SlideShare uma empresa Scribd logo

Cyber Essentials for Managers

Transferir como PPTX, PDF
blogzilla
blogzilla

A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme

Tecnologia
1 de 16
CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
MOBILE DEVICE MANAGEMENT
SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Recomendados

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer securityAbhishek Pansuriya
 
Internet
InternetInternet
Internetyoussefchefcher
 
security issues
security issuessecurity issues
security issuesPratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities IssuesOm Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.JorgeGilMartnez2
 

Recomendados

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer securityAbhishek Pansuriya
 
Internet
InternetInternet
Internetyoussefchefcher
 
security issues
security issuessecurity issues
security issuesPratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities IssuesOm Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.JorgeGilMartnez2
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+Venkasys Technologies Pvt. Ltd.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
Malware
MalwareMalware
MalwareAvani Patel
 
Spyware
SpywareSpyware
SpywareAvani Patel
 
Heartbleed
HeartbleedHeartbleed
HeartbleedHemant Mittal
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Computer security
Computer securityComputer security
Computer securityRobin E. Beavers
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST ladies networking group
 
Hackers
HackersHackers
HackersohHELLOmynameisTOMMY
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 

Mais conteúdo relacionado

Mais procurados

Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 

Mais procurados (18)

VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
 
Malware
MalwareMalware
Malware
 
Spyware
SpywareSpyware
Spyware
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
Computer security
Computer securityComputer security
Computer security
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measures
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I K
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud Presentation
 
Hackers
HackersHackers
Hackers
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 

Semelhante a Cyber Essentials for Managers

Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Rahman_Hussain
 
Computers.ppt
Computers.pptComputers.ppt
Computers.pptSdhrYdv1
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data SheetSutedjo Tjahjadi
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptxReshmaBV2
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Network security
Network securityNetwork security
Network securityPreethi B
 

Semelhante a Cyber Essentials for Managers (20)

Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data Sheet
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptx
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security
Network securityNetwork security
Network security
 

Mais de blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloudblogzilla
 

Mais de blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Cyber Essentials for Managers

  • 1. CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
  • 2.
  • 3. NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
  • 4.
  • 5. HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
  • 6. SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
  • 8. SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
  • 9.
  • 10. ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
  • 11. DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
  • 12. VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
  • 13. KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
  • 14. AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
  • 15.
  • 16. CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Notas do Editor

  1. Q – what is the largest breach suffered to date in terms of numbers of people’s data compromised?
  2. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Large breaches can happen by targeting large centralised databases – but also by infecting many PCs and local systems
  3. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware
  4. https://gsuite.google.com/faq/index.html Will ECG allow BYOD? Enable MDM?
  5. https://en.wikipedia.org/wiki/YubiKey#/media/File:YubiKey-4-keychain-and-YubiKey-4-Nano.png
  6. http://www.publicdomainfiles.com/show_file.php?id=13965078618698