This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks and become more security aware. This slide deck is based on version 1.2 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Cybersecurity Awareness Training Presentation v1.1DallasHaselhorst
This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks. This slide deck is based on version 1.1 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We also have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Cybersecurity Awareness Training Presentation v1.1DallasHaselhorst
This cybersecurity awareness training is meant to be used by organizations and end users to educate them on ways to avoid scams/attacks. This slide deck is based on version 1.1 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We also have a downloadable 'certificate of completion' for this training; this allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Employee Awareness in Cyber Security - KloudlearnKloudLearn
The goal of employee awareness in cybersecurity is to make employees aware of the procedures, policies, guidelines, and practices for configuring, managing, and executing cybersecurity in the organization.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Employee Awareness in Cyber Security - KloudlearnKloudLearn
The goal of employee awareness in cybersecurity is to make employees aware of the procedures, policies, guidelines, and practices for configuring, managing, and executing cybersecurity in the organization.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2024.03 of our wildly popular materials we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries! Since then, it has been downloaded hundreds of thousands of times and it is downloaded or viewed over 10,000 per month... And those are just the views we can count!
On our website, you will also find several other related, free goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You can download this slide deck as editable content right from our website. Once again, completely free and with no sign-ups! This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Don't Diligence Information Security for Lawyersdarrentthurston
Dont Diligence -Information Security for Lawyers : Cloud Security, the Law Society and what every lawyer needs to know - Darren Thurston - hardBox Solutions
Hit by a Cyberattack: lesson learned. When you get hacked, how did it happen and what do you do? Rough side notes of a presentation for IFE, 8 december 2015.
This presentation is primarily for small businesses interested in having their employees work from home. It provides do's and don'ts as well as short-term and long-term goals business leadership should strongly consider to better protect business data/systems. This presentation also provides home users tips they can use to help secure their home environment such as seeing what's on their network. Our team originally presented this material on a Zoom webinar on April 23rd, 2020 in conjunction with multiple business organizations. The version below is a recorded, webinar presentation without audience questions throughout.
Video presentation
https://www.treetopsecurity.com/7-cybersecurity-sins-when-working-from-home
Need help securing your business data? Please keep TreeTop Security and the Peak platform in mind for a better approach to small business cybersecurity.
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...Peter Waher
The presentation on Architectural Requirements for Smart Cities on the second day of the "IEEE Standards Impact in IoT and 5G" conference in Bangalore, India, describes the vision of a Smart City and shows that there are two paths to building a Smart City. Either Top/Down or Bottom/Up. The presentation describes Open Societies, and how to create Digital equivalents of Open Societies, or Open Smart Societies. It shows how standards, interoperability, monetization, privacy and security are key factors, and how IEEE 1451.99 can help lay a strong foundation for a Smart City.
A talk I gave at DevOpsDays Silicon Valley in May of 2018. This is a high-level presentation about common security guidelines and how your DevOps team can automate their way to better security.
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...TigerGraph
Full Webinar: https://info.tigergraph.com/graph-gurus-34
During this webinar we:
-Examine how graph analytics can lower the total cost of fraud;
-Describe how graph analytics can improve credit card fraud detection;
-Explore the application of graph analytics to an anti-money laundering use case.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Cybersecurity Awareness Training Presentation v1.2
1. www.treetopsecurity.com
Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY
1
DALLAS HASELHORST
FOUNDER/OWNER, TREETOP SECURITY
GSE #231, MSISE, CISSP, SANS/GIAC(X10)
From the makers of Peak. The affordable, comprehensive, and
common sense cybersecurity platform for small businesses.
PRESENTED BY
TreeTop Security - CAT - v1.2
2. # whoami
● 20+ years of IT & cybersecurity experience
● Consulted for companies all over the US
● Multiple computer-related degrees from FHSU
● Master’s degree in Information Security Engineering
from the SANS Technology Institute
● Alphabet soup of security-related certifications
○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN,
GMON, GCIA, GWAPT, GDSA, GSE #231
● Co-organizer of BSidesKC security conference
● Founded an MSP in 2003, acquired in 2016
● Founded TreeTop in 2016, lead design on Peak
2
TreeTop Security - CAT - v1.2
3. TreeTop Security - CAT - v1.2
3
About this presentation
Shared and recommended
at the RSA conference
Feb 2020
Version 1.0 downloaded in over
150 countries in first 6 months!
Sept 2019 - March 2020
Slides available at
https://www.treetopsecurity.com/CAT
5. Overview
● Why security awareness?
● Backup, backup, backup
● Patching ALL your devices
● Passwords
What to do when things go wrong
5
TreeTop Security - CAT - v1.2
● 2-factor authentication
● Internet safety & email
● Phone scams
● Privacy concerns
7. Awareness training is a must!
● Technology alone cannot protect you from everything
● Attackers go where security is weakest
● People -> a link in the chain & the last first line of defense
● Essential to reducing cybersecurity risk
● Cybersecurity awareness is for...
○ Employees
○ Business owners
Reminder: Many tips that keep you safe
at work will also keep you safe at home!
7
○ Parents
○ Kids
○ Seniors
○ Everyone!
TreeTop Security - CAT - v1.2
8. But an attacker isn’t interested in me...
● Credit card and financial data
● Medical data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer resources
○ Cryptomining
○ Advertising
● User or email credentials
○ Sending spam
○ Recovery/reset other accounts
8
○ Ransomware
○ Jump point
○ “More” access
TreeTop Security - CAT - v1.2
Wrong!!! You are exactly what an attacker wants!
10. Backups
● Backups protect when all else fails
○ NO level of protection is perfect
○ Only “guaranteed” protection against ransomware
● Backup media should not be connected at all times
● Test your backups!
Users that
have never
backed up
35%
Users that
backup
daily
6%
Users that
backup
monthly
14%
Users that
backup
yearly
20%
10
TreeTop Security - CAT - v1.2
11. Updates are essential to security
• What was secure yesterday may not
be secure today
• New software vulnerabilities found
every day
• Over 360K new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
11
TreeTop Security - CAT - v1.2
12. ● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ Windows 7 end of life was January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
12
Keeping your system up-to-date
TreeTop Security - CAT - v1.2
13. Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Opera, Edge, Safari, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & laptops
● Internet of Things (IoT) - Alexa, Google Home,
thermostats, doorbells, surveillance system, light
bulbs, smart locks, pet feeder, health monitors...
This could keep going forever!
13
TreeTop Security - CAT - v1.2
16. Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ LastPass
● Benefits of a password manager
○ One strong password to access them all
○ Encrypted storage of passwords
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
16
○ KeePass ○ 1Password
TreeTop Security - CAT - v1.2
17. Password Tips
● Avoid using items that can be associated with you
○ Address
○ Phone numbers
○ Pet names
● Separate passwords for every account
● Auto-generated, unmemorable
Passwords shared
with colleagues
69%
Passwords shared
with household
95%
One password for all
accounts
59%
Passwords are too
“simple”
86%
17
Possible with a
password manager
○ Child names
○ Birthdays
○ Sports teams
TreeTop Security - CAT - v1.2
18. Passwords vs passphrases
● Useful when passwords must be typed in
● Should not be easy to guess
○ At least 12 characters, but 15 or more is far better
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (24): MysonwasbornNovember1995!
Passwords exactly 8
characters
61%
Average Length of
Password
9.6
Average number of
lowercase letters
6.1
Average number of
special characters
0.2
18
TreeTop Security - CAT - v1.2
20. 2FA - two-factor authentication
● “Your one-time code is…”
○ SMS
○ Phone Call
○ Phone pop-up
● Applications
○ Google Authenticator
○ Authy <- ability to recover on new device
● What is 2FA?
○ “Beyond” a username and password
○ Second form to prove it is you
○ Typically out-of-band
20
○ Email
○ Snail Mail
TreeTop Security - CAT - v1.2
22. Is the link safe in 4 steps
1. Verify
Were you expecting a link?
○ Not just email!
○ Social Media
○ SMS/iMessage
○ Zoom, Teams, Slack, etc.
2. Hover
Hover over the link to
ensure that it leads to
where it says it does
3. Sniff test
Is it a site you recognize?
Does it feel “familiar” to you?
Be skeptical
4. Click
Does it pass all 3 tests?
Still use caution
“When in doubt, throw
it out”
01
02
03
04
22
TreeTop Security - CAT - v1.2
23. Easy to recognize scam
○ Viagra <- ?!?!?!
○ Strange wording
○ Email address
23
○ Domain name
○ Expected email?
○ Interesting link
Red flags?
TreeTop Security - CAT - v1.2
24. Known email account
○ Email address ok
○ Name ok
○ Odd “signature”
24
○ Expected email?
○ Link - .fr is France
Hacked or
spoofed email
from someone
you know
Red flags?
TreeTop Security - CAT - v1.2
25. ○ Received a text regarding
a package before?
○ Recognized domain?
Text messaging example
25
TreeTop Security - CAT - v1.2
Red flags?
Source: CNN
○ Name in SMS ok
○ Number ok?
○ Expected text?
26. Hover before you click
26
● Why hover?
○ Blue text can be deceiving
○ Underlying URL may be different
○ Foreign domains - .uk, .cn, or .ru
● Numbers instead of letters
○ Example: 192.168.1.1
○ Don’t trust it!
● Hover on mobile/tablet?
○ Long press (hold)
● Any doubts? Don’t click it!!!
http://www.evil.com/
Desktop - Hover
Mobile - Long Press
TreeTop Security - CAT - v1.2
27. Shortened or obfuscated links?
27
● Instead of 300 characters, the link is reduced to 15 characters
○ Bit.ly
○ TinyURL
● Extremely common and helpful, but...
● Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
TreeTop Security - CAT - v1.2
28. Hover is your friend
28
TreeTop Security - CAT - v1.2
○ Email address ok?
○ Expected email?
○ Sense of urgency
○ Hover!!!
Red flags?
Source: Malware Traffic Analysis
29. More email attacks
92% of malware is
delivered by email
Source: CSO OnlineTreeTop Security - CAT - v1.2
29
30. Email Attachments
● Stop & think before you click!
● Recognized sender?
● Expecting attachment?
● Is it normal for that contact to
send attachments?
Macros
● Step 1: Don’t do it!!!
● Step 2: See step 1
● Found in downloaded files too
30
Attachments in Microsoft Outlook
Enable Macros <- NOOOOOO!!!!
TreeTop Security - CAT - v1.2
31. Other Email Scams
31
TreeTop Security - CAT - v1.2
● Can be “non-technical”
● Spear phishing (CEO <-> CFO)
○ Published organization chart
○ Policy requiring phone call?
● What they want
○ Prepaid cards
○ Wire transfers
○ Account & email credentials
● Sense of urgency
Technical safeguards cannot help
Account credentials
Wire transfer
32. Scammer favorites
● Mimic recent news
○ Worldwide
■ Health scares
■ Protests
■ Elections
○ Local and regional
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
32
Recent events - coronavirus
Order Cancelled
TreeTop Security - CAT - v1.2
Keep your guard up!
34. Phone Scams
34
TreeTop Security - CAT - v1.2
● Social engineering, what is it?
○ Make the caller provide verification
○ Hang up & call back published number
● Phone numbers can be easily spoofed
○ Banks & credit card companies
○ Medical & insurance
○ IRS or past due account balance
○ Robocalls
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average user
“out of the blue”
35. Phone scam example
○ Sense of urgency
○ Purposefully confusing
○ Expected call from Microsoft?
35
Red flags?
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
Technical safeguards can only do so much...
That’s why security awareness is a must!
TreeTop Security - CAT - v1.2
37. USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
37
TreeTop Security - CAT - v1.2
38. Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
38
TreeTop Security - CAT - v1.2
39. Internet Safety Quick Tips
● Never install anything based on a
pop-up when visiting a website
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo, etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers
(hotels, libraries), charging, etc.
39
Do NOT assume a site is legitimate
simply because of the green padlock
TreeTop Security - CAT - v1.2
40. ● Data is the new gold -> your data is valuable!
● If you’re not paying for it, are you the product?
○ Data analytics & predictive results
○ Examples: advertising & insurance rates
● Are you oversharing?
○ Default privacy settings on social media
○ Vacation photos & “checking-in” (location sharing)
■ Thieves see that information also
■ Would you be comfortable telling people on
the street?
Internet Privacy
40
TreeTop Security - CAT - v1.2
41. You’ve been the victim of a scam
● Don’t panic, but don’t wait around
○ Unplug computer?
○ Contact your IT support
○ Write down details - event timeline, financial
accounts, credentials used, phone numbers, etc.
● Ransomware or scam
○ Report the incident to law enforcement?
○ In the US
■ BBB - https://www.bbb.org/scamtracker
■ FBI - Ransomware keys may be available
○ https://www.nomoreransom.org/
41
TreeTop Security - CAT - v1.2
42. More Resources
● When in doubt, ask questions
○ Your IT department?
○ Your IT provider?
● Don’t stop here!
○ Attacks change -> continue learning
● Additional Resources
○ SANS Ouch! - free monthly newsletter
○ StaySafeOnline.org - numerous free resources
○ Stop. Think. Connect. - free, little bit of everything
○ TreeTop Security - Cybersecurity Awareness Training (free)
Slides, feedback, quiz, & certificate of completion
https://www.treetopsecurity.com/CAT
42
○ TreeTop?
TreeTop Security - CAT - v1.2