Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Small Business Security Education Outline

461 views

Published on

An outline of the small business cyber security training class outline. Participants will learn about phishing, hacking, and ransomware.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Small Business Security Education Outline

  1. 1. smallbusiness SECURITY ESSENTIALS LIVE CONSULTING DENVER IT SUPPORT AND MANAGED SERVICES PRESENTATION OUTLINE
  2. 2. LIVE CONSULTING DENVER IT SUPPORT AND MANAGED SERVICES INTRO Theremustbebalancebetweensecurityandfunctionalityforusers.If everythingherewereimplemented,end-userswouldbefrustrated. Securitymustfindbalance. TODAY’STHREATLANDSCAPE PHISHING HACKING RANSOMWARE GeneralPhishing Sendingoutemailsrequestingpersonalinformationtoalargeamountofemail addresses-castingawidenettocaptureasmanyvictimsaspossible. SpearPhishing Amoretargetedapproachtophishing.Findingmoreknownpersonalinformation andusingthatasatooltogatherevenmore. SSocialEngineering/Spoofing Hackersposeasanothersourceknowntothevictim togatherinformation-this doesnotalwayshappeninemailform. PhishingPreventionandTools • Internalcodesfortransactions/Dualapproval • EmailFiltering • REPELMethod R-RR-Requested.Whattheemailrequested?Isitexpected? E-Emailaddress.Lookattheaddress.Isitlegitimate.(Thiscanbespoofedthough!) P-Personalinformation.Istheemailrequestingpersonalinformation? E-Errors.Arethereerrorsingrammar,spellingorcontext? L-Links-Hoveroverlinkstoseewheretheyactuallypoint. RealWorldDiscussion: Therecentelectionhackingwasdonethroughspearphishingmethods. PHISHING
  3. 3. LIVE CONSULTING DENVER IT SUPPORT AND MANAGED SERVICES BruteForceAttack Abruteforceattackattemptstocrackpasswordsthroughtryingeverypossible passwordcombination.Thismethodgenerallytakescomputerprogramsagreat amountoftimetoguesspasswords. DictionaryAttack TThisform ofattackworksbyguessingyourpasswordbyusingactualwords,or thosefoundinthedictionary,combinedwithcommonlyusedcharacters.Thisis whysecurityexpertsalwaysharp-onusaboutusingnon-sensical,or non-dictionarywords. CompromisedDatabases WWhenlargewebsitedatabasescontainingusernamesandpasswordsarestolen, cyber-crooksdistributetheseontheinternet.Thisiswhyitisbadtoreuse usernamesandpasswords. Vulnerability/Zeroday/Exploitation Softwarecontinuallyispatched–orupdatedwithfixestoflawsinsecurityand functionality.Sometimes,hackersfindthesebeforedevelopershavethe opportunitytopatchthem,leaving‘holes’insecurity. L-LiL-Links-Hoveroverlinkstoseewheretheyactuallypoint. Whatyouoryourcompanycouldbeheldresponsiblefor: HIPAAviolations FinancialData Clientdata/law/sensitiveinfo Overviewofpenalties HackingPreventionandTools PPasswordmanagementandtwofactorauthentication Passwordlengthandcomplexity LayeredSecurity Changingdefaultpasswords AccessControl PhysicalSecurity HACKING
  4. 4. LIVE CONSULTING DENVER IT SUPPORT AND MANAGED SERVICES WhatitDoes o Holdsdataforransom Candeletefiles Encryptsfiles Mayormaynotbeun-encrypt-able HowDoYouGetRansomware oo Email o Drive-bydownloads o Publicfacingaccesstonetworkwithweakaccountpasswords Example:From Aclient’sscanner’spasswordwas‘scanner’–hackereasily figuredthisoutandputransomwareontheirnetwork. HowtoPreventandRecoverfrom Ransomware Backups Ifyouareinfectedwithransomware,havingbackupsinplacemeansyoucan restoreyourdatafrom yourbackups. Emailscrutiny:REPEL Donotpayransoms-notguarantee Absolutelastresort–thenpay Strongpasswordsonnetworks Anti-virusthatcandetectransomware LLayeredsecurity Policiesagainstzipfiles CarewithPDF’s MalwaremaskedasworddocsandPDF’s RANSOMWARE Payattention/bevigilant Whenindoubt,turncomputeroff,callITsupport Ifcomputerisnoton,filescannotbeencrypted Alwaysverifywithpeopleifsomethingseemsstrange-ifsomethingisboth legitimateandurgent,thentheywillresendthemessage. WRAPUP

×