This document provides an overview of security awareness training from the University of Memphis' ITS department. It covers topics like password security, email security, safe browsing, ransomware, privacy, data encryption, mobile security, and two-factor authentication. University policies on data access and security are also referenced. Reporting security incidents and additional resources are outlined. The training emphasizes that technology can only address some risks and that users are the primary targets of hackers seeking access to systems and data.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Information Security Awareness for everyoneYasir Nafees
SAFE (which stands for Security Awareness For Everyone) is an information security awareness program designed to help organizations creating a well informed and risk-aware culture. SAFE focuses on learning to make it important for everyone to be fully informed and take responsibility to protect organization’s most important asset, “The Information”.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Building An Information Security Awareness ProgramBill Gardner
Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.
Cyber Security Awareness Training by Win-ProRonald Soh
Businesses are becoming more vulnerable to Cyber Security Threats.Especially, Small and Medium Businesses (SMB) that may not have the huge budget to spend more security to protect their business. This cyber security presentation will help to understand and help SMB mitigate risks by making some changes in their business.
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
2020 is not same for kids/teachers/college students and job goers, COVID-19 changed the things that we do from day to day life. Here, am discussing about the back to school safety for teachers, parents and kids to be safe and clean online.
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Effective security awareness training with basic needs for the organization and its employees. It should also be engaging and interactive, using a variety of formats such as videos, quizzes, simulations, and case studies.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
2. You are the target…
• You, and your access to University data, are
now the primary target of hackers.
• Gaining access to your login information
allows them to impersonate you, or use your
computer, to gain access to UofM systems
and data.
• Technology can address only a fraction of
security risks.
3. Security Awareness Basics
• University Policies
• Password Security
• Email Security
• Safe Browsing
• Ransomware
• Privacy
• Data Security and Encryption
• Mobile Device Security
• Duo Account Security
• Securing The Human Training
• Reporting an incident
• Reminders
• Other Security Resources
4. UofM IT Security Policies and Guidelines
Policies:
• UM1337 – Data Access
• UM1535 – Acceptable Use of IT Resources
• UM1566 – Security and Protection of IT Resources
• UM1691 – Campus Data Security
• UM1804 – Information Security Program
• UM1805 – Email Use
Guidelines and Best Practices:
• http://www.memphis.edu/its/security/policies-
guidelines.php
• http://www.memphis.edu/its/security/best-
practices.php
5. Password Security
• Password Reuse
• Maintain different credentials per service. Hackers know it’s hard to keep
up with multiple passwords. If they get one, they will use it against other
services hoping to gain additional access. Never use your University of
Memphis credentials with another service.
• Password Complexity
• Avoid over-simplified or very short passwords.
• Use longer passwords composed of standard words that you can remember
or the first letter in a sentence or phrase. The longer the password, the
more difficult to crack.
• The University of Memphis enforces a standard set of complexity
requirements to help create strong passwords.
• Password Change Frequency
• Frequency can be as important as complexity. Expired passwords are
useless.
• The University of Memphis currently enforces a 6 month expiration policy.
6. Password Management
• ITS will never ask you for your password.
• Avoid writing passwords down or keeping them in an
insecure text file or document.
• Email is not a password management system. Never
email your password to anyone (including yourself).
• A password management utility is one option for storing
personal passwords. Many exist that work on desktops
and mobile devices. These encrypt your passwords and
many will also help you generate complex passwords.
• 1Password and LastPass are examples of password
management utilities.
7. Email Security
• Email is one of the most common and most
successful attacks on the internet. Recent statistics
cite up to 90% of successful attacks against
businesses begin with a malicious email.
• Emails can contain malicious files like virus and
malware, link to malicious web sites, or try to coerce
or convince you to give away personal information,
like your username and password.
• Cybercriminals using email to attack businesses are
becoming more and more effective at evading
detection – technology alone is only marginally
effective at blocking these new email threats.
8. Email Do’s and Don’ts
Do:
• Always verify the sender of a message.
• Always hover over web page links (URLs) in email messages to
see where they link to – beware URL shortening services (like
bit.ly) that may obscure the final web site destination.
• Be skeptical of messages with odd spelling/grammar, improper
logos or that ask you to upgrade or verify your account.
• Report suspicious emails to abuse@memphis.edu.
Don’t:
• Open an attachment from an unknown sender. Consider the
source and whether or not the file was expected.
• Click on a link from an unknown sender.
• Email someone your username or password.
10. Phishing
• Phishing is the attempt to obtain sensitive information such as
usernames, passwords, and credit card details (and, indirectly,
money), often for malicious reasons, by disguising as a
trustworthy entity in an electronic communication. (Wikipedia -
https://en.wikipedia.org/wiki/Phishing )
• Common phishing scams attempt to use coercion or scare
tactics to get you to enter your username and password into a
phony web site, such as:
• A “required action” as a part of a system or quota upgrade
• A “required action” to prevent email account closure
• A “trusted” vendor, such as a fake Dropbox or Google alert
• A “legitimate” banking alert
• Once they have your password, phishers use your account
credentials to send more phishing messages, change financial
account information or redirect checks/deposits.
12. Viruses and Malware
• Cybercriminals also use attachments to spread viruses
or other malicious software (malware) to steal or destroy
data.
• Malware can install keyloggers to capture everything you
type, control your webcam/microphone, or send all of
your data to remote servers that the criminal controls.
• The attachment typically arrives as Word, Excel or PDF
file and has to be opened before the malware triggers.
• Malware will take advantage of unpatched software.
• Some Word/Excel malware require you to enable
Macros – always be suspicious of an attachment that
requests you to “lower” your security settings when
opening.
13. Email Spoofing
• Also called Business Email Compromise, email
spoofing typically uses an email address that
mimics a trusted party, such as a manager,
executive or co-worker, and can be difficult to
recognize (especially on mobile devices).
• Typically these scams involve a wire transfer or
request for sensitive files, such as W-2s or
legal documents.
• There is usually some urgency involved to
prevent the recipient from following up on the
request directly or following procedures.
15. Advance-Fee Scams
• Most other email scams involve advance-fees and check
fraud, attempting to gain your confidence to move
money on the criminal’s behalf.
• Nigerian “419” scams are the classic example – your
help is needed to move a large amount of money out of
a foreign country because someone is ill, has died, or
the country’s government is after it. The victim wires
money to assist and never receives anything in return.
• New variations include job offers – a sizable wage is
sent in advance for a low amount of work, deposited,
then requested to be transferred to another source for
payment of some debt. Original check bounces and the
victim has just wired their own money to the criminal.
16. Safe Web Browsing
• Keep your browser software version up-to-date.
• Keep any browser plug-ins up-to-date; especially Adobe Flash
and Java, as these are targeted frequently.
• Hover over URLs and links.
• Make use of pop-up and ad blockers.
• Be aware of where Google or other web searches are sending
you.
• Be careful when downloading software from the internet.
• If a website requests user information of any kind, make sure
that website is using HTTPS. Look for the padlock or other
indicators that the page is secure, such as a site that begins
with https://
17. Ransomware
• Ransomware is a new type of malware that encrypts
documents, pictures and other files, making them
unreadable. The attacker then holds the decryption key for
ransom until you agree to pay money, usually through an
untraceable method such as BitCoin or other digital
currency.
• Ransomware assumes that you’ll pay to recover your files
– if you back them up regularly, you have no need to pay
the ransom.
• On UofM machines, store files on your network (H:) drives,
UMdrive, etc. At home, use external drives or trusted cloud
services.
18. Privacy
• Social media and networking sites, by definition, collect,
maintain, and share personal identification.
• Be mindful of what information you share about yourself
and your family online or with others in electronic
communications.
• Social networking sites can be used by attackers to
collect information about you to use against you. Social
engineering attempts to use information the attacker
knows about you and your relationships with others to
your build trust.
• Always check your sharing settings to limit the
information you share with public or untrusted users.
19. Data Security and Encryption
• Per policy UM1691, UofM employees are responsible for ensuring the security
of the data that they access.
• Restricted or other sensitive data, as defined by the Classification of University
Data document, should never be stored on insecure or unsupported storage
platforms.
• Dropbox, Box, Google Drive, and other cloud platforms are not appropriate
for the storage of Restricted University data.
• See https://www.memphis.edu/its/security/data-storage-guidelines.php
for further guidelines on storing University electronic data.
• Restricted and/or sensitive data should be encrypted whenever possible.
Supported encryption technologies are described at
http://www.memphis.edu/its/security/policies-guidelines.php. Your LSP can
assist with encrypting data.
• Keeping sensitive data on campus servers alleviates the risk of a stolen mobile
device or compromised home computer.
• When disposing of old devices (desktops, laptops, flash drives, phones), ensure
all sensitive data has been securely deleted. LSPs will assist with this process
on UofM-owned equipment.
20. Mobile Device Security
• Keep your device software up to date – unpatched software leaves your
device vulnerable to attack. Install operating system updates as well as
updates to applications.
• Have anti-virus and/or anti-malware software installed, enabled and set to
automatically update.
• Never leave your laptop or mobile device unattended. Thefts do happen.
• Encrypt laptops and external media that contains restricted or sensitive
data.
• Make sure you backup your data frequently in case your device is ever lost
or stolen.
• Ensure access to your mobile device is protected with a passcode and use
built-in encryption settings to ensure that your data is safe if your device is
ever lost or stolen.
• Consider using a remote tracking/wipe function if supported. For iOS
devices, iCloud provides the “Find my iPhone” service for free. Android
and other mobile operating systems also have similar functionality.
21. Duo Account Security
• Duo Account Security is a multi-factor authentication
(MFA) solution that allows you to use a second factor
that you have or have access to when you log in to
your account.
• That second factor could be an app on a mobile device
or receiving a phone call or text message, or even a
one-time passcode.
• Whichever factor is used, the important thing is that
should someone obtain your username and password,
they will not have access to your phone or other device
and would not be able to complete the login process.
22. SANS Securing The Human
• Security Awareness Training is mandatory
for all Banner Finance / HR users.
• Training must be taken once a year and
consists of a group of short videos
followed by short quizzes.
• Certificate of completion can be printed
at end of assessments.
• https://sso.securingthehuman.org/uofmemphis
23. Reporting Incidents
• Phishing / Spam email messages can be
reported to abuse@memphis.edu.
• Real security incidents, such as
compromised credentials, compromised
system or evidence of data
exposure/release, can be reported using
our online form at
https://www.memphis.edu/its/security/incident-
report.php.
24. Reminders…
• ITS will never ask…
• … for your password via email or over the
phone.
• … for you to “confirm”, “upgrade” or
“reactivate” your account via email.
• … for you to follow a link to clean a virus
from your email mailbox.
• … for you to update or increase your email
quota.
• When in doubt, forward suspicious
emails to abuse@memphis.edu.
25. Other Security Resources
• ITS Security website
• https://www.memphis.edu/its/security
• CIO blog
• https://blogs.memphis.edu/cio
• Stay Safe Online – National Cyber Security Alliance
• https://www.staysafeonline.org
• US-CERT
• https://www.us-cert.gov
• FTC Privacy, Identity & Online Security
• https://www.consumer.ftc.gov/topics/privacy-identity-
online-security
• SANS Cyber Security Awareness
• https://cyberaware.securingthehuman.org
Talking points:
Browsing - http/https, exploits, software/plugin versions
Theft and data loss - laptop, USB flash device, data corruption
Inappropriate data access - P2P file sharing - legal implications
Discarded media and hardware - wipe or destroy media, laptops
Discuss “hovering” in more depth – potentially show example.
What is encryption? - Method of encoding and securing the content so that others cannot read it.