5. Good security standards follow the 90/10 rule:
10% of security safeguards are technical
90% of security safeguards rely on the computer user to
adhere to good computing practices
Example: The lock on the door is the 10%. Remembering to
lock, checking to see if it is closed, ensuring others do not
prop the door open, keeping control of keys is the 90%. Don't
take shortcuts.
THE 90/10 RULE
7. Phishing is a cybercrime in which a target or targets are
contacted by email, telephone or text message by someone
posing as a legitimate institution to lure individuals into
providing sensitive data such as personally identifiable
information, banking and credit card details, and passwords.
Top Tips:
1. Check who the email sender really is.
2. Check the email for grammar and spelling mistakes.
3. Mouse over the link. Type in the company's URL in your
browser.
4. Contact your IT Security team if you're unsure at all about
an email.
A. EMAILS
8. Most viruses, Trojan horses, and worms are activated when
you open an attachment or click a link contained in
an email message. If your email client allows scripting, then it
is possible to get a virus by simply opening a message. It's
best to limit what HTML is available in your email messages.
Top Tips:
1. Never open or save attachments from an unknown sender.
2. If it looks fishy, don't open or save the attachment.
3. Let your IT department know if you receive a suspicious
email.
B. EMAIL ATTACHMENTS
9. Spam email is unsolicited and unwanted junk email sent out
in bulk to an indiscriminate recipient list. Typically, spam is
sent for commercial purposes. It can be sent in massive
volume by botnets, networks of infected computers.
Top Tips for Spam Protection
1. Utilize a different provider or 3rd party product if necessary.
2. Never click, open, or respond to spam messages.
3. When posting email to classified sites, use the following
format to keep spam bots from retrieving and using your
address: abdul.mateen (at) email.com
C. SPAM
10. Nothing is free.
No Nigerian princes
No Swedish lottery winners, etc.
THE FREE WORLD
11. PART 2.
PASSWORDS
Fortify your accounts with secure passwords
1. Personal Info in Passwords
2. Reusing Passwords
3. Password Management
4. Two-factor authentication
12. Typically, users practice risky behavior with respect to
passwords.
Passwords nowadays can be a gateway into identify theft.
USERS AND POOR PASSWORD HYGIENE
13. Passwords sometimes are extracted
Very simple to try all alternative options of password-base
DATA BREACHES LEAD TO PASSWORD
PROBLEMS BECAUSE ..
Example
Password that was stolen was elephant
Password required by website is 8 characters 1 symbol
32 symbols on the computer (would take a human 5 minutes)
Computers can carry out these tasks in fractions of a second
14. Typically, users are honest when filling out security questions.
Malicious parties can utilize social media to find out the
answers to these questions, which allows them to reset your
password.
Best practice is to not be honest when filling out these
questions. Treat security questions as another password field.
SECURITY QUESTIONS
15. If you have trouble remembering passwords or creating unique
passwords, utilize a password manager.
There are several very secure password managers on the
market that work across all OSes.
They will remember and auto-complete your passwords for you
once your "master" password is entered.
PASSWORD MANAGERS
17. Choose a good one
Don't share it
Replace it often
Don't recycle an old one
PASSWORDS SHOULD BE TREATED LIKE
TOOTHBRUSHES
18. Two-Factor Authentication for better protection
2FA is a great way to protect your email from being
compromised, particularly important for email.
As opposed to the standard password authentication, 2FA OTP
(One-time password) uses two elements:
Something that user knows
Something that user has
MULTIFACTOR AUTHENTICATION
19. Utilize unique passwords across all websites/applications
Enable and utilize 2FA on all websites that allow it
Bigger is better
Choose unique, non-true security questions.
If a data breach occurs, fully change your password
TOP TIPS FOR PASSWORD SAFETY
22. Malware definitely exists on other operating systems (OSes)
outside Windows.
Windows is typically the major target due to high market
share.
High penetration rate when new malware is released on other
OSes, because people believe their devices are safe without
having any endpoint security installed.
IS MALWARE ON WINDOWS ONLY?
23. Mobile phone malware is a growing threat because users do
most internet browsing on a cell phone.
Ransomware, or screen locking malware, is a popular threat
on mobile devices.
In 2016, malware targeting Apple iOS (iPhones, iPads)
increased.
Users must depend on the company to fix any vulnerabilities.
IS MALWARE ON MOBILE PHONES?
24. How does my computer get infected?
Clicking malicious links in email
Plugging in an unknown flash drive
Downloading malware masquerading as other software
How does my mobile device get infected?
Clicking malicious links in email
Downloading malware masquerading as other software
Installing 3rd party apps directly from the internet instead of
via official stores such as Google Play or Apple's App Store.
HOW DOES WE GET INFECTED?
25. 1. Install endpoint security on all devices.
2. Be careful what you plug in. Be careful what you click.
3. Get awareness training to all of your family members.
TOP TIPS TO AVOID MALWARE
27. Do not assume that a network
named "Library" is actually the
wireless network for the Public
Library.
Verify with the business owner
the name of their network.
PUBLIC WI-FI
In very insecure, so you should treat
every public Wi-Fi connection as
compromised (Unsafe)
Don't utilize any sensitive websites
when connected (banking, social
networking etc.)
If you need to access one of these
sites, utilize your cell phone and do not
connect it to Wi-Fi
28. Seriously, Don't. Life or Death - Use your phone as a hotspot.
Verify the Wi-Fi name with the business owner prior to
connecting
Treat public Wi-Fi connections as compromised (Unsafe)
Utilize an anti-malware product to help prevent against cyber
attacks while connected
TOP TIPS FOR PUBLIC WI-FI
29. Examples of IoT devices include internet-connected thermostats,
appliances, and closed circuit cameras.
This type of internet connection is convenient, but opens up a security
hole that needs to be secured.
If you can connect to it from anywhere, that means anyone can - by
simply guessing your password
Disable any web features that you do not utilize
Make sure all IoT devices are kept up to date
Routers are the first line of defense to protect IoT devices from
exploitation
INTERNET OF THINGS (IOT) DEVICES
Routers should be immediately
configured to change the default
username and password to
something unique
If someone gains access to your
router they can see all other
devices on your network
Make sure your router is
regularly updated to avoid
exploitation
30. Change default usernames and passwords on all devices
including routers
If you do not utilize the web features, disable them
Make sure all IOT devices, including routers, are kept up to
date with the newest firmware
TOP TIPS FOR INTERNET OF THINGS (IOT)
31. Is a protocol for secure communication over a computer
network which is widely used on the internet
HTTPS is typically notated by displaying a green lock in the
web address bar
No sensitive information should be typed into a page that is
not secured b HTTPS
Even though a page is secured with HTTPS, it does not
automatically mean the page is safe
Most browsers have begun to let users know more easily when
they are on a non-secure page
HTTPS
32. Before entering sensitive information, check to see if the site
is secured by HTTPS
Check to make sure this is a reputable website before
entering credit card information; don't just depend on the
HTTPS indicator
TOP TIPS FOR SECURE WEBSITES (HTTPS)
33. WEB CONTENT FILTER
Filters web traffic based on
preconfigured policies set by
the administrator.
There are both home versions
and corporate versions
Home versions focus on child
safety, while corporate
versions focus on employee
productivity
Not only can it restrict the
content that is displayed to a
certain audience, it can also
be utilized to filter malicious
content and protect the user
34. Increase employee productivity by implementing a web filter
Curb risky user behaviors and reduce malware exposure by
implementing a web filter
Protect children's mobile devices and computers from
displaying inappropriate content with a web filter
TOP TIPS FOR WEB CONTENT FILTERING
35. Nowadays, users utilize search engines
to ask every question they can think of
Users click on search results without
first checking if it is a legitimate site
This happens commonly on social
media websites as well
Even if the website is reputable, the
advertisement could be malicious and
infect your computer or mobile device
Free things (music, movies, game
cheats, etc.) are very commonly filled
with malware, and are rarely what they
say they are
'Review' sites make money by traffic.
SEARCH ENGINE SAFETY
36. Search Engines - Results aren't necessarily results
Stick to clicking on sites on the first page of results
Be careful when clicking on non-name recognizable sites
Malware commonly masquerades as free things
TOP TIPS FOR SEARCH ENGINE SAFETY
38. Be cautious disclosing information
Verify the credentials of all contractors
When in doubt call the official company
TOP TIPS FOR SOCIAL ENGINEERING
39. Increase employee awareness to cybercriminal tactics
Implement a data use policy for what employees may or may
not do
Implement security tools to help prevent, protect, detect and
respond
Consider physical security as part of your data protection plan
TOP TIPS FOR INSIDER THREATS
40. Avoid doing personal activities on work computers, when
possible.
Avoid doing work activities on personally owned devices, when
possible.
Co-mingling of information is bad for you and bad for your
employer.
DON'T MIX BUSINESS WITH PLEASURE
41. Report suspected malware and phishing incidents
Report suspected social engineering
Report suspicious behavior of insiders
Report anything that seems odd or out of place, including the
circumvention of physical, technical and administrative
controls
DON'T ASSUME ANYTHING
49. PART 7.
TO OUR KIDS
GO SAFE ONLINE
Cyber Security awareness to Kids at our homes
50. Kids ages 8-18 spend 7hours and 38minutes per day online
Some common online issues kids face include:
Cyber Predators
Cyber Bullying
Identity Theft
THE DIGITAL LIVES OF CHILDREN
51.
52. Keep your personal information private; avoid sharing your name,
address, telephone number, birthday, passwords, and the name of your
school when using the internet
Think twice before you post or say anything online; once it is in
cyberspace, it's out there forever
Treat others like you want to be treated
Speak up. If you see something inappropriate, let the website know and
tell an adult you trust. Don't stand for bullying -- Online or Off.
Choose a screen name or email address that isn't your real name to
protect your identity. For instance, instead of "Abdul Mateen", why not
choose "Sk8boardKing?"
TIPS TO SHARE WITH YOUR KIDS
Don't share your passwords with anyone
Think before you click - don't open emails
from strangers and don't click on links for
unfamiliar sites
Use and check your privacy settings on
social networking sites like Facebook and
Twitter