SlideShare a Scribd company logo

Cyber Essentials for Managers

Download as PPTX, PDF
blogzilla
blogzilla

A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme

Technology
1 of 16
CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
MOBILE DEVICE MANAGEMENT
SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Recommended

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer security
Abhishek Pansuriya
 
Internet
InternetInternet
Internet
youssefchefcher
 
security issues
security issuessecurity issues
security issues
Pratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities Issues
Om Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)
sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.
MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.
HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.
JorgeGilMartnez2
 

Recommended

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer security
Abhishek Pansuriya
 
Internet
InternetInternet
Internet
youssefchefcher
 
security issues
security issuessecurity issues
security issues
Pratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities Issues
Om Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)
sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.
MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.
HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.
JorgeGilMartnez2
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
SMSumon8
 
Malware
MalwareMalware
Malware
Avani Patel
 
Spyware
SpywareSpyware
Spyware
Avani Patel
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
Hemant Mittal
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
Sumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Computer security
Computer securityComputer security
Computer security
Robin E. Beavers
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
Arjunsinh Sindhav
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud Presentation
ASSIST ladies networking group
 
Hackers
HackersHackers
HackersohHELLOmynameisTOMMY
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
hassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 

More Related Content

What's hot

VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
Venkasys Technologies Pvt. Ltd.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
SMSumon8
 
Malware
MalwareMalware
Malware
Avani Patel
 
Spyware
SpywareSpyware
Spyware
Avani Patel
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
Hemant Mittal
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
Sumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Computer security
Computer securityComputer security
Computer security
Robin E. Beavers
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
Arjunsinh Sindhav
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
hassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 

What's hot (18)

VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
 
Malware
MalwareMalware
Malware
 
Spyware
SpywareSpyware
Spyware
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
Computer security
Computer securityComputer security
Computer security
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measures
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I K
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud Presentation
 
Hackers
HackersHackers
Hackers
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 

Similar to Cyber Essentials for Managers

Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
David J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
Rahman_Hussain
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
SdhrYdv1
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
Frank Victory
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data Sheet
Sutedjo Tjahjadi
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptx
ReshmaBV2
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
Solarwinds N-able
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
230405
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
Dnyaneshwar Beedkar
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
Mohsin Dahar
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
Tawose Olamide Timothy
 
Cyber security
Cyber security Cyber security
Cyber security
ZwebaButt
 
Network security
Network securityNetwork security
Network security
Preethi B
 

Similar to Cyber Essentials for Managers (20)

Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data Sheet
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptx
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security
Network securityNetwork security
Network security
 

More from blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
blogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
blogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
blogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
blogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
blogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
blogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
blogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
blogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
blogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
blogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
blogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
blogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
blogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
blogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
blogzilla
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
blogzilla
 

More from blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 

Cyber Essentials for Managers

  • 1. CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
  • 2.
  • 3. NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
  • 4.
  • 5. HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
  • 6. SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
  • 8. SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
  • 9.
  • 10. ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
  • 11. DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
  • 12. VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
  • 13. KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
  • 14. AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
  • 15.
  • 16. CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Editor's Notes

  1. Q – what is the largest breach suffered to date in terms of numbers of people’s data compromised?
  2. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Large breaches can happen by targeting large centralised databases – but also by infecting many PCs and local systems
  3. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware
  4. https://gsuite.google.com/faq/index.html Will ECG allow BYOD? Enable MDM?
  5. https://en.wikipedia.org/wiki/YubiKey#/media/File:YubiKey-4-keychain-and-YubiKey-4-Nano.png
  6. http://www.publicdomainfiles.com/show_file.php?id=13965078618698