This document outlines five steps that small and mid-sized businesses can take to strengthen their cyber security. The steps are: 1) strengthen computer defenses by keeping firewalls and software up to date, 2) avoid downloading malware by being cautious of pop-ups and unsolicited messages, 3) protect company data and financial assets by handling sensitive information carefully and looking out for scams, 4) create strong, unique passwords and keep them private, and 5) guard data and devices when remote by using encrypted connections and being wary of unknown flash drives. Following these practices can help businesses better protect their and their customers' information online.
This is 1 Part of a 6 Part Workshop. This presentation provides guidance to individuals and organizations on how to improve security awareness in the workplace.
By the end of this presentation you should be able to:
Describe the value of workplace security.
Identify measures for improving workplace security.
Empower staff practical workplace security tips.
Hazard is typically defined as a potential source of harm, or an adverse health effect on a person or persons. This simply means that anything that has the potential to cause damage or harm can be considered a hazard.
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
If you don't already have a security training program, this presentation is a great tool for a new hire orientation or company-wide meeting. It includes all of our top 10 tips, plus examples of relevant news stories to drive home the point. You can customize it to include your own tips or insert individual slides in other presentations.
Download a customizable PPT here: www.sophos.com/staysafe
This is 1 Part of a 6 Part Workshop. This presentation provides guidance to individuals and organizations on how to improve security awareness in the workplace.
By the end of this presentation you should be able to:
Describe the value of workplace security.
Identify measures for improving workplace security.
Empower staff practical workplace security tips.
Hazard is typically defined as a potential source of harm, or an adverse health effect on a person or persons. This simply means that anything that has the potential to cause damage or harm can be considered a hazard.
The complete guide on how to prevent an IT security breach.
Some of the tips include:
♦ Why keeping a clean desk matters
♦ How to avoid email threats, including five ways to block phishing attack
♦ How your employees can secure their mobile devices
♦ Website browsing best practices.
If you don't already have a security training program, this presentation is a great tool for a new hire orientation or company-wide meeting. It includes all of our top 10 tips, plus examples of relevant news stories to drive home the point. You can customize it to include your own tips or insert individual slides in other presentations.
Download a customizable PPT here: www.sophos.com/staysafe
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
14 tips to increase cybersecurity awarenessMichel Bitter
We used this presentation within our company to increase the cybersecurity awareness of our employees. These 14 tips should help everybody to protect themselves against the most obvious cyber attacks.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Slides produced for a workshop on measures to use to protect your computer and system security. By Computer Troubleshooters, Dayton, Ohio. February 15, 2014
From ITC Agent Conference 2015...
Have you ever really thought about all the confidential data you store in your agency? Do you realize how easily your data could be stolen? Are you protecting yourself and your agency from theft of information? Attend this session to hear the tips, tricks and suggestions that will protect your agency and your clients' information.
The Internet is inescapable – both in your professional as well as your personal life. With our computers and phones, we are on the net at all times. But the net is dangerous. Whether you use e-mail, e-commerce, or even just a spreadsheet, you may not only be putting yourself in danger, but your whole company.
In this presentation, Prof. Dias explains some of the common ways you may be attacked when using Internet services, and how you can protect yourself against these attacks.
Information security a new era technology_Tahmid Munaz
This presentation was prepared for Voice of Business event sponsored by BangaLion at Dhaka University for MIS students...
So mostly this document was prepared focusing on basic self pre-caution and practices that we can follow...
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
3. Small and midsize
businesses at risk online
1/3
of businesses surveyed
experienced fraud
attempts online
4. Five steps to stronger
cyber security
1 Strengthen your computer’s defenses
2 Avoid downloading malware
3 Protect company data & financial assets
4 Create strong passwords & keep them private
5 Guard data & devices when you’re on the go
10. Protect company data
and financial assets
Handle sensitive data with special care
Beware of scams and fraud
11. Protect company data and financial assets
How to evade scams
Look for telltale signs
www.snopes.com
Think before you click
Keep sensitive information private
13. Create strong passwords
Which passwords are strong?
$wAaMd5Pnv01saRa6A0s!n/s1cw0!we5a34R2ogy/e0re7Od209!1D5uDs0!0r
STWREOANKG
My son AideSnwAawndaRvsaic3ne tyRaeegaderDosuoosol!dr in December
14. Create strong passwords
Keep them private
Make passwords strong
Keep them private
Use unique passwords
15. Step 5
Guard data and
devices when
you’re on the go
16. Guard company data
when you’re on the go
Connect securely
Confirm the connection
Encrypt HLTONHOTELS.confidential NET
data
Save sensitive activities for trusted connections
Flash drives: watch out for unknowns
21. Step 5
Guard data and
devices when
you’re on the go
22. What to do if there are problems
Report abuse and other problems
Immediately report phishing
Immediately report missing devices
or theft of company data
Change all passwords
Wipe mobile phones
SLIDE 1 TALKING POINTS
Today we’re going to spend about half an hour outlining how you can work more securely on the Internet and help protect our company’s information (including customer data) and financial assets against online fraud and other cyber crimes.
You’ve heard the tales of how companies and organizations were damaged and in some cases even destroyed by cyber criminals. Here are a few true stories:
A thief stole a company laptop, and the company lost a decade of irreplaceable research and intellectual property worth millions.
A newly-hired executive received email from what looked like his company’s travel agency, where he was asked to click a link to confirm the accuracy of his personal details. This took him to an official-looking site where he found his personal data. There, he was asked to download software that would link his Outlook email account to the travel agency’s booking system. In so doing, he downloaded malicious software that spread through his new company.
Hackers broke into the computers of a retail chain through an unsecured wireless network and stole the financial information of all its customers, which cost the company millions in lost business and was ruinous to its reputation.
Most often, damage to big corporations dominates the news, but cyber crooks target small and midsized businesses, too. [click]
SLIDE 2TALKING POINTS
This is a hidden slide and won’t show up when you make your presentation.
This slide deck is based on “Top Tips for Internet Security at Work” in this Toolkit: Tip_Card/Top_Tips_for_Internet_Security_at_Work.pdf. The presentation takes about 30 minutes, and covers five key ways to help protect company data online:
Strengthen your computer’s defenses.
Avoid downloading malicious software.
Protect company data and financial assets.
Create strong passwords and keep them private.
Guard data and devices when you’re on the go.
GETTING READY
Review the tip card and the resources offered in this Toolkit.
Read through the talking points in this deck. Consider how you might adapt the notes to the specifics of your company or organization. For example, search for references to “IT team” or “system administrator.” You may want to amend those references (or delete them entirely) so they better fit your organization. You can make changes and additions right in the talking points section of each slide.
Type your name on the first slide, replacing the text that’s there. Also, if you’d like, insert the name of your organization; otherwise, delete this text in the slide.
It’s a good idea to rehearse the presentation—if possible, in the space where you’ll deliver it, with the equipment that you’ll use (so you know how it works), and preferably in front of at least one or two people (to give you feedback). To help you prepare, you might find it useful to print the notes pages (or “TALKING POINTS”) of the slides. Each page of notes includes an image of the slide for reference.
You can solicit comments and questions from your audience as you go along if you’re comfortable with a more informal approach.
You can run your presentation from one monitor (your laptop, for example), while your audience views it on a second monitor (projected on a larger screen, say). When you use two monitors, you can view your notes that the audience will not see. You can do this using Presenter View. (For instructions about how to set this up, type Presenter view in PowerPoint Help, and select the topic about Presenter View or delivering a presentation on two monitors.
SLIDE 3TALKING POINTS
Cyber criminals assume that smaller business owners are more focused on building their companies than worrying about cyber crime. They know that smaller businesses have fewer resources than large companies to defend themselves, and also assume that they don’t have the necessary expertise to take preventive steps.
Why target a big corporation with sophisticated tools and extensive resources to combat cyber crime, when it’s easier to infiltrate the tens of thousands of small businesses? [click]
SLIDE 4TALKING POINTS
Data backs this up. For example, the Aite (pronounced eye-tay) Group, which provides research for the financial services industry, asked controllers at 110 small and midsized businesses in June 2011 about attempted online fraud. Researchers found that one third of those businesses surveyed had experienced online fraud attempts.
Criminals are indiscriminate in their targets of smaller organizations and the crimes seem to pay. For example, a small town in upstate New York lost $139,000, and a Catholic diocese forfeited over half a million dollars, both to thieves who stole employee credentials to initiate transfers from their bank accounts.
Fortunately, preventive steps to help defend our company’s assets don’t require us to be experts or spend a lot of money.
It’s really a matter of educating ourselves about Internet risks and then developing practical habits that strengthen our security when we’re online. So, for the next 30 minutes or so, let’s get the details. [click]
NOTE TO SPEAKER
You’ll find the Aite Group research in this 2012 white paper, “Know Your Enemy: Successful Strategies in Online Fraud Migration:” http://info.threatmetrix.com/Aite-Online-Fraud-Mitigation-2012.html.
SLIDE 5TALKING POINTS
We’ll talk about these five steps you can take:
Help secure your computer by strengthening its defenses.
Be cautious so you don’t inadvertently download malicious software that could damage computers or be used to steal information.
Help protect sensitive company information and financial assets from theft.
Create strong, unique passwords and don’t share them with others.
Guard data and devices (phones, flash drives, laptops, tablets, etc.) when you work away from the office.
These practical measures don’t take much technical expertise—just smart habits regularly practiced and a good dose of common sense.
So let’s look at the first step—beefing up your computer’s defenses. [click]
SLIDE 6TALKING POINTS
Criminals use two broad strategies to try to break through a computer’s defenses:
They try to install malicious software (or malware) on computers that haven’t been updated. For example, they can exploit weaknesses in older software, or they can break into accounts guarded by simple passwords. To combat that, strengthen your computer’s defenses.
They also try to trick you into installing their malware. But we’ll get to that later in Step 2. [click]
SLIDE 7TALKING POINTS
So, to strengthen your computer’s defenses, never turn off your computer’s firewall. Turning it off—even for a minute—increases risk.
A firewall creates a barrier between your computer and the Internet, a kind of security checkpoint that both information and software must pass through before they can enter or leave your computer. [click]
Second, to defend against malware:
Install antispyware and antivirus software from a trusted source. Our IT staff will tell you what to install. This software helps protect your computer by scanning downloaded files and attachments for the latest threats, and detecting and removing thousands of specific viruses before they have a chance to do any damage.
Also, never download anything in response to a warning from a program you didn’t install or don’t recognize—especially if it claims to protect your computer or offers to remove viruses. Same for any pop-up message that advertises security software. These are likely to be fake, and do exactly the opposite of what they advertise. [click]
And third, cyber criminals are inventive in their efforts to exploit vulnerabilities in software. Many software companies provide updates, so regularly install them for all software. This means updating antivirus and antispyware programs, your browser like Windows Internet Explorer, operating systems (like Windows), and word processing and other programs (including games). Everything.
The safest and easiest way to stay current is to subscribe to automatic updates whenever they’re offered. For example, to automatically update all Microsoft software, go to update.microsoft.com, or if you use Windows, open Control Panel and use Programs and Features.
It’s also a good idea to UNinstall any software that you don’t use. Check with our system administrator to find out how to do this.
Now let’s talk about how to guard against the tricks criminals use to get you to download malware—starting with a story. [click]
NOTE TO SPEAKER
Consider introducing this slide with an overview of the security measures your company takes to help protect computers, laptops, mobile phones, and other devices against viruses, spyware, and other threats to network security and sensitive data.
If you don’t have an IT specialist or team to advise on installing security software or removing software you no longer use, here’s some help:
For installing antivirus or antispyware software, there is a pointer on the tip card to a Microsoft site that can help. When you distribute the tip card, you can point this out to your audience.
To uninstall unused software you use Windows, you can remove it using Programs and Features in Control Panel.
SLIDE 8TALKING POINTS
Here’s an email message that crooks sent to thousands of top U.S. executives. It appeared to be an official subpoena from the U.S. District Court in San Diego. Each message included executive-specific information (name, etc.) and directed him or her to appear before a grand jury.
The message urged the recipient to use an embedded link to open the subpoena. However, anyone who clicked the link unwittingly installed software that secretly captured passwords, user names, account numbers, and other company data that the executive typed, and sent it to a criminal’s computer. The malware also enabled the criminals to control the infected computer remotely, wreaking further havoc.
Security researchers believed that at least several thousand executives took the bait and compromised their computers.
So if you had been one of these executives, what could you have done to protect your computer and your company? [click]
SLIDE 9
TALKING POINTS
When you receive email, instant, or text messages, or messages on social networks like Facebook, LinkedIn, and Twitter: be cautious. [click]
Stop and think before you click links, open photos, songs, or other attachments in a message from someone you don't know. Be wary of "free" games, apps, and the like, which are notorious for including malware in the download.
Even be suspicious of links and attachments from someone within your company, especially if it’s something unexpected, like ilovepinkponies.pdf from your boss. Or, just because the email message says it’s a LinkedIn update, doesn’t mean it is. You never know if a criminal has hacked into a coworker’s account, or that his or her computer has been infected with a virus that is automatically sending spam. [click]
Confirm. If you think it’s suspicious, don’t click anything or use phone numbers or email addresses in the message. Instead, use a different device and another account to confirm with the sender that the message is legitimate.
Or do some research. For example, the executives in our example might have paused to consider whether their companies were involved in litigation that could result in a subpoena from this court. [click]
Close. Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up messages or warnings, on websites that seem suspicious to you, or in offers to remove spyware or viruses. These also could trigger the download of malware. [click]
Instead close the window. To do this, press Ctrl and F4 on your keyboard.
And the advice, “If you see something, say something,” applies here. If you do see a message that seems suspicious or problematic, report it to the system administrator who can take action including warning others what to do if they see the same thing.
Now, let’s go to Step 3 and see how you can further protect sensitive business data and our company’s financial assets. [click]
SLIDE 10TALKING POINTS
Ultimately, the steps we’ve covered so far are about protecting our company information—customer data, intellectual property, and the like—as well as vital financial assets.
But scams abound. For example, an employee, asked to confirm her password in an email message sent by someone posing as her system administrator, gave criminals access to the company network, bringing business to a halt.
Or a payroll processing firm was hit by a phishing attack that sent email to its businesses customers, asking them to reveal passwords to continue to use their company’s payroll services.
To help guard against scenarios like these, there are two basic things you can do. [click]
SLIDE 11TALKING POINTS
Avoid putting confidential information in email unless it’s encrypted. (Encryption enhances data security by scrambling the contents so that it can be read only by someone who has the right key to unscramble it.) Also, avoid putting sensitive information in instant or text messages, as these are not typically secure. This includes account numbers, passwords, intellectual property, customer data, and so on. [click]
Beware of scams—the most dangerous are the ones that appear to be legitimate.
Small and midsized businesses are as much a target of scams as individuals. Scams directed to them can include links that advertise false products, hoaxes that claim you’ve received a refund from the IRS or a package from the post office that your company never ordered, charges for unauthorized advertising or office supplies, or urgent requests to update account information.
All scams are designed to collect information the scammer can use to steal company data or money—or both. [click]
SLIDE 12TALKING POINTS
Like the phishing scam in our story, criminals design their messages to be very convincing.
Learn to scan for telltale signs like these:
Messages that imitate organizations you trust—a supplier or your company bank, your payroll company, a government agency like the IRS, post office, or the one we saw from the U.S. District Court.
Requests to reveal sensitive data like account or logon info, to click a link to a fraudulent webpage, or to call a toll-free number that could go to a counterfeit call center.
Attempts to alarm you. “A virus has corrupted our database. Please re-confirm your information NOW to avoid account closure.” Or, “Confirm your password to continue using our payroll service.” When we’re alarmed, we may put our suspicions aside.
As spammers get more sophisticated, they’re increasingly avoiding misspellings and grammatical errors. But still keep an eye out for these tactics that are used to break through phishing filters. [click]
If you’re ever in doubt about the legitimacy of a message, consult a website such as www.snopes.com that identifies known scams. [click]
The pointers we learned in Step 2, to avoid downloading malware, apply equally here to help evade scams.
Think twice before you click a link or open an attachment. [click]
Keep sensitive information private. Never give information like a user name or password in response to a phone call, or an email message or other online request (even from a coworker).
Instead, confirm that the message is legitimate using a different device or another account.
If it’s from a company you do business with, use the phone number or email address you know to contact them, not one in the message. To visit the site, type the web address yourself instead of clicking the link in the message, or use your own bookmark or favorite.
Your next defense is using strong passwords and PINs to guard your accounts and devices. [click]
SLIDE 13TALKING POINTS
You lock your house, your car, your bike. You also need to lock corporate assets, client info, devices (like phones, laptops, and company routers), online accounts and so on with passwords and PINs—and change them regularly.
So what makes a password strong? [click]
SLIDE 14NOTE TO SPEAKER
This is a chance for the audience to test their ability to gauge password strength. Give everyone 5 or 10 seconds to think about and decide whether the password is strong. Or ask for volunteers to give an explanation and then show the answer.
Here’s how it works:
When the title of the slide comes up, click your mouse to display the first password.
After 5 or 10 seconds, click your mouse again to display the answer and read the explanation in the talking points.
Then click your mouse to display the next password.
Repeat Steps 2 and 3 to make your way through the entire list.
TALKING POINTS
I’m going to show a password and give you a few seconds to determine whether it’s strong—and why or why not. [click]
WEAK. This is the most common business password, so it’s at the top of criminal lists to test. [click]
WEAK. A date—birthday or anniversary, for example—can be known and easily found by a criminal. [click]
WEAK. Don’t use a single word that you can find in any dictionary in any language (advantageous). Criminals can easily break common replacements such as an exclamation point for “t” or zero for “o.” [click]
STRONG. SwanRiceRedDoorUses words that don’t make sense grammatically, but mean something to the person who made up the password. It’s also long and uses upper and lower case letters, numbers, and symbols. [click]
WEAK. Avoid using only numbers--number sequences, repeated numbers, like 22222222, or numbers like Social Security numbers. [click]
STRONG. This password took the first letters from this sentence:My son Aiden was 3 years old in December.This is a sentence that was easy for the person who made it up to remember, but difficult for others to guess. Mixing in capital and lowercase letters, symbols, and numbers adds complexity.
Now that you have a better sense of what makes passwords strong, let’s look at how to use strong passwords so they’re most effective. [click]
SLIDE 15TALKING POINTS
In addition to password strength, how else can you use passwords to help protect data? [click]
Don’t disclose passwords or PINs to anyone. Many account takeovers occur because the owner shared the password.
Don’t store them on your phone, or in a file or on a post-it on your computer. It’s okay to store them on a sheet of paper hidden away from your desk.
Don’t let anyone trick you into revealing them. [click]
Don’t use the same password (or even simple variations) for different accounts. Use a unique password or PIN for each account or device (including your computer and mobile phone) containing personal or business data. Otherwise, if one is stolen or inadequately protected by the site, all the accounts it protects are at risk. [click]
And last, you’ll want to take a few extra precautions when you travel for work. [click]
SLIDE 16TALKING POINTS
It’s a good idea to treat all public wireless connections as a security risk because they’re often unsecured. This means that Wi-Fi hot spots at coffee shops, hotels and motels, airports, libraries, and other public places may be open to anyone who wants to look at the traffic passing through them, using inexpensive and readily available devices.
Sometimes, businesses don’t have a firewall between their point of sale computers—the cash registers that take your credit card for payment—and the free wireless access they offer customers. This can enable criminals to steal your credit card number when you buy something.
Or watch out for mock Wi-Fi hotspots, which often top the list of available connections, enticing you with names like “Free Wi-Fi.” Clicking one may expose your device to a hacker who could take control of it.
So look at some ways to connect to the web more safely when you’re on the go. [click]
SLIDE 17TALKING POINTS
When you use a public Wi-Fi network, choose the most secure connection—even if it means paying for it. Ask about it before you connect. Some wireless networks offer a network key or certificate that encrypts data as it travels between your laptop and the router. Look for a password-protected connection, ideally one that is unique for your use.[click]
Know where you’re connecting. Confirm the exact spelling of the network you’re connecting to. Beware of clever (slightly misspelled) fakes. For example, in HLTONHOTEL.SNET there’s no “I” in Hilton. [click]
Encrypt all confidential data on smartphones, laptops, flash drives, and other portable devices in case they’re lost or stolen. There are many programs that can encrypt data, such as Microsoft BitLocker Drive Encryption, which is included with certain versions of Windows. (Our IT staff can help you do this.)
Note, however, that encryption only slows access to data; it may not stop a very determined hacker from going after really valuable data. [click]
Never make sensitive transactions at a wireless hot spot.
Never do payroll, or pay invoices, bank, or do other financial business, or download or update software on any device over a public Wi-Fi network. The security is unreliable.
Remember, too, that email is not secure, so avoid using it to send sensitive information. [click]
Use flash drives so they don’t compromise your computer or network security. Flash drives can so easily be used to infect computers and company networks with malicious software that the U.S. military banned their use back in 2008! If you do use them, minimize the risk:
Don’t put any unknown flash (or USB) drive into your computer. It could have been corrupted after being inserted in an infected computer.
On your flash drive, don’t open files that you don’t recognize or that you don’t remember putting there—in case they harbor malware.
That’s it! We’ve covered the main points. Let’s recap. [click]
NOTE TO SPEAKER
This is a good point at which to pass out the tip card, Internet Security at Work, and point out the main steps on the card as you go through the next five slides.
For more information about Microsoft BitLocker Drive Encryption, visit: windows.microsoft.com/en-US/windows7/products/features/bitlocker.
SLIDE 18TALKING POINTS
First, lay the foundation for stronger cyber security. Never turn off your computer’s firewall. Install antivirus and antispyware software from a trusted source, and keep all software current using automatic updates wherever possible. [click]
SLIDE 19TALKING POINTS
Second, don’t let criminals trick you—like they did the executives in this example—into downloading their malicious software. When you receive email, instant, or text messages, or messages on social networks, stop and think before you click links, open photos, songs, or other attachments in a message—even from someone you know. Instead, use a different device and another account to confirm that the message is legitimate. [click]
SLIDE 20TALKING POINTS
Three, don’t put confidential information (unless it’s encrypted) in email, instant, or text messages because they’re not typically secure. And be on the lookout for the telltale signs of scams—the most dangerous are those that look genuine. Think before you click and never give out information like a user name or password in response to a phone call, or email or other such message. [click]
SLIDE 21TALKING POINTS
Four, remember the password quiz? Use it as your guide when you created your own strong passwords. Then, don’t disclose passwords (or PINs) to anyone or reuse them—create different passwords for different accounts. [click]
SLIDE 22TALKING POINTS
And last, think of all public wireless networks as security risks, so choose the most secure option when you use one. In addition, encrypt all confidential data on portable devices, and never make financial and other sensitive transactions using a public Wi-Fi network. And don’t forget to use flash drives carefully—don’t put unknown drives into your computer or open unknown files on them.
So one last thing: what do you do if things do go wrong? [click]
SLIDE 23TALKING POINTS
Report abuse to the service when you use email, a social network, or other services—scams, obscene material, aggressive behavior and the like. [click]
As quickly as you find them, report any misrepresentation of your organization—for example, a phishing scam that pretends to be from your company— to your system administrator and to the Anti-Phishing Working Group (APWG). The APWG can broadcast notice about them to help prevent potential victims from visiting the site while the APWG works to take down the site. [click]
Theft or loss of sensitive company data. If customer or other confidential company data has been compromised because of theft or loss of a laptop, smartphone, or other device, or if there’s been a breach of network security:
Report it immediately to IT or security personnel, if your organization has them, and to the bank, when appropriate.
Change all passwords used to log on to the device.
Contact the service provider for help wiping the data from smartphones and other devices.[click]
NOTE TO SPEAKER
Ask your audience to follow along with these points on the back of the tip card. That way, they’ll know what links to use.
If your company has policies in place to address these problems and they run counter to the ones presented on this slide, you may want to replace this slide with one of your own that summarizes company policies about what employees should do if they run into problems like these.
On the other hand, if your company does not have cyber security policies in place, the National Cyber Security Alliance offers an approach to creating a cyber security plan. Look for the link on the back of the tip card.
SLIDE 24TALKING POINTS
To learn how to create strong passwords and work more securely, let’s review the links on the back of the tip card.
Get the latest information from the Microsoft Safety & Security Center (microsoft.com/security) about how to work more securely on the Internet and better protect company, customer, and personal data.
Any comments or questions? [click]
NOTE TO SPEAKER
Round out your presentation with a question-and-answer session if you feel comfortable answering questions about online security. If you don’t feel comfortable, but questions come up, solicit answers from the audience.
If you run a business without IT support, you can also point out these two references.
Microsoft can help you defend company computers: microsoft.com/security/pypc.aspx.
If your computer is unusually slow, crashes frequently, or shows other signs of unusual behavior, it might have been damaged by malicious software like a virus or spyware. Microsoft can help you address this: aka.ms/Troubleshooting_101.
SLIDE 25TALKING POINTS
Thanks for your time and for your questions and comments.