SlideShare a Scribd company logo

Securityawareness

Download as PPTX, PDF
J
JayfErika

This document provides an overview of security awareness training from the University of Memphis' ITS department. It covers topics like password security, email security, safe browsing, ransomware, privacy, data encryption, mobile security, and two-factor authentication. University policies on data access and security are also referenced. Reporting security incidents and additional resources are outlined. The training emphasizes that technology can only address some risks and that users are the primary targets of hackers seeking access to systems and data.

Technology
1 of 27
Security Awareness ITS Security Training Fall 2017
You are the target… • You, and your access to University data, are now the primary target of hackers. • Gaining access to your login information allows them to impersonate you, or use your computer, to gain access to UofM systems and data. • Technology can address only a fraction of security risks.
Security Awareness Basics • University Policies • Password Security • Email Security • Safe Browsing • Ransomware • Privacy • Data Security and Encryption • Mobile Device Security • Duo Account Security • Securing The Human Training • Reporting an incident • Reminders • Other Security Resources
UofM IT Security Policies and Guidelines Policies: • UM1337 – Data Access • UM1535 – Acceptable Use of IT Resources • UM1566 – Security and Protection of IT Resources • UM1691 – Campus Data Security • UM1804 – Information Security Program • UM1805 – Email Use Guidelines and Best Practices: • http://www.memphis.edu/its/security/policies- guidelines.php • http://www.memphis.edu/its/security/best- practices.php
Password Security • Password Reuse • Maintain different credentials per service. Hackers know it’s hard to keep up with multiple passwords. If they get one, they will use it against other services hoping to gain additional access. Never use your University of Memphis credentials with another service. • Password Complexity • Avoid over-simplified or very short passwords. • Use longer passwords composed of standard words that you can remember or the first letter in a sentence or phrase. The longer the password, the more difficult to crack. • The University of Memphis enforces a standard set of complexity requirements to help create strong passwords. • Password Change Frequency • Frequency can be as important as complexity. Expired passwords are useless. • The University of Memphis currently enforces a 6 month expiration policy.
Password Management • ITS will never ask you for your password. • Avoid writing passwords down or keeping them in an insecure text file or document. • Email is not a password management system. Never email your password to anyone (including yourself). • A password management utility is one option for storing personal passwords. Many exist that work on desktops and mobile devices. These encrypt your passwords and many will also help you generate complex passwords. • 1Password and LastPass are examples of password management utilities.
Email Security • Email is one of the most common and most successful attacks on the internet. Recent statistics cite up to 90% of successful attacks against businesses begin with a malicious email. • Emails can contain malicious files like virus and malware, link to malicious web sites, or try to coerce or convince you to give away personal information, like your username and password. • Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats.
Email Do’s and Don’ts Do: • Always verify the sender of a message. • Always hover over web page links (URLs) in email messages to see where they link to – beware URL shortening services (like bit.ly) that may obscure the final web site destination. • Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify your account. • Report suspicious emails to abuse@memphis.edu. Don’t: • Open an attachment from an unknown sender. Consider the source and whether or not the file was expected. • Click on a link from an unknown sender. • Email someone your username or password.
Email Threat Examples • Phishing • Viruses and Malware • Email Spoofing • Other Scams
Phishing • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. (Wikipedia - https://en.wikipedia.org/wiki/Phishing ) • Common phishing scams attempt to use coercion or scare tactics to get you to enter your username and password into a phony web site, such as: • A “required action” as a part of a system or quota upgrade • A “required action” to prevent email account closure • A “trusted” vendor, such as a fake Dropbox or Google alert • A “legitimate” banking alert • Once they have your password, phishers use your account credentials to send more phishing messages, change financial account information or redirect checks/deposits.
Phishing Examples
Viruses and Malware • Cybercriminals also use attachments to spread viruses or other malicious software (malware) to steal or destroy data. • Malware can install keyloggers to capture everything you type, control your webcam/microphone, or send all of your data to remote servers that the criminal controls. • The attachment typically arrives as Word, Excel or PDF file and has to be opened before the malware triggers. • Malware will take advantage of unpatched software. • Some Word/Excel malware require you to enable Macros – always be suspicious of an attachment that requests you to “lower” your security settings when opening.
Email Spoofing • Also called Business Email Compromise, email spoofing typically uses an email address that mimics a trusted party, such as a manager, executive or co-worker, and can be difficult to recognize (especially on mobile devices). • Typically these scams involve a wire transfer or request for sensitive files, such as W-2s or legal documents. • There is usually some urgency involved to prevent the recipient from following up on the request directly or following procedures.
Email Spoofing Example
Advance-Fee Scams • Most other email scams involve advance-fees and check fraud, attempting to gain your confidence to move money on the criminal’s behalf. • Nigerian “419” scams are the classic example – your help is needed to move a large amount of money out of a foreign country because someone is ill, has died, or the country’s government is after it. The victim wires money to assist and never receives anything in return. • New variations include job offers – a sizable wage is sent in advance for a low amount of work, deposited, then requested to be transferred to another source for payment of some debt. Original check bounces and the victim has just wired their own money to the criminal.
Safe Web Browsing • Keep your browser software version up-to-date. • Keep any browser plug-ins up-to-date; especially Adobe Flash and Java, as these are targeted frequently. • Hover over URLs and links. • Make use of pop-up and ad blockers. • Be aware of where Google or other web searches are sending you. • Be careful when downloading software from the internet. • If a website requests user information of any kind, make sure that website is using HTTPS. Look for the padlock or other indicators that the page is secure, such as a site that begins with https://
Ransomware • Ransomware is a new type of malware that encrypts documents, pictures and other files, making them unreadable. The attacker then holds the decryption key for ransom until you agree to pay money, usually through an untraceable method such as BitCoin or other digital currency. • Ransomware assumes that you’ll pay to recover your files – if you back them up regularly, you have no need to pay the ransom. • On UofM machines, store files on your network (H:) drives, UMdrive, etc. At home, use external drives or trusted cloud services.
Privacy • Social media and networking sites, by definition, collect, maintain, and share personal identification. • Be mindful of what information you share about yourself and your family online or with others in electronic communications. • Social networking sites can be used by attackers to collect information about you to use against you. Social engineering attempts to use information the attacker knows about you and your relationships with others to your build trust. • Always check your sharing settings to limit the information you share with public or untrusted users.
Data Security and Encryption • Per policy UM1691, UofM employees are responsible for ensuring the security of the data that they access. • Restricted or other sensitive data, as defined by the Classification of University Data document, should never be stored on insecure or unsupported storage platforms. • Dropbox, Box, Google Drive, and other cloud platforms are not appropriate for the storage of Restricted University data. • See https://www.memphis.edu/its/security/data-storage-guidelines.php for further guidelines on storing University electronic data. • Restricted and/or sensitive data should be encrypted whenever possible. Supported encryption technologies are described at http://www.memphis.edu/its/security/policies-guidelines.php. Your LSP can assist with encrypting data. • Keeping sensitive data on campus servers alleviates the risk of a stolen mobile device or compromised home computer. • When disposing of old devices (desktops, laptops, flash drives, phones), ensure all sensitive data has been securely deleted. LSPs will assist with this process on UofM-owned equipment.
Mobile Device Security • Keep your device software up to date – unpatched software leaves your device vulnerable to attack. Install operating system updates as well as updates to applications. • Have anti-virus and/or anti-malware software installed, enabled and set to automatically update. • Never leave your laptop or mobile device unattended. Thefts do happen. • Encrypt laptops and external media that contains restricted or sensitive data. • Make sure you backup your data frequently in case your device is ever lost or stolen. • Ensure access to your mobile device is protected with a passcode and use built-in encryption settings to ensure that your data is safe if your device is ever lost or stolen. • Consider using a remote tracking/wipe function if supported. For iOS devices, iCloud provides the “Find my iPhone” service for free. Android and other mobile operating systems also have similar functionality.
Duo Account Security • Duo Account Security is a multi-factor authentication (MFA) solution that allows you to use a second factor that you have or have access to when you log in to your account. • That second factor could be an app on a mobile device or receiving a phone call or text message, or even a one-time passcode. • Whichever factor is used, the important thing is that should someone obtain your username and password, they will not have access to your phone or other device and would not be able to complete the login process.
SANS Securing The Human • Security Awareness Training is mandatory for all Banner Finance / HR users. • Training must be taken once a year and consists of a group of short videos followed by short quizzes. • Certificate of completion can be printed at end of assessments. • https://sso.securingthehuman.org/uofmemphis
Reporting Incidents • Phishing / Spam email messages can be reported to abuse@memphis.edu. • Real security incidents, such as compromised credentials, compromised system or evidence of data exposure/release, can be reported using our online form at https://www.memphis.edu/its/security/incident- report.php.
Reminders… • ITS will never ask… • … for your password via email or over the phone. • … for you to “confirm”, “upgrade” or “reactivate” your account via email. • … for you to follow a link to clean a virus from your email mailbox. • … for you to update or increase your email quota. • When in doubt, forward suspicious emails to abuse@memphis.edu.
Other Security Resources • ITS Security website • https://www.memphis.edu/its/security • CIO blog • https://blogs.memphis.edu/cio • Stay Safe Online – National Cyber Security Alliance • https://www.staysafeonline.org • US-CERT • https://www.us-cert.gov • FTC Privacy, Identity & Online Security • https://www.consumer.ftc.gov/topics/privacy-identity- online-security • SANS Cyber Security Awareness • https://cyberaware.securingthehuman.org
Open Discussion
THANK YOU! ITS Security http://www.memphis.edu/its/security/

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 

Recommended

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Security awareness
Security awarenessSecurity awareness
Security awareness
Josh Chandler
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx
DevenderDahiya9
 

More Related Content

What's hot

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
Community IT Innovators
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
AbdalrhmanTHassan
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
Dave Monahan
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
Ronald Soh
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 

What's hot (20)

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 

Similar to Securityawareness

TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
KevinRiley83
 
6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx
DevenderDahiya9
 
Back to school - CYBER SAFETY
Back to school - CYBER SAFETYBack to school - CYBER SAFETY
Back to school - CYBER SAFETY
Sairam
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
CharithraaAR
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
Lourdes Paloma Gimenez
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
Kirti Verma
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Kaushal Solanki
 
Internet Security
Internet SecurityInternet Security
Internet Security
mjelson
 
Cyber security
Cyber security Cyber security
Cyber security
ZwebaButt
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
Geoffrey Vaughan
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
Stephen Jesukanth Martin
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
santosh26kumar2003
 
INTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptxINTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptx
BHUt6
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
Manish Singh
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
Nicholas Davis
 
Information security
Information securityInformation security
Information security
Vijayananda Mohire
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
UmaraZahidLecturer
 
Ethics and safety measures in Computing
Ethics and safety measures in ComputingEthics and safety measures in Computing
Ethics and safety measures in Computing
Ankit Malviya
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
MohammedYaseen638128
 

Similar to Securityawareness (20)

TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx6 Cyber Security Introduction - sec101-idtheft .pptx
6 Cyber Security Introduction - sec101-idtheft .pptx
 
Back to school - CYBER SAFETY
Back to school - CYBER SAFETYBack to school - CYBER SAFETY
Back to school - CYBER SAFETY
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
Unveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity postureUnveiling the dark web. The importance of your cybersecurity posture
Unveiling the dark web. The importance of your cybersecurity posture
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
 
Phishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptxPhishing Whaling and Hacking Case Studies.pptx
Phishing Whaling and Hacking Case Studies.pptx
 
COMPUTER ETHICS.pptx
COMPUTER ETHICS.pptxCOMPUTER ETHICS.pptx
COMPUTER ETHICS.pptx
 
INTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptxINTERNET SAFETY-WPS Office (1).pptx
INTERNET SAFETY-WPS Office (1).pptx
 
Recommending information security measures
Recommending information security measuresRecommending information security measures
Recommending information security measures
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Information security
Information securityInformation security
Information security
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
 
Ethics and safety measures in Computing
Ethics and safety measures in ComputingEthics and safety measures in Computing
Ethics and safety measures in Computing
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Securityawareness

  • 1. Security Awareness ITS Security Training Fall 2017
  • 2. You are the target… • You, and your access to University data, are now the primary target of hackers. • Gaining access to your login information allows them to impersonate you, or use your computer, to gain access to UofM systems and data. • Technology can address only a fraction of security risks.
  • 3. Security Awareness Basics • University Policies • Password Security • Email Security • Safe Browsing • Ransomware • Privacy • Data Security and Encryption • Mobile Device Security • Duo Account Security • Securing The Human Training • Reporting an incident • Reminders • Other Security Resources
  • 4. UofM IT Security Policies and Guidelines Policies: • UM1337 – Data Access • UM1535 – Acceptable Use of IT Resources • UM1566 – Security and Protection of IT Resources • UM1691 – Campus Data Security • UM1804 – Information Security Program • UM1805 – Email Use Guidelines and Best Practices: • http://www.memphis.edu/its/security/policies- guidelines.php • http://www.memphis.edu/its/security/best- practices.php
  • 5. Password Security • Password Reuse • Maintain different credentials per service. Hackers know it’s hard to keep up with multiple passwords. If they get one, they will use it against other services hoping to gain additional access. Never use your University of Memphis credentials with another service. • Password Complexity • Avoid over-simplified or very short passwords. • Use longer passwords composed of standard words that you can remember or the first letter in a sentence or phrase. The longer the password, the more difficult to crack. • The University of Memphis enforces a standard set of complexity requirements to help create strong passwords. • Password Change Frequency • Frequency can be as important as complexity. Expired passwords are useless. • The University of Memphis currently enforces a 6 month expiration policy.
  • 6. Password Management • ITS will never ask you for your password. • Avoid writing passwords down or keeping them in an insecure text file or document. • Email is not a password management system. Never email your password to anyone (including yourself). • A password management utility is one option for storing personal passwords. Many exist that work on desktops and mobile devices. These encrypt your passwords and many will also help you generate complex passwords. • 1Password and LastPass are examples of password management utilities.
  • 7. Email Security • Email is one of the most common and most successful attacks on the internet. Recent statistics cite up to 90% of successful attacks against businesses begin with a malicious email. • Emails can contain malicious files like virus and malware, link to malicious web sites, or try to coerce or convince you to give away personal information, like your username and password. • Cybercriminals using email to attack businesses are becoming more and more effective at evading detection – technology alone is only marginally effective at blocking these new email threats.
  • 8. Email Do’s and Don’ts Do: • Always verify the sender of a message. • Always hover over web page links (URLs) in email messages to see where they link to – beware URL shortening services (like bit.ly) that may obscure the final web site destination. • Be skeptical of messages with odd spelling/grammar, improper logos or that ask you to upgrade or verify your account. • Report suspicious emails to abuse@memphis.edu. Don’t: • Open an attachment from an unknown sender. Consider the source and whether or not the file was expected. • Click on a link from an unknown sender. • Email someone your username or password.
  • 9. Email Threat Examples • Phishing • Viruses and Malware • Email Spoofing • Other Scams
  • 10. Phishing • Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. (Wikipedia - https://en.wikipedia.org/wiki/Phishing ) • Common phishing scams attempt to use coercion or scare tactics to get you to enter your username and password into a phony web site, such as: • A “required action” as a part of a system or quota upgrade • A “required action” to prevent email account closure • A “trusted” vendor, such as a fake Dropbox or Google alert • A “legitimate” banking alert • Once they have your password, phishers use your account credentials to send more phishing messages, change financial account information or redirect checks/deposits.
  • 12. Viruses and Malware • Cybercriminals also use attachments to spread viruses or other malicious software (malware) to steal or destroy data. • Malware can install keyloggers to capture everything you type, control your webcam/microphone, or send all of your data to remote servers that the criminal controls. • The attachment typically arrives as Word, Excel or PDF file and has to be opened before the malware triggers. • Malware will take advantage of unpatched software. • Some Word/Excel malware require you to enable Macros – always be suspicious of an attachment that requests you to “lower” your security settings when opening.
  • 13. Email Spoofing • Also called Business Email Compromise, email spoofing typically uses an email address that mimics a trusted party, such as a manager, executive or co-worker, and can be difficult to recognize (especially on mobile devices). • Typically these scams involve a wire transfer or request for sensitive files, such as W-2s or legal documents. • There is usually some urgency involved to prevent the recipient from following up on the request directly or following procedures.
  • 15. Advance-Fee Scams • Most other email scams involve advance-fees and check fraud, attempting to gain your confidence to move money on the criminal’s behalf. • Nigerian “419” scams are the classic example – your help is needed to move a large amount of money out of a foreign country because someone is ill, has died, or the country’s government is after it. The victim wires money to assist and never receives anything in return. • New variations include job offers – a sizable wage is sent in advance for a low amount of work, deposited, then requested to be transferred to another source for payment of some debt. Original check bounces and the victim has just wired their own money to the criminal.
  • 16. Safe Web Browsing • Keep your browser software version up-to-date. • Keep any browser plug-ins up-to-date; especially Adobe Flash and Java, as these are targeted frequently. • Hover over URLs and links. • Make use of pop-up and ad blockers. • Be aware of where Google or other web searches are sending you. • Be careful when downloading software from the internet. • If a website requests user information of any kind, make sure that website is using HTTPS. Look for the padlock or other indicators that the page is secure, such as a site that begins with https://
  • 17. Ransomware • Ransomware is a new type of malware that encrypts documents, pictures and other files, making them unreadable. The attacker then holds the decryption key for ransom until you agree to pay money, usually through an untraceable method such as BitCoin or other digital currency. • Ransomware assumes that you’ll pay to recover your files – if you back them up regularly, you have no need to pay the ransom. • On UofM machines, store files on your network (H:) drives, UMdrive, etc. At home, use external drives or trusted cloud services.
  • 18. Privacy • Social media and networking sites, by definition, collect, maintain, and share personal identification. • Be mindful of what information you share about yourself and your family online or with others in electronic communications. • Social networking sites can be used by attackers to collect information about you to use against you. Social engineering attempts to use information the attacker knows about you and your relationships with others to your build trust. • Always check your sharing settings to limit the information you share with public or untrusted users.
  • 19. Data Security and Encryption • Per policy UM1691, UofM employees are responsible for ensuring the security of the data that they access. • Restricted or other sensitive data, as defined by the Classification of University Data document, should never be stored on insecure or unsupported storage platforms. • Dropbox, Box, Google Drive, and other cloud platforms are not appropriate for the storage of Restricted University data. • See https://www.memphis.edu/its/security/data-storage-guidelines.php for further guidelines on storing University electronic data. • Restricted and/or sensitive data should be encrypted whenever possible. Supported encryption technologies are described at http://www.memphis.edu/its/security/policies-guidelines.php. Your LSP can assist with encrypting data. • Keeping sensitive data on campus servers alleviates the risk of a stolen mobile device or compromised home computer. • When disposing of old devices (desktops, laptops, flash drives, phones), ensure all sensitive data has been securely deleted. LSPs will assist with this process on UofM-owned equipment.
  • 20. Mobile Device Security • Keep your device software up to date – unpatched software leaves your device vulnerable to attack. Install operating system updates as well as updates to applications. • Have anti-virus and/or anti-malware software installed, enabled and set to automatically update. • Never leave your laptop or mobile device unattended. Thefts do happen. • Encrypt laptops and external media that contains restricted or sensitive data. • Make sure you backup your data frequently in case your device is ever lost or stolen. • Ensure access to your mobile device is protected with a passcode and use built-in encryption settings to ensure that your data is safe if your device is ever lost or stolen. • Consider using a remote tracking/wipe function if supported. For iOS devices, iCloud provides the “Find my iPhone” service for free. Android and other mobile operating systems also have similar functionality.
  • 21. Duo Account Security • Duo Account Security is a multi-factor authentication (MFA) solution that allows you to use a second factor that you have or have access to when you log in to your account. • That second factor could be an app on a mobile device or receiving a phone call or text message, or even a one-time passcode. • Whichever factor is used, the important thing is that should someone obtain your username and password, they will not have access to your phone or other device and would not be able to complete the login process.
  • 22. SANS Securing The Human • Security Awareness Training is mandatory for all Banner Finance / HR users. • Training must be taken once a year and consists of a group of short videos followed by short quizzes. • Certificate of completion can be printed at end of assessments. • https://sso.securingthehuman.org/uofmemphis
  • 23. Reporting Incidents • Phishing / Spam email messages can be reported to abuse@memphis.edu. • Real security incidents, such as compromised credentials, compromised system or evidence of data exposure/release, can be reported using our online form at https://www.memphis.edu/its/security/incident- report.php.
  • 24. Reminders… • ITS will never ask… • … for your password via email or over the phone. • … for you to “confirm”, “upgrade” or “reactivate” your account via email. • … for you to follow a link to clean a virus from your email mailbox. • … for you to update or increase your email quota. • When in doubt, forward suspicious emails to abuse@memphis.edu.
  • 25. Other Security Resources • ITS Security website • https://www.memphis.edu/its/security • CIO blog • https://blogs.memphis.edu/cio • Stay Safe Online – National Cyber Security Alliance • https://www.staysafeonline.org • US-CERT • https://www.us-cert.gov • FTC Privacy, Identity & Online Security • https://www.consumer.ftc.gov/topics/privacy-identity- online-security • SANS Cyber Security Awareness • https://cyberaware.securingthehuman.org

Editor's Notes

  1. Talking points: Browsing - http/https, exploits, software/plugin versions Theft and data loss - laptop, USB flash device, data corruption Inappropriate data access - P2P file sharing - legal implications Discarded media and hardware - wipe or destroy media, laptops
  2. https://info.phishlabs.com/blog/fbi-fraud-alert-business-e-mail-compromise
  3. Discuss “hovering” in more depth – potentially show example. What is encryption? - Method of encoding and securing the content so that others cannot read it.