SlideShare a Scribd company logo
www.treetopsecurity.com
Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY
1
DALLAS HASELHORST
FOUNDER/OWNER, TREETOP SECURITY
GSE #231, MSISE, CISSP, SANS/GIAC(X9)
From the makers of Peak. Protecting small businesses using
affordable, comprehensive, and common sense defenses.
PRESENTED BY
TreeTop Security - CAT - v1.0
# whoami
● 20+ years of IT & cybersecurity experience
● Consulted for companies all over the US
● Multiple computer-related degrees from FHSU
● Master’s degree in Information Security Engineering
from the SANS Technology Institute
● Alphabet soup of security-related certifications
○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN,
GMON, GCIA, GWAPT, GSE #231
● Co-organizer of BSidesKC security conference
● Founded Sicoir Computers in 2003, sold in 2016
● Lead design on Peak, the SMB cybersecurity platform
2
TreeTop Security - CAT - v1.0
TreeTop Security - CAT - v1.0
3
Overview
Why security awareness?
Patching your devices
Passwords
2-factor authentication
Internet safety & email
Privacy concerns
Backups are a must!
Phone scams
4
TreeTop Security - CAT - v1.0
Why is
cybersecurity
awareness
important?
TreeTop Security - CAT - v1.0
5
Awareness training is a must!
● Technology alone cannot protect you from everything
● Attackers go where security is weakest
● People -> a link in the chain & maybe the last line of defense
● Essential to reducing cybersecurity risk
● Cybersecurity awareness is for...
○ Employees
○ Business owners
Reminder: Many tips that keep you safe
at work will also keep you safe at home!
6
○ Parents
○ Kids
○ Seniors
○ Everyone!
TreeTop Security - CAT - v1.0
But an attacker isn’t interested in me...
● Credit card and financial data
● Medical data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer resources
○ Cryptomining
○ Advertising
● User or email credentials
○ Sending spam
○ Recovery/reset other accounts
7
○ Ransomware
○ Jump point
○ “More” access
TreeTop Security - CAT - v1.0
Wrong!!! You are exactly what an attacker wants!
HELP!!!
Ways to protect
yourself!
TreeTop Security - CAT - v1.0
8
Backups
● NO level of protection is perfect
○ Backups are frequently overlooked
○ Only “guaranteed” protection against ransomware
○ Backup media should not be connected at all times
● If you backup, have you tested them recently?
Users that
have never
backed up
35%
Users that
backup
daily
6%
Users that
backup
monthly
14%
Users that
backup
yearly
20%
9
TreeTop Security - CAT - v1.0
Updates are essential to security
• What was secure yesterday may not
be secure today
• New software vulnerabilities found
every day
• Over 360K new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
10
TreeTop Security - CAT - v1.0
● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ End of life? Windows 7 - January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
11
Keeping your system up-to-date
TreeTop Security - CAT - v1.0
Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Opera, Edge, Safari, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & laptops
● Internet of Things (IoT) - Alexa, Google Home,
thermostats, doorbells, surveillance system, light
bulbs, smart locks, pet feeder, health monitors...
This could keep going forever!
12
TreeTop Security - CAT - v1.0
All
About
Passwords
TreeTop Security - CAT - v1.0
13
TreeTop Security - CAT - v1.0
14
Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ LastPass
● Benefits of a password manager
○ Single password to remember them all
○ Encrypted storage of passwords
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
15
○ KeePass ○ 1Password
TreeTop Security - CAT - v1.0
Password Tips
● Avoid using items that can be associated with you
○ Address
○ Phone numbers
○ Pet names
● Separate passwords for every account
● Auto-generated, unmemorable
Passwords shared
with colleagues
69%
Passwords shared
with household
95%
One password for all
accounts
59%
Passwords are too
“simple”
86%
16
Possible with a
password manager
○ Child names
○ Birthdays
○ Sports teams
TreeTop Security - CAT - v1.0
Passwords vs passphrases
● Useful when passwords must be typed in
● Should not be easy to guess
○ 12 Characters or more
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (24): MysonwasbornNovember1995!
Passwords exactly 8
characters
61%
Average Length of
Password
9.6
Average number of
lowercase letters
6.1
Average number of
special characters
0.2
17
TreeTop Security - CAT - v1.0
Top 25 passwords by rank & year
Rank 2017 2018 Rank 2017 2018
1 123456 123456 14 login 666666
2 password password 15 abc123 abc123
3 12345678 123456789 16 starwars football
4 qwerty 12345678 17 123123 123123
5 12345 12345 18 dragon monkey
6 123456789 111111 19 passw0rd 654321
7 letmein 1234567 20 master !@#$%^&*
8 1234567 sunshine 21 hello charlie
9 football qwerty 22 freedom aa123456
10 iloveyou iloveyou 23 whatever donald
11 admin princess 24 qazwsx password1
12 welcome admin 25 trustno1 qwerty123
13 monkey welcome
Source: Gizmodo & Fortune
If you use any of these, change them NOW!!!
18
TreeTop Security - CAT - v1.0
2FA - two-factor authentication
● “Your one-time code is…”
○ SMS
○ Phone Call
○ Phone pop-up
● Applications
○ Google Authenticator
○ Authy
● What is 2FA?
○ “Beyond” a username and password
○ Second form to prove it is you
○ Typically out-of-band
19
○ Email
○ Snail Mail
○ Carrier Pigeon
TreeTop Security - CAT - v1.0
Just
A Little
Click
TreeTop Security - CAT - v1.0
20
Is the link safe in 4 steps
1. Verify
Were you expecting to
receive a link?
○ Not just email!
○ Social Media
○ SMS/iMessage
2. Hover
Hover over the link to
ensure that it leads
where it says it does
3. Sniff test
Is it a site you recognize?
Does it feel “familiar” to you?
Be skeptical my friends
4. Click
If it passes the three
previous tests, it should
be okay to browse to
01
02
03
04
21
TreeTop Security - CAT - v1.0
Easy to recognize email example
○ Viagra <- ?!?!?!
○ Strange wording
○ Email address
22
○ Domain name
○ Expected email?
○ Interesting link
Red flags?
TreeTop Security - CAT - v1.0
Known email account example
○ Email address ok
○ Name ok
○ Odd “signature”
23
○ Expected email?
○ Link - .fr is France
Hacked or
spoofed email
from someone
you know
Red flags?
TreeTop Security - CAT - v1.0
SMS “hidden” link example
○ Phone number ok
○ Expected text?
24
○ Domain is textwon.com,
NOT apple.com
Hacked phone
of someone
you know
Red flags?
Source: SophosTreeTop Security - CAT - v1.0
Hover before you click
25
● Why hover?
○ Blue text can be deceiving
○ Underlying URL may be
different
○ Foreign domains - .uk, .cn, or .ru
● Numbers instead of letters
○ Example: 192.168.1.1
○ Don’t trust it!
● Hover on mobile/tablet?
○ Long press (hold)
● Any doubts? Don’t click it!!!
http://www.evil.com/
Desktop - Hover
Mobile - Long Press
TreeTop Security - CAT - v1.0
Hover example
○ Email address ok
○ Name ok
○ Expected email?
26
○ Sense of urgency
○ Hover -> Not a Microsoft linkRed flags?
TreeTop Security - CAT - v1.0
Shortened or obfuscated links?
27
● Instead of 300 characters, the link is reduced to 15 characters
○ Bit.ly
○ TinyURL
● Extremely common and helpful, but...
● Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
TreeTop Security - CAT - v1.0
More email attacks
92% of malware is
delivered by email
Source: CSO OnlineTreeTop Security - CAT - v1.0
28
Email Attachments
● Stop & think before you click!
● Recognized sender?
● Expecting attachment?
● Is it normal for that contact to
send attachments?
Macros
● Step 1: Don’t do it!!!
● Step 2: See step 1
● Found in downloaded files too
29
Attachments in Microsoft Outlook
Enable Macros <- NOOOOOO!!!!
TreeTop Security - CAT - v1.0
Other Email Scams
● Can be “non-technical”
● Spear phishing & whaling
○ CEO <-> CFO
○ Published organization chart
○ Policy requiring phone call?
● What they want
○ Gift & prepaid cards
○ Wire transfers / account info
● Sense of urgency
Technical safeguards cannot help
30
Gift Card Scam
Wire transfer
TreeTop Security - CAT - v1.0
Reach Out
& Scam
Someone
TreeTop Security - CAT - v1.0
31
Phone Scams
● Social engineering, what is it?
○ Make the caller provide verification
○ Call back a published number
● Phone numbers can be easily spoofed
○ Banks & credit card companies
○ Medical & insurance
○ IRS or past due account balance
○ Robocalls
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average
user “out of the blue” 32
TreeTop Security - CAT - v1.0
Phone scam example
○ Sense of urgency
○ Purposefully confusing
○ Expected call from Microsoft?
33
Red flags?
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
Technical safeguards can only do so much...
That’s why security awareness is a must!
TreeTop Security - CAT - v1.0
General Tips
&
Privacy
TreeTop Security - CAT - v1.0
34
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
35
TreeTop Security - CAT - v1.0
Encryption
● Can help protect your data
● Can also help an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
36
TreeTop Security - CAT - v1.0
Internet Safety Quick Tips
● Never install anything based on a
pop-up when visiting a website
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news
○ WSJ, Forbes, ESPN, Yahoo, etc.
○ Limit browsing to business
relevant sites?
● Be careful using Wi-Fi hotspots
● Avoid public computers
37
Do NOT assume a site is legitimate
simply because of the green padlock
● Social media links - Facebook, Skype, Instagram, & more!
TreeTop Security - CAT - v1.0
● Data is the new gold -> your data is valuable!
● If you’re not paying for it, are you the product?
○ Data analytics & predictive results
○ Examples: advertising & insurance rates
● Are you oversharing?
○ Default privacy settings on social media
○ Vacation photos & “checking-in” (location sharing)
■ Thieves see that information also
■ Would you be comfortable telling people on
the street?
Internet Privacy
38
TreeTop Security - CAT - v1.0
More Resources
● Don’t stop here!
○ Attacks change, continue learning
○ Help educate others
● When in doubt, ask questions
○ Your IT department?
○ Your IT provider?
● Additional Resources
○ SANS Ouch! Newsletter (free)
https://www.sans.org/security-awareness-training/ouch-newsletter/
○ TreeTop Security - Cybersecurity Awareness Training (free)
Feedback, awareness quiz, training dates, slides, video
https://www.treetopsecurity.com/CAT
39
○ Me?
TreeTop Security - CAT - v1.0
Questions?
40
785-370-3444
Dallas Haselhorst
dallas [at] treetopsecurity.com
https://www.treetopsecurity.com
Ask about Peak. The only comprehensive and affordable
cybersecurity platform for small businesses.
TreeTop Security - CAT - v1.0

More Related Content

What's hot

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
Kandarp Shah
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
PhishingBox
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 

What's hot (20)

Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 

Similar to Cybersecurity Awareness Training Presentation v1.0

Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
MohammedFarouk38
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
LaurieAnnFrazier
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
darrentthurston
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
DallasHaselhorst
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
Church of the Epiphany
 
Kinko at Linuxtag 2014
Kinko at Linuxtag 2014Kinko at Linuxtag 2014
Kinko at Linuxtag 2014
Eno Thierbach
 
Simplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your CompanySimplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your Company
Drew Gorton
 
Securing your digital life - Jason Addie
Securing your digital life -  Jason AddieSecuring your digital life -  Jason Addie
Securing your digital life - Jason Addie
DataFest Tbilisi
 
Dev Ops & Secops & Bears, oh my!
Dev Ops & Secops & Bears, oh my!Dev Ops & Secops & Bears, oh my!
Dev Ops & Secops & Bears, oh my!
Dwolla
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
Gabor Szathmari
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
TechSoup
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
Isaiah Edem
 

Similar to Cybersecurity Awareness Training Presentation v1.0 (20)

Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
 
Kinko at Linuxtag 2014
Kinko at Linuxtag 2014Kinko at Linuxtag 2014
Kinko at Linuxtag 2014
 
Simplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your CompanySimplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your Company
 
Securing your digital life - Jason Addie
Securing your digital life -  Jason AddieSecuring your digital life -  Jason Addie
Securing your digital life - Jason Addie
 
Dev Ops & Secops & Bears, oh my!
Dev Ops & Secops & Bears, oh my!Dev Ops & Secops & Bears, oh my!
Dev Ops & Secops & Bears, oh my!
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
 

Recently uploaded

Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fixKalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
satta Matta matka 143 Kalyan chart jodi 6366249026
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
obriengroupinc04
 
Kanban Coaching Exchange with Dave White - Example SDR Report
Kanban Coaching Exchange with Dave White - Example SDR ReportKanban Coaching Exchange with Dave White - Example SDR Report
Kanban Coaching Exchange with Dave White - Example SDR Report
Helen Meek
 
CULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for dukeCULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for duke
ZevinAttisha
 
japanese language course in delhi near me
japanese language course in delhi near mejapanese language course in delhi near me
japanese language course in delhi near me
heyfairies7
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Niswey
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Lukas Rycek - GreenChemForCE - project structure.pptx
Lukas Rycek - GreenChemForCE - project structure.pptxLukas Rycek - GreenChemForCE - project structure.pptx
Lukas Rycek - GreenChemForCE - project structure.pptx
pavelborek
 
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
Cambridge Product Management Network
 
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
essorprof62
 
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Pro Tips for Effortless Contract Management
Pro Tips for Effortless Contract ManagementPro Tips for Effortless Contract Management
Pro Tips for Effortless Contract Management
Eternity Paralegal Services
 
Stainless Steel Conveyor Manufacturers Chennai
Stainless Steel Conveyor Manufacturers ChennaiStainless Steel Conveyor Manufacturers Chennai
Stainless Steel Conveyor Manufacturers Chennai
ConveyorSystem
 
MECE (Mutually Exclusive, Collectively Exhaustive) Principle
MECE (Mutually Exclusive, Collectively Exhaustive) PrincipleMECE (Mutually Exclusive, Collectively Exhaustive) Principle
MECE (Mutually Exclusive, Collectively Exhaustive) Principle
Operational Excellence Consulting
 
High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15
advik4387
 

Recently uploaded (20)

Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fixKalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
 
Kanban Coaching Exchange with Dave White - Example SDR Report
Kanban Coaching Exchange with Dave White - Example SDR ReportKanban Coaching Exchange with Dave White - Example SDR Report
Kanban Coaching Exchange with Dave White - Example SDR Report
 
CULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for dukeCULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for duke
 
japanese language course in delhi near me
japanese language course in delhi near mejapanese language course in delhi near me
japanese language course in delhi near me
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
 
Lukas Rycek - GreenChemForCE - project structure.pptx
Lukas Rycek - GreenChemForCE - project structure.pptxLukas Rycek - GreenChemForCE - project structure.pptx
Lukas Rycek - GreenChemForCE - project structure.pptx
 
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
 
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
❽❽❻❼❼❻❻❸❾❻ DPBOSS NET SPBOSS SATTA MATKA RESULT KALYAN MATKA GUESSING FREE KA...
 
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐ Satta Matta Matka Dpboss Matka Guessing Kalyan panel Chart
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Pro Tips for Effortless Contract Management
Pro Tips for Effortless Contract ManagementPro Tips for Effortless Contract Management
Pro Tips for Effortless Contract Management
 
Stainless Steel Conveyor Manufacturers Chennai
Stainless Steel Conveyor Manufacturers ChennaiStainless Steel Conveyor Manufacturers Chennai
Stainless Steel Conveyor Manufacturers Chennai
 
MECE (Mutually Exclusive, Collectively Exhaustive) Principle
MECE (Mutually Exclusive, Collectively Exhaustive) PrincipleMECE (Mutually Exclusive, Collectively Exhaustive) Principle
MECE (Mutually Exclusive, Collectively Exhaustive) Principle
 
High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15
 

Cybersecurity Awareness Training Presentation v1.0

  • 1. www.treetopsecurity.com Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY 1 DALLAS HASELHORST FOUNDER/OWNER, TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X9) From the makers of Peak. Protecting small businesses using affordable, comprehensive, and common sense defenses. PRESENTED BY TreeTop Security - CAT - v1.0
  • 2. # whoami ● 20+ years of IT & cybersecurity experience ● Consulted for companies all over the US ● Multiple computer-related degrees from FHSU ● Master’s degree in Information Security Engineering from the SANS Technology Institute ● Alphabet soup of security-related certifications ○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GSE #231 ● Co-organizer of BSidesKC security conference ● Founded Sicoir Computers in 2003, sold in 2016 ● Lead design on Peak, the SMB cybersecurity platform 2 TreeTop Security - CAT - v1.0
  • 3. TreeTop Security - CAT - v1.0 3
  • 4. Overview Why security awareness? Patching your devices Passwords 2-factor authentication Internet safety & email Privacy concerns Backups are a must! Phone scams 4 TreeTop Security - CAT - v1.0
  • 6. Awareness training is a must! ● Technology alone cannot protect you from everything ● Attackers go where security is weakest ● People -> a link in the chain & maybe the last line of defense ● Essential to reducing cybersecurity risk ● Cybersecurity awareness is for... ○ Employees ○ Business owners Reminder: Many tips that keep you safe at work will also keep you safe at home! 6 ○ Parents ○ Kids ○ Seniors ○ Everyone! TreeTop Security - CAT - v1.0
  • 7. But an attacker isn’t interested in me... ● Credit card and financial data ● Medical data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer resources ○ Cryptomining ○ Advertising ● User or email credentials ○ Sending spam ○ Recovery/reset other accounts 7 ○ Ransomware ○ Jump point ○ “More” access TreeTop Security - CAT - v1.0 Wrong!!! You are exactly what an attacker wants!
  • 9. Backups ● NO level of protection is perfect ○ Backups are frequently overlooked ○ Only “guaranteed” protection against ransomware ○ Backup media should not be connected at all times ● If you backup, have you tested them recently? Users that have never backed up 35% Users that backup daily 6% Users that backup monthly 14% Users that backup yearly 20% 9 TreeTop Security - CAT - v1.0
  • 10. Updates are essential to security • What was secure yesterday may not be secure today • New software vulnerabilities found every day • Over 360K new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 10 TreeTop Security - CAT - v1.0
  • 11. ● Operating Systems ○ Microsoft Windows, Apple MacOS, Linux ○ End of life? Windows 7 - January 2020 ● Anti-virus ○ Update to the latest definitions to ensure protection against the latest threats ○ Symantec/Norton, McAfee, Windows Defender, Avast, and many others! 11 Keeping your system up-to-date TreeTop Security - CAT - v1.0
  • 12. Don’t forget!!! ● Browser - your portal to the internet ○ Chrome, Firefox, Opera, Edge, Safari, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & laptops ● Internet of Things (IoT) - Alexa, Google Home, thermostats, doorbells, surveillance system, light bulbs, smart locks, pet feeder, health monitors... This could keep going forever! 12 TreeTop Security - CAT - v1.0
  • 14. TreeTop Security - CAT - v1.0 14
  • 15. Managing Passwords ● Keep your passwords in a secure location ○ Don’t use paper or sticky notes ○ Don’t store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ LastPass ● Benefits of a password manager ○ Single password to remember them all ○ Encrypted storage of passwords ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile 15 ○ KeePass ○ 1Password TreeTop Security - CAT - v1.0
  • 16. Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, unmemorable Passwords shared with colleagues 69% Passwords shared with household 95% One password for all accounts 59% Passwords are too “simple” 86% 16 Possible with a password manager ○ Child names ○ Birthdays ○ Sports teams TreeTop Security - CAT - v1.0
  • 17. Passwords vs passphrases ● Useful when passwords must be typed in ● Should not be easy to guess ○ 12 Characters or more ○ Length is better than complexity (passphrases) ○ Bad password (8): P@ssw0rd ○ Great password (24): MysonwasbornNovember1995! Passwords exactly 8 characters 61% Average Length of Password 9.6 Average number of lowercase letters 6.1 Average number of special characters 0.2 17 TreeTop Security - CAT - v1.0
  • 18. Top 25 passwords by rank & year Rank 2017 2018 Rank 2017 2018 1 123456 123456 14 login 666666 2 password password 15 abc123 abc123 3 12345678 123456789 16 starwars football 4 qwerty 12345678 17 123123 123123 5 12345 12345 18 dragon monkey 6 123456789 111111 19 passw0rd 654321 7 letmein 1234567 20 master !@#$%^&* 8 1234567 sunshine 21 hello charlie 9 football qwerty 22 freedom aa123456 10 iloveyou iloveyou 23 whatever donald 11 admin princess 24 qazwsx password1 12 welcome admin 25 trustno1 qwerty123 13 monkey welcome Source: Gizmodo & Fortune If you use any of these, change them NOW!!! 18 TreeTop Security - CAT - v1.0
  • 19. 2FA - two-factor authentication ● “Your one-time code is…” ○ SMS ○ Phone Call ○ Phone pop-up ● Applications ○ Google Authenticator ○ Authy ● What is 2FA? ○ “Beyond” a username and password ○ Second form to prove it is you ○ Typically out-of-band 19 ○ Email ○ Snail Mail ○ Carrier Pigeon TreeTop Security - CAT - v1.0
  • 21. Is the link safe in 4 steps 1. Verify Were you expecting to receive a link? ○ Not just email! ○ Social Media ○ SMS/iMessage 2. Hover Hover over the link to ensure that it leads where it says it does 3. Sniff test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical my friends 4. Click If it passes the three previous tests, it should be okay to browse to 01 02 03 04 21 TreeTop Security - CAT - v1.0
  • 22. Easy to recognize email example ○ Viagra <- ?!?!?! ○ Strange wording ○ Email address 22 ○ Domain name ○ Expected email? ○ Interesting link Red flags? TreeTop Security - CAT - v1.0
  • 23. Known email account example ○ Email address ok ○ Name ok ○ Odd “signature” 23 ○ Expected email? ○ Link - .fr is France Hacked or spoofed email from someone you know Red flags? TreeTop Security - CAT - v1.0
  • 24. SMS “hidden” link example ○ Phone number ok ○ Expected text? 24 ○ Domain is textwon.com, NOT apple.com Hacked phone of someone you know Red flags? Source: SophosTreeTop Security - CAT - v1.0
  • 25. Hover before you click 25 ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ Foreign domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop - Hover Mobile - Long Press TreeTop Security - CAT - v1.0
  • 26. Hover example ○ Email address ok ○ Name ok ○ Expected email? 26 ○ Sense of urgency ○ Hover -> Not a Microsoft linkRed flags? TreeTop Security - CAT - v1.0
  • 27. Shortened or obfuscated links? 27 ● Instead of 300 characters, the link is reduced to 15 characters ○ Bit.ly ○ TinyURL ● Extremely common and helpful, but... ● Abused by criminals to hide malicious websites Link expander www.linkexpander.com TreeTop Security - CAT - v1.0
  • 28. More email attacks 92% of malware is delivered by email Source: CSO OnlineTreeTop Security - CAT - v1.0 28
  • 29. Email Attachments ● Stop & think before you click! ● Recognized sender? ● Expecting attachment? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: See step 1 ● Found in downloaded files too 29 Attachments in Microsoft Outlook Enable Macros <- NOOOOOO!!!! TreeTop Security - CAT - v1.0
  • 30. Other Email Scams ● Can be “non-technical” ● Spear phishing & whaling ○ CEO <-> CFO ○ Published organization chart ○ Policy requiring phone call? ● What they want ○ Gift & prepaid cards ○ Wire transfers / account info ● Sense of urgency Technical safeguards cannot help 30 Gift Card Scam Wire transfer TreeTop Security - CAT - v1.0
  • 31. Reach Out & Scam Someone TreeTop Security - CAT - v1.0 31
  • 32. Phone Scams ● Social engineering, what is it? ○ Make the caller provide verification ○ Call back a published number ● Phone numbers can be easily spoofed ○ Banks & credit card companies ○ Medical & insurance ○ IRS or past due account balance ○ Robocalls ● Other common phone scams ○ Grandparent Scam ○ Tech support - Microsoft, Apple, Dell, etc. will never contact the average user “out of the blue” 32 TreeTop Security - CAT - v1.0
  • 33. Phone scam example ○ Sense of urgency ○ Purposefully confusing ○ Expected call from Microsoft? 33 Red flags? Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… Technical safeguards can only do so much... That’s why security awareness is a must! TreeTop Security - CAT - v1.0
  • 35. USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 35 TreeTop Security - CAT - v1.0
  • 36. Encryption ● Can help protect your data ● Can also help an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 36 TreeTop Security - CAT - v1.0
  • 37. Internet Safety Quick Tips ● Never install anything based on a pop-up when visiting a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Be careful using Wi-Fi hotspots ● Avoid public computers 37 Do NOT assume a site is legitimate simply because of the green padlock ● Social media links - Facebook, Skype, Instagram, & more! TreeTop Security - CAT - v1.0
  • 38. ● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ Default privacy settings on social media ○ Vacation photos & “checking-in” (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? Internet Privacy 38 TreeTop Security - CAT - v1.0
  • 39. More Resources ● Don’t stop here! ○ Attacks change, continue learning ○ Help educate others ● When in doubt, ask questions ○ Your IT department? ○ Your IT provider? ● Additional Resources ○ SANS Ouch! Newsletter (free) https://www.sans.org/security-awareness-training/ouch-newsletter/ ○ TreeTop Security - Cybersecurity Awareness Training (free) Feedback, awareness quiz, training dates, slides, video https://www.treetopsecurity.com/CAT 39 ○ Me? TreeTop Security - CAT - v1.0
  • 40. Questions? 40 785-370-3444 Dallas Haselhorst dallas [at] treetopsecurity.com https://www.treetopsecurity.com Ask about Peak. The only comprehensive and affordable cybersecurity platform for small businesses. TreeTop Security - CAT - v1.0