SlideShare a Scribd company logo
Cyber Security Awareness
Basic Level Training
Cyber-Security Team
RMG
Security is Everyone’s
Responsibility
Outline:
• Password Security
• Email Security
• Safe Web Browsing
• Social Engineering
• Policies
- To secure MCB information systems from cyber attacks
- Secure the login credentials
- Spread the awareness in employees about cyberattacks
- Safeguard your data from unauthorized access
- Protect MCB network from malicious attacks
Information Security Awareness Training Objective
Case Studies
Cyber-Security
• Computer Viruses so far is responsible for 100 million world wide losses” The Guardian
• Most of the biggest robbery in the world are done without entering the bank premises, or using any weapons!
• Below are the financial deficit due to financial institutions being HACKED!
Cyber Security Threats
Million Dollars
Bangladesh Bank Robbery
• Also known as Bangladesh Bank Cyber Heist
• Took place on a holiday in February 2016 against Bangladesh Bank
• Total 35 fraudulent instructions - 5 were successful, 30 were blocked
- 20M$ to Srilanka While 81M$ were transferred to Philippines
• 30 transaction of 850M$ were blocked
• Virus used in the process: Dridex which steals bank credentials
• FireEye performed the forensics investigation
• Sonali Bank of Bangladesh (2013)
- 250,000$ hacked aided by an insider
UK Bank Robbery
• TESCO Bank
- 2.8M$ Lost in November 2016
- 21.4M$ were fined by regulators
• Santander Bank
- Man posing as a maintenance engineer plugged keyboard video
mouse device (KVM).
- 380,000 card data was lost.
• Royal Bank of Scotland
- 1.5M cardholder data lost.
WannaCry : Global Cyber Attack Surface
What is Information Security?
Information
Security
Availability
Information should not be
disclosed to unauthorized
individuals or entities. E.g
– Salary Slip
– Student Grades
Safeguarding the accuracy and
completeness of information
asset E.g
– Amount in transaction
– Medical Record of a patient
Information assets should be readily available
and usable upon demand by an authorized
entity E.g
– Loss of Service
Why Banks are being Hacked?!
Why Banks are being Hacked?!
Use A Strong Password
• Use unique password for all your
accounts
• Password Length: At least 8 characters
• Password Complexity: Mix upper and
lower cases, numbers and symbols
• Do not use common and predictable
passwords
• Change password periodically.
• Do not share your password with
others or write them down.
Use A Strong Password
• ATM PIN Code
• Setting a Password (Total 95 Characters)
-10 digits: 0123456789
-26 lower case letters: abcdefghijklmnopqrstuvwxyz
-26 upper case letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
-33 special characters: `~!@#$%^&*()-_=+[]{}|;':",./<>?
• Two Factor Authentication
• One Time Password (OTP) E.g Whatsapp Login
• Never share your OTP with anyone
Password Construction
Pick a sentence that reminds you of the password. For example:
• This May Be One Way To Remember = "TmB1w2R!”
• I feel great = If33lgr8
• Honda 125 = H0n9@I2S
• Pakistan = p@k15TAn
• Just what I need, another dumb thing to remember! = Jw1n,adttr!
Don’t use this
example as
Password
Use A Strong Password
• Four means of authenticating user's identity
• Based on something the individual
– knows, e.g. password, PIN
– possesses, e.g. key, token, smartcard
– is (static biometrics), e.g. fingerprint, retina
– does (dynamic biometrics), e.g. voice, sign
Password Vulnerabilities
• Offline dictionary attack
• Specific account attack (user john)
• Popular password attack (against a wide range of IDs)
• Password guessing against single user (w/ previous knowledge about
the user)
• Workstation hijacking
• Exploiting user mistakes
• Exploiting multiple password use
• Electronic monitoring
Social Engineering
Most Common Hacking Attacks
• Social Engineering Attack (E.g pretending as Co-worker or an IT guy)
- Baiting (Leaves a USB of virus at a public place)
- Phishing / Spear Phishing (Installing malware or Ransomware)
- Honey Trap (Online relationships to gather sensitive info)
- Pretexting (Pretending as your old friend in need of money)
• Troy Movie (Greeks vs Trojan Army)
• Catch Me If You Can Movie (Frank Abagnale)
- A doctor - A Pilot
- A Lawyer - Forged Checks
Story : Victor Lusting
Most Common Human Errors
• Outdated Antiviruses
• Easy Passwords / Sharing
• Pirated Software
• Sharing of Confidential Information
• Opening e-mail attachments from strangers
• Updates, Service Packs are missing or not installed
• Not reporting security violations
Successful Attacks
Emails Security
Safe Web Browsing
• Do not browse for personal entertainment on official machines
• After you finish your business in a website i.e. internet banking,
remember to log out of your account. Don’t just close the browser.
• Don’t use public Wi-Fi
• Do not subscribe social sites on official email address
Beware Social Media Sites
An attacker can extract the
following information
• Employment Details
• Education
• Relationship Status
• Location Profiling
• Political / Religious views
• Photos
• Family Details
“Facebook is not your friend, it is a surveillance engine”
Richard Stallman
Successful Attacks
Pay attention to the web address, if it has changed or doesn’t seems
correct, it may be a fraudulent site
Question : What are Bitcoins ?
Cyber Attacks : Pakistani Banks
EVEN MCB!!!
Information Security –Assets & Classification
Information Assets
Confidential or Restricted: Information that belongs to customers, employees and MCB’s business,
or if disclosed to unauthorized persons, could have an adverse impact on MCB's operational, legal or
regulatory obligations, or on its financial status, customers or reputation
Internal: Information that is commonly shared within MCB by the employees, and is not intended for
distribution outside MCB.
Public: Information that is freely available outside of MCB, or is intended for public use
ITG - Service Desk
Learn More ! = Security Policies + Disciplinary Actions
 Refer to the hyperlink below, to learn more about staying safe
online:
 MCB Information Security Policies
 Adherence to policies will lead to serious consequences and
disciplinary penalties. Refer to HR documents below:
 Disciplinary Action Details
 Disciplinary Action Against: If Staff is Involved in Password Sharing
Risks Categories
Financial Risk
Loss of funds
Fines and penalties
Loss of revenue
Reputational Risk
Impact on a brand name
Law suits
Operational Risk
Service disruption
Loss of business operations
Financial Risk
Operational
Risk
Reputational
Risk
Question
Which one of the following is the best example of a secure password
as per MCB Password Policy?
a) mcb123
b) 1SMcB#0U53!
c) _________ (blank)
d) Pakistan
e) 03004209211
Question
How often should a user change the password?
a) Never
b) Only after Year End Closely
c) At least within 30 days
d) Whenever, user wants
Question
Information Security is based on the CIA triad. What does CIA stand for?
a) Central Investigation Agency
b) Common Information Anywhere
c) Confidentiality, Integrity & Availability
d) Catch Illegal Accounts
Weakest Link = HUMAN!
Systems / PC Security
Security Beyond Office : USB DO’s and Don'ts
• Protect your USBs or external drives
with a password
• Encrypt USBs and external drives
contents
• Always protect your documents with
strong password
• Do not accept any promotional external storage
device (i.e. USB, External drives) from unknown
members
• Avoid storing confidential data on external
storage devices
• Never connect external storage devices without
scanning
External storage devices have serious cyber security risks, they are utilized as a medium to spread
viruses, malwares, Trojans and ransomwares. Millions of bank records will be at stake, if storage devices
are utilized
Long Story Short!
Question
By pressing which keys you can lock your computer?
a) Any key
b) Lock key
c) Windows Key + L
d) Car Keys
Question
Always share information with any one over the phone without
confirming the identity ?
a) True
b) False
Clear Desk
Always share information with any one over the phone without
confirming the identity ?
• Sensitive or critical business information must be stored in suitable locked
cabinets when not in use, especially after working hours
• Sensitive or classified information, when printed, is to be cleared from printers
immediately
• Photocopiers are to be locked after normal working hours
Clear Screen
• Keep the computer screen desktop clear
• No confidential information should be placed on the desktop screen
• Computers are not to be left logged on when unattended
• Don’t leave any documents open on the screen
• Use password protected screen savers
Question
• Keep all confidential account information on your desktop screen and printed
confidential information on your table?
a) True
b) False
Recognizing a break-in or compromise
• Antivirus software detects a problem
• Pop-ups suddenly appear (may sell security software)
• Disk space disappears
• System slows
• Unusual messages, sounds, or displays on your monitor
• Your computer shuts down and powers off by itself
WAY Forward : Payment Card Industry – Data Security
Standard
• The PCI Security Standards Council is a global forum for the ongoing development,
enhancement, storage, dissemination and implementation of security standards for
account data protection.
• Founded in 2006 by American Express, Discover, JCB International,
MasterCard and Visa Inc.
• The PCI DSS applies to all entities that store, process, and/or transmit cardholder
data. It covers technical and operational system components included in or connected
to cardholder data.
If you accept or process payment cards, PCI DSS applies to you
IT SEC_RITY U
Follow these policies and guidelines to make
MCB (Most SeCure Bank)
in Pakistan!
90% 10%
User Activities are Monitored!
Hacked ? Or Reporting a security breach ?
Reach US @
itsecurity@mcb.com.pk
Learn More about Information Security visit MCB InfoSec Policies

More Related Content

Similar to itsecurityawareness-v1-230413174238-5e7cba3c.pdf

It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version
Brian Pichman
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
Brian Pichman
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
AmanSoni665879
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
Gabor Szathmari
 
Information security
Information securityInformation security
Information security
Shanthamallachar D B
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Kaushal Solanki
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
Nicholas Davis
 
Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017) Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017)
Mike Kleviansky
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
NilKhunt
 
CyberSecurityPPT_V3_1.pptx Awerness cyber
CyberSecurityPPT_V3_1.pptx Awerness cyberCyberSecurityPPT_V3_1.pptx Awerness cyber
CyberSecurityPPT_V3_1.pptx Awerness cyber
harshalgkharat
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
prtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
Kazi Sarwar Hossain
 
Cybercrime
CybercrimeCybercrime
Cybercrime
TouqeerAhmed30
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
Jonathon Coulter
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
AkshaySajith3
 

Similar to itsecurityawareness-v1-230413174238-5e7cba3c.pdf (20)

It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
it-security.ppt
it-security.pptit-security.ppt
it-security.ppt
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Information security
Information securityInformation security
Information security
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017) Baking Security into the Company Culture (2017)
Baking Security into the Company Culture (2017)
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos de Pedro Neoris authenware_cybersecurity step1
 
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
 
CyberSecurityPPT_V3_1.pptx Awerness cyber
CyberSecurityPPT_V3_1.pptx Awerness cyberCyberSecurityPPT_V3_1.pptx Awerness cyber
CyberSecurityPPT_V3_1.pptx Awerness cyber
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
 

More from MansoorAhmed57263

Consultant-Schedule-July-2023.pdf
Consultant-Schedule-July-2023.pdfConsultant-Schedule-July-2023.pdf
Consultant-Schedule-July-2023.pdf
MansoorAhmed57263
 
13040498.ppt
13040498.ppt13040498.ppt
13040498.ppt
MansoorAhmed57263
 
1, 2. Research proposal & Res. Article.pptx
1, 2. Research proposal & Res. Article.pptx1, 2. Research proposal & Res. Article.pptx
1, 2. Research proposal & Res. Article.pptx
MansoorAhmed57263
 
What is computer
What is computerWhat is computer
What is computer
MansoorAhmed57263
 
AI
AIAI
Computer Science
Computer Science Computer Science
Computer Science
MansoorAhmed57263
 
Software Developer Engineer Job Description by Slidesgo.pptx
Software Developer Engineer Job Description by Slidesgo.pptxSoftware Developer Engineer Job Description by Slidesgo.pptx
Software Developer Engineer Job Description by Slidesgo.pptx
MansoorAhmed57263
 
2500 controller
2500 controller2500 controller
2500 controller
MansoorAhmed57263
 

More from MansoorAhmed57263 (8)

Consultant-Schedule-July-2023.pdf
Consultant-Schedule-July-2023.pdfConsultant-Schedule-July-2023.pdf
Consultant-Schedule-July-2023.pdf
 
13040498.ppt
13040498.ppt13040498.ppt
13040498.ppt
 
1, 2. Research proposal & Res. Article.pptx
1, 2. Research proposal & Res. Article.pptx1, 2. Research proposal & Res. Article.pptx
1, 2. Research proposal & Res. Article.pptx
 
What is computer
What is computerWhat is computer
What is computer
 
AI
AIAI
AI
 
Computer Science
Computer Science Computer Science
Computer Science
 
Software Developer Engineer Job Description by Slidesgo.pptx
Software Developer Engineer Job Description by Slidesgo.pptxSoftware Developer Engineer Job Description by Slidesgo.pptx
Software Developer Engineer Job Description by Slidesgo.pptx
 
2500 controller
2500 controller2500 controller
2500 controller
 

Recently uploaded

Pests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdfPests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdf
PirithiRaju
 
aziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobelaziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobel
İsa Badur
 
8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf
by6843629
 
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
Advanced-Concepts-Team
 
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
vluwdy49
 
Direct Seeded Rice - Climate Smart Agriculture
Direct Seeded Rice - Climate Smart AgricultureDirect Seeded Rice - Climate Smart Agriculture
Direct Seeded Rice - Climate Smart Agriculture
International Food Policy Research Institute- South Asia Office
 
Farming systems analysis: what have we learnt?.pptx
Farming systems analysis: what have we learnt?.pptxFarming systems analysis: what have we learnt?.pptx
Farming systems analysis: what have we learnt?.pptx
Frédéric Baudron
 
Basics of crystallography, crystal systems, classes and different forms
Basics of crystallography, crystal systems, classes and different formsBasics of crystallography, crystal systems, classes and different forms
Basics of crystallography, crystal systems, classes and different forms
MaheshaNanjegowda
 
11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf
PirithiRaju
 
molar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptxmolar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptx
Anagha Prasad
 
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
PsychoTech Services
 
HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1
Shashank Shekhar Pandey
 
Gadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdfGadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdf
PirithiRaju
 
Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)
Sciences of Europe
 
ESR spectroscopy in liquid food and beverages.pptx
ESR spectroscopy in liquid food and beverages.pptxESR spectroscopy in liquid food and beverages.pptx
ESR spectroscopy in liquid food and beverages.pptx
PRIYANKA PATEL
 
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdfMending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
Selcen Ozturkcan
 
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills MN
 
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
Scintica Instrumentation
 
Randomised Optimisation Algorithms in DAPHNE
Randomised Optimisation Algorithms in DAPHNERandomised Optimisation Algorithms in DAPHNE
Randomised Optimisation Algorithms in DAPHNE
University of Maribor
 
Modelo de slide quimica para powerpoint
Modelo  de slide quimica para powerpointModelo  de slide quimica para powerpoint
Modelo de slide quimica para powerpoint
Karen593256
 

Recently uploaded (20)

Pests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdfPests of Storage_Identification_Dr.UPR.pdf
Pests of Storage_Identification_Dr.UPR.pdf
 
aziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobelaziz sancar nobel prize winner: from mardin to nobel
aziz sancar nobel prize winner: from mardin to nobel
 
8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf8.Isolation of pure cultures and preservation of cultures.pdf
8.Isolation of pure cultures and preservation of cultures.pdf
 
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
ESA/ACT Science Coffee: Diego Blas - Gravitational wave detection with orbita...
 
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
在线办理(salfor毕业证书)索尔福德大学毕业证毕业完成信一模一样
 
Direct Seeded Rice - Climate Smart Agriculture
Direct Seeded Rice - Climate Smart AgricultureDirect Seeded Rice - Climate Smart Agriculture
Direct Seeded Rice - Climate Smart Agriculture
 
Farming systems analysis: what have we learnt?.pptx
Farming systems analysis: what have we learnt?.pptxFarming systems analysis: what have we learnt?.pptx
Farming systems analysis: what have we learnt?.pptx
 
Basics of crystallography, crystal systems, classes and different forms
Basics of crystallography, crystal systems, classes and different formsBasics of crystallography, crystal systems, classes and different forms
Basics of crystallography, crystal systems, classes and different forms
 
11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf11.1 Role of physical biological in deterioration of grains.pdf
11.1 Role of physical biological in deterioration of grains.pdf
 
molar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptxmolar-distalization in orthodontics-seminar.pptx
molar-distalization in orthodontics-seminar.pptx
 
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
 
HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1HOW DO ORGANISMS REPRODUCE?reproduction part 1
HOW DO ORGANISMS REPRODUCE?reproduction part 1
 
Gadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdfGadgets for management of stored product pests_Dr.UPR.pdf
Gadgets for management of stored product pests_Dr.UPR.pdf
 
Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)Sciences of Europe journal No 142 (2024)
Sciences of Europe journal No 142 (2024)
 
ESR spectroscopy in liquid food and beverages.pptx
ESR spectroscopy in liquid food and beverages.pptxESR spectroscopy in liquid food and beverages.pptx
ESR spectroscopy in liquid food and beverages.pptx
 
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdfMending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
Mending Clothing to Support Sustainable Fashion_CIMaR 2024.pdf
 
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
Travis Hills of MN is Making Clean Water Accessible to All Through High Flux ...
 
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
(June 12, 2024) Webinar: Development of PET theranostics targeting the molecu...
 
Randomised Optimisation Algorithms in DAPHNE
Randomised Optimisation Algorithms in DAPHNERandomised Optimisation Algorithms in DAPHNE
Randomised Optimisation Algorithms in DAPHNE
 
Modelo de slide quimica para powerpoint
Modelo  de slide quimica para powerpointModelo  de slide quimica para powerpoint
Modelo de slide quimica para powerpoint
 

itsecurityawareness-v1-230413174238-5e7cba3c.pdf

  • 1. Cyber Security Awareness Basic Level Training Cyber-Security Team RMG
  • 2. Security is Everyone’s Responsibility Outline: • Password Security • Email Security • Safe Web Browsing • Social Engineering • Policies
  • 3. - To secure MCB information systems from cyber attacks - Secure the login credentials - Spread the awareness in employees about cyberattacks - Safeguard your data from unauthorized access - Protect MCB network from malicious attacks Information Security Awareness Training Objective
  • 5. • Computer Viruses so far is responsible for 100 million world wide losses” The Guardian • Most of the biggest robbery in the world are done without entering the bank premises, or using any weapons! • Below are the financial deficit due to financial institutions being HACKED! Cyber Security Threats Million Dollars
  • 6. Bangladesh Bank Robbery • Also known as Bangladesh Bank Cyber Heist • Took place on a holiday in February 2016 against Bangladesh Bank • Total 35 fraudulent instructions - 5 were successful, 30 were blocked - 20M$ to Srilanka While 81M$ were transferred to Philippines • 30 transaction of 850M$ were blocked • Virus used in the process: Dridex which steals bank credentials • FireEye performed the forensics investigation • Sonali Bank of Bangladesh (2013) - 250,000$ hacked aided by an insider
  • 7. UK Bank Robbery • TESCO Bank - 2.8M$ Lost in November 2016 - 21.4M$ were fined by regulators • Santander Bank - Man posing as a maintenance engineer plugged keyboard video mouse device (KVM). - 380,000 card data was lost. • Royal Bank of Scotland - 1.5M cardholder data lost.
  • 8. WannaCry : Global Cyber Attack Surface
  • 9. What is Information Security? Information Security Availability Information should not be disclosed to unauthorized individuals or entities. E.g – Salary Slip – Student Grades Safeguarding the accuracy and completeness of information asset E.g – Amount in transaction – Medical Record of a patient Information assets should be readily available and usable upon demand by an authorized entity E.g – Loss of Service
  • 10. Why Banks are being Hacked?!
  • 11. Why Banks are being Hacked?!
  • 12. Use A Strong Password • Use unique password for all your accounts • Password Length: At least 8 characters • Password Complexity: Mix upper and lower cases, numbers and symbols • Do not use common and predictable passwords • Change password periodically. • Do not share your password with others or write them down.
  • 13. Use A Strong Password • ATM PIN Code • Setting a Password (Total 95 Characters) -10 digits: 0123456789 -26 lower case letters: abcdefghijklmnopqrstuvwxyz -26 upper case letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ -33 special characters: `~!@#$%^&*()-_=+[]{}|;':",./<>? • Two Factor Authentication • One Time Password (OTP) E.g Whatsapp Login • Never share your OTP with anyone
  • 14. Password Construction Pick a sentence that reminds you of the password. For example: • This May Be One Way To Remember = "TmB1w2R!” • I feel great = If33lgr8 • Honda 125 = H0n9@I2S • Pakistan = p@k15TAn • Just what I need, another dumb thing to remember! = Jw1n,adttr! Don’t use this example as Password
  • 15. Use A Strong Password • Four means of authenticating user's identity • Based on something the individual – knows, e.g. password, PIN – possesses, e.g. key, token, smartcard – is (static biometrics), e.g. fingerprint, retina – does (dynamic biometrics), e.g. voice, sign
  • 16. Password Vulnerabilities • Offline dictionary attack • Specific account attack (user john) • Popular password attack (against a wide range of IDs) • Password guessing against single user (w/ previous knowledge about the user) • Workstation hijacking • Exploiting user mistakes • Exploiting multiple password use • Electronic monitoring
  • 18. Most Common Hacking Attacks • Social Engineering Attack (E.g pretending as Co-worker or an IT guy) - Baiting (Leaves a USB of virus at a public place) - Phishing / Spear Phishing (Installing malware or Ransomware) - Honey Trap (Online relationships to gather sensitive info) - Pretexting (Pretending as your old friend in need of money) • Troy Movie (Greeks vs Trojan Army) • Catch Me If You Can Movie (Frank Abagnale) - A doctor - A Pilot - A Lawyer - Forged Checks
  • 19. Story : Victor Lusting
  • 20. Most Common Human Errors • Outdated Antiviruses • Easy Passwords / Sharing • Pirated Software • Sharing of Confidential Information • Opening e-mail attachments from strangers • Updates, Service Packs are missing or not installed • Not reporting security violations
  • 23. Safe Web Browsing • Do not browse for personal entertainment on official machines • After you finish your business in a website i.e. internet banking, remember to log out of your account. Don’t just close the browser. • Don’t use public Wi-Fi • Do not subscribe social sites on official email address
  • 24. Beware Social Media Sites An attacker can extract the following information • Employment Details • Education • Relationship Status • Location Profiling • Political / Religious views • Photos • Family Details “Facebook is not your friend, it is a surveillance engine” Richard Stallman
  • 25. Successful Attacks Pay attention to the web address, if it has changed or doesn’t seems correct, it may be a fraudulent site
  • 26. Question : What are Bitcoins ?
  • 27. Cyber Attacks : Pakistani Banks EVEN MCB!!!
  • 28. Information Security –Assets & Classification Information Assets Confidential or Restricted: Information that belongs to customers, employees and MCB’s business, or if disclosed to unauthorized persons, could have an adverse impact on MCB's operational, legal or regulatory obligations, or on its financial status, customers or reputation Internal: Information that is commonly shared within MCB by the employees, and is not intended for distribution outside MCB. Public: Information that is freely available outside of MCB, or is intended for public use
  • 30. Learn More ! = Security Policies + Disciplinary Actions  Refer to the hyperlink below, to learn more about staying safe online:  MCB Information Security Policies  Adherence to policies will lead to serious consequences and disciplinary penalties. Refer to HR documents below:  Disciplinary Action Details  Disciplinary Action Against: If Staff is Involved in Password Sharing
  • 31. Risks Categories Financial Risk Loss of funds Fines and penalties Loss of revenue Reputational Risk Impact on a brand name Law suits Operational Risk Service disruption Loss of business operations Financial Risk Operational Risk Reputational Risk
  • 32. Question Which one of the following is the best example of a secure password as per MCB Password Policy? a) mcb123 b) 1SMcB#0U53! c) _________ (blank) d) Pakistan e) 03004209211
  • 33. Question How often should a user change the password? a) Never b) Only after Year End Closely c) At least within 30 days d) Whenever, user wants
  • 34. Question Information Security is based on the CIA triad. What does CIA stand for? a) Central Investigation Agency b) Common Information Anywhere c) Confidentiality, Integrity & Availability d) Catch Illegal Accounts
  • 35. Weakest Link = HUMAN!
  • 36. Systems / PC Security
  • 37. Security Beyond Office : USB DO’s and Don'ts • Protect your USBs or external drives with a password • Encrypt USBs and external drives contents • Always protect your documents with strong password • Do not accept any promotional external storage device (i.e. USB, External drives) from unknown members • Avoid storing confidential data on external storage devices • Never connect external storage devices without scanning External storage devices have serious cyber security risks, they are utilized as a medium to spread viruses, malwares, Trojans and ransomwares. Millions of bank records will be at stake, if storage devices are utilized
  • 39. Question By pressing which keys you can lock your computer? a) Any key b) Lock key c) Windows Key + L d) Car Keys
  • 40. Question Always share information with any one over the phone without confirming the identity ? a) True b) False
  • 41. Clear Desk Always share information with any one over the phone without confirming the identity ? • Sensitive or critical business information must be stored in suitable locked cabinets when not in use, especially after working hours • Sensitive or classified information, when printed, is to be cleared from printers immediately • Photocopiers are to be locked after normal working hours
  • 42. Clear Screen • Keep the computer screen desktop clear • No confidential information should be placed on the desktop screen • Computers are not to be left logged on when unattended • Don’t leave any documents open on the screen • Use password protected screen savers
  • 43. Question • Keep all confidential account information on your desktop screen and printed confidential information on your table? a) True b) False
  • 44. Recognizing a break-in or compromise • Antivirus software detects a problem • Pop-ups suddenly appear (may sell security software) • Disk space disappears • System slows • Unusual messages, sounds, or displays on your monitor • Your computer shuts down and powers off by itself
  • 45. WAY Forward : Payment Card Industry – Data Security Standard • The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. • Founded in 2006 by American Express, Discover, JCB International, MasterCard and Visa Inc. • The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you accept or process payment cards, PCI DSS applies to you
  • 46. IT SEC_RITY U Follow these policies and guidelines to make MCB (Most SeCure Bank) in Pakistan! 90% 10%
  • 47. User Activities are Monitored!
  • 48. Hacked ? Or Reporting a security breach ? Reach US @ itsecurity@mcb.com.pk Learn More about Information Security visit MCB InfoSec Policies