesson, I'm going to talk about protecting users of PC's because this is also part off endpoint protection.
concept. And I'm going to talk about data that needs protection, PC's and how to protect users. So what kind of data needs to be protecting in terms of protecting users first of all, users personally identifiable data
or C II data, personal information, all information data? So, for example, but put comes under users PDS,
like banking accounts if they're using their corporate PC to pay bills. These things that should be protected in most of the cases Company has policy that you shouldn't do it if you on your business. BC but sometimes you simply have to. For example, you have to do some things
during working hours. For whatever reason, Uh,
ah and um ah,
If these things leak out, the company may be held accountable for the leakage and the composition of damages,
then also social security number or or similar number in other countries than the United States, which can be used to do things. For example, in some countries you just need the person's name and their equivalent to us is Social Security number. In order to,
uh, take a loan from a bank in their name,
you do it online, and if you have this data, it's ah, it's important thing. And sometimes the instincts are kept on PC's
by some kind of administrating. Softer,
then personal passwords.
Um, can also be, ah, subject to
like Social Network passwords.
On and again, there is somebody who will object and say, Why should people use up
was social network personal social network accounts while they're working on the company time?
Well, sometimes they do that because it's their job, sometimes there,
acting as a promoter for a company or influencer. I know people who are actually paid to use their own accounts to discuss some things on social networks,
but because their their personal, they should be protected, especially and with extra care. So this is what you need to protect. There are other things that might not be mentioned here, but these are three most important things. And now the question is, how do you protect
personally identifiable data on on pieces? Well, the first thing is, don't keep them on PC's. If possible,
avoid having them
one of the things how not to do it is established policy for users not to store passwords for personal use of company PC's. That means that if they are logging into their personal social network account, for example, from from company Peace, even if they have to do it,
they should be instructed to type it every time not to store it in a browser, because if it's stored, it can be repacked later.
Also, there is a whole thing about passport policy making them as long as possible using pass phrases instead of passwords.
And these things are also important.
Um, then, of course, you encrypt hard drives on device,
and these things are extremely important because if somebody steals a PC, ah, they taste pretty much useless to them. Uh,
not entirely, but
very, very high, low probability that they will be able to extract data from hard drive.
this covers also that any access to, for example, your private banking account if you're doing it from the the any PC. If you're not remembering the password on on on a device, if you're typing it every time, if you're
encrypted you have the encrypted hard drive, then there is a fair chance that it's going to stay safe.
And, of course, other personally identifiable information or data that are connected to user of the device should never be kept on that day. Why should be kept on on the server and some much safer place?
Um, then next thing that you should do and how to protect not just personally identifiable data, but anything. Symptoms similar regarding day town on the user's PC is to force weepy in usage when out of the office. So whenever they are out of the office,
they if they connect to and to Internet,
they should be automatically prompted to connect to co corporate VPN. This is very important because from that moment on, any communication is encrypted
and essentially cannot be intercepted.
Then you can have the option toe toe lock the device run away so you can do it in windows, for example,
and you can do it with pairing with mobile phone Onda. We using blue, too. So if it's no book, of course, because most that stops, they don't have loaded connection. But if it's a desktop and you have a mobile phone mobile phone is thing that you
probably always carry with yourself. While no book is not just a simple thing, you're you're in some kind of customary went, for example, and you have your notebook and you doing presentations. And then there is a break,
and then everybody leaves the room. Or you think that everybody has left the room and you leave the room and also, but then somebody can enter and get information from your PC. But if you pair with your mobile phone and then you go away,
Bluetooth connection is broken and then your PC automatically locks, So this is
very important thing. Also. One other thing that you should use on unknown boxes to have filters on the screen that should they're there to protect you from shoulder surfing. So somebody looking,
I'm at the screen. What what you're typing. If if you want to do that, there are two ways you can buy filter that is.
Place the point over the screen if you need it.
Or there are some manufacturers that have this kind of filter built in the display of the notebook, and it's activated by pressure pressing a one or two keys on your keyboard,
so you activate that filter electronic lee, and then it reduces the field of you to plus minus 35 degrees from the central axis of the display, which is a
very good protection.
The next thing that is very important is to implement to factor or multi factor authentication. So what would be a two factor authentication? You take your user name and password, and if the device has
fingerprint three. There you put your finger
on your fingerprint reader, and it needs additional
things like your fingerprint. Or it can be facial recognition. Or it can be iris recognition or something else. Like maybe smartcard. This is usually used in banks.
key cards with the smart chip in it, and that this could be a second thing or even 13 there. Some suffers that allow you toe have grief, actor and dedication on the device, which is really, really safe in terms of
preventing somebody unauthorized accessing your PC.
So the question for a loaning check is what is the best place to store private passwords? Is it on server? Is it on private PC?
Is it encrypted file
and the answer is actually in private PC. So if possible, private things should be separate from business BC so they it should be kept on them on their private PC. So then, then the company is not responsible for whatever happens. If did somebody gets a hold off on
to these passwords soon
If you keep it in encrypted, the files can be broken. If it's in server, it can be accessed and then the liability to companies Absolutely the same, like
in any other case. And also it would be really difficult to keep encrypted
but to store private passwords on the saver from
everyday usage point of view.
So in this video, you have learned about how to protect users or their personally identifiable data in your company from cigarette tax
men in SS. And I'm just going to do the recap of this whole section or module in which I was talking about Gold's off endpoint security