SlideShare a Scribd company logo
1 of 53
Download to read offline
TreeTop Security - CAT - v2024.03
Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY
From the makers of Peak. The only comprehensive and
affordable cybersecurity platform for small businesses.
DALLAS HASELHORST
FOUNDER/PRINCIPAL - TREETOP SECURITY
GSE #231, MSISE, CISSP, SANS/GIAC(X10)
1
PRESENTED BY
TreeTop Security - CAT - v2024.03
# whoami
2
25+ years of IT & Cybersecurity Experience
Consulted for companies all over the world
Multiple computer-related degrees - FHSU
Master’s degree in Information Security Engineering - SANS Technology Institute
Alphabet soup of security-related certifications:
● CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231
Co-Organizer of BSidesKC Annual Cybersecurity Conference (Kansas City)
Founded IT Provider (MSP) in 2003, acquired in 2016
Founded TreeTop Security in 2016, lead design on Peak Platform
Founded 501(c)(3) STEM Harvest in 2021 - stemharvest.org
SBA 2024 Kansas Small Business Person of the Year
TreeTop Security - CAT - v2024.03
Legal Disclaimer
While we'd love to boast that our cybersecurity awareness training is
foolproof, the reality is no training can safeguard you from all cyber
threats and that includes cyber criminal’s relentless attempts to send you
malware laced cat memes. It is, however, the best single hour you can use
to learn ways to better protect yourself from the evil lurking on the digital
interwebs. Your best defense against cyber-foolery is your own
cyber-wisdom. Remain vigilant, keep your passwords as complex as the
plot twist in Fight Club, and learn to embrace your inner cybersecurity
awareness ninja!
Note: We were told we needed a disclaimer. Many thanks to ChatGPT for adding some flair.
3
TreeTop Security - CAT - v2024.03
About this Presentation
Latest version is available at hps://www.treetopsecurity.com/CAT
Version 1.0 downloaded in over 150
countries in first 6 months!
Sept 2019 - March 2020
Shared at numerous cybersecurity
conferences including RSA
4
TreeTop Security - CAT - v2024.03
LIVE
LAUGH
GET HACKED
STOP LAUGHING
5
TreeTop Security - CAT - v2024.03
Overview
Why security awareness?
Backup, backup, backup
Patching ALL of your devices
Passwords
2-Factor Authentication (MFA)
Internet Safety & Email
Phone Scams
Privacy Concerns
What to do when things go wrong?
6
TreeTop Security - CAT - v2024.03
Why is
cybersecurity
awareness
important?
01
7
TreeTop Security - CAT - v2024.03
Awareness training is a must!
Technology alone *cannot* protect you from everything
Aackers go where security is weakest
People -> a link the chain & the last first line of defense
A must to reduce cybersecurity risk
Cybersecurity awareness if for…
● Employees ● Parents ● Seniors
● Business Owners ● Kids ● Everyone!
Reminder: Many tips that keep you safe at work
will also keep you safe at home!
8
TreeTop Security - CAT - v2024.03
But an aacker isn’t interesting in me…
Wrong!!! - You are exactly what an aacker wants!
● Credit Card & Financial Data
● Medical Data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer Resources
○ Cryptomining
○ Advertising
○ Ransomware
○ “Jump Point”
● User or email credentials
○ Sending spam
○ “More” access
○ Recovery/Reset other accounts
9
TreeTop Security - CAT - v2024.03
HELP!!!
Ways to protect
yourself!
02
10
TreeTop Security - CAT - v2024.03
Backups
Users that
have never
backed up
35%
Users that
backup
daily
11%
Users that
backup
monthly
20%
Users that
backup
yearly
25%
20%
● Backups protect when all else fails
○ NO level of protection is perfect
○ Only “guaranteed” protection against ransomware
● Backup media should *not* be connected at all times
● Test your backups! Restore, restore, restore!
11
TreeTop Security - CAT - v2024.03
Worksheet #1
Your data,
your backups
hps://www.treetopsecurity.com/CAT
12
TreeTop Security - CAT - v2024.03
Updates are essential
to security.
• What was secure yesterday may not be
secure today
• New software vulnerabilities are found
every day
• Over 450,000 new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
13
TreeTop Security - CAT - v2024.03
Keeping your system up-to-date
● Microsoft Windows, Apple
MacOS, Linux
● Windows 7 end of life was
January 2020
Operating Systems
● Update to the latest definitions
to ensure protection against the
latest threats
● Symantec/Norton, McAfee,
Windows Defender, Avast, and
many others!
Anti-Virus
14
TreeTop Security - CAT - v2024.03
Don’t forget to update…
● Browser - your portal to the internet
○ Chrome, Firefox, Edge, Safari, Brave, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & tablets
● Internet of Things (IoT) - Alexa, Google
Home, light bulbs, thermostats, doorbells,
surveillance system, smart locks, pet feeder,
vacuums, health monitors...
This could keep going forever!
15
TreeTop Security - CAT - v2024.03
Worksheet #2
What’s on your
network?
hps://www.treetopsecurity.com/CAT
16
TreeTop Security - CAT - v2024.03
All About
Passwords
03
17
TreeTop Security - CAT - v2024.03
SOMEONE FIGURED OUT MY PASSWORD,
NOW I HAVE TO RENAME MY DOG.
18
TreeTop Security - CAT - v2024.03
Managing Passwords
● Keep your passwords in a secure location
○ Do NOT use paper or sticky notes
○ Do NOT store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ Bitwarden
○ Chrome?
● Benefits of a password manager
○ One strong password to access them all
○ Passwords are stored securely
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
○ KeePass ○ LastPass
○ Apple Keychain?
19
TreeTop Security - CAT - v2024.03
Much easier with a
password manager!
Password Tips
● Avoid using items that can be associated with you
○ Address
○ Phone numbers
○ Pet names
● Separate passwords for every account
● Auto-generated, near impossible to guess
Rely on sticky notes
for password mgmt
42%
Re-use password for
multiple accounts
52%
Use name or birthdate
in password
59%
Reuse same password
for all accounts
13%
○ Child names
○ Birthdays
○ Sports teams
20
TreeTop Security - CAT - v2024.03
Passphrases, not passwords
● Useful when passwords must be typed in
○ Computer login
● Should not be easy to guess
○ At least 12 characters, but 15 or more is far better
○ Length better than “complexity” - upper, lower, number, & special
characters (~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/)
○ Bad password (8): P@ssw0rd
○ Great password (25): MysonwasbornNovember1995!
○ Wireless <- no phone numbers!
Why are most passwords exactly 8 characters?
21
TreeTop Security - CAT - v2024.03
Top 20 passwords by rank & year
Rank 2020 2021 2022 Rank 2020 2021 2022
1 123456 123456 password 11 1234567 qwerty123 1234567
2 123456789 123456789 123456 12 qwerty 000000 1234
3 picture1 12345 123456789 13 abc123 1q2w3e 1234567890
4 password qwerty guest 14 Million2 aa12345678 000000
5 12345678 password qwerty 15 000000 abc123 555555
6 111111 12345678 12345678 16 1234 password1 666666
7 123123 111111 111111 17 iloveyou 1234 123321
8 12345 123123 12345 18 aaron431 qwertyuiop 654321
9 1234567890
123456789
0
col123456 19 password1 123321 7777777
10 senha 1234567 123123 20 qqww1122 password123 123
If you use any of these, change them NOW!!!
Source: Nordpass
22
TreeTop Security - CAT - v2024.03
Password Length <> Time to Crack
Source: Hive Systems
Time for an
attacker to brute
force your
passwords.
Are you in the
yellow or green?
23
TreeTop Security - CAT - v2024.03
2FA - Two Factor Authentication
What is 2FA?
● “Beyond” a username and password
● Second form to prove it is you
● Typically out-of-band
“Your one-time code is…”
● SMS (Not as secure)
● Phone Call (Not as secure)
● Applications
● Email
● Phone Pop-Up
➔ Google Authenticator
➔ Microsoft Authenticator
➔ Built into a password manager?
99.9% LESS likely to be
compromised if you
use MFA
Source: Microsoft Tech Community
24
TreeTop Security - CAT - v2024.03
Worksheet #3
Password
Managers & 2FA
hps://www.treetopsecurity.com/CAT
25
TreeTop Security - CAT - v2024.03
Just a
Lile Click
04
26
TreeTop Security - CAT - v2024.03
Is the link safe in 4 steps
1. Verify
Were you expecting a link?
○ Not just email!
○ Social Media
○ SMS/iMessage
○ Zoom, Teams, Slack, etc.
2. Hover
Hover over the link to
ensure that it leads to
where it says it does
3. Sni test
Is it a site you recognize?
Does it feel “familiar” to you?
Be skeptical
4. Click
Does it pass all 3 tests?
Still use caution
“When in doubt, throw it
out”
01
02
03
04
27
TreeTop Security - CAT - v2024.03
Easy to Recognize Scam
Viagra <- ?!?!?!
Strange Wording
Email Address
Domain Name
Expected email?
Interesting link
Red flags? ->
28
TreeTop Security - CAT - v2024.03
From a Known Email Account
Email address = OK
Name = OK
Odd “Signature”
Expected email?
Link -> .fr is France
Red flags? ->
Hacked or Spoofed
email from someone
you know
Similar aacks via
Facebook & Social
Media
29
TreeTop Security - CAT - v2024.03
Text Messaging Example
Name in SMS = OK
Number OK?
Expected Text?
Received a text
regarding a package
before?
Recognized domain?
Red flags? ->
Image Source: CNN
30
TreeTop Security - CAT - v2024.03
Hover before you click
● Why hover?
○ Blue text can be deceiving
○ Underlying URL may be different
○ “Foreign” domains - .uk, .cn, or .ru
● Numbers instead of letters
○ Example: 192.168.1.1
○ Don’t trust it!
● Hover on mobile/tablet?
○ Long press (hold)
● Any doubts? Don’t click it!!!
http://www.evil.com/
Desktop
Hover
Example
Mobile
Long-Press
Example
31
TreeTop Security - CAT - v2024.03
Shortened or Obfuscated Links?
Instead of 300 characters, the link is reduced to 15 characters.
● Bit.ly
● TinyURL
Extremely Common and helpful, but…
Abused by criminals to hide malicious websites.
Link Expander
www.linkexpander.com
32
TreeTop Security - CAT - v2024.03
Hovering is your Friend
Email address OK?
Expected Email?
Red flags? ->
Image Source: Malware Traffic Analysis
Sense of Urgency
HOVER!!!
33
TreeTop Security - CAT - v2024.03
More Email Aacks
94% of malware is delivered by Email
1.2% of all emails sent are malicious
Over three billion phishing emails
every day!
34
TreeTop Security - CAT - v2024.03
Email Aachments
● Stop & Think before you click!
● Recognized Sender?
● Expecting Attachments?
● Is it normal for that contact to send
attachments?
Macros
● Step 1: Don’t do it!!!
● Step 2: Please See “Step 1”
● Found in downloaded files also
Attachments in email client (Microsoft Outlook)
Enable Macros <- NOOOOOO!!!!
35
TreeTop Security - CAT - v2024.03
Business Email Compromise (BEC)
● FBI: BEC cost businesses $1.8B every year
● Moving funds -> more susceptible
○ Policy requiring phone call?
● “Trusted” senders
○ Research using publicly available data
■ Published organization chart
■ Spear phishing (CEO <-> CFO)
○ Spoofed domain
■ microsoft.com - micros0ft.com
○ Compromise account of 3rd parties
■ Employee, vendor, or customer
■ Thread hijacking <- lookout
Wire transfer
Oftenrequiresvery
littletechnicalskill
Image Source: Dark Reading
36
TreeTop Security - CAT - v2024.03
Customer BEC Example
● Small business < 100 employees
● CEO received email
○ From school district (their customer)
○ Bid proposal
○ Busy CEO blocked, certain it was legit
○ Asked us to “bypass” blocks/alerts
● Give us 5 minutes
○ Contacted school IT
○ “You’re the 2nd call”
○ All within 30 mins of 1st alert
Image Source: TreeTop Security
37
TreeTop Security - CAT - v2024.03
Other Email Scams
● Mostly “non-technical”
● What the attackers want
○ Money
■ Gift cards
■ Wire transfers
○ Access to email & accounts
● Possible signs
○ Sense of urgency
○ Never happened before
○ No limit on what they say/do
Account credentials
Technology alone
cannot solve this
38
TreeTop Security - CAT - v2024.03
Scammer Favorites
● Mimic recent, breaking news
○ Worldwide
■ Health scares
■ Protests
■ Elections
○ Local and regional
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
Keep your guard up!
Recent events - coronavirus
Order Cancelled
39
TreeTop Security - CAT - v2024.03
Worksheet #4
Have you been
part of a breach?
hps://www.treetopsecurity.com/CAT
40
TreeTop Security - CAT - v2024.03
Reach Out &
Scam
Someone
05
41
TreeTop Security - CAT - v2024.03
Phone Scams
Social Engineering, what is it?
● Banks & Credit Card Companies
● Medical & Insurance
● IRS or any past due account balance
● Objective: Access your sensitive info
Phone Numbers can be easily spoofed
● Make the caller provide verification
● Hang up & call back a published number
Other common phone scams
● Grandparent Scam
● Tech Support - Microsoft, Apple, Dell, etc. will NEVER
contact the average user “out of the blue”
42
TreeTop Security - CAT - v2024.03
Phone Scam Example
Sense of Urgency
Purposefully Confusing
Expected a call from Microsoft?
Red flags? ->
Hi! This is Kathleen from Microsoft. We have been trying to get in touch
with you. However, we will be disconnecting your license within 48
hours because your IP address has been compromised from several
countries. So we need to change your IP address and license key. So
please press 1 to get connected…
43
TreeTop Security - CAT - v2024.03
Phone Scam Example - AI Edition
Hello, this is Kathleen and I'm reaching out on behalf of the Microsoft Security Team. We'venoticed
some unusual activity involving your account. Your IP address has been accessed from multiple
countries indicating a potential security breach. To ensure the safety and integrity of your account
and personal information, it's critical that we update your IP address and license key. Without this
update, we will suspend your license within the next 48 hours to prevent further unauthorized
access. We're here to help you through this process and address any concerns you may have. For
immediate assistance, please press 1 to connect with our support team.
44
This is a message from a spam caller, we're using it in a cybersecurity
awareness presentation - can you make the context of it sound more
natural and more realistic but don't change the meaning behind it?
TreeTop Security - CAT - v2024.03
General Tips
& Privacy
06
45
TreeTop Security - CAT - v2024.03
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
46
TreeTop Security - CAT - v2024.03
Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
47
TreeTop Security - CAT - v2024.03
Internet Safety Quick Tips
● Never click or install anything based on
a pop-up from a website
● “Trusted” websites can & have hosted
malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo, etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers (hotels,
libraries), charging, etc.
Do NOT assume a site is legitimate simply
because of the “padlock”
No more padlock?
48
TreeTop Security - CAT - v2024.03
Internet Privacy
● Data is the new gold -> your data is valuable!
● If you’re not paying for it, are you the product?
○ Data analytics & predictive results
○ Examples: advertising & insurance rates
● Are you oversharing?
○ “Fun” online surveys => data harvesting
○ Default privacy settings on social media
○ Vacation photos & checking-in (location sharing)
■ Thieves see that information also
■ Would you be comfortable telling people on the street?
49
TreeTop Security - CAT - v2024.03
Uh oh! You’ve been scammed!
● It happens! Don’t be ashamed!
● Don’t panic, but don’t wait around
○ Unplug computer!
○ Contact your technical support
○ Write down details - event timeline, financial
accounts, credentials used, phone numbers, etc.
● Ransomware or scam
○ Report the incident to law enforcement?
○ In the US
■ BBB - https://www.bbb.org/scamtracker
■ FBI - Ransomware keys may be available
○ https://www.nomoreransom.org/
50
TreeTop Security - CAT - v2024.03
More Resources
● When in doubt, ask questions
○ Your IT dept/provider?
● Don’t stop here! Attacks change, so should you
● Additional Resources
○ SANS Ouch! - free monthly newsletter
○ StaySafeOnline.org - numerous free resources
○ Stop. Think. Connect. - free, little bit of everything
○ TreeTop Security - Cybersecurity Awareness Training (free)
These slides, video presentation of this material, value-add worksheets,
post-training quizzes, feedback form, newsletter sign-up, certificate of
completion & more! - https://www.treetopsecurity.com/CAT
● Worksheet #5 - Share this with others
51
TreeTop Security - CAT - v2024.03
Questions?
785-370-3444
Dallas Haselhorst
info@treetopsecurity.com
https://www.treetopsecurity.com
Ask about Peak. The affordable, comprehensive, & common sense
cybersecurity platform designed for small businesses.
52
TreeTop Security - CAT - v2024.03
Date/Time Organization/Location Attendees Cost
10/3 (all day) Kansas SBDC Conference (Hays) Public $60
10/7 (all day) BSidesKC Conference (Kansas City) Public $40
10/9 (all day) Private Private -
10/11 @12pm STEM Harvest - Cybersecurity Awareness Public Free
10/12 (all day) Private Private -
10/16 @ 6pm Hays Library - Cybersecurity Awareness Public Free
10/20 @12pm STEM Harvest - Scams, Lies, & Bad Guys Public Free
10/23 @10am Private Private -
10/24 @12pm STEM Harvest - Cybersecurity Awareness Public Free
Anytime Anywhere Public Free
53

More Related Content

What's hot

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTCyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTHamza Khalid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Analysis the causes and effects of cyber crime
Analysis the causes and effects of cyber crimeAnalysis the causes and effects of cyber crime
Analysis the causes and effects of cyber crimeMohammad Husain
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Cyber security awareness for students
 Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Cyber crime &amp; security final tapan
Cyber crime &amp; security final tapanCyber crime &amp; security final tapan
Cyber crime &amp; security final tapanTapan Khilar
 

What's hot (20)

information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
 
Cyber security
 Cyber security Cyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButTCyber crime presentation by HuNnY ButT
Cyber crime presentation by HuNnY ButT
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Analysis the causes and effects of cyber crime
Analysis the causes and effects of cyber crimeAnalysis the causes and effects of cyber crime
Analysis the causes and effects of cyber crime
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Cyber security awareness for students
 Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Ransomware protection
Ransomware protectionRansomware protection
Ransomware protection
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Cyber crime &amp; security final tapan
Cyber crime &amp; security final tapanCyber crime &amp; security final tapan
Cyber crime &amp; security final tapan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 

Similar to Cybersecurity Awareness Training Presentation v2024.03

Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1DallasHaselhorst
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationMohammedFarouk38
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUlf Mattsson
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From HomeDallasHaselhorst
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
How to get Started in Cyber Security - Rayan Crasta
How to get Started in Cyber Security - Rayan CrastaHow to get Started in Cyber Security - Rayan Crasta
How to get Started in Cyber Security - Rayan CrastaRayan Crasta
 
Human With Machine: Harnessing the power of UX for Securing Data
Human With Machine: Harnessing the power of UX for Securing DataHuman With Machine: Harnessing the power of UX for Securing Data
Human With Machine: Harnessing the power of UX for Securing DataRanjeet Tayi
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptxFaith Shimba
 
WeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxSileSoftwareInc
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
20180120 spsbre - we are moving to the cloud what about security
20180120   spsbre - we are moving to the cloud what about security20180120   spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about securityArjan Cornelissen
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 

Similar to Cybersecurity Awareness Training Presentation v2024.03 (20)

Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1Cybersecurity Awareness Training Presentation v1.1
Cybersecurity Awareness Training Presentation v1.1
 
DSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness PresentationDSRY_Cybersecurity Awareness Presentation
DSRY_Cybersecurity Awareness Presentation
 
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENTUNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
UNCOVER DATA SECURITY BLIND SPOTS IN YOUR CLOUD, BIG DATA & DEVOPS ENVIRONMENT
 
7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home7 Cybersecurity Sins When Working From Home
7 Cybersecurity Sins When Working From Home
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
How to get Started in Cyber Security - Rayan Crasta
How to get Started in Cyber Security - Rayan CrastaHow to get Started in Cyber Security - Rayan Crasta
How to get Started in Cyber Security - Rayan Crasta
 
Human With Machine: Harnessing the power of UX for Securing Data
Human With Machine: Harnessing the power of UX for Securing DataHuman With Machine: Harnessing the power of UX for Securing Data
Human With Machine: Harnessing the power of UX for Securing Data
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
WeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance frameworkWeSecure Data Security Congres: How to build a data governance framework
WeSecure Data Security Congres: How to build a data governance framework
 
Public - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptxPublic - Cybersecurity awareness presentation (1).pptx
Public - Cybersecurity awareness presentation (1).pptx
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
20180120 spsbre - we are moving to the cloud what about security
20180120   spsbre - we are moving to the cloud what about security20180120   spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 

Recently uploaded

PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARPEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARdoktercalysta
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledCaitlinCummins3
 
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptxExploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptxTexas Flange
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?Alejandro Cremades
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra
 
Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerAlejandro Cremades
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsStefan Wolpers
 
Series A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by AccionSeries A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by AccionAlejandro Cremades
 
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...brennadilys816
 
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxSaksham Gupta
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...prakheeshc
 
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg PfizerJual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg PfizerPusat Herbal Resmi BPOM
 
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...YourLegal Accounting
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsCaitlinCummins3
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsYourLegal Accounting
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfmstarkes24
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementsirhcs
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312LR1709MUSIC
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Hararedoctorjoe1984
 

Recently uploaded (20)

PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTARPEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
PEMATANG SIANTAR 0851/8063/4797 JUAL OBAT ABORSI CYTOTEC PEMATANG SIANTAR
 
Presentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelledPresentation4 (2) survey responses clearly labelled
Presentation4 (2) survey responses clearly labelled
 
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptxExploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
Exploring-Pipe-Flanges-Applications-Types-and-Benefits.pptx
 
How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?How Do Venture Capitalists Make Decisions?
How Do Venture Capitalists Make Decisions?
 
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdfInnomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
Innomantra Viewpoint - Building Moonshots : May-Jun 2024.pdf
 
Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An Explainer
 
WAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdfWAM Corporate Presentation May 2024_w.pdf
WAM Corporate Presentation May 2024_w.pdf
 
Toyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & TransformationsToyota Kata Coaching for Agile Teams & Transformations
Toyota Kata Coaching for Agile Teams & Transformations
 
Series A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by AccionSeries A Fundraising Guide (Investing Individuals Improving Our World) by Accion
Series A Fundraising Guide (Investing Individuals Improving Our World) by Accion
 
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...
ابو ظبي اعلان | - سايتوتك في الامارات حبوب الاجهاض للبيع ف حبوب الإجهاض ... ا...
 
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptxBlinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
Blinkit: Revolutionizing the On-Demand Grocery Delivery Service.pptx
 
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
A BUSINESS PROPOSAL FOR SLAUGHTER HOUSE WASTE MANAGEMENT IN MYSORE MUNICIPAL ...
 
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg PfizerJual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
Jual Obat Aborsi Di Sibolga wa 0851/7541/5434 Cytotec Misoprostol 200mcg Pfizer
 
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
How Bookkeeping helps you in Cost Saving, Tax Saving and Smooth Business Runn...
 
Powerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metricsPowerpoint showing results from tik tok metrics
Powerpoint showing results from tik tok metrics
 
Unlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA FirmsUnlocking Growth The Power of Outsourcing for CPA Firms
Unlocking Growth The Power of Outsourcing for CPA Firms
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
hyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statementshyundai capital 2023 consolidated financial statements
hyundai capital 2023 consolidated financial statements
 
Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312Shots fired Budget Presentation.pdf12312
Shots fired Budget Presentation.pdf12312
 
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In HarareTop^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
Top^Clinic ^%[+27785538335__Safe*Women's clinic//Abortion Pills In Harare
 

Cybersecurity Awareness Training Presentation v2024.03

  • 1. TreeTop Security - CAT - v2024.03 Cybersecurity Awareness Tips To Protect You And Your Data CONTENT BY From the makers of Peak. The only comprehensive and affordable cybersecurity platform for small businesses. DALLAS HASELHORST FOUNDER/PRINCIPAL - TREETOP SECURITY GSE #231, MSISE, CISSP, SANS/GIAC(X10) 1 PRESENTED BY
  • 2. TreeTop Security - CAT - v2024.03 # whoami 2 25+ years of IT & Cybersecurity Experience Consulted for companies all over the world Multiple computer-related degrees - FHSU Master’s degree in Information Security Engineering - SANS Technology Institute Alphabet soup of security-related certifications: ● CISSP, GSEC, GCIH, GCCC, GCPM, GPEN, GMON, GCIA, GWAPT, GDSA, GSE #231 Co-Organizer of BSidesKC Annual Cybersecurity Conference (Kansas City) Founded IT Provider (MSP) in 2003, acquired in 2016 Founded TreeTop Security in 2016, lead design on Peak Platform Founded 501(c)(3) STEM Harvest in 2021 - stemharvest.org SBA 2024 Kansas Small Business Person of the Year
  • 3. TreeTop Security - CAT - v2024.03 Legal Disclaimer While we'd love to boast that our cybersecurity awareness training is foolproof, the reality is no training can safeguard you from all cyber threats and that includes cyber criminal’s relentless attempts to send you malware laced cat memes. It is, however, the best single hour you can use to learn ways to better protect yourself from the evil lurking on the digital interwebs. Your best defense against cyber-foolery is your own cyber-wisdom. Remain vigilant, keep your passwords as complex as the plot twist in Fight Club, and learn to embrace your inner cybersecurity awareness ninja! Note: We were told we needed a disclaimer. Many thanks to ChatGPT for adding some flair. 3
  • 4. TreeTop Security - CAT - v2024.03 About this Presentation Latest version is available at hps://www.treetopsecurity.com/CAT Version 1.0 downloaded in over 150 countries in first 6 months! Sept 2019 - March 2020 Shared at numerous cybersecurity conferences including RSA 4
  • 5. TreeTop Security - CAT - v2024.03 LIVE LAUGH GET HACKED STOP LAUGHING 5
  • 6. TreeTop Security - CAT - v2024.03 Overview Why security awareness? Backup, backup, backup Patching ALL of your devices Passwords 2-Factor Authentication (MFA) Internet Safety & Email Phone Scams Privacy Concerns What to do when things go wrong? 6
  • 7. TreeTop Security - CAT - v2024.03 Why is cybersecurity awareness important? 01 7
  • 8. TreeTop Security - CAT - v2024.03 Awareness training is a must! Technology alone *cannot* protect you from everything Aackers go where security is weakest People -> a link the chain & the last first line of defense A must to reduce cybersecurity risk Cybersecurity awareness if for… ● Employees ● Parents ● Seniors ● Business Owners ● Kids ● Everyone! Reminder: Many tips that keep you safe at work will also keep you safe at home! 8
  • 9. TreeTop Security - CAT - v2024.03 But an aacker isn’t interesting in me… Wrong!!! - You are exactly what an aacker wants! ● Credit Card & Financial Data ● Medical Data ○ Prescription, insurance, or identity fraud ○ Far more valuable than financial data ● Computer Resources ○ Cryptomining ○ Advertising ○ Ransomware ○ “Jump Point” ● User or email credentials ○ Sending spam ○ “More” access ○ Recovery/Reset other accounts 9
  • 10. TreeTop Security - CAT - v2024.03 HELP!!! Ways to protect yourself! 02 10
  • 11. TreeTop Security - CAT - v2024.03 Backups Users that have never backed up 35% Users that backup daily 11% Users that backup monthly 20% Users that backup yearly 25% 20% ● Backups protect when all else fails ○ NO level of protection is perfect ○ Only “guaranteed” protection against ransomware ● Backup media should *not* be connected at all times ● Test your backups! Restore, restore, restore! 11
  • 12. TreeTop Security - CAT - v2024.03 Worksheet #1 Your data, your backups hps://www.treetopsecurity.com/CAT 12
  • 13. TreeTop Security - CAT - v2024.03 Updates are essential to security. • What was secure yesterday may not be secure today • New software vulnerabilities are found every day • Over 450,000 new malware (viruses & ransomware) released every day • Nothing is “Set & Forget” 13
  • 14. TreeTop Security - CAT - v2024.03 Keeping your system up-to-date ● Microsoft Windows, Apple MacOS, Linux ● Windows 7 end of life was January 2020 Operating Systems ● Update to the latest definitions to ensure protection against the latest threats ● Symantec/Norton, McAfee, Windows Defender, Avast, and many others! Anti-Virus 14
  • 15. TreeTop Security - CAT - v2024.03 Don’t forget to update… ● Browser - your portal to the internet ○ Chrome, Firefox, Edge, Safari, Brave, etc. ○ Internet Explorer (Not recommended) ● Mobile devices - cell phones & tablets ● Internet of Things (IoT) - Alexa, Google Home, light bulbs, thermostats, doorbells, surveillance system, smart locks, pet feeder, vacuums, health monitors... This could keep going forever! 15
  • 16. TreeTop Security - CAT - v2024.03 Worksheet #2 What’s on your network? hps://www.treetopsecurity.com/CAT 16
  • 17. TreeTop Security - CAT - v2024.03 All About Passwords 03 17
  • 18. TreeTop Security - CAT - v2024.03 SOMEONE FIGURED OUT MY PASSWORD, NOW I HAVE TO RENAME MY DOG. 18
  • 19. TreeTop Security - CAT - v2024.03 Managing Passwords ● Keep your passwords in a secure location ○ Do NOT use paper or sticky notes ○ Do NOT store passwords in clear-text on your computer - Word, Excel, etc. ● Utilize a password manager (aka vault) ○ Bitwarden ○ Chrome? ● Benefits of a password manager ○ One strong password to access them all ○ Passwords are stored securely ○ Auto-fill username/password on websites ○ Sync between desktop, laptop, and mobile ○ KeePass ○ LastPass ○ Apple Keychain? 19
  • 20. TreeTop Security - CAT - v2024.03 Much easier with a password manager! Password Tips ● Avoid using items that can be associated with you ○ Address ○ Phone numbers ○ Pet names ● Separate passwords for every account ● Auto-generated, near impossible to guess Rely on sticky notes for password mgmt 42% Re-use password for multiple accounts 52% Use name or birthdate in password 59% Reuse same password for all accounts 13% ○ Child names ○ Birthdays ○ Sports teams 20
  • 21. TreeTop Security - CAT - v2024.03 Passphrases, not passwords ● Useful when passwords must be typed in ○ Computer login ● Should not be easy to guess ○ At least 12 characters, but 15 or more is far better ○ Length better than “complexity” - upper, lower, number, & special characters (~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/) ○ Bad password (8): P@ssw0rd ○ Great password (25): MysonwasbornNovember1995! ○ Wireless <- no phone numbers! Why are most passwords exactly 8 characters? 21
  • 22. TreeTop Security - CAT - v2024.03 Top 20 passwords by rank & year Rank 2020 2021 2022 Rank 2020 2021 2022 1 123456 123456 password 11 1234567 qwerty123 1234567 2 123456789 123456789 123456 12 qwerty 000000 1234 3 picture1 12345 123456789 13 abc123 1q2w3e 1234567890 4 password qwerty guest 14 Million2 aa12345678 000000 5 12345678 password qwerty 15 000000 abc123 555555 6 111111 12345678 12345678 16 1234 password1 666666 7 123123 111111 111111 17 iloveyou 1234 123321 8 12345 123123 12345 18 aaron431 qwertyuiop 654321 9 1234567890 123456789 0 col123456 19 password1 123321 7777777 10 senha 1234567 123123 20 qqww1122 password123 123 If you use any of these, change them NOW!!! Source: Nordpass 22
  • 23. TreeTop Security - CAT - v2024.03 Password Length <> Time to Crack Source: Hive Systems Time for an attacker to brute force your passwords. Are you in the yellow or green? 23
  • 24. TreeTop Security - CAT - v2024.03 2FA - Two Factor Authentication What is 2FA? ● “Beyond” a username and password ● Second form to prove it is you ● Typically out-of-band “Your one-time code is…” ● SMS (Not as secure) ● Phone Call (Not as secure) ● Applications ● Email ● Phone Pop-Up ➔ Google Authenticator ➔ Microsoft Authenticator ➔ Built into a password manager? 99.9% LESS likely to be compromised if you use MFA Source: Microsoft Tech Community 24
  • 25. TreeTop Security - CAT - v2024.03 Worksheet #3 Password Managers & 2FA hps://www.treetopsecurity.com/CAT 25
  • 26. TreeTop Security - CAT - v2024.03 Just a Lile Click 04 26
  • 27. TreeTop Security - CAT - v2024.03 Is the link safe in 4 steps 1. Verify Were you expecting a link? ○ Not just email! ○ Social Media ○ SMS/iMessage ○ Zoom, Teams, Slack, etc. 2. Hover Hover over the link to ensure that it leads to where it says it does 3. Sni test Is it a site you recognize? Does it feel “familiar” to you? Be skeptical 4. Click Does it pass all 3 tests? Still use caution “When in doubt, throw it out” 01 02 03 04 27
  • 28. TreeTop Security - CAT - v2024.03 Easy to Recognize Scam Viagra <- ?!?!?! Strange Wording Email Address Domain Name Expected email? Interesting link Red flags? -> 28
  • 29. TreeTop Security - CAT - v2024.03 From a Known Email Account Email address = OK Name = OK Odd “Signature” Expected email? Link -> .fr is France Red flags? -> Hacked or Spoofed email from someone you know Similar aacks via Facebook & Social Media 29
  • 30. TreeTop Security - CAT - v2024.03 Text Messaging Example Name in SMS = OK Number OK? Expected Text? Received a text regarding a package before? Recognized domain? Red flags? -> Image Source: CNN 30
  • 31. TreeTop Security - CAT - v2024.03 Hover before you click ● Why hover? ○ Blue text can be deceiving ○ Underlying URL may be different ○ “Foreign” domains - .uk, .cn, or .ru ● Numbers instead of letters ○ Example: 192.168.1.1 ○ Don’t trust it! ● Hover on mobile/tablet? ○ Long press (hold) ● Any doubts? Don’t click it!!! http://www.evil.com/ Desktop Hover Example Mobile Long-Press Example 31
  • 32. TreeTop Security - CAT - v2024.03 Shortened or Obfuscated Links? Instead of 300 characters, the link is reduced to 15 characters. ● Bit.ly ● TinyURL Extremely Common and helpful, but… Abused by criminals to hide malicious websites. Link Expander www.linkexpander.com 32
  • 33. TreeTop Security - CAT - v2024.03 Hovering is your Friend Email address OK? Expected Email? Red flags? -> Image Source: Malware Traffic Analysis Sense of Urgency HOVER!!! 33
  • 34. TreeTop Security - CAT - v2024.03 More Email Aacks 94% of malware is delivered by Email 1.2% of all emails sent are malicious Over three billion phishing emails every day! 34
  • 35. TreeTop Security - CAT - v2024.03 Email Aachments ● Stop & Think before you click! ● Recognized Sender? ● Expecting Attachments? ● Is it normal for that contact to send attachments? Macros ● Step 1: Don’t do it!!! ● Step 2: Please See “Step 1” ● Found in downloaded files also Attachments in email client (Microsoft Outlook) Enable Macros <- NOOOOOO!!!! 35
  • 36. TreeTop Security - CAT - v2024.03 Business Email Compromise (BEC) ● FBI: BEC cost businesses $1.8B every year ● Moving funds -> more susceptible ○ Policy requiring phone call? ● “Trusted” senders ○ Research using publicly available data ■ Published organization chart ■ Spear phishing (CEO <-> CFO) ○ Spoofed domain ■ microsoft.com - micros0ft.com ○ Compromise account of 3rd parties ■ Employee, vendor, or customer ■ Thread hijacking <- lookout Wire transfer Oftenrequiresvery littletechnicalskill Image Source: Dark Reading 36
  • 37. TreeTop Security - CAT - v2024.03 Customer BEC Example ● Small business < 100 employees ● CEO received email ○ From school district (their customer) ○ Bid proposal ○ Busy CEO blocked, certain it was legit ○ Asked us to “bypass” blocks/alerts ● Give us 5 minutes ○ Contacted school IT ○ “You’re the 2nd call” ○ All within 30 mins of 1st alert Image Source: TreeTop Security 37
  • 38. TreeTop Security - CAT - v2024.03 Other Email Scams ● Mostly “non-technical” ● What the attackers want ○ Money ■ Gift cards ■ Wire transfers ○ Access to email & accounts ● Possible signs ○ Sense of urgency ○ Never happened before ○ No limit on what they say/do Account credentials Technology alone cannot solve this 38
  • 39. TreeTop Security - CAT - v2024.03 Scammer Favorites ● Mimic recent, breaking news ○ Worldwide ■ Health scares ■ Protests ■ Elections ○ Local and regional ● Seasonal/holidays ○ Order & delivery issues ○ Tax issues Keep your guard up! Recent events - coronavirus Order Cancelled 39
  • 40. TreeTop Security - CAT - v2024.03 Worksheet #4 Have you been part of a breach? hps://www.treetopsecurity.com/CAT 40
  • 41. TreeTop Security - CAT - v2024.03 Reach Out & Scam Someone 05 41
  • 42. TreeTop Security - CAT - v2024.03 Phone Scams Social Engineering, what is it? ● Banks & Credit Card Companies ● Medical & Insurance ● IRS or any past due account balance ● Objective: Access your sensitive info Phone Numbers can be easily spoofed ● Make the caller provide verification ● Hang up & call back a published number Other common phone scams ● Grandparent Scam ● Tech Support - Microsoft, Apple, Dell, etc. will NEVER contact the average user “out of the blue” 42
  • 43. TreeTop Security - CAT - v2024.03 Phone Scam Example Sense of Urgency Purposefully Confusing Expected a call from Microsoft? Red flags? -> Hi! This is Kathleen from Microsoft. We have been trying to get in touch with you. However, we will be disconnecting your license within 48 hours because your IP address has been compromised from several countries. So we need to change your IP address and license key. So please press 1 to get connected… 43
  • 44. TreeTop Security - CAT - v2024.03 Phone Scam Example - AI Edition Hello, this is Kathleen and I'm reaching out on behalf of the Microsoft Security Team. We'venoticed some unusual activity involving your account. Your IP address has been accessed from multiple countries indicating a potential security breach. To ensure the safety and integrity of your account and personal information, it's critical that we update your IP address and license key. Without this update, we will suspend your license within the next 48 hours to prevent further unauthorized access. We're here to help you through this process and address any concerns you may have. For immediate assistance, please press 1 to connect with our support team. 44 This is a message from a spam caller, we're using it in a cybersecurity awareness presentation - can you make the context of it sound more natural and more realistic but don't change the meaning behind it?
  • 45. TreeTop Security - CAT - v2024.03 General Tips & Privacy 06 45
  • 46. TreeTop Security - CAT - v2024.03 USB Drives & More ● Do NOT connect unknown or unauthorized media (or devices) ● Programs can run when plugged in without you doing anything ● Examples ○ USB/flash drives ○ SD or micro SD cards ○ CDs or DVDs ○ External hard drives ○ Cell phones <- Often forgotten 46
  • 47. TreeTop Security - CAT - v2024.03 Encryption ● Can help protect your data ● Can also “help” an attacker, e.g. ransomware ● Protecting data sent or received ○ HTTP vs. HTTPS ○ Wireless -> WPA2 (AES) recommended ● Protecting devices ○ Helpful if device is lost/stolen ○ Often associated with phone PIN/passcode ○ Microsoft Windows - BitLocker ○ Apple MacOS - FileVault 47
  • 48. TreeTop Security - CAT - v2024.03 Internet Safety Quick Tips ● Never click or install anything based on a pop-up from a website ● “Trusted” websites can & have hosted malware, aka malvertising ○ Local news? ○ WSJ, Forbes, ESPN, Yahoo, etc. ○ Limit browsing to business relevant sites? ● Avoid public: Wi-Fi, computers (hotels, libraries), charging, etc. Do NOT assume a site is legitimate simply because of the “padlock” No more padlock? 48
  • 49. TreeTop Security - CAT - v2024.03 Internet Privacy ● Data is the new gold -> your data is valuable! ● If you’re not paying for it, are you the product? ○ Data analytics & predictive results ○ Examples: advertising & insurance rates ● Are you oversharing? ○ “Fun” online surveys => data harvesting ○ Default privacy settings on social media ○ Vacation photos & checking-in (location sharing) ■ Thieves see that information also ■ Would you be comfortable telling people on the street? 49
  • 50. TreeTop Security - CAT - v2024.03 Uh oh! You’ve been scammed! ● It happens! Don’t be ashamed! ● Don’t panic, but don’t wait around ○ Unplug computer! ○ Contact your technical support ○ Write down details - event timeline, financial accounts, credentials used, phone numbers, etc. ● Ransomware or scam ○ Report the incident to law enforcement? ○ In the US ■ BBB - https://www.bbb.org/scamtracker ■ FBI - Ransomware keys may be available ○ https://www.nomoreransom.org/ 50
  • 51. TreeTop Security - CAT - v2024.03 More Resources ● When in doubt, ask questions ○ Your IT dept/provider? ● Don’t stop here! Attacks change, so should you ● Additional Resources ○ SANS Ouch! - free monthly newsletter ○ StaySafeOnline.org - numerous free resources ○ Stop. Think. Connect. - free, little bit of everything ○ TreeTop Security - Cybersecurity Awareness Training (free) These slides, video presentation of this material, value-add worksheets, post-training quizzes, feedback form, newsletter sign-up, certificate of completion & more! - https://www.treetopsecurity.com/CAT ● Worksheet #5 - Share this with others 51
  • 52. TreeTop Security - CAT - v2024.03 Questions? 785-370-3444 Dallas Haselhorst info@treetopsecurity.com https://www.treetopsecurity.com Ask about Peak. The affordable, comprehensive, & common sense cybersecurity platform designed for small businesses. 52
  • 53. TreeTop Security - CAT - v2024.03 Date/Time Organization/Location Attendees Cost 10/3 (all day) Kansas SBDC Conference (Hays) Public $60 10/7 (all day) BSidesKC Conference (Kansas City) Public $40 10/9 (all day) Private Private - 10/11 @12pm STEM Harvest - Cybersecurity Awareness Public Free 10/12 (all day) Private Private - 10/16 @ 6pm Hays Library - Cybersecurity Awareness Public Free 10/20 @12pm STEM Harvest - Scams, Lies, & Bad Guys Public Free 10/23 @10am Private Private - 10/24 @12pm STEM Harvest - Cybersecurity Awareness Public Free Anytime Anywhere Public Free 53