The Internet is inescapable – both in your professional as well as your personal life. With our computers and phones, we are on the net at all times. But the net is dangerous. Whether you use e-mail, e-commerce, or even just a spreadsheet, you may not only be putting yourself in danger, but your whole company.
In this presentation, Prof. Dias explains some of the common ways you may be attacked when using Internet services, and how you can protect yourself against these attacks.
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
The Net is Dangerous
1. The Net is Dangerous:
How to Protect Yourself and Your Company
Gihan Dias
University of Moratuwa
2. Why do we use the Internet?
To get Information
To provide information
To communicate with other people
To transact business, etc.
3. What can happen to me on the
Internet?
can get caught to a fraud
can be misled by falsehoods
can waste my time
can lose my money
can lose my reputation
can lose my identity
can be lured into dangerous situations
4. If we don't use the Internet?
Must go to the library to find information
Should read the newspaper to get the cricket
scores
Have to send postal letters
Need to visit your bank to check your balance
We are back in the 20th century
5. So What do we Do?
We need to be careful
on the network
on the computer
what we do
6. What we'll cover today
e-Mail
Web
Your Computer
You
Your company
8. e-Mail Scams
Try to get you to do something by telling a story
9. Get Your password
Dear Webmail User
Your mailbox has exceeded the limit of Quota
Usage, which is as set by your manager, and
access to your mailbox via our mail portal will
be unavailable for sometime during this
maintenance
period.
You will not be able to create new e-mail to
send or receive again
until you validate your mailbox.
To re-validate your mailbox, you can CLICK HERE
https://docs.google.com/spreadsheet/viewform?
formkey=dDdaOHc1MnlPUEVpc2FkVNNfdewk4xcHc6MQ
Thanks
System Administrator.
10. Send Malware to your computer
Attn: Owner/Manager
Here with the Better Business Bureau notifies you that we have
received a complaint (ID 272854705) from one of your
customers with respect to their dealership with you.
Please open the COMPLAINT REPORT below to obtain more
information on this matter and let us know of your point of view
as soon as possible.
We are looking forward to your prompt reply.
Regards,
Allyssa BONDS
11. How to avoid e-Mail scams
Make sure your e-mail program has security
features enabled
don't ignore warning messages
Be suspicious of attachments or links
attachments may contain malware
links may go to sites which contain malware, or try
to get your password
Check who has sent the e-mail
even if you recognise the "From:" adress, it may
have been sent by a virus
12. How to avoid e-Mail scams (cont.)
Ignore any offers to give / make money
Be careful of people asking for money
Don't give any personal info to website, unless
you know who it is and have typed the address
on the browser
credit card / bank info
phone no., address, e-mail
13. How to avoid e-Mail scams (cont.)
Check the spelling, grammar and language of
the message – many scam mails are in poor
English
Beware of messages which look just like
message you get from Facebook, your bank,
etc. - a scammer could have sent them
may find your family members on Facebook and
send mail as them
14. How to avoid e-Mail scams (cont.)
Your company should run a spam / malware
filter
don't bypass it
Deletes most viruses
Can't delete all spam / scams
one man's spam is another man's ham
scammers are getting very sophisiticated
15. Junk Folder
Today's e-mail programs are good at detecting
viruses, spam, etc.
They usually move spam to a "Junk" folder
only problem, they may move good messages –
usually from people not in your address book – to
the junk folder
Check your junk folder occasionally
17. Secure connections
A secure (https) connection
1. secures connection between your computer and a
website so outsiders can't read what you type
2. confirms the identity of the site
Indicated by a padlock or similar icon on your
browser
Verify the owner of the website by clicking on
the address bar
Don't type in passwords or credit card nos.
unless you are on a verified secure connection
18. Personal Information
Many websites ask for all sorts of personal
information
Do they really need it?
Don't give them your main e-mail address
create a webmail address just for site registrations
Don't give any information they don't need
just type in something
19. Passwords
Most common way to authenticate you
Use good passwords (next slide)
Don't share passwords across sites
Never give your password to another person
20. Good Passwords
Hackers use software to check common
passwords
dont use "password" or "abc123" as your password
a local site was hacked recently – its password was
admin123
Passwords should be a long as possibe
at least 8 characters
Use a mix of capitals, simples, numbers and
symbols
e.g. gR5h@@QT
21. How to Remember Passwords
Think of a phrase – derive the password from it
e.g. Strong passwords are safer
s+rpW@saF3r
Write it down in a safe place
don't stick it on your computer
Keep a copy in a safer place
23. Keep your Computer free of
Malware
Make sure you run one antivirus software, and
it is up to date
Enable security settings on the computer
should by done by corporate IT
Beware of e-mail attachments
Don't download videos, slides, etc. from
unknown places
Don't stick USB drives on your computer
and don't stick your stick in unnecessary places
24. Vulnerabilities
All computers and software have vulnerabilities
Make sure your operating system (Windows)
and all other software is up-to-date
run windows update
should be set by IT
Disable features you don't use
Don't download software
who knows what they do
25. Sensitive Data
What is on your computer?
Should it be there?
company data
personal files
Keep sensitive data where it should be
on a server?
encrypted?
Don't send or receive sensitive data unless
authorised
26. Backup
What will happen if your hard disk crashes
today
or your computer is stolen?
Make sure all your data is backed up
IT should handle it
Back up your home computer too
Be careful of on-line backup services
28. Your Identity
Your identity includes your name, e-mail,
bank/credit card numbers, etc.
Your identity can be stolen on-line
your e-mail
your credit card number
your personal information
your Facebook account
Safeguard all of these (and more)
29. Your Reputation
What you say and do
What others say about you
Guard what you say on the net (including e-mail
and facebook)
nothing is private
You are not just you, but representing your
company
Difficult to control what others say about you
31. Corporate Data and Reputation
Your company has confidential information
needs to be guarded
What you say may be taken as coming from the
company
be careful what you say on the net
Company should have an official net presence
Facebook, too
Others may post about your company
respond appropriately
32. Social Engineering
It's not necessary to hack a password by trying
a million combinations
Sometimes just asking will do it.
People trust people – we try to help them
If something is routine, then you don't think
about it
if a call or an e-mail seems legitimate, you act on it
33. Is Security Easy?
No
Security is a pain in the ...
Tension Between Security and Other Values
Ease of use
Public Safety
34. But not having security is worse
Your money, time, data, reputation etc. could
be lost
35. What Should I Do?
Follow security procedures
Be vigilant
Have a back-up plan
37. Do not install strong passwords
unnecessary software sharing passwords
Avoiding Email Traps Don't open email attachments unless
you know for certain what it is
update your operating Be aware that actions have
system and consequences - ex: nude photos, bad
language, inappropriate conduct, etc. -
applications (windows could have legal impacts,
update) embarrassment, or affect future job
opportunities
backup
38. The Internet is inescapable – both in your
professional as well as your personal life. With
our computers and phones, we are on the net
at all times. But the net is dangerous. Whether
you use e-mail, e-commerce, or even just a
spreadsheet, you may not only be putting
yourself in danger, but your whole company.
In this presentation, Prof. Dias will explain
some of the common ways you may be
attacked when using Internet services, and how
you can protect yourself against these attacks.
39. spam sensitive data on your
phishing computer
e-banking
loss of laptop / mobile
phone
botnets address books
keyloggers gmail
ssl certificates vulnerabilities
site identity social engineering
encryption
identity theft
wireless
on-line postings