This document provides an overview of the importance of cybersecurity, detailing threats such as phishing, malware, and ransomware, and the principles of protecting computing assets, including confidentiality, integrity, and availability. It also covers regulations like HIPAA for protecting patient information and outlines personal cybersecurity best practices. Additionally, it discusses the Indian IT Act of 2000 that governs cybersecurity and addresses various cybercrimes.

1. CYBER SECURITY
-WHYISITIMPORTANT?

2. OBJECTIVE
This presentation aims to educate
and create awareness amongst
the community on the use of
Technology, Internet Media and
its implications on possible cyber
crimes

3. Evolution of technology, usage and value
Evolution of security problems and solutions
Evolution never stops…

4. 4

5. 5
Cyber Security
Cyber Security is a set of principles and
practices designed to safeguard your
computing assets and online information
against threats. It is the practice of defending
computers, servers, mobile devices, electronic
systems, networks, and data from malicious
attacks.

6. 6
What is a Secure System?
• Confidentiality – restrict
access to authorized
individuals
• Integrity – data has not been
altered in an unauthorized
manner
• Availability – information can
be accessed and modified by
authorized individuals in an
appropriate timeframe

7. 7
Confidentiality
Example: Protection from Criminal stealing
customers’ usernames, passwords, or credit card information.
Protecting information from unauthorized access and disclosure

8. 8
Integrity
Protecting information from
unauthorized modification
Example:
Only authorized personel can alter payroll information or a
proposed product design

9. 9
Availability
Example: Protection from Criminal stealing
customers’ usernames, passwords, or credit card information.
Protecting information from unauthorized access and disclosure

10. 10
Threats and Vulnerabilities
What are we protecting our and our stakeholder’s information
from?
Threats: Any circumstances or events that can potentially harm an
information system by destroying it, disclosing the information
stored on the system, adversely modifying data, or making the
system unavailable
Vulnerabilities: Weakness in an information system or its
components that could be exploited.

11. 11
What kinds of threats are there?
• Phishing and Spear- phishing Attacks
• Social Engineering Scams
• Common Malware and Ransomware
• Business Email Compromise
• Fake websites that steal data or infect devices
And much more

12. 12
Phishing
• Phishing refers to the practice of creating fake emails or SMS that
appear to come from someone you trust, such as: Bank, Credit
Card Company, Popular Websites
• The email/SMS will ask you to “confirm your account details or
your vendor’s account details”, and then direct you to a website
that looks just like the real website, but whose sole purpose is for
steal information.
• Of course, if you enter your information, a cybercriminal could use
it to steal your identity and possibly make fraudulent purchases
with your money.

13. 13
Example of Phishing

14. 14
Social Engineering
• When attempting to steal information or a person’s identity, a
hacker will often try to trick you into giving out sensitive
information rather than breaking into your computer.
• Social Engineering can happen:
• Over the phone
• By text message
• Instant message
• Email

15. 15
Malware
• Malware = “malicious software”
• Malware is any kind of unwanted software that is installed without your
consent on your computer and other digital devices.
• Viruses, Worms, Trojan horses, Bombs, Spyware, Adware, and Ransomware
are subgroups of malware.

16. 16
Virus: A computer virus is a type of malicious software, or malware,
that spreads between computers and causes damage to data and
software.
Trojan: Trojan is a type of malware that typically gets hidden as an
attachment in an email or a free-to-download file, and then transfers
onto the user’s device. Once downloaded, the malicious code will
execute the task the attacker designed it for, such as gaining
backdoor access to corporate systems, spying on users’ online
activity, or stealing sensitive data.
Worms: A computer worm is a subset of the Trojan horse malware
that can propagate or self-replicate from one computer to another
without human activation after breaching a system.
Adware: Adware is a type of malware designed to display.
Spyware: Spyware is like adware it spies on the user to see what
information it can collect off the user’s computer to display pop ads
on the user’s computer. Spyware unlike adware likes to use memory
from programs running in the background of the computer to keep
a close watch on the user.

17. 17
Denial of Service Attack

18. 18
Ransomware
• Ransomware is a type of malware that
restricts your access to systems and files,
typically by encryption and then demands
a ransom to restore access.
• Often, systems are infected by
ransomware through a link in a malicious
email. When the user clicks the link, the
ransomware is downloaded to the user’s
computer, smartphone or other device.
Ransomware may spread through
connected networks.

19. 19
Ransomware Controls
• Weapons-Grade Data Backups
• Religious Patch Management
• Plan to Fail Well (Incident Response Plan)
• Know who to call!
• Training and Testing Your People
• Don’t Open that Email Link/Attachment

20. 20
Cyber Crime
• Cyber Crime is a generic term that refers to all criminal activities
done using the medium of communication devices, computers,
mobile phones, tablets etc. It can be categorized in three ways:
• The computer as a target – attacking the computers of others.
• The computer as a weapon- Using a computer to commit
• “traditional crime” that we see in the physical world.
• The computer as an accessory- Using a computer as a “fancy filing
cabinet” to store illegal or stolen information.

21. 21
Ransomware Controls

22. 22
Hacking
• Financial (theft, fraud, blackmail)
• Political/State (state level/military)
• Fame/Kudos (fun/status)
• Hacktivism (cause)
• Pen Testers (legal hacking)
• Police
• Insider

23. 23
Vulnerability Scanner
• The functions of a Vulnerability Scanner are far
different from a firewall or intrusion detection
system.
• Vulnerability scanning tools help you in
protecting your organization from any kind of
security risks or threats by scanning with deep
inspection of endpoints to ensure that they are
configured securely and correctly.
• The prime aim of running a vulnerability
scanner is to identify the devices that are open
for vulnerabilities.

24. 24
Personal Cybersecurity Tips /
Best Practices
Use Strong
Passwords
Use a VPN
When
Necessary
Think Before
You Click
Update Your
Home Router
Update Your
Devices
Use Two-
Factor
Authentication

25. 25
Url & Safe Web Browsing
• Don’t download free media.
• Don’t store your payment information online.
• Don’t over-share personal information on social media accounts.
• Change passwords regularly.
• Keep your browser software up-to-date.
• Run Anti-Virus software.
• Scan downloaded files before executing.
• Watch out for phishing.
• Don’t Reuse Passwords.
• Use HTTPS for banking transactions.
• Read Privacy Policies.
• Avoid Public or Free Wi-Fi.
• Disable Stored Passwords.

26. 26
HIPAA
Health Insurance Portability & Accountability Act

27. 27
What is HIPAA?
HIPAA Provides a framework for the
establishment of nationwide protection of
patient confidentiality, security of
electronic systems, and standards and
requirements for electronic transmission
of health information.
1 • Privacy Rule
2 • Security Rule
3
• Electronic Data
Exchange

28. 28
Privacy Rule
• Privacy Rule went into effect April 14, 2003.
• Privacy refers to the protection of an individual’s
health care data.
• Defines how patient information is used and disclosed.
• Gives patients privacy rights and more control over
their own health information.
• Outlines ways to safeguard Protected Health
Information (PHI).

29. 29
Security Rule
• Security (IT) regulations went into effect April 21, 2005.
• Security means controlling:
• Confidentiality of electronic protected health information (ePHI).
• Storage of electronic protected health information (ePHI)
• Access into electronic information

30. 30
Electronic Data Exchange (EDI)
• Defines transfer format of electronic information
between providers and payers to carry out financial or
administrative activities related to health care.
• Information includes coding, billing and insurance
verification.
• Goal of using the same formats is to ultimately make
the billing process more efficient.

31. 31
Why Comply With HIPAA?
• To show our commitment to protecting privacy
• As an employee, you are obligated to comply with Expeed Software
privacy and security policies and procedures
• Our patients/members are placing their trust in us to preserve the
privacy of their most sensitive and personal information
• Compliance is not an option, it is required.
• If you choose not to follow the rules:
• You could be put at risk, including personal penalties and sanctions
• You could put Expeed Software at risk, including financial and
reputational harm

32. 32
HIPAA Regulations
HIPAA Regulations require we protect our patients’ PHI
in all media including, but not limited to, PHI created,
stored, or transmitted in/on the following media:
• Verbal Discussions (i.e., in person or on the phone)
• Written on paper (i.e., chart, progress notes,
encounter forms, prescriptions, x-ray orders, referral
forms and explanation of benefit (EOBs) forms
• Computer Applications and Systems (i.e., electronic
health record (EHR), Practice Management, Lab and X-
Ray
• Computer Hardware/Equipment (i.e., PCs, laptops,
PDAs, pagers, fax machines, servers and cell phones

33. 33
Indian Cyber Security Law
The Information Technology (IT) Act, of 2000, is the primary legislation
dealing with cybersecurity, data protection and cybercrime. Identifying
activities such as hacking, denial-of-service attacks, phishing, malware
attacks, identity fraud and electronic theft as punishable offences
It contains 23 chapters define all related to Cyber security.
In 2021 new rules were added related to online gaming and guideline for
Digital Media Ethics

34. Let’s
Innovate
Together
www.expeed.com