More Related Content
What's hot
What's hot (20)
Similar to Internet Security at Work Presentation
Similar to Internet Security at Work Presentation (20)
Recently uploaded
Recently uploaded (20)
Internet Security at Work Presentation
- 1. Internet Security at Work Protect company, customer, and employee data online Selva Redback Acaddemy
- 2. Small and midsize businesses at risk online
- 3. Small and midsize businesses at risk online 1/3 of businesses surveyed experienced fraud attempts online
- 4. Five steps to stronger cyber security 1 Strengthen your computer’s defenses 2 Avoid downloading malware 3 Protect company data & financial assets 4 Create strong passwords & keep them private 5 Guard data & devices when you’re on the go
- 5. Step 1 Strengthen your computer’s defenses
- 6. Strengthen your computer’s defenses Keep the firewall on Install legitimate antimalware software Keep software up to date, automatically
- 7. Step 2 Don’t be tricked into downloading malware
- 8. Don’t be tricked into downloading malware Think before you click Confirm that the message is legitimate Close pop-up messages carefully Ctrl F4
- 9. Step 3 Protect company data and financial assets
- 10. Protect company data and financial assets Handle sensitive data with special care Beware of scams and fraud
- 11. Protect company data and financial assets How to evade scams Look for telltale signs www.snopes.com Think before you click Keep sensitive information private
- 12. Step 4 Create strong passwords Keep them private
- 13. Create strong passwords Which passwords are strong? $wAaMd5Pnv01saRa6A0s!n/s1cw0!we5a34R2ogy/e0re7Od209!1D5uDs0!0r STWREOANKG My son AideSnwAawndaRvsaic3ne tyRaeegaderDosuoosol!dr in December
- 14. Create strong passwords Keep them private Make passwords strong Keep them private Use unique passwords
- 15. Step 5 Guard data and devices when you’re on the go
- 16. Guard company data when you’re on the go Connect securely Confirm the connection Encrypt HLTONHOTELS.confidential NET data Save sensitive activities for trusted connections Flash drives: watch out for unknowns
- 17. Step 1 Strengthen your computer’s defenses
- 18. Step 2 Don’t be tricked into downloading malware
- 19. Step 3 Protect company data and financial assets
- 20. Step 4 Create strong passwords Keep them private
- 21. Step 5 Guard data and devices when you’re on the go
- 22. What to do if there are problems Report abuse and other problems Immediately report phishing Immediately report missing devices or theft of company data Change all passwords Wipe mobile phones
- 23. More helpful information Learn how Get the latest: microsoft.com/security Comments? Questions?
- 24. Your gateway to the latest information from Microsoft about how to work more securely on the Internet and better protect company, customer, and personal data: microsoft.com/security. © 2012 Microsoft Corporation. All rights reserved.
Editor's Notes
- SLIDE 1 TALKING POINTS Today we’re going to spend about half an hour outlining how you can work more securely on the Internet and help protect our company’s information (including customer data) and financial assets against online fraud and other cyber crimes. You’ve heard the tales of how companies and organizations were damaged and in some cases even destroyed by cyber criminals. Here are a few true stories: A thief stole a company laptop, and the company lost a decade of irreplaceable research and intellectual property worth millions. A newly-hired executive received email from what looked like his company’s travel agency, where he was asked to click a link to confirm the accuracy of his personal details. This took him to an official-looking site where he found his personal data. There, he was asked to download software that would link his Outlook email account to the travel agency’s booking system. In so doing, he downloaded malicious software that spread through his new company. Hackers broke into the computers of a retail chain through an unsecured wireless network and stole the financial information of all its customers, which cost the company millions in lost business and was ruinous to its reputation. Most often, damage to big corporations dominates the news, but cyber crooks target small and midsized businesses, too. [click]
- SLIDE 2 TALKING POINTS This is a hidden slide and won’t show up when you make your presentation. This slide deck is based on “Top Tips for Internet Security at Work” in this Toolkit: Tip_Card/Top_Tips_for_Internet_Security_at_Work.pdf. The presentation takes about 30 minutes, and covers five key ways to help protect company data online: Strengthen your computer’s defenses. Avoid downloading malicious software. Protect company data and financial assets. Create strong passwords and keep them private. Guard data and devices when you’re on the go. GETTING READY Review the tip card and the resources offered in this Toolkit. Read through the talking points in this deck. Consider how you might adapt the notes to the specifics of your company or organization. For example, search for references to “IT team” or “system administrator.” You may want to amend those references (or delete them entirely) so they better fit your organization. You can make changes and additions right in the talking points section of each slide. Type your name on the first slide, replacing the text that’s there. Also, if you’d like, insert the name of your organization; otherwise, delete this text in the slide. It’s a good idea to rehearse the presentation—if possible, in the space where you’ll deliver it, with the equipment that you’ll use (so you know how it works), and preferably in front of at least one or two people (to give you feedback). To help you prepare, you might find it useful to print the notes pages (or “TALKING POINTS”) of the slides. Each page of notes includes an image of the slide for reference. You can solicit comments and questions from your audience as you go along if you’re comfortable with a more informal approach. You can run your presentation from one monitor (your laptop, for example), while your audience views it on a second monitor (projected on a larger screen, say). When you use two monitors, you can view your notes that the audience will not see. You can do this using Presenter View. (For instructions about how to set this up, type Presenter view in PowerPoint Help, and select the topic about Presenter View or delivering a presentation on two monitors.
- SLIDE 3 TALKING POINTS Cyber criminals assume that smaller business owners are more focused on building their companies than worrying about cyber crime. They know that smaller businesses have fewer resources than large companies to defend themselves, and also assume that they don’t have the necessary expertise to take preventive steps. Why target a big corporation with sophisticated tools and extensive resources to combat cyber crime, when it’s easier to infiltrate the tens of thousands of small businesses? [click]
- SLIDE 4 TALKING POINTS Data backs this up. For example, the Aite (pronounced eye-tay) Group, which provides research for the financial services industry, asked controllers at 110 small and midsized businesses in June 2011 about attempted online fraud. Researchers found that one third of those businesses surveyed had experienced online fraud attempts. Criminals are indiscriminate in their targets of smaller organizations and the crimes seem to pay. For example, a small town in upstate New York lost $139,000, and a Catholic diocese forfeited over half a million dollars, both to thieves who stole employee credentials to initiate transfers from their bank accounts. Fortunately, preventive steps to help defend our company’s assets don’t require us to be experts or spend a lot of money. It’s really a matter of educating ourselves about Internet risks and then developing practical habits that strengthen our security when we’re online. So, for the next 30 minutes or so, let’s get the details. [click] NOTE TO SPEAKER You’ll find the Aite Group research in this 2012 white paper, “Know Your Enemy: Successful Strategies in Online Fraud Migration:” http://info.threatmetrix.com/Aite-Online-Fraud-Mitigation-2012.html.
- SLIDE 5 TALKING POINTS We’ll talk about these five steps you can take: Help secure your computer by strengthening its defenses. Be cautious so you don’t inadvertently download malicious software that could damage computers or be used to steal information. Help protect sensitive company information and financial assets from theft. Create strong, unique passwords and don’t share them with others. Guard data and devices (phones, flash drives, laptops, tablets, etc.) when you work away from the office. These practical measures don’t take much technical expertise—just smart habits regularly practiced and a good dose of common sense. So let’s look at the first step—beefing up your computer’s defenses. [click]
- SLIDE 6 TALKING POINTS Criminals use two broad strategies to try to break through a computer’s defenses: They try to install malicious software (or malware) on computers that haven’t been updated. For example, they can exploit weaknesses in older software, or they can break into accounts guarded by simple passwords. To combat that, strengthen your computer’s defenses. They also try to trick you into installing their malware. But we’ll get to that later in Step 2. [click]
- SLIDE 7 TALKING POINTS So, to strengthen your computer’s defenses, never turn off your computer’s firewall. Turning it off—even for a minute—increases risk. A firewall creates a barrier between your computer and the Internet, a kind of security checkpoint that both information and software must pass through before they can enter or leave your computer. [click] Second, to defend against malware: Install antispyware and antivirus software from a trusted source. Our IT staff will tell you what to install. This software helps protect your computer by scanning downloaded files and attachments for the latest threats, and detecting and removing thousands of specific viruses before they have a chance to do any damage. Also, never download anything in response to a warning from a program you didn’t install or don’t recognize—especially if it claims to protect your computer or offers to remove viruses. Same for any pop-up message that advertises security software. These are likely to be fake, and do exactly the opposite of what they advertise. [click] And third, cyber criminals are inventive in their efforts to exploit vulnerabilities in software. Many software companies provide updates, so regularly install them for all software. This means updating antivirus and antispyware programs, your browser like Windows Internet Explorer, operating systems (like Windows), and word processing and other programs (including games). Everything. The safest and easiest way to stay current is to subscribe to automatic updates whenever they’re offered. For example, to automatically update all Microsoft software, go to update.microsoft.com, or if you use Windows, open Control Panel and use Programs and Features. It’s also a good idea to UNinstall any software that you don’t use. Check with our system administrator to find out how to do this. Now let’s talk about how to guard against the tricks criminals use to get you to download malware—starting with a story. [click] NOTE TO SPEAKER Consider introducing this slide with an overview of the security measures your company takes to help protect computers, laptops, mobile phones, and other devices against viruses, spyware, and other threats to network security and sensitive data. If you don’t have an IT specialist or team to advise on installing security software or removing software you no longer use, here’s some help: For installing antivirus or antispyware software, there is a pointer on the tip card to a Microsoft site that can help. When you distribute the tip card, you can point this out to your audience. To uninstall unused software you use Windows, you can remove it using Programs and Features in Control Panel.
- SLIDE 8 TALKING POINTS Here’s an email message that crooks sent to thousands of top U.S. executives. It appeared to be an official subpoena from the U.S. District Court in San Diego. Each message included executive-specific information (name, etc.) and directed him or her to appear before a grand jury. The message urged the recipient to use an embedded link to open the subpoena. However, anyone who clicked the link unwittingly installed software that secretly captured passwords, user names, account numbers, and other company data that the executive typed, and sent it to a criminal’s computer. The malware also enabled the criminals to control the infected computer remotely, wreaking further havoc. Security researchers believed that at least several thousand executives took the bait and compromised their computers. So if you had been one of these executives, what could you have done to protect your computer and your company? [click]
- SLIDE 9 TALKING POINTS When you receive email, instant, or text messages, or messages on social networks like Facebook, LinkedIn, and Twitter: be cautious. [click] Stop and think before you click links, open photos, songs, or other attachments in a message from someone you don't know. Be wary of "free" games, apps, and the like, which are notorious for including malware in the download. Even be suspicious of links and attachments from someone within your company, especially if it’s something unexpected, like ilovepinkponies.pdf from your boss. Or, just because the email message says it’s a LinkedIn update, doesn’t mean it is. You never know if a criminal has hacked into a coworker’s account, or that his or her computer has been infected with a virus that is automatically sending spam. [click] Confirm. If you think it’s suspicious, don’t click anything or use phone numbers or email addresses in the message. Instead, use a different device and another account to confirm with the sender that the message is legitimate. Or do some research. For example, the executives in our example might have paused to consider whether their companies were involved in litigation that could result in a subpoena from this court. [click] Close. Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up messages or warnings, on websites that seem suspicious to you, or in offers to remove spyware or viruses. These also could trigger the download of malware. [click] Instead close the window. To do this, press Ctrl and F4 on your keyboard. And the advice, “If you see something, say something,” applies here. If you do see a message that seems suspicious or problematic, report it to the system administrator who can take action including warning others what to do if they see the same thing. Now, let’s go to Step 3 and see how you can further protect sensitive business data and our company’s financial assets. [click]
- SLIDE 10 TALKING POINTS Ultimately, the steps we’ve covered so far are about protecting our company information—customer data, intellectual property, and the like—as well as vital financial assets. But scams abound. For example, an employee, asked to confirm her password in an email message sent by someone posing as her system administrator, gave criminals access to the company network, bringing business to a halt. Or a payroll processing firm was hit by a phishing attack that sent email to its businesses customers, asking them to reveal passwords to continue to use their company’s payroll services. To help guard against scenarios like these, there are two basic things you can do. [click]
- SLIDE 11 TALKING POINTS Avoid putting confidential information in email unless it’s encrypted. (Encryption enhances data security by scrambling the contents so that it can be read only by someone who has the right key to unscramble it.) Also, avoid putting sensitive information in instant or text messages, as these are not typically secure. This includes account numbers, passwords, intellectual property, customer data, and so on. [click] Beware of scams—the most dangerous are the ones that appear to be legitimate. Small and midsized businesses are as much a target of scams as individuals. Scams directed to them can include links that advertise false products, hoaxes that claim you’ve received a refund from the IRS or a package from the post office that your company never ordered, charges for unauthorized advertising or office supplies, or urgent requests to update account information. All scams are designed to collect information the scammer can use to steal company data or money—or both. [click]
- SLIDE 12 TALKING POINTS Like the phishing scam in our story, criminals design their messages to be very convincing. Learn to scan for telltale signs like these: Messages that imitate organizations you trust—a supplier or your company bank, your payroll company, a government agency like the IRS, post office, or the one we saw from the U.S. District Court. Requests to reveal sensitive data like account or logon info, to click a link to a fraudulent webpage, or to call a toll-free number that could go to a counterfeit call center. Attempts to alarm you. “A virus has corrupted our database. Please re-confirm your information NOW to avoid account closure.” Or, “Confirm your password to continue using our payroll service.” When we’re alarmed, we may put our suspicions aside. As spammers get more sophisticated, they’re increasingly avoiding misspellings and grammatical errors. But still keep an eye out for these tactics that are used to break through phishing filters. [click] If you’re ever in doubt about the legitimacy of a message, consult a website such as www.snopes.com that identifies known scams. [click] The pointers we learned in Step 2, to avoid downloading malware, apply equally here to help evade scams. Think twice before you click a link or open an attachment. [click] Keep sensitive information private. Never give information like a user name or password in response to a phone call, or an email message or other online request (even from a coworker). Instead, confirm that the message is legitimate using a different device or another account. If it’s from a company you do business with, use the phone number or email address you know to contact them, not one in the message. To visit the site, type the web address yourself instead of clicking the link in the message, or use your own bookmark or favorite. Your next defense is using strong passwords and PINs to guard your accounts and devices. [click]
- SLIDE 13 TALKING POINTS You lock your house, your car, your bike. You also need to lock corporate assets, client info, devices (like phones, laptops, and company routers), online accounts and so on with passwords and PINs—and change them regularly. So what makes a password strong? [click]
- SLIDE 14 NOTE TO SPEAKER This is a chance for the audience to test their ability to gauge password strength. Give everyone 5 or 10 seconds to think about and decide whether the password is strong. Or ask for volunteers to give an explanation and then show the answer. Here’s how it works: When the title of the slide comes up, click your mouse to display the first password. After 5 or 10 seconds, click your mouse again to display the answer and read the explanation in the talking points. Then click your mouse to display the next password. Repeat Steps 2 and 3 to make your way through the entire list. TALKING POINTS I’m going to show a password and give you a few seconds to determine whether it’s strong—and why or why not. [click] WEAK. This is the most common business password, so it’s at the top of criminal lists to test. [click] WEAK. A date—birthday or anniversary, for example—can be known and easily found by a criminal. [click] WEAK. Don’t use a single word that you can find in any dictionary in any language (advantageous). Criminals can easily break common replacements such as an exclamation point for “t” or zero for “o.” [click] STRONG. SwanRiceRedDoor Uses words that don’t make sense grammatically, but mean something to the person who made up the password. It’s also long and uses upper and lower case letters, numbers, and symbols. [click] WEAK. Avoid using only numbers--number sequences, repeated numbers, like 22222222, or numbers like Social Security numbers. [click] STRONG. This password took the first letters from this sentence: My son Aiden was 3 years old in December. This is a sentence that was easy for the person who made it up to remember, but difficult for others to guess. Mixing in capital and lowercase letters, symbols, and numbers adds complexity. Now that you have a better sense of what makes passwords strong, let’s look at how to use strong passwords so they’re most effective. [click]
- SLIDE 15 TALKING POINTS In addition to password strength, how else can you use passwords to help protect data? [click] Don’t disclose passwords or PINs to anyone. Many account takeovers occur because the owner shared the password. Don’t store them on your phone, or in a file or on a post-it on your computer. It’s okay to store them on a sheet of paper hidden away from your desk. Don’t let anyone trick you into revealing them. [click] Don’t use the same password (or even simple variations) for different accounts. Use a unique password or PIN for each account or device (including your computer and mobile phone) containing personal or business data. Otherwise, if one is stolen or inadequately protected by the site, all the accounts it protects are at risk. [click] And last, you’ll want to take a few extra precautions when you travel for work. [click]
- SLIDE 16 TALKING POINTS It’s a good idea to treat all public wireless connections as a security risk because they’re often unsecured. This means that Wi-Fi hot spots at coffee shops, hotels and motels, airports, libraries, and other public places may be open to anyone who wants to look at the traffic passing through them, using inexpensive and readily available devices. Sometimes, businesses don’t have a firewall between their point of sale computers—the cash registers that take your credit card for payment—and the free wireless access they offer customers. This can enable criminals to steal your credit card number when you buy something. Or watch out for mock Wi-Fi hotspots, which often top the list of available connections, enticing you with names like “Free Wi-Fi.” Clicking one may expose your device to a hacker who could take control of it. So look at some ways to connect to the web more safely when you’re on the go. [click]
- SLIDE 17 TALKING POINTS When you use a public Wi-Fi network, choose the most secure connection—even if it means paying for it. Ask about it before you connect. Some wireless networks offer a network key or certificate that encrypts data as it travels between your laptop and the router. Look for a password- protected connection, ideally one that is unique for your use.[click] Know where you’re connecting. Confirm the exact spelling of the network you’re connecting to. Beware of clever (slightly misspelled) fakes. For example, in HLTONHOTEL.SNET there’s no “I” in Hilton. [click] Encrypt all confidential data on smartphones, laptops, flash drives, and other portable devices in case they’re lost or stolen. There are many programs that can encrypt data, such as Microsoft BitLocker Drive Encryption, which is included with certain versions of Windows. (Our IT staff can help you do this.) Note, however, that encryption only slows access to data; it may not stop a very determined hacker from going after really valuable data. [click] Never make sensitive transactions at a wireless hot spot. Never do payroll, or pay invoices, bank, or do other financial business, or download or update software on any device over a public Wi-Fi network. The security is unreliable. Remember, too, that email is not secure, so avoid using it to send sensitive information. [click] Use flash drives so they don’t compromise your computer or network security. Flash drives can so easily be used to infect computers and company networks with malicious software that the U.S. military banned their use back in 2008! If you do use them, minimize the risk: Don’t put any unknown flash (or USB) drive into your computer. It could have been corrupted after being inserted in an infected computer. On your flash drive, don’t open files that you don’t recognize or that you don’t remember putting there—in case they harbor malware. That’s it! We’ve covered the main points. Let’s recap. [click] NOTE TO SPEAKER This is a good point at which to pass out the tip card, Internet Security at Work, and point out the main steps on the card as you go through the next five slides. For more information about Microsoft BitLocker Drive Encryption, visit: windows.microsoft.com/en-US/windows7/products/features/bitlocker.
- SLIDE 18 TALKING POINTS First, lay the foundation for stronger cyber security. Never turn off your computer’s firewall. Install antivirus and antispyware software from a trusted source, and keep all software current using automatic updates wherever possible. [click]
- SLIDE 19 TALKING POINTS Second, don’t let criminals trick you—like they did the executives in this example—into downloading their malicious software. When you receive email, instant, or text messages, or messages on social networks, stop and think before you click links, open photos, songs, or other attachments in a message—even from someone you know. Instead, use a different device and another account to confirm that the message is legitimate. [click]
- SLIDE 20 TALKING POINTS Three, don’t put confidential information (unless it’s encrypted) in email, instant, or text messages because they’re not typically secure. And be on the lookout for the telltale signs of scams—the most dangerous are those that look genuine. Think before you click and never give out information like a user name or password in response to a phone call, or email or other such message. [click]
- SLIDE 21 TALKING POINTS Four, remember the password quiz? Use it as your guide when you created your own strong passwords. Then, don’t disclose passwords (or PINs) to anyone or reuse them—create different passwords for different accounts. [click]
- SLIDE 22 TALKING POINTS And last, think of all public wireless networks as security risks, so choose the most secure option when you use one. In addition, encrypt all confidential data on portable devices, and never make financial and other sensitive transactions using a public Wi-Fi network. And don’t forget to use flash drives carefully—don’t put unknown drives into your computer or open unknown files on them. So one last thing: what do you do if things do go wrong? [click]
- SLIDE 23 TALKING POINTS Report abuse to the service when you use email, a social network, or other services—scams, obscene material, aggressive behavior and the like. [click] As quickly as you find them, report any misrepresentation of your organization—for example, a phishing scam that pretends to be from your company— to your system administrator and to the Anti-Phishing Working Group (APWG). The APWG can broadcast notice about them to help prevent potential victims from visiting the site while the APWG works to take down the site. [click] Theft or loss of sensitive company data. If customer or other confidential company data has been compromised because of theft or loss of a laptop, smartphone, or other device, or if there’s been a breach of network security: Report it immediately to IT or security personnel, if your organization has them, and to the bank, when appropriate. Change all passwords used to log on to the device. Contact the service provider for help wiping the data from smartphones and other devices.[click] NOTE TO SPEAKER Ask your audience to follow along with these points on the back of the tip card. That way, they’ll know what links to use. If your company has policies in place to address these problems and they run counter to the ones presented on this slide, you may want to replace this slide with one of your own that summarizes company policies about what employees should do if they run into problems like these. On the other hand, if your company does not have cyber security policies in place, the National Cyber Security Alliance offers an approach to creating a cyber security plan. Look for the link on the back of the tip card.
- SLIDE 24 TALKING POINTS To learn how to create strong passwords and work more securely, let’s review the links on the back of the tip card. Get the latest information from the Microsoft Safety & Security Center (microsoft.com/security) about how to work more securely on the Internet and better protect company, customer, and personal data. Any comments or questions? [click] NOTE TO SPEAKER Round out your presentation with a question-and-answer session if you feel comfortable answering questions about online security. If you don’t feel comfortable, but questions come up, solicit answers from the audience. If you run a business without IT support, you can also point out these two references. Microsoft can help you defend company computers: microsoft.com/security/pypc.aspx. If your computer is unusually slow, crashes frequently, or shows other signs of unusual behavior, it might have been damaged by malicious software like a virus or spyware. Microsoft can help you address this: aka.ms/Troubleshooting_101.
- SLIDE 25 TALKING POINTS Thanks for your time and for your questions and comments.