SlideShare a Scribd company logo
7 cybersecurity
Sins when Working
From Home
DALLAS HASELHORST
Founder & Principal Consultant, TreeTop Security
www.treetopsecurity.com
From the makers of Peak, the only affordable and
comprehensive small business cybersecurity solution
2info@treetopsecurity.com | @oneoffdallas
# whoami
● 20+ years of IT & cybersecurity experience
● Consulted for companies all over the US
● Multiple computer-related degrees from FHSU
● Master’s degree in Information Security Engineering
from the SANS Technology Institute
● Alphabet soup of security-related certifications
○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON,
GCIA, GWAPT, GDSA, GSE #231
● Co-organizer of BSidesKC conference
● Founded an IT company in 2003, acquired in 2016
● Lead design of the Peak platform > 3 years
3info@treetopsecurity.com | @oneoffdallas
WFH Fails (non-cybersecurity)
4info@treetopsecurity.com | @oneoffdallas
#1
I am too small to
to be hacked
Pride
5info@treetopsecurity.com | @oneoffdallas
43% of all cyber
attacks target
small businesses
“No one wants OUR data”
Unprepared Small Businesses
Large Businesses and Government
“Prepared” Small Businesses
Verizon 2019 DBIR - https://enterprise.verizon.com/resources/2019-data-breach-investigations-report.pdf
https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
6info@treetopsecurity.com | @oneoffdallas
Targeted or untargeted?
•Works equally well on 1 or 1,000
•Ransomware
• Locks you out of your data
• Monetary ransom gets it back
•Cryptominers/botnets
• Uses your system resources
• To “mine” cryptocurrency
• To hack or harass others
•Nation-states
•Organized crime
7info@treetopsecurity.com | @oneoffdallas
#2
Overindulgence of
devices
Gluttony
8info@treetopsecurity.com | @oneoffdallas
Home network
•One compromised device on the same
network can compromise your device too
•Who has access?
• Kids
• Neighbor kids
• Everyone?
•What devices have access?
• Gaming computers
• “Knock-off” products
• Internet of things (IoT) - Alexa,
Google Home, doorbells, Xbox,
refrigerators, camera systems, etc.
9info@treetopsecurity.com | @oneoffdallas
Fing app
•Free, easy to use
•Available for Apple/Android
•Scan your network
•Find other devices
•Staying at a B&B???
•Restaurant guest wifi
• Printers
• Speakers
• Servers <----
• POS <--------
PCI compliance? Access to credit card info!
10info@treetopsecurity.com | @oneoffdallas
Wireless/firewall
•Default username/password?
•Use WPA2 (AES) encryption setting
•Disable WPS <- “button to connect”
•Wireless key/password
• When was it last changed?
• Using your phone number?
• Hacked in under 10 mins
• More than 20 characters
• Use passphrases!!!
• Stayoffmywifi@homeplease (24)
https://linuxincluded.com/why-phone-numbers-make-horrible-wifi-passwords/
11info@treetopsecurity.com | @oneoffdallas
Next steps:
1) A properly configured
company VPN helps
2) Segment network? Likely
requires new equipment
12info@treetopsecurity.com | @oneoffdallas
#3
Uncontrolled
device security
Wrath
13info@treetopsecurity.com | @oneoffdallas
Prying eyes
•Password on computer
• Passphrases!
• >16 characters
• Length is better than complexity
• Lock when away
• Auto-lock after inactivity
• Windows = Windows key + L
• Mac = Control-Shift-Power
• Alternative - biometrics
•PIN/biometrics on portable devices
•Keep kids away
• “Grandkids were here this weekend”
14info@treetopsecurity.com | @oneoffdallas
WFH setups
•Don’t overshare!
•High resolution images
•Accidental disclosure
• Zoom meeting IDs
• What you are working on
• Client names / file names
• Applications you use (open or closed)
• Passwords on sticky notes <- NOOO!
•Hide all icons
•Don’t show toolbars/taskbars
•Resize pictures?
What could an attacker or
competitor gain?
15info@treetopsecurity.com | @oneoffdallas
Staying up-to-date
•New security issues found every day
•Operating system updates
• Windows, Apple, Linux
• Still using Windows 7 - end of life
•3rd party updates
• Microsoft Office
• Browser - Chrome, Safari, Firefox
• Adobe Reader
• Zoom - new version 2 days ago
• Click profile -> check for updates
•Anti-virus - definition updates
•Mobile devices
16info@treetopsecurity.com | @oneoffdallas
Next steps:
1) Separate work devices
2) Centralized, managed
updates & anti-virus
17info@treetopsecurity.com | @oneoffdallas
Lust
#4
Not treating
data like it’s
your data
#5
Longing to
communicate
(insecurely)
Envy
18info@treetopsecurity.com | @oneoffdallas
Scattershot storage & technology
•Unprepared for WFH?
•Then prepare for shadow IT
• Find alternatives to get things done
•Data/info coming from new sources
• No server or centralized storage
• Dropbox, OneDrive, Google Drive
• Email, Slack, Microsoft Teams
•Regulated industries - PII, PHI, etc.
• Many regulations laxed... For now
• “Left over data”
• After 6 months?
• After 2 years?
Maintain order now,
Thank me later
19info@treetopsecurity.com | @oneoffdallas
Data protection
•Alexa, Google Home -> always listening
•Backups - even more important
• Hardware failure
• Accidental deletion
• Ransomware - no protection is perfect!
•Full-disk encryption (FDE)
• Lost or stolen? Only out cost of device
• Recommended for PII/PHI everything
• Windows - Bitlocker
• Apple MacOS - FileVault
• Mobile devices - tablets & phones
• PIN/passcode on boot
• Decryption often tied to PIN/passcode
20info@treetopsecurity.com | @oneoffdallas
Secure communications
Example: Healthcare
Industry/regulatory approved?
Business Associate Agreement (BAA)
Video conferencing
Zoom or Zoom Business? No
Zoom for Healthcare? Yes
Free vs minimum of $200/month
Document storage/sharing
Google Drive? No
G Suite by Google? Yes
Free vs $6/month per user -------------------(additional services)
21info@treetopsecurity.com | @oneoffdallas
Next steps:
1) Disk encryption
start now if you’re not already
2) Solutions must be
company/regulatory approved
3) See “separate work devices”
22info@treetopsecurity.com | @oneoffdallas
#6
Lacking vigilance
Sloth
23info@treetopsecurity.com | @oneoffdallas
Criminal activity - domain registrations
https://www.markmonitor.com/mmblog/covid-19-domains-whats-going-on/
New domains
registered related
to corona, COVID,
vaccine, etc.
Example:
id-covid19[dot]com
DON’T GO THERE
24info@treetopsecurity.com | @oneoffdallas
Criminal activity - focus & increased attacks
25info@treetopsecurity.com | @oneoffdallas
Change matters
We let our guard down
•Different work schedules
•Shared spaces
•Using different software
•Communicating differently
•Consuming news differently
•Receiving money
• SBA loans
• Wire & ACH transfers
• Stimulus checks
• Unemployment?
PRIME opportunity for cybercriminals
26info@treetopsecurity.com | @oneoffdallas
Next steps:
1) Increase awareness now
2) Ongoing - company culture
27info@treetopsecurity.com | @oneoffdallas
#7
Education is expensive
Greed
28info@treetopsecurity.com | @oneoffdallas
Is it really?!?!?
29info@treetopsecurity.com | @oneoffdallas
Shared and recommended
at the RSA conference
Feb 2020
Downloaded in over
150 countries in < 1 year
Sept 2019 - March 2020
Slides available at
https://www.treetopsecurity.com/CAT
Awareness slide deck
30info@treetopsecurity.com | @oneoffdallas
Also available at
https://www.treetopsecurity.com/CAT
Free video + other goodies
•New slide deck
• Version 1.1
• Released March 2020
•Video presentation
• Released March 2020
•Awareness quiz
•Certificate of completion
•Sign-up for our newsletter
31info@treetopsecurity.com | @oneoffdallas
Questions?
https://www.treetopsecurity.com
785-370-3444
info@treetopsecurity.com
Think actual cybersecurity is expensive? Think again!
Ask us about Peak! It’s cybersecurity piece of mind for small businesses

More Related Content

What's hot

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
Gerard Lamusse
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
Atlantic Training, LLC.
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
jeetendra mandal
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
Atlantic Training, LLC.
 
Password Management
Password ManagementPassword Management
Password Management
Rick Chin
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
Jawhar Ali
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
hassanmughal4u
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
Kriti kohli
 

What's hot (20)

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
What is Ransomware
What is RansomwareWhat is Ransomware
What is Ransomware
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Password Management
Password ManagementPassword Management
Password Management
 
seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
 

Similar to 7 Cybersecurity Sins When Working From Home

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
Kazi Sarwar Hossain
 
MADS6638
MADS6638MADS6638
MADS6638
Carlos G. Gomez
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Carol Schlein Presentation Leveraging Technology in your new law practice
Carol Schlein Presentation Leveraging Technology in your new law practiceCarol Schlein Presentation Leveraging Technology in your new law practice
Carol Schlein Presentation Leveraging Technology in your new law practice
cschlein
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
B2BPlanner Ltd.
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
Josh Moulin, MSISA,CISSP
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard Catalog
IP-guard Sys Help Solutions
 
Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017) Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017)
Mike Kleviansky
 
T3 conference talk nov 2014
T3 conference talk nov 2014T3 conference talk nov 2014
T3 conference talk nov 2014
Sid Yenamandra
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
Dell EMC World
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
UL Transaction Security
 
It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version
Brian Pichman
 
BH SA A4 Brochure
BH SA A4 BrochureBH SA A4 Brochure
BH SA A4 Brochure
Amit Parbhucharan
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
nado-web
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
RedZone Technologies
 

Similar to 7 Cybersecurity Sins When Working From Home (20)

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
MADS6638
MADS6638MADS6638
MADS6638
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Carol Schlein Presentation Leveraging Technology in your new law practice
Carol Schlein Presentation Leveraging Technology in your new law practiceCarol Schlein Presentation Leveraging Technology in your new law practice
Carol Schlein Presentation Leveraging Technology in your new law practice
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
Information Security Basics for Businesses and Individuals
Information Security Basics for Businesses and IndividualsInformation Security Basics for Businesses and Individuals
Information Security Basics for Businesses and Individuals
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard Catalog
 
Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017) Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017)
 
T3 conference talk nov 2014
T3 conference talk nov 2014T3 conference talk nov 2014
T3 conference talk nov 2014
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!MT50 Data is the new currency: Protect it!
MT50 Data is the new currency: Protect it!
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version
 
BH SA A4 Brochure
BH SA A4 BrochureBH SA A4 Brochure
BH SA A4 Brochure
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 

7 Cybersecurity Sins When Working From Home