SlideShare a Scribd company logo
www.treetopsecurity.com
Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY
1
DALLAS HASELHORST
FOUNDER/OWNER, TREETOP SECURITY
GSE #231, MSISE, CISSP, SANS/GIAC(X10)
From the makers of Peak. The affordable, comprehensive, and
common sense cybersecurity platform for small businesses.
PRESENTED BY
TreeTop Security - CAT - v1.2
# whoami
● 20+ years of IT & cybersecurity experience
● Consulted for companies all over the US
● Multiple computer-related degrees from FHSU
● Master’s degree in Information Security Engineering
from the SANS Technology Institute
● Alphabet soup of security-related certifications
○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN,
GMON, GCIA, GWAPT, GDSA, GSE #231
● Co-organizer of BSidesKC security conference
● Founded an MSP in 2003, acquired in 2016
● Founded TreeTop in 2016, lead design on Peak
2
TreeTop Security - CAT - v1.2
TreeTop Security - CAT - v1.2
3
About this presentation
Shared and recommended
at the RSA conference
Feb 2020
Version 1.0 downloaded in over
150 countries in first 6 months!
Sept 2019 - March 2020
Slides available at
https://www.treetopsecurity.com/CAT
TreeTop Security - CAT - v1.2
4
Overview
● Why security awareness?
● Backup, backup, backup
● Patching ALL your devices
● Passwords
What to do when things go wrong
5
TreeTop Security - CAT - v1.2
● 2-factor authentication
● Internet safety & email
● Phone scams
● Privacy concerns
Why is
cybersecurity
awareness
important?
TreeTop Security - CAT - v1.2
6
Awareness training is a must!
● Technology alone cannot protect you from everything
● Attackers go where security is weakest
● People -> a link in the chain & the last first line of defense
● Essential to reducing cybersecurity risk
● Cybersecurity awareness is for...
○ Employees
○ Business owners
Reminder: Many tips that keep you safe
at work will also keep you safe at home!
7
○ Parents
○ Kids
○ Seniors
○ Everyone!
TreeTop Security - CAT - v1.2
But an attacker isn’t interested in me...
● Credit card and financial data
● Medical data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer resources
○ Cryptomining
○ Advertising
● User or email credentials
○ Sending spam
○ Recovery/reset other accounts
8
○ Ransomware
○ Jump point
○ “More” access
TreeTop Security - CAT - v1.2
Wrong!!! You are exactly what an attacker wants!
HELP!!!
Ways to protect
yourself!
TreeTop Security - CAT - v1.2
9
Backups
● Backups protect when all else fails
○ NO level of protection is perfect
○ Only “guaranteed” protection against ransomware
● Backup media should not be connected at all times
● Test your backups!
Users that
have never
backed up
35%
Users that
backup
daily
6%
Users that
backup
monthly
14%
Users that
backup
yearly
20%
10
TreeTop Security - CAT - v1.2
Updates are essential to security
• What was secure yesterday may not
be secure today
• New software vulnerabilities found
every day
• Over 360K new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
11
TreeTop Security - CAT - v1.2
● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ Windows 7 end of life was January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
12
Keeping your system up-to-date
TreeTop Security - CAT - v1.2
Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Opera, Edge, Safari, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & laptops
● Internet of Things (IoT) - Alexa, Google Home,
thermostats, doorbells, surveillance system, light
bulbs, smart locks, pet feeder, health monitors...
This could keep going forever!
13
TreeTop Security - CAT - v1.2
All
About
Passwords
TreeTop Security - CAT - v1.2
14
TreeTop Security - CAT - v1.2
15
Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ LastPass
● Benefits of a password manager
○ One strong password to access them all
○ Encrypted storage of passwords
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
16
○ KeePass ○ 1Password
TreeTop Security - CAT - v1.2
Password Tips
● Avoid using items that can be associated with you
○ Address
○ Phone numbers
○ Pet names
● Separate passwords for every account
● Auto-generated, unmemorable
Passwords shared
with colleagues
69%
Passwords shared
with household
95%
One password for all
accounts
59%
Passwords are too
“simple”
86%
17
Possible with a
password manager
○ Child names
○ Birthdays
○ Sports teams
TreeTop Security - CAT - v1.2
Passwords vs passphrases
● Useful when passwords must be typed in
● Should not be easy to guess
○ At least 12 characters, but 15 or more is far better
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (24): MysonwasbornNovember1995!
Passwords exactly 8
characters
61%
Average Length of
Password
9.6
Average number of
lowercase letters
6.1
Average number of
special characters
0.2
18
TreeTop Security - CAT - v1.2
Top 25 passwords by rank & year
Source: Gizmodo
If you use any of these, change them NOW!!!
19
TreeTop Security - CAT - v1.2
Rank 2017 2018 2019 Rank 2017 2018 2019
1 123456 123456 123456 14 login 666666 admin
2 password password 123456789 15 abc123 abc123 qwertyuiop
3 12345678 123456789 qwerty 16 starwars football 654321
4 qwerty 12345678 password 17 123123 123123 555555
5 12345 12345 1234567 18 dragon monkey lovely
6 123456789 111111 12345678 19 passw0rd 654321 7777777
7 letmein 1234567 12345 20 master !@#$%^&* welcome
8 1234567 sunshine iloveyou 21 hello charlie 888888
9 football qwerty 111111 22 freedom aa123456 princess
10 iloveyou iloveyou 123123 23 whatever donald dragon
11 admin princess abc123 24 qazwsx password1 password1
12 welcome admin qwerty123 25 trustno1 qwerty123 123qwe
13 monkey welcome 1q2w3e4r
2FA - two-factor authentication
● “Your one-time code is…”
○ SMS
○ Phone Call
○ Phone pop-up
● Applications
○ Google Authenticator
○ Authy <- ability to recover on new device
● What is 2FA?
○ “Beyond” a username and password
○ Second form to prove it is you
○ Typically out-of-band
20
○ Email
○ Snail Mail
TreeTop Security - CAT - v1.2
Just
A Little
Click
TreeTop Security - CAT - v1.2
21
Is the link safe in 4 steps
1. Verify
Were you expecting a link?
○ Not just email!
○ Social Media
○ SMS/iMessage
○ Zoom, Teams, Slack, etc.
2. Hover
Hover over the link to
ensure that it leads to
where it says it does
3. Sniff test
Is it a site you recognize?
Does it feel “familiar” to you?
Be skeptical
4. Click
Does it pass all 3 tests?
Still use caution
“When in doubt, throw
it out”
01
02
03
04
22
TreeTop Security - CAT - v1.2
Easy to recognize scam
○ Viagra <- ?!?!?!
○ Strange wording
○ Email address
23
○ Domain name
○ Expected email?
○ Interesting link
Red flags?
TreeTop Security - CAT - v1.2
Known email account
○ Email address ok
○ Name ok
○ Odd “signature”
24
○ Expected email?
○ Link - .fr is France
Hacked or
spoofed email
from someone
you know
Red flags?
TreeTop Security - CAT - v1.2
○ Received a text regarding
a package before?
○ Recognized domain?
Text messaging example
25
TreeTop Security - CAT - v1.2
Red flags?
Source: CNN
○ Name in SMS ok
○ Number ok?
○ Expected text?
Hover before you click
26
● Why hover?
○ Blue text can be deceiving
○ Underlying URL may be different
○ Foreign domains - .uk, .cn, or .ru
● Numbers instead of letters
○ Example: 192.168.1.1
○ Don’t trust it!
● Hover on mobile/tablet?
○ Long press (hold)
● Any doubts? Don’t click it!!!
http://www.evil.com/
Desktop - Hover
Mobile - Long Press
TreeTop Security - CAT - v1.2
Shortened or obfuscated links?
27
● Instead of 300 characters, the link is reduced to 15 characters
○ Bit.ly
○ TinyURL
● Extremely common and helpful, but...
● Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
TreeTop Security - CAT - v1.2
Hover is your friend
28
TreeTop Security - CAT - v1.2
○ Email address ok?
○ Expected email?
○ Sense of urgency
○ Hover!!!
Red flags?
Source: Malware Traffic Analysis
More email attacks
92% of malware is
delivered by email
Source: CSO OnlineTreeTop Security - CAT - v1.2
29
Email Attachments
● Stop & think before you click!
● Recognized sender?
● Expecting attachment?
● Is it normal for that contact to
send attachments?
Macros
● Step 1: Don’t do it!!!
● Step 2: See step 1
● Found in downloaded files too
30
Attachments in Microsoft Outlook
Enable Macros <- NOOOOOO!!!!
TreeTop Security - CAT - v1.2
Other Email Scams
31
TreeTop Security - CAT - v1.2
● Can be “non-technical”
● Spear phishing (CEO <-> CFO)
○ Published organization chart
○ Policy requiring phone call?
● What they want
○ Prepaid cards
○ Wire transfers
○ Account & email credentials
● Sense of urgency
Technical safeguards cannot help
Account credentials
Wire transfer
Scammer favorites
● Mimic recent news
○ Worldwide
■ Health scares
■ Protests
■ Elections
○ Local and regional
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
32
Recent events - coronavirus
Order Cancelled
TreeTop Security - CAT - v1.2
Keep your guard up!
Reach Out
& Scam
Someone
TreeTop Security - CAT - v1.2
33
Phone Scams
34
TreeTop Security - CAT - v1.2
● Social engineering, what is it?
○ Make the caller provide verification
○ Hang up & call back published number
● Phone numbers can be easily spoofed
○ Banks & credit card companies
○ Medical & insurance
○ IRS or past due account balance
○ Robocalls
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average user
“out of the blue”
Phone scam example
○ Sense of urgency
○ Purposefully confusing
○ Expected call from Microsoft?
35
Red flags?
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
Technical safeguards can only do so much...
That’s why security awareness is a must!
TreeTop Security - CAT - v1.2
General Tips
&
Privacy
TreeTop Security - CAT - v1.2
36
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
37
TreeTop Security - CAT - v1.2
Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
38
TreeTop Security - CAT - v1.2
Internet Safety Quick Tips
● Never install anything based on a
pop-up when visiting a website
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo, etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers
(hotels, libraries), charging, etc.
39
Do NOT assume a site is legitimate
simply because of the green padlock
TreeTop Security - CAT - v1.2
● Data is the new gold -> your data is valuable!
● If you’re not paying for it, are you the product?
○ Data analytics & predictive results
○ Examples: advertising & insurance rates
● Are you oversharing?
○ Default privacy settings on social media
○ Vacation photos & “checking-in” (location sharing)
■ Thieves see that information also
■ Would you be comfortable telling people on
the street?
Internet Privacy
40
TreeTop Security - CAT - v1.2
You’ve been the victim of a scam
● Don’t panic, but don’t wait around
○ Unplug computer?
○ Contact your IT support
○ Write down details - event timeline, financial
accounts, credentials used, phone numbers, etc.
● Ransomware or scam
○ Report the incident to law enforcement?
○ In the US
■ BBB - https://www.bbb.org/scamtracker
■ FBI - Ransomware keys may be available
○ https://www.nomoreransom.org/
41
TreeTop Security - CAT - v1.2
More Resources
● When in doubt, ask questions
○ Your IT department?
○ Your IT provider?
● Don’t stop here!
○ Attacks change -> continue learning
● Additional Resources
○ SANS Ouch! - free monthly newsletter
○ StaySafeOnline.org - numerous free resources
○ Stop. Think. Connect. - free, little bit of everything
○ TreeTop Security - Cybersecurity Awareness Training (free)
Slides, feedback, quiz, & certificate of completion
https://www.treetopsecurity.com/CAT
42
○ TreeTop?
TreeTop Security - CAT - v1.2
Questions?
43
785-370-3444
Dallas Haselhorst
https://www.treetopsecurity.com
Ask about Peak. The only comprehensive and affordable
cybersecurity platform for small businesses.
TreeTop Security - CAT - v1.2

More Related Content

What's hot

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
Atlantic Training, LLC.
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 

What's hot (20)

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 

Similar to Cybersecurity Awareness Training Presentation v1.2

Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
MohammedFarouk38
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
darrentthurston
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
Church of the Epiphany
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
Hit by a Cyberattack: lesson learned
 Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
B.A.
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
DallasHaselhorst
 
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
Peter Waher
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
EmilyGladstoneCole
 
Login cat tekmonks - v5 (mini)
Login cat   tekmonks - v5 (mini)Login cat   tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
Rohit Kapoor
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
Rohit Kapoor
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
Ron Reiter
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
Isaiah Edem
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
TigerGraph
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 

Similar to Cybersecurity Awareness Training Presentation v1.2 (20)

Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
 
Hit by a Cyberattack: lesson learned
 Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
Login cat tekmonks - v5 (mini)
Login cat   tekmonks - v5 (mini)Login cat   tekmonks - v5 (mini)
Login cat tekmonks - v5 (mini)
 
LoginCat - Mini Presentation
LoginCat - Mini PresentationLoginCat - Mini Presentation
LoginCat - Mini Presentation
 
Securing your Bitcoin wallet
Securing your Bitcoin walletSecuring your Bitcoin wallet
Securing your Bitcoin wallet
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Cyber Security & User's Privacy Invasion
Cyber Security & User's Privacy InvasionCyber Security & User's Privacy Invasion
Cyber Security & User's Privacy Invasion
 
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
Graph Gurus Episode 34: Graph Databases are Changing the Fraud Detection and ...
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
 

Recently uploaded

20240609_ TJ Communications Credentials.pdf
20240609_ TJ Communications Credentials.pdf20240609_ TJ Communications Credentials.pdf
20240609_ TJ Communications Credentials.pdf
tjcomstrang
 
NewBase 20 June 2024 Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
NewBase 20 June 2024  Energy News issue - 1731 by Khaled Al Awadi_compressed.pdfNewBase 20 June 2024  Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
NewBase 20 June 2024 Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
Khaled Al Awadi
 
Revolutionizing Surface Protection Xlcoatings Nano Based Solutions
Revolutionizing Surface Protection Xlcoatings Nano Based SolutionsRevolutionizing Surface Protection Xlcoatings Nano Based Solutions
Revolutionizing Surface Protection Xlcoatings Nano Based Solutions
Excel coatings
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
obriengroupinc04
 
Pro Tips for Effortless Contract Management
Pro Tips for Effortless Contract ManagementPro Tips for Effortless Contract Management
Pro Tips for Effortless Contract Management
Eternity Paralegal Services
 
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
eaqmokn
 
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani case
 
High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15
advik4387
 
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
IPLTech Electric
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Truck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers ChennaiTruck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers Chennai
ConveyorSystem
 
IMG_20240615_091110.pdf dpboss guessing
IMG_20240615_091110.pdf dpboss  guessingIMG_20240615_091110.pdf dpboss  guessing
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
CULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for dukeCULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for duke
ZevinAttisha
 
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
Adani case
 
deft. 2024 pricing guide for onboarding
deft.  2024 pricing guide for onboardingdeft.  2024 pricing guide for onboarding
deft. 2024 pricing guide for onboarding
hello960827
 
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
Cambridge Product Management Network
 
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
concepsionchomo153
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 

Recently uploaded (20)

20240609_ TJ Communications Credentials.pdf
20240609_ TJ Communications Credentials.pdf20240609_ TJ Communications Credentials.pdf
20240609_ TJ Communications Credentials.pdf
 
NewBase 20 June 2024 Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
NewBase 20 June 2024  Energy News issue - 1731 by Khaled Al Awadi_compressed.pdfNewBase 20 June 2024  Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
NewBase 20 June 2024 Energy News issue - 1731 by Khaled Al Awadi_compressed.pdf
 
Revolutionizing Surface Protection Xlcoatings Nano Based Solutions
Revolutionizing Surface Protection Xlcoatings Nano Based SolutionsRevolutionizing Surface Protection Xlcoatings Nano Based Solutions
Revolutionizing Surface Protection Xlcoatings Nano Based Solutions
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
 
Pro Tips for Effortless Contract Management
Pro Tips for Effortless Contract ManagementPro Tips for Effortless Contract Management
Pro Tips for Effortless Contract Management
 
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
 
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
 
High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15High-Quality IPTV Monthly Subscription for $15
High-Quality IPTV Monthly Subscription for $15
 
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
Sustainable Logistics for Cost Reduction_ IPLTech Electric's Eco-Friendly Tra...
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Truck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers ChennaiTruck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers Chennai
 
IMG_20240615_091110.pdf dpboss guessing
IMG_20240615_091110.pdf dpboss  guessingIMG_20240615_091110.pdf dpboss  guessing
IMG_20240615_091110.pdf dpboss guessing
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
CULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for dukeCULR Spring 2024 Journal.pdf testing for duke
CULR Spring 2024 Journal.pdf testing for duke
 
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
Adani Group Requests For Additional Land For Its Dharavi Redevelopment Projec...
 
deft. 2024 pricing guide for onboarding
deft.  2024 pricing guide for onboardingdeft.  2024 pricing guide for onboarding
deft. 2024 pricing guide for onboarding
 
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
2024.06 CPMN Cambridge - Beyond Now-Next-Later.pdf
 
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注外围盘口-欧洲杯投注盘口app|【​网址​🎉ac22.net🎉​】
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 

Cybersecurity Awareness Training Presentation v1.2

  • 1. www.treetopsecurity.com Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY 1 DALLAS HASELHORST FOUNDER/OWNER, TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X10) From the makers of Peak. The affordable, comprehensive, and common sense cybersecurity platform for small businesses. PRESENTED BY TreeTop Security - CAT - v1.2
  • 2. # whoami ● 20+ years of IT & cybersecurity experience ● Consulted for companies all over the US ● Multiple computer-related degrees from FHSU ● Master’s degree in Information Security Engineering from the SANS Technology Institute ● Alphabet soup of security-related certifications ○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231 ● Co-organizer of BSidesKC security conference ● Founded an MSP in 2003, acquired in 2016 ● Founded TreeTop in 2016, lead design on Peak 2 TreeTop Security - CAT - v1.2
  • 3. TreeTop Security - CAT - v1.2 3 About this presentation Shared and recommended at the RSA conference Feb 2020 Version 1.0 downloaded in over 150 countries in first 6 months! Sept 2019 - March 2020 Slides available at https://www.treetopsecurity.com/CAT
  • 4. TreeTop Security - CAT - v1.2 4
  • 5. Overview ● Why security awareness? ● Backup, backup, backup ● Patching ALL your devices ● Passwords What to do when things go wrong 5 TreeTop Security - CAT - v1.2 ● 2-factor authentication ● Internet safety & email ● Phone scams ● Privacy concerns
  • 7. Awareness training is a must! ● Technology alone cannot protect you from everything ● Attackers go where security is weakest ● People -> a link in the chain & the last first line of defense ● Essential to reducing cybersecurity risk ● Cybersecurity awareness is for... ○ Employees ○ Business owners Reminder: Many tips that keep you safe at work will also keep you safe at home! 7 ○ Parents ○ Kids ○ Seniors ○ Everyone! TreeTop Security - CAT - v1.2
  • 8. But an attacker isn’t interested in me... ● Credit card and financial data ● Medical data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer resources ○ Cryptomining ○ Advertising ● User or email credentials ○ Sending spam ○ Recovery/reset other accounts 8 ○ Ransomware ○ Jump point ○ “More” access TreeTop Security - CAT - v1.2 Wrong!!! You are exactly what an attacker wants!
  • 10. Backups ● Backups protect when all else fails ○ NO level of protection is perfect ○ Only “guaranteed” protection against ransomware ● Backup media should not be connected at all times ● Test your backups! Users that have never backed up 35% Users that backup daily 6% Users that backup monthly 14% Users that backup yearly 20% 10 TreeTop Security - CAT - v1.2
  • 11. Updates are essential to security • What was secure yesterday may not be secure today • New software vulnerabilities found every day • Over 360K new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 11 TreeTop Security - CAT - v1.2
  • 12. ● Operating Systems ○ Microsoft Windows, Apple MacOS, Linux ○ Windows 7 end of life was January 2020 ● Anti-virus ○ Update to the latest definitions to ensure protection against the latest threats ○ Symantec/Norton, McAfee, Windows Defender, Avast, and many others! 12 Keeping your system up-to-date TreeTop Security - CAT - v1.2
  • 13. Don’t forget!!! ● Browser - your portal to the internet ○ Chrome, Firefox, Opera, Edge, Safari, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & laptops ● Internet of Things (IoT) - Alexa, Google Home, thermostats, doorbells, surveillance system, light bulbs, smart locks, pet feeder, health monitors... This could keep going forever! 13 TreeTop Security - CAT - v1.2
  • 15. TreeTop Security - CAT - v1.2 15
  • 16. Managing Passwords ● Keep your passwords in a secure location ○ Don’t use paper or sticky notes ○ Don’t store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ LastPass ● Benefits of a password manager ○ One strong password to access them all ○ Encrypted storage of passwords ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile 16 ○ KeePass ○ 1Password TreeTop Security - CAT - v1.2
  • 17. Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, unmemorable Passwords shared with colleagues 69% Passwords shared with household 95% One password for all accounts 59% Passwords are too “simple” 86% 17 Possible with a password manager ○ Child names ○ Birthdays ○ Sports teams TreeTop Security - CAT - v1.2
  • 18. Passwords vs passphrases ● Useful when passwords must be typed in ● Should not be easy to guess ○ At least 12 characters, but 15 or more is far better ○ Length is better than complexity (passphrases) ○ Bad password (8): P@ssw0rd ○ Great password (24): MysonwasbornNovember1995! Passwords exactly 8 characters 61% Average Length of Password 9.6 Average number of lowercase letters 6.1 Average number of special characters 0.2 18 TreeTop Security - CAT - v1.2
  • 19. Top 25 passwords by rank & year Source: Gizmodo If you use any of these, change them NOW!!! 19 TreeTop Security - CAT - v1.2 Rank 2017 2018 2019 Rank 2017 2018 2019 1 123456 123456 123456 14 login 666666 admin 2 password password 123456789 15 abc123 abc123 qwertyuiop 3 12345678 123456789 qwerty 16 starwars football 654321 4 qwerty 12345678 password 17 123123 123123 555555 5 12345 12345 1234567 18 dragon monkey lovely 6 123456789 111111 12345678 19 passw0rd 654321 7777777 7 letmein 1234567 12345 20 master !@#$%^&* welcome 8 1234567 sunshine iloveyou 21 hello charlie 888888 9 football qwerty 111111 22 freedom aa123456 princess 10 iloveyou iloveyou 123123 23 whatever donald dragon 11 admin princess abc123 24 qazwsx password1 password1 12 welcome admin qwerty123 25 trustno1 qwerty123 123qwe 13 monkey welcome 1q2w3e4r
  • 20. 2FA - two-factor authentication ● “Your one-time code is…” ○ SMS ○ Phone Call ○ Phone pop-up ● Applications ○ Google Authenticator ○ Authy <- ability to recover on new device ● What is 2FA? ○ “Beyond” a username and password ○ Second form to prove it is you ○ Typically out-of-band 20 ○ Email ○ Snail Mail TreeTop Security - CAT - v1.2
  • 22. Is the link safe in 4 steps 1. Verify Were you expecting a link? ○ Not just email! ○ Social Media ○ SMS/iMessage ○ Zoom, Teams, Slack, etc. 2. Hover Hover over the link to ensure that it leads to where it says it does 3. Sniff test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical 4. Click Does it pass all 3 tests? Still use caution “When in doubt, throw it out” 01 02 03 04 22 TreeTop Security - CAT - v1.2
  • 23. Easy to recognize scam ○ Viagra <- ?!?!?! ○ Strange wording ○ Email address 23 ○ Domain name ○ Expected email? ○ Interesting link Red flags? TreeTop Security - CAT - v1.2
  • 24. Known email account ○ Email address ok ○ Name ok ○ Odd “signature” 24 ○ Expected email? ○ Link - .fr is France Hacked or spoofed email from someone you know Red flags? TreeTop Security - CAT - v1.2
  • 25. ○ Received a text regarding a package before? ○ Recognized domain? Text messaging example 25 TreeTop Security - CAT - v1.2 Red flags? Source: CNN ○ Name in SMS ok ○ Number ok? ○ Expected text?
  • 26. Hover before you click 26 ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ Foreign domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop - Hover Mobile - Long Press TreeTop Security - CAT - v1.2
  • 27. Shortened or obfuscated links? 27 ● Instead of 300 characters, the link is reduced to 15 characters ○ Bit.ly ○ TinyURL ● Extremely common and helpful, but... ● Abused by criminals to hide malicious websites Link expander www.linkexpander.com TreeTop Security - CAT - v1.2
  • 28. Hover is your friend 28 TreeTop Security - CAT - v1.2 ○ Email address ok? ○ Expected email? ○ Sense of urgency ○ Hover!!! Red flags? Source: Malware Traffic Analysis
  • 29. More email attacks 92% of malware is delivered by email Source: CSO OnlineTreeTop Security - CAT - v1.2 29
  • 30. Email Attachments ● Stop & think before you click! ● Recognized sender? ● Expecting attachment? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: See step 1 ● Found in downloaded files too 30 Attachments in Microsoft Outlook Enable Macros <- NOOOOOO!!!! TreeTop Security - CAT - v1.2
  • 31. Other Email Scams 31 TreeTop Security - CAT - v1.2 ● Can be “non-technical” ● Spear phishing (CEO <-> CFO) ○ Published organization chart ○ Policy requiring phone call? ● What they want ○ Prepaid cards ○ Wire transfers ○ Account & email credentials ● Sense of urgency Technical safeguards cannot help Account credentials Wire transfer
  • 32. Scammer favorites ● Mimic recent news ○ Worldwide ■ Health scares ■ Protests ■ Elections ○ Local and regional ● Seasonal/holidays ○ Order & delivery issues ○ Tax issues 32 Recent events - coronavirus Order Cancelled TreeTop Security - CAT - v1.2 Keep your guard up!
  • 33. Reach Out & Scam Someone TreeTop Security - CAT - v1.2 33
  • 34. Phone Scams 34 TreeTop Security - CAT - v1.2 ● Social engineering, what is it? ○ Make the caller provide verification ○ Hang up & call back published number ● Phone numbers can be easily spoofed ○ Banks & credit card companies ○ Medical & insurance ○ IRS or past due account balance ○ Robocalls ● Other common phone scams ○ Grandparent Scam ○ Tech support - Microsoft, Apple, Dell, etc. will never contact the average user “out of the blue”
  • 35. Phone scam example ○ Sense of urgency ○ Purposefully confusing ○ Expected call from Microsoft? 35 Red flags? Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… Technical safeguards can only do so much... That’s why security awareness is a must! TreeTop Security - CAT - v1.2
  • 37. USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 37 TreeTop Security - CAT - v1.2
  • 38. Encryption ● Can help protect your data ● Can also “help” an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 38 TreeTop Security - CAT - v1.2
  • 39. Internet Safety Quick Tips ● Never install anything based on a pop-up when visiting a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news? ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Avoid public: Wi-Fi, computers (hotels, libraries), charging, etc. 39 Do NOT assume a site is legitimate simply because of the green padlock TreeTop Security - CAT - v1.2
  • 40. ● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ Default privacy settings on social media ○ Vacation photos & “checking-in” (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? Internet Privacy 40 TreeTop Security - CAT - v1.2
  • 41. You’ve been the victim of a scam ● Don’t panic, but don’t wait around ○ Unplug computer? ○ Contact your IT support ○ Write down details - event timeline, financial accounts, credentials used, phone numbers, etc. ● Ransomware or scam ○ Report the incident to law enforcement? ○ In the US ■ BBB - https://www.bbb.org/scamtracker ■ FBI - Ransomware keys may be available ○ https://www.nomoreransom.org/ 41 TreeTop Security - CAT - v1.2
  • 42. More Resources ● When in doubt, ask questions ○ Your IT department? ○ Your IT provider? ● Don’t stop here! ○ Attacks change -> continue learning ● Additional Resources ○ SANS Ouch! - free monthly newsletter ○ StaySafeOnline.org - numerous free resources ○ Stop. Think. Connect. - free, little bit of everything ○ TreeTop Security - Cybersecurity Awareness Training (free) Slides, feedback, quiz, & certificate of completion https://www.treetopsecurity.com/CAT 42 ○ TreeTop? TreeTop Security - CAT - v1.2
  • 43. Questions? 43 785-370-3444 Dallas Haselhorst https://www.treetopsecurity.com Ask about Peak. The only comprehensive and affordable cybersecurity platform for small businesses. TreeTop Security - CAT - v1.2