SlideShare a Scribd company logo
www.treetopsecurity.com
Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY
1
DALLAS HASELHORST
FOUNDER/PRINCIPAL - TREETOP SECURITY
GSE #231, MSISE, CISSP, SANS/GIAC(X10)
From the makers of Peak. The only comprehensive and
affordable cybersecurity platform for small businesses.
PRESENTED BY
TreeTop Security - CAT - v2021.08
# whoami
● 20+ years of IT & cybersecurity experience
● Consulted for companies all over the world
● Multiple computer-related degrees from FHSU
● Master’s degree in Information Security Engineering
from the SANS Technology Institute
● Alphabet soup of security-related certifications
○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON,
GCIA, GWAPT, GDSA, GSE #231
● Co-organizer of BSidesKC cybersecurity conference
● Founded an MSP in 2003, acquired in 2016
● Founded TreeTop in 2016, lead design on Peak platform
● Founded 501(c)(3) STEM Harvest in 2021 - stemharvest.org
2
TreeTop Security - CAT - v2021.08
3
About this presentation
Shared and recommended
at the RSA conference
Feb 2020
Version 1.0 downloaded in over
150 countries in first 6 months!
Sept 2019 - March 2020
Latest version is available at
https://www.treetopsecurity.com/CAT
TreeTop Security - CAT - v2021.08
4
TreeTop Security - CAT - v2021.08
Overview
● Why security awareness?
● Backup, backup, backup
● Patching ALL of your devices
● Passwords
What to do when things go wrong
5
TreeTop Security - CAT - v2021.08
● 2-factor authentication
● Internet safety & email
● Phone scams
● Privacy concerns
Why is
cybersecurity
awareness
important?
6
TreeTop Security - CAT - v2021.08
Awareness training is a must!
● Technology alone *cannot* protect you from everything
● Attackers go where security is weakest
● People -> a link in the chain & the last first line of defense
● A must to reduce cybersecurity risk
● Cybersecurity awareness is for...
○ Employees
○ Business owners
Reminder: Many tips that keep you safe
at work will also keep you safe at home!
7
○ Parents
○ Kids
○ Seniors
○ Everyone!
TreeTop Security - CAT - v2021.08
But an attacker isn’t interested in me...
● Credit card and financial data
● Medical data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer resources
○ Cryptomining
○ Advertising
● User or email credentials
○ Sending spam
○ Recovery/reset other accounts
8
○ Ransomware
○ Jump point
○ “More” access
TreeTop Security - CAT - v2021.08
Wrong!!! You are exactly what an attacker wants!
HELP!!!
Ways to protect
yourself!
9
TreeTop Security - CAT - v2021.08
Backups
● Backups protect when all else fails
○ NO level of protection is perfect
○ Only “guaranteed” protection against ransomware
● Backup media should *not* be connected at all times
● Test your backups! Restore, restore, restore...
Users that
have never
backed up
35%
Users that
backup
daily
6%
Users that
backup
monthly
14%
Users that
backup
yearly
20%
10
TreeTop Security - CAT - v2021.08
Worksheet #1
Your data,
your backups
https://www.treetopsecurity.com/CAT
11
TreeTop Security - CAT - v2021.08
Updates are essential to security
• What was secure yesterday may not
be secure today
• New software vulnerabilities are
found every day
• Over 360K new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
12
TreeTop Security - CAT - v2021.08
● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ Windows 7 end of life was January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
13
Keeping your system up-to-date
TreeTop Security - CAT - v2021.08
Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Edge, Safari, Brave, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & tablets
● Internet of Things (IoT) - Alexa, Google Home, light
bulbs, thermostats, doorbells, surveillance system,
smart locks, pet feeder, vacuums, health monitors...
This could keep going forever!
14
TreeTop Security - CAT - v2021.08
15
TreeTop Security - CAT - v2021.08
Worksheet #2
What’s on your
network?
https://www.treetopsecurity.com/CAT
All
About
Passwords
16
TreeTop Security - CAT - v2021.08
17
TreeTop Security - CAT - v2021.08
Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ Bitwarden
○ Chrome?
● Benefits of a password manager
○ One strong password to access them all
○ Passwords are stored securely
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
○ KeePass ○ LastPass
18
TreeTop Security - CAT - v2021.08
○ Apple Keychain?
Password Tips
● Avoid using items that can be associated with you
○ Address
○ Phone numbers
○ Pet names
● Separate passwords for every account
● Auto-generated, near impossible to guess
Passwords shared
with colleagues
69%
Passwords shared
with household
95%
One password for all
accounts
59%
Passwords are too
“simple”
86%
19
Easy with a
password manager
○ Child names
○ Birthdays
○ Sports teams
TreeTop Security - CAT - v2021.08
Passphrases, not passwords?
● Useful when passwords must be typed in
● Should not be easy to guess
○ At least 12 characters, but 15 or more is far better
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (25): MysonwasbornNovember1995!
Passwords exactly 8
characters
61%
Average Length of
Password
9.6
Average number of
lowercase letters
6.1
Average number of
special characters
0.2
20
TreeTop Security - CAT - v2021.08
Top 20 passwords by rank & year
Source: https://nordpass.com/most-common-passwords-list/
If you use any of these, change them NOW!!!
21
TreeTop Security - CAT - v2021.08
Rank 2018 2019 2020 Rank 2018 2019 2020
1 123456 123456 123456 11 princess abc123 1234567
2 password 123456789 123456789 12 admin qwerty123 qwerty
3 123456789 qwerty picture1 13 welcome 1q2w3e4r abc123
4 12345678 password password 14 666666 admin Million2
5 12345 1234567 12345678 15 abc123 qwertyuiop 000000
6 111111 12345678 111111 16 football 654321 1234
7 1234567 12345 123123 17 123123 555555 iloveyou
8 sunshine iloveyou 12345 18 monkey lovely aaron431
9 qwerty 111111 1234567890 19 654321 7777777 password1
10 iloveyou 123123 senha 20 !@#$%^&* welcome qqww1122
2FA - two-factor authentication
● “Your one-time code is…”
○ Email
○ Phone pop-up
○ Snail Mail
○ Applications
■ Google Authenticator
■ Authy <- ability to recover on new device
● What is 2FA?
○ “Beyond” a username and password
○ Second form to prove it is you
○ Typically out-of-band
22
○ Phone Call
○ SMS
TreeTop Security - CAT - v2021.08
Not as
secure
23
TreeTop Security - CAT - v2021.08
Worksheet #3
Password managers
& 2FA
https://www.treetopsecurity.com/CAT
Just
A Little
Click
24
TreeTop Security - CAT - v2021.08
Is the link safe in 4 steps
1. Verify
Were you expecting a link?
○ Not just email!
○ Social Media
○ SMS/iMessage
○ Zoom, Teams, Slack, etc.
2. Hover
Hover over the link to
ensure that it leads to
where it says it does
3. Sniff test
Is it a site you recognize?
Does it feel “familiar” to you?
Be skeptical
4. Click
Does it pass all 3 tests?
Still use caution
“When in doubt, throw
it out”
01
02
03
04
25
TreeTop Security - CAT - v2021.08
Easy to recognize scam
○ Viagra <- ?!?!?!
○ Strange wording
○ Email address
26
Domain name
Expected email?
Interesting link
Red flags?
TreeTop Security - CAT - v2021.08
Known email account
○ Email address ok
○ Name ok
○ Odd “signature”
27
Expected email?
Link - .fr is France
Hacked or spoofed
email from
someone you know
Similar attacks via
Facebook & social media
Red flags?
TreeTop Security - CAT - v2021.08
○ Received a text regarding
a package before?
○ Recognized domain?
Text messaging example
28
TreeTop Security - CAT - v2021.08
Red flags?
Source: CNN
○ Name in SMS ok
○ Number ok?
○ Expected text?
Hover before you click
29
● Why hover?
○ Blue text can be deceiving
○ Underlying URL may be
different
○ “Foreign” domains - .uk, .cn, or .ru
● Numbers instead of letters
○ Example: 192.168.1.1
○ Don’t trust it!
● Hover on mobile/tablet?
○ Long press (hold)
● Any doubts? Don’t click it!!!
http://www.evil.com/
Desktop - Hover
Mobile - Long Press
TreeTop Security - CAT - v2021.08
Shortened or obfuscated links?
30
● Instead of 300 characters, the link is reduced to 15 characters
○ Bit.ly
○ TinyURL
● Extremely common and helpful, but...
● Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
TreeTop Security - CAT - v2021.08
Hover is your friend
31
TreeTop Security - CAT - v2021.08
○ Email address ok?
○ Expected email?
○ Sense of urgency
○ HOVER!!!
Red flags?
Source: Malware Traffic Analysis
More email attacks
92% of malware is
delivered by email
Source: CSO Online
32
TreeTop Security - CAT - v2021.08
Email Attachments
● Stop & think before you click!
● Recognized sender?
● Expecting attachment?
● Is it normal for that contact to
send attachments?
Macros
● Step 1: Don’t do it!!!
● Step 2: See step 1
● Found in downloaded files too
33
Attachments in email client (Microsoft Outlook)
Enable Macros <- NOOOOOO!!!!
TreeTop Security - CAT - v2021.08
Other Email Scams
34
TreeTop Security - CAT - v2021.08
● Can be “non-technical”
● Spear phishing (CEO <-> CFO)
○ Published organization chart
○ Policy requiring phone call?
● What they want
○ Prepaid cards
○ Wire transfers
○ Account & email credentials
● Sense of urgency
Technical safeguards cannot help here
Account credentials
Wire transfer
Scammer favorites
● Mimic recent, breaking news
○ Worldwide
■ Health scares
■ Protests
■ Elections
○ Local and regional
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
35
Recent events - coronavirus
Order Cancelled
TreeTop Security - CAT - v2021.08
Keep your guard up!
36
TreeTop Security - CAT - v2021.08
Worksheet #4
Have you been part
of a breach?
https://www.treetopsecurity.com/CAT
Reach Out
& Scam
Someone
37
TreeTop Security - CAT - v2021.08
Phone Scams
38
TreeTop Security - CAT - v2021.08
● Social engineering, what is it?
○ Banks & credit card companies
○ Medical & insurance
○ IRS or any past due account balance
○ Objective: access your sensitive info
● Phone numbers can be easily spoofed
○ Make the caller provide verification
○ Hang up & call back a published number
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average user
“out of the blue”
Phone scam example
○ Sense of urgency
○ Purposefully confusing
○ Expected call from Microsoft?
39
Red flags?
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
Technical safeguards can only do so much...
That’s why security awareness is a must!
TreeTop Security - CAT - v2021.08
General Tips
&
Privacy
40
TreeTop Security - CAT - v2021.08
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
41
TreeTop Security - CAT - v2021.08
Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
42
TreeTop Security - CAT - v2021.08
Internet Safety Quick Tips
● Never click or install anything
based on a pop-up from a website
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo, etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers
(hotels, libraries), charging, etc.
43
Do NOT assume a site is legitimate
simply because of the “padlock”
TreeTop Security - CAT - v2021.08
No more padlock?
● Data is the new gold -> your data is valuable!
● If you’re not paying for it, are you the product?
○ Data analytics & predictive results
○ Examples: advertising & insurance rates
● Are you oversharing?
○ Default privacy settings on social media
○ Vacation photos & “checking-in” (location sharing)
■ Thieves see that information also
■ Would you be comfortable telling people on
the street?
Internet Privacy
44
TreeTop Security - CAT - v2021.08
Uh oh! You’ve been scammed
● It happens! Don’t be ashamed!
● Don’t panic, but don’t wait around
○ Unplug computer?
○ Contact your technical support
○ Write down details - event timeline, financial
accounts, credentials used, phone numbers, etc.
● Ransomware or scam
○ Report the incident to law enforcement?
○ In the US
■ BBB - https://www.bbb.org/scamtracker
■ FBI - Ransomware keys may be available
○ https://www.nomoreransom.org/
45
TreeTop Security - CAT - v2021.08
More Resources
● When in doubt, ask questions
○ Your IT dept/provider?
● Don’t stop here! Attacks change, so should you
● Additional Resources
○ SANS Ouch! - free monthly newsletter
○ StaySafeOnline.org - numerous free resources
○ Stop. Think. Connect. - free, little bit of everything
○ TreeTop Security - Cybersecurity Awareness Training (free)
These slides, video presentation of this material, value-add worksheets,
post-training quizzes, feedback form, newsletter sign-up, certificate of
completion & more! - https://www.treetopsecurity.com/CAT
● Worksheet #5 - Sharing is caring
46
○ TreeTop?
TreeTop Security - CAT - v2021.08
Questions?
47
785-370-3444
Dallas Haselhorst
info@treetopsecurity.com
https://www.treetopsecurity.com
Ask about Peak. The affordable, comprehensive, & common sense
cybersecurity platform designed for small businesses.
TreeTop Security - CAT - v2021.08

More Related Content

What's hot

Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
Atlantic Training, LLC.
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
Wilmington University
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
Atlantic Training, LLC.
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
Michel Bitter
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
Atlantic Training, LLC.
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
DallasHaselhorst
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
Fred Beck MBA, CPA
 

What's hot (20)

Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 

Similar to Cybersecurity Awareness Training Presentation v2021.08

DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
MohammedFarouk38
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
darrentthurston
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
SileSoftwareInc
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
DallasHaselhorst
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
Church of the Epiphany
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
LaurieAnnFrazier
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
TechSoup
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
w4tgrgdyryfh
 
Simplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your CompanySimplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your Company
Drew Gorton
 
Brilong Smart lock / Smart home / Smart Access
Brilong Smart lock / Smart home / Smart AccessBrilong Smart lock / Smart home / Smart Access
Brilong Smart lock / Smart home / Smart Access
John Peng
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Techsrus
TechsrusTechsrus
Techsrus
Scott Gombar
 
PBL Encryption project.pptx
PBL Encryption project.pptxPBL Encryption project.pptx
PBL Encryption project.pptx
XyzAnc
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
EmilyGladstoneCole
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
AVG Technologies AU
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 

Similar to Cybersecurity Awareness Training Presentation v2021.08 (20)

DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Don't Diligence Information Security for Lawyers
Don't Diligence Information Security for LawyersDon't Diligence Information Security for Lawyers
Don't Diligence Information Security for Lawyers
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
Computer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account informationComputer Security Seminar: Protect your internet account information
Computer Security Seminar: Protect your internet account information
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Simplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your CompanySimplifying Security: Protecting Your Clients and Your Company
Simplifying Security: Protecting Your Clients and Your Company
 
Brilong Smart lock / Smart home / Smart Access
Brilong Smart lock / Smart home / Smart AccessBrilong Smart lock / Smart home / Smart Access
Brilong Smart lock / Smart home / Smart Access
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Techsrus
TechsrusTechsrus
Techsrus
 
PBL Encryption project.pptx
PBL Encryption project.pptxPBL Encryption project.pptx
PBL Encryption project.pptx
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
How to be your Security Team's Best Friend
How to be your Security Team's Best FriendHow to be your Security Team's Best Friend
How to be your Security Team's Best Friend
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 

Recently uploaded

Enhancing Adoption of AI in Agri-food: Introduction
Enhancing Adoption of AI in Agri-food: IntroductionEnhancing Adoption of AI in Agri-food: Introduction
Enhancing Adoption of AI in Agri-food: Introduction
Cor Verdouw
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Kirill Klip GEM Royalty TNR Gold Copper Presentation
Kirill Klip GEM Royalty TNR Gold Copper PresentationKirill Klip GEM Royalty TNR Gold Copper Presentation
Kirill Klip GEM Royalty TNR Gold Copper Presentation
Kirill Klip
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Kalyan Chart Satta Matka Dpboss Kalyan Matka Results
Kalyan Chart Satta Matka Dpboss Kalyan Matka ResultsKalyan Chart Satta Matka Dpboss Kalyan Matka Results
Kalyan Chart Satta Matka Dpboss Kalyan Matka Results
Satta Matka Dpboss Kalyan Matka Results
 
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Niswey
 
japanese language course in delhi near me
japanese language course in delhi near mejapanese language course in delhi near me
japanese language course in delhi near me
heyfairies7
 
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fixKalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
satta Matta matka 143 Kalyan chart jodi 6366249026
 
TriStar Gold Corporate Presentation - June 2024
TriStar Gold Corporate Presentation - June 2024TriStar Gold Corporate Presentation - June 2024
TriStar Gold Corporate Presentation - June 2024
Adnet Communications
 
AI Transformation Playbook: Thinking AI-First for Your Business
AI Transformation Playbook: Thinking AI-First for Your BusinessAI Transformation Playbook: Thinking AI-First for Your Business
AI Transformation Playbook: Thinking AI-First for Your Business
Arijit Dutta
 
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
eaqmokn
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
obriengroupinc04
 
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani case
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
IMG_20240615_091110.pdf dpboss guessing
IMG_20240615_091110.pdf dpboss  guessingIMG_20240615_091110.pdf dpboss  guessing
Truck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers ChennaiTruck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers Chennai
ConveyorSystem
 
Easy Earnings Through Refer and Earn Apps Without KYC.pptx
Easy Earnings Through Refer and Earn Apps Without KYC.pptxEasy Earnings Through Refer and Earn Apps Without KYC.pptx
Easy Earnings Through Refer and Earn Apps Without KYC.pptx
Fx Lotus
 

Recently uploaded (20)

Enhancing Adoption of AI in Agri-food: Introduction
Enhancing Adoption of AI in Agri-food: IntroductionEnhancing Adoption of AI in Agri-food: Introduction
Enhancing Adoption of AI in Agri-food: Introduction
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka KALYAN MATKA |
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Kirill Klip GEM Royalty TNR Gold Copper Presentation
Kirill Klip GEM Royalty TNR Gold Copper PresentationKirill Klip GEM Royalty TNR Gold Copper Presentation
Kirill Klip GEM Royalty TNR Gold Copper Presentation
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Kalyan Chart Satta Matka Dpboss Kalyan Matka Results
Kalyan Chart Satta Matka Dpboss Kalyan Matka ResultsKalyan Chart Satta Matka Dpboss Kalyan Matka Results
Kalyan Chart Satta Matka Dpboss Kalyan Matka Results
 
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
Unlocking WhatsApp Marketing with HubSpot: Integrating Messaging into Your Ma...
 
japanese language course in delhi near me
japanese language course in delhi near mejapanese language course in delhi near me
japanese language course in delhi near me
 
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fixKalyan chart 6366249026 India satta Matta Matka 143 jodi fix
Kalyan chart 6366249026 India satta Matta Matka 143 jodi fix
 
TriStar Gold Corporate Presentation - June 2024
TriStar Gold Corporate Presentation - June 2024TriStar Gold Corporate Presentation - June 2024
TriStar Gold Corporate Presentation - June 2024
 
AI Transformation Playbook: Thinking AI-First for Your Business
AI Transformation Playbook: Thinking AI-First for Your BusinessAI Transformation Playbook: Thinking AI-First for Your Business
AI Transformation Playbook: Thinking AI-First for Your Business
 
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
一比一原版(lbs毕业证书)英国伦敦商学院毕业证如何办理
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
Discover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling ServiceDiscover the Beauty and Functionality of The Expert Remodeling Service
Discover the Beauty and Functionality of The Expert Remodeling Service
 
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
Adani Group's Active Interest In Increasing Its Presence in the Cement Manufa...
 
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan ChartSatta Matka Dpboss Kalyan Matka Results Kalyan Chart
Satta Matka Dpboss Kalyan Matka Results Kalyan Chart
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 
IMG_20240615_091110.pdf dpboss guessing
IMG_20240615_091110.pdf dpboss  guessingIMG_20240615_091110.pdf dpboss  guessing
IMG_20240615_091110.pdf dpboss guessing
 
Truck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers ChennaiTruck Loading Conveyor Manufacturers Chennai
Truck Loading Conveyor Manufacturers Chennai
 
Easy Earnings Through Refer and Earn Apps Without KYC.pptx
Easy Earnings Through Refer and Earn Apps Without KYC.pptxEasy Earnings Through Refer and Earn Apps Without KYC.pptx
Easy Earnings Through Refer and Earn Apps Without KYC.pptx
 

Cybersecurity Awareness Training Presentation v2021.08

  • 1. www.treetopsecurity.com Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY 1 DALLAS HASELHORST FOUNDER/PRINCIPAL - TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X10) From the makers of Peak. The only comprehensive and affordable cybersecurity platform for small businesses. PRESENTED BY TreeTop Security - CAT - v2021.08
  • 2. # whoami ● 20+ years of IT & cybersecurity experience ● Consulted for companies all over the world ● Multiple computer-related degrees from FHSU ● Master’s degree in Information Security Engineering from the SANS Technology Institute ● Alphabet soup of security-related certifications ○ CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231 ● Co-organizer of BSidesKC cybersecurity conference ● Founded an MSP in 2003, acquired in 2016 ● Founded TreeTop in 2016, lead design on Peak platform ● Founded 501(c)(3) STEM Harvest in 2021 - stemharvest.org 2 TreeTop Security - CAT - v2021.08
  • 3. 3 About this presentation Shared and recommended at the RSA conference Feb 2020 Version 1.0 downloaded in over 150 countries in first 6 months! Sept 2019 - March 2020 Latest version is available at https://www.treetopsecurity.com/CAT TreeTop Security - CAT - v2021.08
  • 4. 4 TreeTop Security - CAT - v2021.08
  • 5. Overview ● Why security awareness? ● Backup, backup, backup ● Patching ALL of your devices ● Passwords What to do when things go wrong 5 TreeTop Security - CAT - v2021.08 ● 2-factor authentication ● Internet safety & email ● Phone scams ● Privacy concerns
  • 7. Awareness training is a must! ● Technology alone *cannot* protect you from everything ● Attackers go where security is weakest ● People -> a link in the chain & the last first line of defense ● A must to reduce cybersecurity risk ● Cybersecurity awareness is for... ○ Employees ○ Business owners Reminder: Many tips that keep you safe at work will also keep you safe at home! 7 ○ Parents ○ Kids ○ Seniors ○ Everyone! TreeTop Security - CAT - v2021.08
  • 8. But an attacker isn’t interested in me... ● Credit card and financial data ● Medical data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer resources ○ Cryptomining ○ Advertising ● User or email credentials ○ Sending spam ○ Recovery/reset other accounts 8 ○ Ransomware ○ Jump point ○ “More” access TreeTop Security - CAT - v2021.08 Wrong!!! You are exactly what an attacker wants!
  • 10. Backups ● Backups protect when all else fails ○ NO level of protection is perfect ○ Only “guaranteed” protection against ransomware ● Backup media should *not* be connected at all times ● Test your backups! Restore, restore, restore... Users that have never backed up 35% Users that backup daily 6% Users that backup monthly 14% Users that backup yearly 20% 10 TreeTop Security - CAT - v2021.08
  • 11. Worksheet #1 Your data, your backups https://www.treetopsecurity.com/CAT 11 TreeTop Security - CAT - v2021.08
  • 12. Updates are essential to security • What was secure yesterday may not be secure today • New software vulnerabilities are found every day • Over 360K new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 12 TreeTop Security - CAT - v2021.08
  • 13. ● Operating Systems ○ Microsoft Windows, Apple MacOS, Linux ○ Windows 7 end of life was January 2020 ● Anti-virus ○ Update to the latest definitions to ensure protection against the latest threats ○ Symantec/Norton, McAfee, Windows Defender, Avast, and many others! 13 Keeping your system up-to-date TreeTop Security - CAT - v2021.08
  • 14. Don’t forget!!! ● Browser - your portal to the internet ○ Chrome, Firefox, Edge, Safari, Brave, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & tablets ● Internet of Things (IoT) - Alexa, Google Home, light bulbs, thermostats, doorbells, surveillance system, smart locks, pet feeder, vacuums, health monitors... This could keep going forever! 14 TreeTop Security - CAT - v2021.08
  • 15. 15 TreeTop Security - CAT - v2021.08 Worksheet #2 What’s on your network? https://www.treetopsecurity.com/CAT
  • 17. 17 TreeTop Security - CAT - v2021.08
  • 18. Managing Passwords ● Keep your passwords in a secure location ○ Don’t use paper or sticky notes ○ Don’t store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ Bitwarden ○ Chrome? ● Benefits of a password manager ○ One strong password to access them all ○ Passwords are stored securely ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile ○ KeePass ○ LastPass 18 TreeTop Security - CAT - v2021.08 ○ Apple Keychain?
  • 19. Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, near impossible to guess Passwords shared with colleagues 69% Passwords shared with household 95% One password for all accounts 59% Passwords are too “simple” 86% 19 Easy with a password manager ○ Child names ○ Birthdays ○ Sports teams TreeTop Security - CAT - v2021.08
  • 20. Passphrases, not passwords? ● Useful when passwords must be typed in ● Should not be easy to guess ○ At least 12 characters, but 15 or more is far better ○ Length is better than complexity (passphrases) ○ Bad password (8): P@ssw0rd ○ Great password (25): MysonwasbornNovember1995! Passwords exactly 8 characters 61% Average Length of Password 9.6 Average number of lowercase letters 6.1 Average number of special characters 0.2 20 TreeTop Security - CAT - v2021.08
  • 21. Top 20 passwords by rank & year Source: https://nordpass.com/most-common-passwords-list/ If you use any of these, change them NOW!!! 21 TreeTop Security - CAT - v2021.08 Rank 2018 2019 2020 Rank 2018 2019 2020 1 123456 123456 123456 11 princess abc123 1234567 2 password 123456789 123456789 12 admin qwerty123 qwerty 3 123456789 qwerty picture1 13 welcome 1q2w3e4r abc123 4 12345678 password password 14 666666 admin Million2 5 12345 1234567 12345678 15 abc123 qwertyuiop 000000 6 111111 12345678 111111 16 football 654321 1234 7 1234567 12345 123123 17 123123 555555 iloveyou 8 sunshine iloveyou 12345 18 monkey lovely aaron431 9 qwerty 111111 1234567890 19 654321 7777777 password1 10 iloveyou 123123 senha 20 !@#$%^&* welcome qqww1122
  • 22. 2FA - two-factor authentication ● “Your one-time code is…” ○ Email ○ Phone pop-up ○ Snail Mail ○ Applications ■ Google Authenticator ■ Authy <- ability to recover on new device ● What is 2FA? ○ “Beyond” a username and password ○ Second form to prove it is you ○ Typically out-of-band 22 ○ Phone Call ○ SMS TreeTop Security - CAT - v2021.08 Not as secure
  • 23. 23 TreeTop Security - CAT - v2021.08 Worksheet #3 Password managers & 2FA https://www.treetopsecurity.com/CAT
  • 25. Is the link safe in 4 steps 1. Verify Were you expecting a link? ○ Not just email! ○ Social Media ○ SMS/iMessage ○ Zoom, Teams, Slack, etc. 2. Hover Hover over the link to ensure that it leads to where it says it does 3. Sniff test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical 4. Click Does it pass all 3 tests? Still use caution “When in doubt, throw it out” 01 02 03 04 25 TreeTop Security - CAT - v2021.08
  • 26. Easy to recognize scam ○ Viagra <- ?!?!?! ○ Strange wording ○ Email address 26 Domain name Expected email? Interesting link Red flags? TreeTop Security - CAT - v2021.08
  • 27. Known email account ○ Email address ok ○ Name ok ○ Odd “signature” 27 Expected email? Link - .fr is France Hacked or spoofed email from someone you know Similar attacks via Facebook & social media Red flags? TreeTop Security - CAT - v2021.08
  • 28. ○ Received a text regarding a package before? ○ Recognized domain? Text messaging example 28 TreeTop Security - CAT - v2021.08 Red flags? Source: CNN ○ Name in SMS ok ○ Number ok? ○ Expected text?
  • 29. Hover before you click 29 ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ “Foreign” domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop - Hover Mobile - Long Press TreeTop Security - CAT - v2021.08
  • 30. Shortened or obfuscated links? 30 ● Instead of 300 characters, the link is reduced to 15 characters ○ Bit.ly ○ TinyURL ● Extremely common and helpful, but... ● Abused by criminals to hide malicious websites Link expander www.linkexpander.com TreeTop Security - CAT - v2021.08
  • 31. Hover is your friend 31 TreeTop Security - CAT - v2021.08 ○ Email address ok? ○ Expected email? ○ Sense of urgency ○ HOVER!!! Red flags? Source: Malware Traffic Analysis
  • 32. More email attacks 92% of malware is delivered by email Source: CSO Online 32 TreeTop Security - CAT - v2021.08
  • 33. Email Attachments ● Stop & think before you click! ● Recognized sender? ● Expecting attachment? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: See step 1 ● Found in downloaded files too 33 Attachments in email client (Microsoft Outlook) Enable Macros <- NOOOOOO!!!! TreeTop Security - CAT - v2021.08
  • 34. Other Email Scams 34 TreeTop Security - CAT - v2021.08 ● Can be “non-technical” ● Spear phishing (CEO <-> CFO) ○ Published organization chart ○ Policy requiring phone call? ● What they want ○ Prepaid cards ○ Wire transfers ○ Account & email credentials ● Sense of urgency Technical safeguards cannot help here Account credentials Wire transfer
  • 35. Scammer favorites ● Mimic recent, breaking news ○ Worldwide ■ Health scares ■ Protests ■ Elections ○ Local and regional ● Seasonal/holidays ○ Order & delivery issues ○ Tax issues 35 Recent events - coronavirus Order Cancelled TreeTop Security - CAT - v2021.08 Keep your guard up!
  • 36. 36 TreeTop Security - CAT - v2021.08 Worksheet #4 Have you been part of a breach? https://www.treetopsecurity.com/CAT
  • 37. Reach Out & Scam Someone 37 TreeTop Security - CAT - v2021.08
  • 38. Phone Scams 38 TreeTop Security - CAT - v2021.08 ● Social engineering, what is it? ○ Banks & credit card companies ○ Medical & insurance ○ IRS or any past due account balance ○ Objective: access your sensitive info ● Phone numbers can be easily spoofed ○ Make the caller provide verification ○ Hang up & call back a published number ● Other common phone scams ○ Grandparent Scam ○ Tech support - Microsoft, Apple, Dell, etc. will never contact the average user “out of the blue”
  • 39. Phone scam example ○ Sense of urgency ○ Purposefully confusing ○ Expected call from Microsoft? 39 Red flags? Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… Technical safeguards can only do so much... That’s why security awareness is a must! TreeTop Security - CAT - v2021.08
  • 41. USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 41 TreeTop Security - CAT - v2021.08
  • 42. Encryption ● Can help protect your data ● Can also “help” an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 42 TreeTop Security - CAT - v2021.08
  • 43. Internet Safety Quick Tips ● Never click or install anything based on a pop-up from a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news? ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Avoid public: Wi-Fi, computers (hotels, libraries), charging, etc. 43 Do NOT assume a site is legitimate simply because of the “padlock” TreeTop Security - CAT - v2021.08 No more padlock?
  • 44. ● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ Default privacy settings on social media ○ Vacation photos & “checking-in” (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? Internet Privacy 44 TreeTop Security - CAT - v2021.08
  • 45. Uh oh! You’ve been scammed ● It happens! Don’t be ashamed! ● Don’t panic, but don’t wait around ○ Unplug computer? ○ Contact your technical support ○ Write down details - event timeline, financial accounts, credentials used, phone numbers, etc. ● Ransomware or scam ○ Report the incident to law enforcement? ○ In the US ■ BBB - https://www.bbb.org/scamtracker ■ FBI - Ransomware keys may be available ○ https://www.nomoreransom.org/ 45 TreeTop Security - CAT - v2021.08
  • 46. More Resources ● When in doubt, ask questions ○ Your IT dept/provider? ● Don’t stop here! Attacks change, so should you ● Additional Resources ○ SANS Ouch! - free monthly newsletter ○ StaySafeOnline.org - numerous free resources ○ Stop. Think. Connect. - free, little bit of everything ○ TreeTop Security - Cybersecurity Awareness Training (free) These slides, video presentation of this material, value-add worksheets, post-training quizzes, feedback form, newsletter sign-up, certificate of completion & more! - https://www.treetopsecurity.com/CAT ● Worksheet #5 - Sharing is caring 46 ○ TreeTop? TreeTop Security - CAT - v2021.08
  • 47. Questions? 47 785-370-3444 Dallas Haselhorst info@treetopsecurity.com https://www.treetopsecurity.com Ask about Peak. The affordable, comprehensive, & common sense cybersecurity platform designed for small businesses. TreeTop Security - CAT - v2021.08