SlideShare a Scribd company logo

"We're all in this together" - educating users on the importance of cyber security

Download as PPTX, PDF
Jisc
Jisc

A presentation from the Jisc security conference 2018 by Frank Wadmore.

Technology
1 of 29
“We are all in this together” - educating users on the importance of cyber security Frank Wadmore IT networks and security manager, University of Central Lancashire
Created by - Frank Wadmore7-8 Nov 2018 We’re all in this together Educating users on the importance of cyber security
Created by - Frank Wadmore7-8 Nov 2018 Things are expected to just work • Gas, Water, Electricity ……IT (4th utility) • Take the car industry…. • Service intervals of years • Run flat tyres • Dynamic cruise control and lane assist • So complex they have to be reliable otherwise to expensive to own • Users heavily reliant on technology • Must work first time • Easy to setup • Must be able to do everything • Help you get from A-B and by the transport of your choice • Walking round with their life compressed in to small box in their pockets • And when they don’t, we buy new
Created by - Frank Wadmore7-8 Nov 2018 BBC News clipping
Created by - Frank Wadmore7-8 Nov 2018 2015 – Preparing for an Attack • Crash team • Who should be involved • Depends on type of incident, • Time of day and who was available • Who would we inform and how • Depends on type of incident, • Time of day and who was available • What would be our immediate steps • Depends on type of incident, • Time of day and who was available • Clearly this would have to be a team effort and not just involving IT
Created by - Frank Wadmore7-8 Nov 2018 2015 – Our 1st Ransomware Attack • Over 6,000 imaged clients • Over 700 imaged mobile clients • 38 buildings • 7 remote sites including our Cyprus campus • 600+ servers • 1,200+ switches • Nearly 1,000 shares • 2,500+ staff users with access to multiple shared drives •Oh……..@%$#%cks!!!!!!!!!!!
Created by - Frank Wadmore7-8 Nov 2018
Created by - Frank Wadmore7-8 Nov 2018 Network Traffic
Created by - Frank Wadmore7-8 Nov 2018 Time Line • 11: 00 -The malicious site went live • 14:30 - We got hit • 15:30 - It was reported to the Infrastructure team • 16:00 - Files stopped being encrypted • 16:15 – Locked all shared drives • 19:00 - User and machine located • 20:30 – Located entry route and .exe, sent file to McAfee and requested new DAT • 21:15 - Kicked off restore of affected shared drive from last back up (24hr) • 21:30 – Six hours after first being informed of issue, Team goes home • Next day - Distribute new DAT • Talk to user and find out what they had done • 12:00 - Unlocked shares (Business as Usual) • Team debrief
Created by - Frank Wadmore7-8 Nov 2018 And then it began! • Ransomware outbreaks on a weekly basis • At least 24 hours of disruption to the business (worst case – 48hrs) • Extremely resource intensive • Impact on other projects • Each time user was oblivious about what they had done • All zero days • There had to be a better way
Created by - Frank Wadmore7-8 Nov 2018 Our response to each incident • Locked all shares • Identify the user – Time and resource consuming • Locked device and user off network • Visit user (in pairs) - • Introduced our selves • Informed them what had happened. • Reassured them that they were not in trouble • Questioned users at to what they were doing • Educated user • Sent files to McAfee • Distributed new DAT file • Rebuilt affected drives • Cleaned infected PC • Re-enable user and device • Wait for next out break
Created by - Frank Wadmore7-8 Nov 2018 ? C: D: N: S: T: A B . . . ZExe Exe Ransomware – Honey Pots (000-UCLan) (zzz-UCLan) Windows File Auditing
Created by - Frank Wadmore7-8 Nov 2018 Still Resource Intensive • Managed to limit the impact on the business • Still same resource required to follow up on incidents • New firewalls deployed helped • Ransomware incidents replaced by other types of incidents • Educating was only hitting a small number of users
Created by - Frank Wadmore7-8 Nov 2018 Users responses ranged from….. Its not my problem. “IT” shouldn’t have let this happen! I’m so sorry, am I in a lot of trouble now?
Created by - Frank Wadmore7-8 Nov 2018 GDPR
Created by - Frank Wadmore7-8 Nov 2018 Buy in from Senior Management Finance Learning & Information ServicesHuman Resources Communications & Engagement Recruitment & Partnerships Service Information Governance Manager Academic Registry Planning & Insight Team Research Services Legal & Governance Corporate ServicesCorporate Records ManagerIT Data Networks & IT Security Chair - Pro Vice Chancellor (Corporate Dev.) Senior Executive Team ISDQ (Information Security & Data Quality Group)
Created by - Frank Wadmore7-8 Nov 2018 Mandatory Training (senior management buy in) • Only 12% staff under taken some form of security training • GDPR • Information Security Essentials • Safe Guarding • PCI DSS (SIG) • Nearly 90% staff have now under gone training
Created by - Frank Wadmore7-8 Nov 2018 Some Surprising Results • Users taking the test multiple time • A lot more calls to the Security team asking for advice • Some staff became over zealous with securing attachments
Created by - Frank Wadmore7-8 Nov 2018 Making it personal • Be thankful that this happened at work – “When its gone, its gone” • Don’t use work related passwords for private use and visa versa, the consequence could be very bad for all • This is a global problem so spread the word to family and friends
Created by - Frank Wadmore7-8 Nov 2018 View an accessible text-only version of this email 10 DAYS TO GDPR DAY It’s only 10 days until the General Data Protection Regulations (GDPR) come into force and it’s essential that appropriate technical and organisational measures are in place and staff are fully informed to ensure personal or confidential data is kept secure and not lost, damaged, destroyed or disclosed without authority. The University handles a large amount of personal information about our stakeholders, so staff awareness of the following procedures is paramount. Information Governance incident reporting Sent an email containing student data to an unauthorised person? Lost your SurfacePro? Misplaced papers containing personal contact details? Any breaches relating to the use of personal or confidential information need to be reported as soon as possible through the new Information Governance Incident Reporting form. This ensures that the incident is quickly raised with the Information Governance and Information Security teams, who can follow up as appropriate and if necessary report it to the Information Commissioner’s Office – we only have 72 hours to report to the ICO so swift reporting is essential. Guidance on what an information governance incident is can be found on the Staff Intranet. Data Protection Impact Assessment template and guidance launched Data protection impact assessments (DPIAs) are an important tool to help identify any data protection and GDPR risks associated with a project, initiative or policy so that those risks can be addressed and resolved early in the work programme. They should be used at the start of any project or change to a procedure or an activity where personal data will be processed, regardless of the size and scale of the project. The template and guidance can be found in this document on the Staff Intranet. If you have any queries regarding the above or if you need to seek guidance on a completed DPIA, please contact the Information Governance Manager (DPFOIA@uclan.ac.uk) with your questions. Visit the Policies and guidance SharePoint page for further information and associated templates relating to data protection, freedom of information and records management matters. View an accessible text-only version of this email Seven steps to a GDPR spring clean The clocks have gone forward and with spring in the air and GDPR looming on the horizon, here’s some steps you can take to get organised and clear the clutter. Keep the golden rule in mind to REDUCE and REORGANISE whilst also ensuring the data which needs to be retained is safe and secure. 1. The Banner system is currently being decluttered with expectations that up to nearly 500 users who don’t need access can be removed. You too can take action by reviewing and updating the shared drives, mailboxes, IT systems and SharePoint sites under your control or have access to. 2. Spring clean your desk – dispose of paperwork you no longer require, making sure that you only use the confidentiality bins to dispose of any confidential information. 3. Portable hard drive hoarder? USB user? Lost USBs, disks and hard drives you carry around have the potential to fall into the wrong hands. Keep your data secure by using encryption* or consider using an alternative solution by saving data using authorised IT systems. BitLocker is an encryption tool that can be used to encrypt portable media devices, while 7-Zip is a File Manager which allows you to compress, encrypt and zip files; both are available on all UCLan PCs. 4. Online and remote working are great – but ensure you’re using authorised and secured IT systems. Drop the Dropbox and Google Drive antics, the only online cloud storage approved by UCLan is OneDrive from Office 365. Applications in the Office suite (Word, Excel, PowerPoint etc.) all have the feature to enable files to be password protected and help you work securely. 5. Dig out your original iPad and any redundant IT equipment and hand back to LIS to dispose of securely. 6. Get into the GDPR habit. All information we work with is valuable. Ensure you don’t leave sensitive or personal information unattended on desks, by the photocopier or visible on your computer screen. If it is personal, put it away.
Created by - Frank Wadmore7-8 Nov 2018 Wishing you a safe cyber Christmas View this email in an accessible text-only version Christmas, the season of goodwill – or so you’d like to think. If you’re busy shopping online for mobile devices, laptops, PCs and games consoles as gifts or better still, lucky enough to find one with your name on it under the Christmas tree, here’s some timely advice about Malware – something which won’t be on anyone’s Christmas list this festive season. Malware is malicious software designed specifically to find its way onto your device in order to manipulate or cause damage. Some versions can also record and steal your information including your credit card account details – a real nightmare before Christmas! Viruses - no, not the one you’re likely to catch just after your office party. A computer virus is designed to cause damage, steal personal information, modify data, send e-mails, display messages, or a combination of these actions. Viruses are always attached to a program, file or document. Worms function without the need to ‘piggyback’ onto files, so if you’re connected to a network, a worm can break into your computer without you necessarily doing anything. They infiltrate networks and computers by finding gaps and soft spots in the code and cause harm by deleting, modifying, distributing, or otherwise manipulating data, making your device act strangely. Trojans are impostors – files that claim to be something desirable but containing malicious code and when triggered can cause loss or even theft, of data. In order for a Trojan to spread, it has to be ‘invited in’, by, for example, opening an email attachment. Trojans differ from viruses and worms in that they are a one-off infection and can’t copy and spread themselves. Adware and Spyware doesn’t attack directly but is more passive aggressive - opening doors and passing along information, often without causing much harm to your device. Adware pushes ads onto your device when downloaded and monitors the websites you visit in order to present you with more adverts hoping you’ll just click. Spyware is the ‘watchful eye’ of malware. Gathering information, tracking your activities and monitoring your browsing activity. It may even record your keystrokes – obviously an issue when typing in passwords. View this email in an accessible text-only version Happy Halloween! Here’s some spooktacular advice from our IT Security Team to make sure you're not tricked into clicking a link or attachment in a scary scam email. Over the past year the University has invested heavily in new technologies to prevent and protect against online threats, however, it’s still essential for staff and students to remain vigilant where emails are concerned. Make sure you dodge the fiendish fraudsters and ensure you don’t fall into a trap by responding to requests for personal information. To avoid getting caught up in a web of conspiracy and cons, don’t click on any links or open any attachments, without double checking whether the e-mail is legitimate and ask yourself some simple questions: 1.) Does something look strange or wrong with the email address of the sender? 2.) Are you expecting an email from the sender or is the communication unexpected? If the content sounds too good to be true … it usually is! 3.) Are you being addressed by your proper name? Scam emails often use a non-specific greeting such as “Dear customer.” 4.) Is there a request for personal and confidential information such as username, password or bank details? 5.) Are there any grammatical and spelling errors in the email text? Be particularly careful if you have set up accounts with large businesses such as Amazon using your UCLan e-mail address. Many rogue e-mails look like they come from legitimate businesses and can trick us into unleashing ghoulish gremlins onto the University network or your home PC or laptop. Stay safe online both at home and at work by using tools such as Virus Total, a free online checker, useful for checking files or URLs and find out more about protecting yourself from the horrors of cybercrime with free expert advice at Get Safe Online.
Created by - Frank Wadmore7-8 Nov 2018
Created by - Frank Wadmore7-8 Nov 2018
Created by - Frank Wadmore7-8 Nov 2018
Created by - Frank Wadmore7-8 Nov 2018 Regular topical updates
Created by - Frank Wadmore7-8 Nov 2018 Regular topical updates WARNING - Spear Phishing on the increase Most of us have probably been sent a phishing email at some time. Phishing emails are blanket emails sent to millions of addresses across the globe everyday, hoping that some recipients will be caught off guard and respond. A more sophisticated attack known as Spear Phishing, target individuates directly is now on the increase and is much harder to spot. The Phishers are doing their homework and know the types of emails you expect to receive and when. Please take time to view the You Tube video (Spear Phishing Awareness) for some useful advice on how to spot a Spear Phishing email. Think before you Click
Created by - Frank Wadmore7-8 Nov 2018 Web links • https://securingtomorrow.mcafee.com/ • https://www.getsafeonline.org/ • http://www.pewinternet.org/quiz/cybersecurity-knowledge/ • https://www.thecompleteuniversityguide.co.uk/preparing-to- go/staying-safe-at-university/top-tips-to-stay-safe/
Created by - Frank Wadmore7-8 Nov 2018 Summary • Users need to be drip fed • IT has got to be interesting and in bite size chunks • Try and keep it non-technical • Make it personal • Encourage users to report incidents • Get senior management buy in • Mandatory training worked for us • Establish a good relation ship with your communications team
Created by - Frank Wadmore7-8 Nov 2018 Questions?

Recommended

Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Good-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedGood-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedJames '​-- Mckinlay
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 

Recommended

Solve Big Data Security Issues
Solve Big Data Security IssuesSolve Big Data Security Issues
Solve Big Data Security IssuesEditor IJCATR
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Good-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedGood-cyber-hygiene-at-scale-and-speed
Good-cyber-hygiene-at-scale-and-speedJames '​-- Mckinlay
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelBDPA Education and Technology Foundation
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightJames '​-- Mckinlay
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataAri Elias-Bachrach
 
OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)Marcel Hoffmann
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015Marcel Hoffmann
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07AbdurrahmanADandalam1
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
Dlp notes
Dlp notesDlp notes
Dlp notesanuepcet
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudErik Von Schlehenried
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 

More Related Content

What's hot

Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research dataTomppa Järvinen
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)Marcel Hoffmann
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015Marcel Hoffmann
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 

What's hot (20)

Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Information security and research data
Information security and research dataInformation security and research data
Information security and research data
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)OpenText Secure MFT (Managed File Transfer)
OpenText Secure MFT (Managed File Transfer)
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015OpenText Core Customer Presentation Sept 2015
OpenText Core Customer Presentation Sept 2015
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
Dlp notes
Dlp notesDlp notes
Dlp notes
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 

Similar to "We're all in this together" - educating users on the importance of cyber security

Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudErik Von Schlehenried
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?Ashish Patel
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Making the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data VisibilityMaking the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data Visibilitydianadvo
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsgppcpa
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalDataExpress
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalDataExpress
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 

Similar to "We're all in this together" - educating users on the importance of cyber security (20)

Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloud
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 
Where in the world is your Corporate data?
Where in the world is your Corporate data?Where in the world is your Corporate data?
Where in the world is your Corporate data?
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_ReedThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
ThinAir Endpoint Visibility Security HIMSS2018 Brian_Reed
 
Cyber security event
Cyber security eventCyber security event
Cyber security event
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
 
Making the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data VisibilityMaking the Case for Stronger Endpoint Data Visibility
Making the Case for Stronger Endpoint Data Visibility
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express final
 
Expanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express finalExpanded ten reasons to deploy data express final
Expanded ten reasons to deploy data express final
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

"We're all in this together" - educating users on the importance of cyber security

  • 1. “We are all in this together” - educating users on the importance of cyber security Frank Wadmore IT networks and security manager, University of Central Lancashire
  • 2. Created by - Frank Wadmore7-8 Nov 2018 We’re all in this together Educating users on the importance of cyber security
  • 3. Created by - Frank Wadmore7-8 Nov 2018 Things are expected to just work • Gas, Water, Electricity ……IT (4th utility) • Take the car industry…. • Service intervals of years • Run flat tyres • Dynamic cruise control and lane assist • So complex they have to be reliable otherwise to expensive to own • Users heavily reliant on technology • Must work first time • Easy to setup • Must be able to do everything • Help you get from A-B and by the transport of your choice • Walking round with their life compressed in to small box in their pockets • And when they don’t, we buy new
  • 4. Created by - Frank Wadmore7-8 Nov 2018 BBC News clipping
  • 5. Created by - Frank Wadmore7-8 Nov 2018 2015 – Preparing for an Attack • Crash team • Who should be involved • Depends on type of incident, • Time of day and who was available • Who would we inform and how • Depends on type of incident, • Time of day and who was available • What would be our immediate steps • Depends on type of incident, • Time of day and who was available • Clearly this would have to be a team effort and not just involving IT
  • 6. Created by - Frank Wadmore7-8 Nov 2018 2015 – Our 1st Ransomware Attack • Over 6,000 imaged clients • Over 700 imaged mobile clients • 38 buildings • 7 remote sites including our Cyprus campus • 600+ servers • 1,200+ switches • Nearly 1,000 shares • 2,500+ staff users with access to multiple shared drives •Oh……..@%$#%cks!!!!!!!!!!!
  • 7. Created by - Frank Wadmore7-8 Nov 2018
  • 8. Created by - Frank Wadmore7-8 Nov 2018 Network Traffic
  • 9. Created by - Frank Wadmore7-8 Nov 2018 Time Line • 11: 00 -The malicious site went live • 14:30 - We got hit • 15:30 - It was reported to the Infrastructure team • 16:00 - Files stopped being encrypted • 16:15 – Locked all shared drives • 19:00 - User and machine located • 20:30 – Located entry route and .exe, sent file to McAfee and requested new DAT • 21:15 - Kicked off restore of affected shared drive from last back up (24hr) • 21:30 – Six hours after first being informed of issue, Team goes home • Next day - Distribute new DAT • Talk to user and find out what they had done • 12:00 - Unlocked shares (Business as Usual) • Team debrief
  • 10. Created by - Frank Wadmore7-8 Nov 2018 And then it began! • Ransomware outbreaks on a weekly basis • At least 24 hours of disruption to the business (worst case – 48hrs) • Extremely resource intensive • Impact on other projects • Each time user was oblivious about what they had done • All zero days • There had to be a better way
  • 11. Created by - Frank Wadmore7-8 Nov 2018 Our response to each incident • Locked all shares • Identify the user – Time and resource consuming • Locked device and user off network • Visit user (in pairs) - • Introduced our selves • Informed them what had happened. • Reassured them that they were not in trouble • Questioned users at to what they were doing • Educated user • Sent files to McAfee • Distributed new DAT file • Rebuilt affected drives • Cleaned infected PC • Re-enable user and device • Wait for next out break
  • 12. Created by - Frank Wadmore7-8 Nov 2018 ? C: D: N: S: T: A B . . . ZExe Exe Ransomware – Honey Pots (000-UCLan) (zzz-UCLan) Windows File Auditing
  • 13. Created by - Frank Wadmore7-8 Nov 2018 Still Resource Intensive • Managed to limit the impact on the business • Still same resource required to follow up on incidents • New firewalls deployed helped • Ransomware incidents replaced by other types of incidents • Educating was only hitting a small number of users
  • 14. Created by - Frank Wadmore7-8 Nov 2018 Users responses ranged from….. Its not my problem. “IT” shouldn’t have let this happen! I’m so sorry, am I in a lot of trouble now?
  • 15. Created by - Frank Wadmore7-8 Nov 2018 GDPR
  • 16. Created by - Frank Wadmore7-8 Nov 2018 Buy in from Senior Management Finance Learning & Information ServicesHuman Resources Communications & Engagement Recruitment & Partnerships Service Information Governance Manager Academic Registry Planning & Insight Team Research Services Legal & Governance Corporate ServicesCorporate Records ManagerIT Data Networks & IT Security Chair - Pro Vice Chancellor (Corporate Dev.) Senior Executive Team ISDQ (Information Security & Data Quality Group)
  • 17. Created by - Frank Wadmore7-8 Nov 2018 Mandatory Training (senior management buy in) • Only 12% staff under taken some form of security training • GDPR • Information Security Essentials • Safe Guarding • PCI DSS (SIG) • Nearly 90% staff have now under gone training
  • 18. Created by - Frank Wadmore7-8 Nov 2018 Some Surprising Results • Users taking the test multiple time • A lot more calls to the Security team asking for advice • Some staff became over zealous with securing attachments
  • 19. Created by - Frank Wadmore7-8 Nov 2018 Making it personal • Be thankful that this happened at work – “When its gone, its gone” • Don’t use work related passwords for private use and visa versa, the consequence could be very bad for all • This is a global problem so spread the word to family and friends
  • 20. Created by - Frank Wadmore7-8 Nov 2018 View an accessible text-only version of this email 10 DAYS TO GDPR DAY It’s only 10 days until the General Data Protection Regulations (GDPR) come into force and it’s essential that appropriate technical and organisational measures are in place and staff are fully informed to ensure personal or confidential data is kept secure and not lost, damaged, destroyed or disclosed without authority. The University handles a large amount of personal information about our stakeholders, so staff awareness of the following procedures is paramount. Information Governance incident reporting Sent an email containing student data to an unauthorised person? Lost your SurfacePro? Misplaced papers containing personal contact details? Any breaches relating to the use of personal or confidential information need to be reported as soon as possible through the new Information Governance Incident Reporting form. This ensures that the incident is quickly raised with the Information Governance and Information Security teams, who can follow up as appropriate and if necessary report it to the Information Commissioner’s Office – we only have 72 hours to report to the ICO so swift reporting is essential. Guidance on what an information governance incident is can be found on the Staff Intranet. Data Protection Impact Assessment template and guidance launched Data protection impact assessments (DPIAs) are an important tool to help identify any data protection and GDPR risks associated with a project, initiative or policy so that those risks can be addressed and resolved early in the work programme. They should be used at the start of any project or change to a procedure or an activity where personal data will be processed, regardless of the size and scale of the project. The template and guidance can be found in this document on the Staff Intranet. If you have any queries regarding the above or if you need to seek guidance on a completed DPIA, please contact the Information Governance Manager (DPFOIA@uclan.ac.uk) with your questions. Visit the Policies and guidance SharePoint page for further information and associated templates relating to data protection, freedom of information and records management matters. View an accessible text-only version of this email Seven steps to a GDPR spring clean The clocks have gone forward and with spring in the air and GDPR looming on the horizon, here’s some steps you can take to get organised and clear the clutter. Keep the golden rule in mind to REDUCE and REORGANISE whilst also ensuring the data which needs to be retained is safe and secure. 1. The Banner system is currently being decluttered with expectations that up to nearly 500 users who don’t need access can be removed. You too can take action by reviewing and updating the shared drives, mailboxes, IT systems and SharePoint sites under your control or have access to. 2. Spring clean your desk – dispose of paperwork you no longer require, making sure that you only use the confidentiality bins to dispose of any confidential information. 3. Portable hard drive hoarder? USB user? Lost USBs, disks and hard drives you carry around have the potential to fall into the wrong hands. Keep your data secure by using encryption* or consider using an alternative solution by saving data using authorised IT systems. BitLocker is an encryption tool that can be used to encrypt portable media devices, while 7-Zip is a File Manager which allows you to compress, encrypt and zip files; both are available on all UCLan PCs. 4. Online and remote working are great – but ensure you’re using authorised and secured IT systems. Drop the Dropbox and Google Drive antics, the only online cloud storage approved by UCLan is OneDrive from Office 365. Applications in the Office suite (Word, Excel, PowerPoint etc.) all have the feature to enable files to be password protected and help you work securely. 5. Dig out your original iPad and any redundant IT equipment and hand back to LIS to dispose of securely. 6. Get into the GDPR habit. All information we work with is valuable. Ensure you don’t leave sensitive or personal information unattended on desks, by the photocopier or visible on your computer screen. If it is personal, put it away.
  • 21. Created by - Frank Wadmore7-8 Nov 2018 Wishing you a safe cyber Christmas View this email in an accessible text-only version Christmas, the season of goodwill – or so you’d like to think. If you’re busy shopping online for mobile devices, laptops, PCs and games consoles as gifts or better still, lucky enough to find one with your name on it under the Christmas tree, here’s some timely advice about Malware – something which won’t be on anyone’s Christmas list this festive season. Malware is malicious software designed specifically to find its way onto your device in order to manipulate or cause damage. Some versions can also record and steal your information including your credit card account details – a real nightmare before Christmas! Viruses - no, not the one you’re likely to catch just after your office party. A computer virus is designed to cause damage, steal personal information, modify data, send e-mails, display messages, or a combination of these actions. Viruses are always attached to a program, file or document. Worms function without the need to ‘piggyback’ onto files, so if you’re connected to a network, a worm can break into your computer without you necessarily doing anything. They infiltrate networks and computers by finding gaps and soft spots in the code and cause harm by deleting, modifying, distributing, or otherwise manipulating data, making your device act strangely. Trojans are impostors – files that claim to be something desirable but containing malicious code and when triggered can cause loss or even theft, of data. In order for a Trojan to spread, it has to be ‘invited in’, by, for example, opening an email attachment. Trojans differ from viruses and worms in that they are a one-off infection and can’t copy and spread themselves. Adware and Spyware doesn’t attack directly but is more passive aggressive - opening doors and passing along information, often without causing much harm to your device. Adware pushes ads onto your device when downloaded and monitors the websites you visit in order to present you with more adverts hoping you’ll just click. Spyware is the ‘watchful eye’ of malware. Gathering information, tracking your activities and monitoring your browsing activity. It may even record your keystrokes – obviously an issue when typing in passwords. View this email in an accessible text-only version Happy Halloween! Here’s some spooktacular advice from our IT Security Team to make sure you're not tricked into clicking a link or attachment in a scary scam email. Over the past year the University has invested heavily in new technologies to prevent and protect against online threats, however, it’s still essential for staff and students to remain vigilant where emails are concerned. Make sure you dodge the fiendish fraudsters and ensure you don’t fall into a trap by responding to requests for personal information. To avoid getting caught up in a web of conspiracy and cons, don’t click on any links or open any attachments, without double checking whether the e-mail is legitimate and ask yourself some simple questions: 1.) Does something look strange or wrong with the email address of the sender? 2.) Are you expecting an email from the sender or is the communication unexpected? If the content sounds too good to be true … it usually is! 3.) Are you being addressed by your proper name? Scam emails often use a non-specific greeting such as “Dear customer.” 4.) Is there a request for personal and confidential information such as username, password or bank details? 5.) Are there any grammatical and spelling errors in the email text? Be particularly careful if you have set up accounts with large businesses such as Amazon using your UCLan e-mail address. Many rogue e-mails look like they come from legitimate businesses and can trick us into unleashing ghoulish gremlins onto the University network or your home PC or laptop. Stay safe online both at home and at work by using tools such as Virus Total, a free online checker, useful for checking files or URLs and find out more about protecting yourself from the horrors of cybercrime with free expert advice at Get Safe Online.
  • 22. Created by - Frank Wadmore7-8 Nov 2018
  • 23. Created by - Frank Wadmore7-8 Nov 2018
  • 24. Created by - Frank Wadmore7-8 Nov 2018
  • 25. Created by - Frank Wadmore7-8 Nov 2018 Regular topical updates
  • 26. Created by - Frank Wadmore7-8 Nov 2018 Regular topical updates WARNING - Spear Phishing on the increase Most of us have probably been sent a phishing email at some time. Phishing emails are blanket emails sent to millions of addresses across the globe everyday, hoping that some recipients will be caught off guard and respond. A more sophisticated attack known as Spear Phishing, target individuates directly is now on the increase and is much harder to spot. The Phishers are doing their homework and know the types of emails you expect to receive and when. Please take time to view the You Tube video (Spear Phishing Awareness) for some useful advice on how to spot a Spear Phishing email. Think before you Click
  • 27. Created by - Frank Wadmore7-8 Nov 2018 Web links • https://securingtomorrow.mcafee.com/ • https://www.getsafeonline.org/ • http://www.pewinternet.org/quiz/cybersecurity-knowledge/ • https://www.thecompleteuniversityguide.co.uk/preparing-to- go/staying-safe-at-university/top-tips-to-stay-safe/
  • 28. Created by - Frank Wadmore7-8 Nov 2018 Summary • Users need to be drip fed • IT has got to be interesting and in bite size chunks • Try and keep it non-technical • Make it personal • Encourage users to report incidents • Get senior management buy in • Mandatory training worked for us • Establish a good relation ship with your communications team
  • 29. Created by - Frank Wadmore7-8 Nov 2018 Questions?