Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3 Tips to Stay Safe Online in 2017


Published on

Learn practical tips to protect yourself or your business from ransomware, malware, drive-by-downloads, spear phishing, and other hacker attacks.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

3 Tips to Stay Safe Online in 2017

  1. 1. 3 Tips to Stay Safe Online in 2017 For business owners, executives, and high net worth individuals.
  2. 2. Today’s Speaker: Bret Piatt, CEO & Chairman at Jungle Disk Currently, as Chief Executive Officer of Jungle Disk, Bret is a hands-on leader who stays actively involved in product development and customer service. Prior to Jungle Disk, Bret was the General Manager of Rackspace Cloud Office, a 300 person SaaS division of Rackspace (NYSE:RAX) serving over 90,000 customers. • Additional roles at Rackspace included Senior Director, Corporate Strategy & Development and Product Line Leader for Security & Compliance Services. Before Rackspace, Bret spent nearly a decade at AT&T (NYSE:T) as a Network and Security Engineer, Security Network Operations Center Manager, and Associate Director – Security Services where he lead the Managed Premises Firewall business into the Gartner MSSP Leadership Quadrant.
  3. 3. TODAY’S AGENDA 1. Stopping Ransomware 2. Preventing Drive-by-Downloads 3. Catching Spear Phishing Attacks
  4. 4. Speed of Business Takes Us All Online The Internet has provided a revolution in productivity & risk Productivity 1. Instant access to research data (Google) vs. published paper periodicals (e.g. The Old Farmer’s Almanac). 2. Digital documents with legal digital signatures vs. paper records, filing cabinets, and wet ink signatures. 3. Online portals or mobile apps providing 24/7 access to services with financial or confidential records. Risk 1. Drive-by-download or fake website leading to account hijacking, ransomware, or other spyware infection. 2. Data breaches and broad scale records disclosures through online attacks. 3. Account hijacking and financial fraud or privacy violations through spear phishing or man-in-the- middle attacks. “Productivity is grounded in the PC. How would you run ‘USA Today’ without PCs? Run a hospital without PCs?” – Michael Dell, CEO – Dell Technologies
  5. 5. TODAY’S AGENDA 1. Stopping Ransomware 2. Preventing Drive-by-Downloads 3. Catching Spear Phishing Attacks
  6. 6. What is Ransomware? Malware that kidnaps your files for ransom Definition from US-CERT: • Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin. Examples of Ransomware: Stopping Ransomware
  7. 7. How can ransomware affect my business? Scared people, eroded customer trust, & direct costs “CryptoLocker ransomware writers collected $30 million in a mere 100 days. These figures represent a conservative estimate of the number of ransoms collected by the CryptoLocker gang.” – Dell SecureWorks “The number of reported security incidents rose 48% this year to 42.8 million–the equivalent of 117,339 attacks per day.” – PwC US, with CIO & CSO Magazine Stopping Ransomware
  8. 8. 1. Use a network security solution that blocks malware and attack vectors before they reach your computers. 2. Use host based security built into the operating system as a second line of defense (ex. Windows Defender). 3. Have a data backup in place if #1 and #2 fail so you can restore – even paying the ransom isn’t a guarantee your files come back. Multiple layers of protection are recommended: Stopping Ransomware Three Steps to Stop Ransomware Don’t let hackers kidnap your data on your computer
  9. 9. TODAY’S AGENDA 1. Stopping Ransomware 2. Preventing Drive-by-Downloads 3. Catching Spear Phishing Attacks
  10. 10. What is a Drive-by download? Automatic attacks without user action Definition from Wikipedia: • Drive-by download means two things, each concerning the unintended download of computer software from the Internet: • Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet) automatically. • Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.[1] Examples from ExtremeTech & HBR: Preventing Drive-by-Downloads
  11. 11. How do I avoid becoming a drive-by victim? Automatic defense to block automatic attacks 1. Use a network security solution with content filtering that includes malware detection. 2. Install an ad blocker in your web browser (ex. Adblock Plus open source project). 3. Use host based security built into the operating system as a second line of defense (ex. Windows Defender). Being “smart” and not clicking on suspicious links is no longer enough: Preventing Drive-by-Downloads
  12. 12. TODAY’S AGENDA 1. Stopping Ransomware 2. Preventing Drive-by-Downloads 3. Catching Spear Phishing Attacks
  13. 13. Spear Phishing vs. Spear Fishing Attackers are getting smarter, we have to as well. Spear Phishing is a highly targeted and context aware social engineering attack. They tried Jungle Disk in December 2016! Set your mail client to show full address! Spear Fishing Why does the attacker put, “Sent from my iPad”? It provides the person reading it a reason why the signature doesn’t exactly match your normal one. Catching Spear Phishing Attacks
  14. 14. How do I protect myself from spear phishing? Be aware, don’t hurry on anything you’ll regret 1. Be cautious and use a separate channel to verify sensitive topics or financial transactions. 2. Setup controls to require multiple people to authorize access to critical infrastructure or new payee or to change wire transfer / account #s on existing accounts. 3. Have a network content filtering and anti-malware service that blocks malicious downloads from dangerous links. Phishing is no longer just the infamous “419” scams with the dead prince you’re related to. Catching Spear Phishing Attacks
  15. 15. CLOSING TIPS 1. Turn on operating system updates & security 2. Install an ad-blocker in your web browser 3. Be cautious replying to emails, especially approvals
  16. 16. Bret Piatt, CEO of Jungle Disk Questions?