SlideShare a Scribd company logo

Cybersecurity Awareness Training Presentation v1.2

D
DallasHaselhorst

This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks and become more security aware. This slide deck is based on version 1.2 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries! On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware. https://www.treetopsecurity.com/cat We also have a video/webinar presentation of this material if you would like to share it with others. https://www.treetopsecurity.com/cat#video Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides. https://www.treetopsecurity.com/slides

Business
1 of 43
Download to read offline
www.treetopsecurity.com Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY 1 DALLAS HASELHORST FOUNDER/OWNER, TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X10) From the makers of Peak. The affordable, comprehensive, and common sense cybersecurity platform for small businesses. PRESENTED BY TreeTop Security - CAT - v1.2
# whoami ● 20+ years of IT & cybersecurity experience ● Consulted for companies all over the US ● Multiple computer-related degrees from FHSU ● Master’s degree in Information Security Engineering from the SANS Technology Institute ● Alphabet soup of security-related certifications ○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231 ● Co-organizer of BSidesKC security conference ● Founded an MSP in 2003, acquired in 2016 ● Founded TreeTop in 2016, lead design on Peak 2 TreeTop Security - CAT - v1.2
TreeTop Security - CAT - v1.2 3 About this presentation Shared and recommended at the RSA conference Feb 2020 Version 1.0 downloaded in over 150 countries in first 6 months! Sept 2019 - March 2020 Slides available at https://www.treetopsecurity.com/CAT
TreeTop Security - CAT - v1.2 4
Overview ● Why security awareness? ● Backup, backup, backup ● Patching ALL your devices ● Passwords What to do when things go wrong 5 TreeTop Security - CAT - v1.2 ● 2-factor authentication ● Internet safety & email ● Phone scams ● Privacy concerns
Why is cybersecurity awareness important? TreeTop Security - CAT - v1.2 6
Awareness training is a must! ● Technology alone cannot protect you from everything ● Attackers go where security is weakest ● People -> a link in the chain & the last first line of defense ● Essential to reducing cybersecurity risk ● Cybersecurity awareness is for... ○ Employees ○ Business owners Reminder: Many tips that keep you safe at work will also keep you safe at home! 7 ○ Parents ○ Kids ○ Seniors ○ Everyone! TreeTop Security - CAT - v1.2
But an attacker isn’t interested in me... ● Credit card and financial data ● Medical data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer resources ○ Cryptomining ○ Advertising ● User or email credentials ○ Sending spam ○ Recovery/reset other accounts 8 ○ Ransomware ○ Jump point ○ “More” access TreeTop Security - CAT - v1.2 Wrong!!! You are exactly what an attacker wants!
HELP!!! Ways to protect yourself! TreeTop Security - CAT - v1.2 9
Backups ● Backups protect when all else fails ○ NO level of protection is perfect ○ Only “guaranteed” protection against ransomware ● Backup media should not be connected at all times ● Test your backups! Users that have never backed up 35% Users that backup daily 6% Users that backup monthly 14% Users that backup yearly 20% 10 TreeTop Security - CAT - v1.2
Updates are essential to security • What was secure yesterday may not be secure today • New software vulnerabilities found every day • Over 360K new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 11 TreeTop Security - CAT - v1.2
● Operating Systems ○ Microsoft Windows, Apple MacOS, Linux ○ Windows 7 end of life was January 2020 ● Anti-virus ○ Update to the latest definitions to ensure protection against the latest threats ○ Symantec/Norton, McAfee, Windows Defender, Avast, and many others! 12 Keeping your system up-to-date TreeTop Security - CAT - v1.2
Don’t forget!!! ● Browser - your portal to the internet ○ Chrome, Firefox, Opera, Edge, Safari, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & laptops ● Internet of Things (IoT) - Alexa, Google Home, thermostats, doorbells, surveillance system, light bulbs, smart locks, pet feeder, health monitors... This could keep going forever! 13 TreeTop Security - CAT - v1.2
All About Passwords TreeTop Security - CAT - v1.2 14
TreeTop Security - CAT - v1.2 15
Managing Passwords ● Keep your passwords in a secure location ○ Don’t use paper or sticky notes ○ Don’t store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ LastPass ● Benefits of a password manager ○ One strong password to access them all ○ Encrypted storage of passwords ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile 16 ○ KeePass ○ 1Password TreeTop Security - CAT - v1.2
Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, unmemorable Passwords shared with colleagues 69% Passwords shared with household 95% One password for all accounts 59% Passwords are too “simple” 86% 17 Possible with a password manager ○ Child names ○ Birthdays ○ Sports teams TreeTop Security - CAT - v1.2
Passwords vs passphrases ● Useful when passwords must be typed in ● Should not be easy to guess ○ At least 12 characters, but 15 or more is far better ○ Length is better than complexity (passphrases) ○ Bad password (8): P@ssw0rd ○ Great password (24): MysonwasbornNovember1995! Passwords exactly 8 characters 61% Average Length of Password 9.6 Average number of lowercase letters 6.1 Average number of special characters 0.2 18 TreeTop Security - CAT - v1.2
Top 25 passwords by rank & year Source: Gizmodo If you use any of these, change them NOW!!! 19 TreeTop Security - CAT - v1.2 Rank 2017 2018 2019 Rank 2017 2018 2019 1 123456 123456 123456 14 login 666666 admin 2 password password 123456789 15 abc123 abc123 qwertyuiop 3 12345678 123456789 qwerty 16 starwars football 654321 4 qwerty 12345678 password 17 123123 123123 555555 5 12345 12345 1234567 18 dragon monkey lovely 6 123456789 111111 12345678 19 passw0rd 654321 7777777 7 letmein 1234567 12345 20 master !@#$%^&* welcome 8 1234567 sunshine iloveyou 21 hello charlie 888888 9 football qwerty 111111 22 freedom aa123456 princess 10 iloveyou iloveyou 123123 23 whatever donald dragon 11 admin princess abc123 24 qazwsx password1 password1 12 welcome admin qwerty123 25 trustno1 qwerty123 123qwe 13 monkey welcome 1q2w3e4r
2FA - two-factor authentication ● “Your one-time code is…” ○ SMS ○ Phone Call ○ Phone pop-up ● Applications ○ Google Authenticator ○ Authy <- ability to recover on new device ● What is 2FA? ○ “Beyond” a username and password ○ Second form to prove it is you ○ Typically out-of-band 20 ○ Email ○ Snail Mail TreeTop Security - CAT - v1.2
Just A Little Click TreeTop Security - CAT - v1.2 21
Is the link safe in 4 steps 1. Verify Were you expecting a link? ○ Not just email! ○ Social Media ○ SMS/iMessage ○ Zoom, Teams, Slack, etc. 2. Hover Hover over the link to ensure that it leads to where it says it does 3. Sniff test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical 4. Click Does it pass all 3 tests? Still use caution “When in doubt, throw it out” 01 02 03 04 22 TreeTop Security - CAT - v1.2
Easy to recognize scam ○ Viagra <- ?!?!?! ○ Strange wording ○ Email address 23 ○ Domain name ○ Expected email? ○ Interesting link Red flags? TreeTop Security - CAT - v1.2
Known email account ○ Email address ok ○ Name ok ○ Odd “signature” 24 ○ Expected email? ○ Link - .fr is France Hacked or spoofed email from someone you know Red flags? TreeTop Security - CAT - v1.2
○ Received a text regarding a package before? ○ Recognized domain? Text messaging example 25 TreeTop Security - CAT - v1.2 Red flags? Source: CNN ○ Name in SMS ok ○ Number ok? ○ Expected text?
Hover before you click 26 ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ Foreign domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop - Hover Mobile - Long Press TreeTop Security - CAT - v1.2
Shortened or obfuscated links? 27 ● Instead of 300 characters, the link is reduced to 15 characters ○ Bit.ly ○ TinyURL ● Extremely common and helpful, but... ● Abused by criminals to hide malicious websites Link expander www.linkexpander.com TreeTop Security - CAT - v1.2
Hover is your friend 28 TreeTop Security - CAT - v1.2 ○ Email address ok? ○ Expected email? ○ Sense of urgency ○ Hover!!! Red flags? Source: Malware Traffic Analysis
More email attacks 92% of malware is delivered by email Source: CSO OnlineTreeTop Security - CAT - v1.2 29
Email Attachments ● Stop & think before you click! ● Recognized sender? ● Expecting attachment? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: See step 1 ● Found in downloaded files too 30 Attachments in Microsoft Outlook Enable Macros <- NOOOOOO!!!! TreeTop Security - CAT - v1.2
Other Email Scams 31 TreeTop Security - CAT - v1.2 ● Can be “non-technical” ● Spear phishing (CEO <-> CFO) ○ Published organization chart ○ Policy requiring phone call? ● What they want ○ Prepaid cards ○ Wire transfers ○ Account & email credentials ● Sense of urgency Technical safeguards cannot help Account credentials Wire transfer
Scammer favorites ● Mimic recent news ○ Worldwide ■ Health scares ■ Protests ■ Elections ○ Local and regional ● Seasonal/holidays ○ Order & delivery issues ○ Tax issues 32 Recent events - coronavirus Order Cancelled TreeTop Security - CAT - v1.2 Keep your guard up!
Reach Out & Scam Someone TreeTop Security - CAT - v1.2 33
Phone Scams 34 TreeTop Security - CAT - v1.2 ● Social engineering, what is it? ○ Make the caller provide verification ○ Hang up & call back published number ● Phone numbers can be easily spoofed ○ Banks & credit card companies ○ Medical & insurance ○ IRS or past due account balance ○ Robocalls ● Other common phone scams ○ Grandparent Scam ○ Tech support - Microsoft, Apple, Dell, etc. will never contact the average user “out of the blue”
Phone scam example ○ Sense of urgency ○ Purposefully confusing ○ Expected call from Microsoft? 35 Red flags? Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… Technical safeguards can only do so much... That’s why security awareness is a must! TreeTop Security - CAT - v1.2
General Tips & Privacy TreeTop Security - CAT - v1.2 36
USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 37 TreeTop Security - CAT - v1.2
Encryption ● Can help protect your data ● Can also “help” an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 38 TreeTop Security - CAT - v1.2
Internet Safety Quick Tips ● Never install anything based on a pop-up when visiting a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news? ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Avoid public: Wi-Fi, computers (hotels, libraries), charging, etc. 39 Do NOT assume a site is legitimate simply because of the green padlock TreeTop Security - CAT - v1.2
● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ Default privacy settings on social media ○ Vacation photos & “checking-in” (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? Internet Privacy 40 TreeTop Security - CAT - v1.2
You’ve been the victim of a scam ● Don’t panic, but don’t wait around ○ Unplug computer? ○ Contact your IT support ○ Write down details - event timeline, financial accounts, credentials used, phone numbers, etc. ● Ransomware or scam ○ Report the incident to law enforcement? ○ In the US ■ BBB - https://www.bbb.org/scamtracker ■ FBI - Ransomware keys may be available ○ https://www.nomoreransom.org/ 41 TreeTop Security - CAT - v1.2
More Resources ● When in doubt, ask questions ○ Your IT department? ○ Your IT provider? ● Don’t stop here! ○ Attacks change -> continue learning ● Additional Resources ○ SANS Ouch! - free monthly newsletter ○ StaySafeOnline.org - numerous free resources ○ Stop. Think. Connect. - free, little bit of everything ○ TreeTop Security - Cybersecurity Awareness Training (free) Slides, feedback, quiz, & certificate of completion https://www.treetopsecurity.com/CAT 42 ○ TreeTop? TreeTop Security - CAT - v1.2
Questions? 43 785-370-3444 Dallas Haselhorst https://www.treetopsecurity.com Ask about Peak. The only comprehensive and affordable cybersecurity platform for small businesses. TreeTop Security - CAT - v1.2

Recommended

Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1
DallasHaselhorst
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 

Recommended

Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1
DallasHaselhorst
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Training
novemberchild
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
MohammedFarouk38
 

More Related Content

What's hot

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Training
novemberchild
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
haneen Emeir, CISA, ISO27001
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 

What's hot (20)

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Security Awareness &amp; Training
Security Awareness &amp; TrainingSecurity Awareness &amp; Training
Security Awareness &amp; Training
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 

Similar to Cybersecurity Awareness Training Presentation v1.2

Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
MohammedFarouk38
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
darrentthurston
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
Church of the Epiphany
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
B.A.
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
DallasHaselhorst
 
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
Peter Waher
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
EmilyGladstoneCole
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
Rohit Kapoor
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
Rohit Kapoor
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
Ron Reiter
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
Isaiah Edem
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 

Similar to Cybersecurity Awareness Training Presentation v1.2 (20)

Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)Login cat tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 

Recently uploaded

Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 

Recently uploaded (20)

Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 

Cybersecurity Awareness Training Presentation v1.2

  • 1. www.treetopsecurity.com Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY 1 DALLAS HASELHORST FOUNDER/OWNER, TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X10) From the makers of Peak. The affordable, comprehensive, and common sense cybersecurity platform for small businesses. PRESENTED BY TreeTop Security - CAT - v1.2
  • 2. # whoami ● 20+ years of IT & cybersecurity experience ● Consulted for companies all over the US ● Multiple computer-related degrees from FHSU ● Master’s degree in Information Security Engineering from the SANS Technology Institute ● Alphabet soup of security-related certifications ○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231 ● Co-organizer of BSidesKC security conference ● Founded an MSP in 2003, acquired in 2016 ● Founded TreeTop in 2016, lead design on Peak 2 TreeTop Security - CAT - v1.2
  • 3. TreeTop Security - CAT - v1.2 3 About this presentation Shared and recommended at the RSA conference Feb 2020 Version 1.0 downloaded in over 150 countries in first 6 months! Sept 2019 - March 2020 Slides available at https://www.treetopsecurity.com/CAT
  • 4. TreeTop Security - CAT - v1.2 4
  • 5. Overview ● Why security awareness? ● Backup, backup, backup ● Patching ALL your devices ● Passwords What to do when things go wrong 5 TreeTop Security - CAT - v1.2 ● 2-factor authentication ● Internet safety & email ● Phone scams ● Privacy concerns
  • 7. Awareness training is a must! ● Technology alone cannot protect you from everything ● Attackers go where security is weakest ● People -> a link in the chain & the last first line of defense ● Essential to reducing cybersecurity risk ● Cybersecurity awareness is for... ○ Employees ○ Business owners Reminder: Many tips that keep you safe at work will also keep you safe at home! 7 ○ Parents ○ Kids ○ Seniors ○ Everyone! TreeTop Security - CAT - v1.2
  • 8. But an attacker isn’t interested in me... ● Credit card and financial data ● Medical data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer resources ○ Cryptomining ○ Advertising ● User or email credentials ○ Sending spam ○ Recovery/reset other accounts 8 ○ Ransomware ○ Jump point ○ “More” access TreeTop Security - CAT - v1.2 Wrong!!! You are exactly what an attacker wants!
  • 10. Backups ● Backups protect when all else fails ○ NO level of protection is perfect ○ Only “guaranteed” protection against ransomware ● Backup media should not be connected at all times ● Test your backups! Users that have never backed up 35% Users that backup daily 6% Users that backup monthly 14% Users that backup yearly 20% 10 TreeTop Security - CAT - v1.2
  • 11. Updates are essential to security • What was secure yesterday may not be secure today • New software vulnerabilities found every day • Over 360K new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 11 TreeTop Security - CAT - v1.2
  • 12. ● Operating Systems ○ Microsoft Windows, Apple MacOS, Linux ○ Windows 7 end of life was January 2020 ● Anti-virus ○ Update to the latest definitions to ensure protection against the latest threats ○ Symantec/Norton, McAfee, Windows Defender, Avast, and many others! 12 Keeping your system up-to-date TreeTop Security - CAT - v1.2
  • 13. Don’t forget!!! ● Browser - your portal to the internet ○ Chrome, Firefox, Opera, Edge, Safari, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & laptops ● Internet of Things (IoT) - Alexa, Google Home, thermostats, doorbells, surveillance system, light bulbs, smart locks, pet feeder, health monitors... This could keep going forever! 13 TreeTop Security - CAT - v1.2
  • 15. TreeTop Security - CAT - v1.2 15
  • 16. Managing Passwords ● Keep your passwords in a secure location ○ Don’t use paper or sticky notes ○ Don’t store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ LastPass ● Benefits of a password manager ○ One strong password to access them all ○ Encrypted storage of passwords ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile 16 ○ KeePass ○ 1Password TreeTop Security - CAT - v1.2
  • 17. Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, unmemorable Passwords shared with colleagues 69% Passwords shared with household 95% One password for all accounts 59% Passwords are too “simple” 86% 17 Possible with a password manager ○ Child names ○ Birthdays ○ Sports teams TreeTop Security - CAT - v1.2
  • 18. Passwords vs passphrases ● Useful when passwords must be typed in ● Should not be easy to guess ○ At least 12 characters, but 15 or more is far better ○ Length is better than complexity (passphrases) ○ Bad password (8): P@ssw0rd ○ Great password (24): MysonwasbornNovember1995! Passwords exactly 8 characters 61% Average Length of Password 9.6 Average number of lowercase letters 6.1 Average number of special characters 0.2 18 TreeTop Security - CAT - v1.2
  • 19. Top 25 passwords by rank & year Source: Gizmodo If you use any of these, change them NOW!!! 19 TreeTop Security - CAT - v1.2 Rank 2017 2018 2019 Rank 2017 2018 2019 1 123456 123456 123456 14 login 666666 admin 2 password password 123456789 15 abc123 abc123 qwertyuiop 3 12345678 123456789 qwerty 16 starwars football 654321 4 qwerty 12345678 password 17 123123 123123 555555 5 12345 12345 1234567 18 dragon monkey lovely 6 123456789 111111 12345678 19 passw0rd 654321 7777777 7 letmein 1234567 12345 20 master !@#$%^&* welcome 8 1234567 sunshine iloveyou 21 hello charlie 888888 9 football qwerty 111111 22 freedom aa123456 princess 10 iloveyou iloveyou 123123 23 whatever donald dragon 11 admin princess abc123 24 qazwsx password1 password1 12 welcome admin qwerty123 25 trustno1 qwerty123 123qwe 13 monkey welcome 1q2w3e4r
  • 20. 2FA - two-factor authentication ● “Your one-time code is…” ○ SMS ○ Phone Call ○ Phone pop-up ● Applications ○ Google Authenticator ○ Authy <- ability to recover on new device ● What is 2FA? ○ “Beyond” a username and password ○ Second form to prove it is you ○ Typically out-of-band 20 ○ Email ○ Snail Mail TreeTop Security - CAT - v1.2
  • 22. Is the link safe in 4 steps 1. Verify Were you expecting a link? ○ Not just email! ○ Social Media ○ SMS/iMessage ○ Zoom, Teams, Slack, etc. 2. Hover Hover over the link to ensure that it leads to where it says it does 3. Sniff test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical 4. Click Does it pass all 3 tests? Still use caution “When in doubt, throw it out” 01 02 03 04 22 TreeTop Security - CAT - v1.2
  • 23. Easy to recognize scam ○ Viagra <- ?!?!?! ○ Strange wording ○ Email address 23 ○ Domain name ○ Expected email? ○ Interesting link Red flags? TreeTop Security - CAT - v1.2
  • 24. Known email account ○ Email address ok ○ Name ok ○ Odd “signature” 24 ○ Expected email? ○ Link - .fr is France Hacked or spoofed email from someone you know Red flags? TreeTop Security - CAT - v1.2
  • 25. ○ Received a text regarding a package before? ○ Recognized domain? Text messaging example 25 TreeTop Security - CAT - v1.2 Red flags? Source: CNN ○ Name in SMS ok ○ Number ok? ○ Expected text?
  • 26. Hover before you click 26 ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ Foreign domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop - Hover Mobile - Long Press TreeTop Security - CAT - v1.2
  • 27. Shortened or obfuscated links? 27 ● Instead of 300 characters, the link is reduced to 15 characters ○ Bit.ly ○ TinyURL ● Extremely common and helpful, but... ● Abused by criminals to hide malicious websites Link expander www.linkexpander.com TreeTop Security - CAT - v1.2
  • 28. Hover is your friend 28 TreeTop Security - CAT - v1.2 ○ Email address ok? ○ Expected email? ○ Sense of urgency ○ Hover!!! Red flags? Source: Malware Traffic Analysis
  • 29. More email attacks 92% of malware is delivered by email Source: CSO OnlineTreeTop Security - CAT - v1.2 29
  • 30. Email Attachments ● Stop & think before you click! ● Recognized sender? ● Expecting attachment? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: See step 1 ● Found in downloaded files too 30 Attachments in Microsoft Outlook Enable Macros <- NOOOOOO!!!! TreeTop Security - CAT - v1.2
  • 31. Other Email Scams 31 TreeTop Security - CAT - v1.2 ● Can be “non-technical” ● Spear phishing (CEO <-> CFO) ○ Published organization chart ○ Policy requiring phone call? ● What they want ○ Prepaid cards ○ Wire transfers ○ Account & email credentials ● Sense of urgency Technical safeguards cannot help Account credentials Wire transfer
  • 32. Scammer favorites ● Mimic recent news ○ Worldwide ■ Health scares ■ Protests ■ Elections ○ Local and regional ● Seasonal/holidays ○ Order & delivery issues ○ Tax issues 32 Recent events - coronavirus Order Cancelled TreeTop Security - CAT - v1.2 Keep your guard up!
  • 33. Reach Out & Scam Someone TreeTop Security - CAT - v1.2 33
  • 34. Phone Scams 34 TreeTop Security - CAT - v1.2 ● Social engineering, what is it? ○ Make the caller provide verification ○ Hang up & call back published number ● Phone numbers can be easily spoofed ○ Banks & credit card companies ○ Medical & insurance ○ IRS or past due account balance ○ Robocalls ● Other common phone scams ○ Grandparent Scam ○ Tech support - Microsoft, Apple, Dell, etc. will never contact the average user “out of the blue”
  • 35. Phone scam example ○ Sense of urgency ○ Purposefully confusing ○ Expected call from Microsoft? 35 Red flags? Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… Technical safeguards can only do so much... That’s why security awareness is a must! TreeTop Security - CAT - v1.2
  • 37. USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 37 TreeTop Security - CAT - v1.2
  • 38. Encryption ● Can help protect your data ● Can also “help” an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 38 TreeTop Security - CAT - v1.2
  • 39. Internet Safety Quick Tips ● Never install anything based on a pop-up when visiting a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news? ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Avoid public: Wi-Fi, computers (hotels, libraries), charging, etc. 39 Do NOT assume a site is legitimate simply because of the green padlock TreeTop Security - CAT - v1.2
  • 40. ● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ Default privacy settings on social media ○ Vacation photos & “checking-in” (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? Internet Privacy 40 TreeTop Security - CAT - v1.2
  • 41. You’ve been the victim of a scam ● Don’t panic, but don’t wait around ○ Unplug computer? ○ Contact your IT support ○ Write down details - event timeline, financial accounts, credentials used, phone numbers, etc. ● Ransomware or scam ○ Report the incident to law enforcement? ○ In the US ■ BBB - https://www.bbb.org/scamtracker ■ FBI - Ransomware keys may be available ○ https://www.nomoreransom.org/ 41 TreeTop Security - CAT - v1.2
  • 42. More Resources ● When in doubt, ask questions ○ Your IT department? ○ Your IT provider? ● Don’t stop here! ○ Attacks change -> continue learning ● Additional Resources ○ SANS Ouch! - free monthly newsletter ○ StaySafeOnline.org - numerous free resources ○ Stop. Think. Connect. - free, little bit of everything ○ TreeTop Security - Cybersecurity Awareness Training (free) Slides, feedback, quiz, & certificate of completion https://www.treetopsecurity.com/CAT 42 ○ TreeTop? TreeTop Security - CAT - v1.2
  • 43. Questions? 43 785-370-3444 Dallas Haselhorst https://www.treetopsecurity.com Ask about Peak. The only comprehensive and affordable cybersecurity platform for small businesses. TreeTop Security - CAT - v1.2