Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

1. awareness SESSIONon ‘Cyber security’

2. What is Cybersecurity?
Cyber security is the practice of defending
computers, servers, mobile devices,
electronic systems, networks, and data from
malicious attacks.

3. Threats and Practices
Malware
Spear Phishing
Malicious Links
Passwords
Browsing in Public
Data Compromise

4. Threat: Malware
• Software designed to cause disruption to a
computer.
• Examples:
• Worm/virus
• Botnet
• Banking Trojan
• Ransomware

5. Who is Targeted?
• It is estimated that ransomware
damages will cost more than $20 billion
globally in 2020
• Encrypts/locks files
• Holds files for ransom
• Typically obtained via:
– Spam & phishing emails
– Unpatched security vulnerabilities
Ransomware

6. Threat: Malware
Ransomware
1
2

7. Best Practices: Malware
• Learn to identify phishing emails
• Exercise caution with links
• Do not download or click suspicious links or
files
• Keep software up-to-date
• Back up files regularly

8. Threat: Spear Phishing
• Spear-phishing is a targeted attempt to steal
sensitive information such as account credentials
or financial information from a specific victim,
often for malicious reasons.
• Common cause of data breaches
• Targeted emails
• Sent to small groups or individuals
• Use social engineering tactics
• 93 percent of incidents/breaches

9. Example of a Spear Phishing Email
1
3
2
5
4

10. Best Practices: Spear Phishing
• Check the sender
• Look out for warning signs
• Think before you click or take action
• Never hand over sensitive info

11. Threat: Malicious Links
• Anchor may hide true destination
• Copycat domains (exampel.com)
• Shortened links

12. Best Practices: Malicious Links
• Always check the destination
See It In Action!
https://www.example.com/totally-legit.html
(http://www.example.com.some-other-site.co.uk/downloads/file.php)

13. Threat: Password Security
• Susceptible to:
• Brute force
• Hacking
• Malware
• Phishing
• Data breach

14. Best Practices: Password Security
9@kj*YbM25nGnl
Yes
• Effective passwords are:
• Long
• Complex
• Unique
• Rotating
• Enable MFA where possible
p@ssw0rd12
No

15. Threat: Browsing in Public
• Unsecured networks
• “Man in the Middle”
• Visual hacking
• 44% of stolen devices were left in a public
place

16. Best Practices: Browsing in Public
• Avoid public wireless networks
• Use reputable VPN
• Be mindful of surroundings
• Precautionary apps
• “Find my phone”
• “Remote wipe”

17. Best Practices: Data Compromise
• Storing sensitive information:
• Yes to encrypted devices
• No to removable media (flash drives)
• Sharing:
• Who is authorized?
• Check email CC’s
• Secured network?
• Destruction:
• Recycle bin is not enough!

18. Cybersecurity Basics Checklist
• Keep all your software up-to-date
• Install a reliable antivirus solution
• Enhance your security with a product that can block attacks antivirus
can’t detect
• Use strong passwords and change them often
• Activate and use two step verification where available
• Avoid oversharing information on social media
• Back up your data. Do it often. Back up in several places

19. Cybersecurity Basics Checklist
• Never open emails from unknown senders
• Never download or open attachments sent by unknown senders
• Keep your financial information safe and don’t share it with anyone
• Avoid untrusted websites and don’t click on suspicious banners or
links
• Adjust the privacy and security settings in your browser and apps

20. Use Strong
Passwords
Use a VPN
When
Necessary
Think Before
You Click
Update Your
Home Router
Update Your
Devices
Use Two-
Factor
Authentication

22. You post a picture of you and your best friend to your favorite social
media platform. She doesn’t feel comfortable with the image, so you
agree to take it down. Will this ensure that no one else sees the picture?
Answer: No. Once an image (or any information) is posted on the internet, it
is virtually impossible to remove it from circulation. Taking it off of your social
media page will help, but there is no guarantee that others have not already
seen it and/or downloaded it to their own machines.

23. You receive an email from an online shopping site claiming that
you were incorrectly charged for your last purchase and are due a
refund. The email asks you to click a link where you will submit
the necessary information. What should you do?
Answer: Do NOT click the link! Check the sender’s address and search the
document for spelling/grammar mistakes. If you notice anything suspicious, the
email is likely a scam. Even if it seems legitimate, navigate to the site yourself rather
than clicking any links.

24. Answer: It depends. In general, it is never safe to transmit PII (Personally Identifiable Information),
especially financial information, over a public network. If you find yourself in a situation where
you may need to do so, first consider all your options, including using your mobile data or a VPN
(Virtual Private Network) to help protect your browsing.
You’ve just settled into your new hotel room when you realize you
need to transfer some funds from your savings account to your
checking account. In order to do this, you will need to connect your
laptop to the hotel’s public Wi-Fi and log in to your online bank.
Should you risk it?

25. You have a long commute. Thankfully, your train just installed public Wi-Fi. Now you can
listen to your favorite music or podcast. However, when you check for social media
updates around lunch, you find that your account has been hacked. What steps could you
take to prevent your mobile device or laptop data from being compromised in the future?
Answer(s):
• Turn off Wi-Fi and Bluetooth when not using them. These technologies leave you open to remote attacks.
• Make sure the network is legitimate. Hackers love to create fake networks that mimic real ones, enticing
unsuspecting users to log on.
• Don’t connect. Though perhaps drastic, one near-certain way to circumvent the dangers of public Wi-Fi is
simply to avoid using it whenever possible.

26. Passwords often have complex requirements, and most online citizens will
need to remember numerous different passwords to access their internet
services. What is a way to help you keep track of all these different passwords?
Answer(s):
• Use a password manager. These are apps, devices, or cloud services that store your
passwords in an encrypted vault that can only be unlocked with a single master
password.
• Use a “password pattern.” This is simply a pattern (recognizable only to you) that you
can use to help remember your passwords.

27. Which of the following are strong password practices? (Choose all that apply.)
1. Passwords should contain a mixture of upper and lower case letters, numbers, and special characters.
2. Passwords should have personal meaning to you (e.g. a relative’s birthday) so that you can remember
them more easily.
3. You should immediately change your password in the case of a known data breach.
4. You should store your passwords on paper or in a text document, giving you a backup in the event that
you forget them.
Answer: 1 & 3. While it is helpful for passwords to have some level of personal relevance, anything
concrete or publicly-available (high schools, birthdates, pets’ names, etc.) can be easily researched and
guessed by an attacker. Storing your passwords physically or in a text-document is also ill-advised, as
someone could gain access to the copy.