SlideShare uma empresa Scribd logo

The Human Side of Security

Randy Earl
Randy Earl

Thirst for knowledge presentation for AtlanticBT, Sep 2017, discussing the more challenging aspects of IT security - the human factor.

Tecnologia
1 de 30
Baixar para ler offline
The Human Side of Security How to Secure Your Workforce without Ruining Their Lives
Cyberattacks Are Everywhere
Malware - Quick Stats - Q2 2017 + 62 million malware detections + 677,000 average daily volume + 16,582 malware variants + 2,534 different malware families + 18% of firms saw mobile malware
Your Biggest Security Weak Spot?
Human Beings. Your Biggest Security Weak Spot?
You Are the First Line of Defense In survey after survey, users feel that security is someone else’s job, not theirs.
Someone invites you to download important files. Malware hides among these files. This tactic slips innocuous files into your system… ...In order to deliver malicious payloads later. How Malware Gets Inside
Why People Are the Weak Link + For many employees, clicking on attachments and searching the Internet is part of their job. + Phishing attacks have become very convincing. + How do you maintain the appropriate level of skepticism and get your work done on time?
So What Can You Do?
Don’t Trust Unknown Files Best Practices: ● Do not download files. ● Do not click on email attachments. ● Don’t follow unsolicited web links in emails. ● Don’t collaborate on Google docs from people you don’t know. If you don’t have a tool for secure file sharing, get one!
Patch Your S#!T This doesn’t apply only to server admins. ● Automate patching where possible. ○ Restart your PC/laptop! ● If not automated, run your updates. ○ Especially anti-malware apps ● Include your mobile devices, OS, and apps. DON’T depend on after-the-fact breach identification!
Patch Your S#!T "...Attackers show no sign of discrimination against elderly vulnerabilities. A full 90% of organizations recorded exploits for vulnerabilities that were at least three years old."
Install, Use, and Regularly Update a Strong Anti-Malware Suite
How Not to Pay Ransomware You don’t have to pay if you have your data backed up! ● Syncing solutions are not backups. ● Backups must be: ○ Regular– if they don’t happen they aren’t any good ○ Frequent– you lose data since the last backup ○ Offline– they are only safe if they can’t be reached electronically
Backups Made Easy There are lots of good backup tools and SaaS options. + I use Cobian on Windows.
Ransomware: How Not to Pay It It is always better to prevent than to recover. ● Update AntiVirus on all devices ● Keep OS and Browser updated ● Use pop-up blocker ● Don’t open attachments from unsolicited emails ● Use attachment encryption to avoid tampering ● Strong password practice
Passwords for Smart People Use high-entropy passwords ○ Combination of words, numbers, symbols, and both upper- and lower-case letters ○ Or very long - 12 to 15 chars min - is even better That are hard to guess/generate ○ No info related to you ○ No dictionary words Unique to each site/application ○ Great password useless if their DB is hacked
Great Tips, Right? But... I have 718 unique logins!
Use a Password Manager ● Remember only 1 password ● Generate random, strong passwords ● Easily change passwords ● Many have easy auto-fill features ● Use across multiple devices ● Multi-factor authentication options ● Security review of your passwords Passwords for Smart People
Two-Factor Authentication Key principle: ● Something you Know ● Something you Have/Are Things you Have/Are: ● Phone - Google Authenticator, LastPass Authenticator, etc. ● Hardware token - e.g. Yubikey ● Fingerprint scanner
1 in 5 Firms See Mobile Malware
Mobile Security Use the same precautions on mobile devices as you would on a computer: ● Good Password Practice (PW Manager mobile apps) ● Lock device, require authentication! ● 2FA (Google Authenticator, LastPass Authenticator,etc.) ● Use a VPN (yes, for a phone) ● Use a lock-down tool like Prey
Lock Your Mobile Device! 8% of U.S. users and 14% of U.K. users lack a lock screen password on their mobile devices.
Mobile Password Protection Lock your mobile device! “8 percent of U.S. users and 14 percent of U.K. users lack a lock screen password on their mobile devices”
Mobile Password Protection Using a Password Manager on Mobile ● Tedious - but getting easier ● LastPass announces Auto-Fill for Android Oreo same day as Oreo is announced
Mobile Security Mobile devices are more likely to be lost, need to be able to: ● Locate them if possible, if not ● Shut them down and ● Secure the data Example on right: Preyproject.com
Excessive Security Can Slow You Down
Giveaway Winners!
The Human Side of Security

Recomendados

OPSEC for OMBUDSMEN
OPSEC for OMBUDSMENOPSEC for OMBUDSMEN
OPSEC for OMBUDSMENNaval OPSEC
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Antivirus support
Antivirus support Antivirus support
Antivirus support Peter james
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your usersSimpliv LLC
 
spyware
spywarespyware
spywareNamanKikani
 
Rules and Regulations for a Fresh Start of 2018
Rules and Regulations for a Fresh Start of 2018Rules and Regulations for a Fresh Start of 2018
Rules and Regulations for a Fresh Start of 2018techexpert2345
 
Fantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themFantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themVlad Styran
 

Recomendados

OPSEC for OMBUDSMEN
OPSEC for OMBUDSMENOPSEC for OMBUDSMEN
OPSEC for OMBUDSMENNaval OPSEC
 
Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Traveling safely with smartphones 16 jun14
Traveling safely with smartphones 16 jun14Naval OPSEC
 
Five mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseFive mobile security challenges facing the enterprise
Five mobile security challenges facing the enterpriseNowSecure
 
Antivirus support
Antivirus support Antivirus support
Antivirus support Peter james
 
10 most important cyber security tips for your users
10 most important cyber security tips for your users10 most important cyber security tips for your users
10 most important cyber security tips for your usersSimpliv LLC
 
spyware
spywarespyware
spywareNamanKikani
 
Rules and Regulations for a Fresh Start of 2018
Rules and Regulations for a Fresh Start of 2018Rules and Regulations for a Fresh Start of 2018
Rules and Regulations for a Fresh Start of 2018techexpert2345
 
Fantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themFantastic Beasts and where to hide from them
Fantastic Beasts and where to hide from themVlad Styran
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
WISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurityWISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurityWISE KIDS
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersdenniskelly315
 
Checklist for Preventing Ransomware
Checklist for Preventing RansomwareChecklist for Preventing Ransomware
Checklist for Preventing RansomwareOptimum Healthcare IT
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Guard your Android
Guard your AndroidGuard your Android
Guard your AndroidHarsh Dattani
 
Cyber security
Cyber securityCyber security
Cyber securityArjun Chetry
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyArjun Chetry
 
Cyber Security White Paper
Cyber Security White PaperCyber Security White Paper
Cyber Security White PaperCyber Security For Parents
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Computer Security
Computer SecurityComputer Security
Computer Securitysecrettub
 
Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield
 
Awesome Tips for Data Security
Awesome Tips for Data SecurityAwesome Tips for Data Security
Awesome Tips for Data SecurityMillennium Systems International
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Virus
VirusVirus
Virusopen_kraken98
 
Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
DEFINING A SPYWARE
DEFINING A SPYWAREDEFINING A SPYWARE
DEFINING A SPYWAREunnecessary34
 
Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfTechSoup
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnumARUN REDDY M
 

Mais conteúdo relacionado

Mais procurados

Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
WISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurityWISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurityWISE KIDS
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersdenniskelly315
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefieldcentralohioissa
 
Computer Security
Computer SecurityComputer Security
Computer Securitysecrettub
 
Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield
 
Internet security
Internet securityInternet security
Internet securityrfukunaga
 
Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 

Mais procurados (20)

Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
WISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurityWISE KIDS Leaflet: eSecurity
WISE KIDS Leaflet: eSecurity
 
ID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelersID cuffs: Hackers targeting international travelers
ID cuffs: Hackers targeting international travelers
 
Checklist for Preventing Ransomware
Checklist for Preventing RansomwareChecklist for Preventing Ransomware
Checklist for Preventing Ransomware
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Guard your Android
Guard your AndroidGuard your Android
Guard your Android
 
Cyber security
Cyber securityCyber security
Cyber security
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after all
 
Cyber safety
Cyber safetyCyber safety
Cyber safety
 
Cyber Security White Paper
Cyber Security White PaperCyber Security White Paper
Cyber Security White Paper
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the BattlefieldPhil Grimes - Penetrating the Perimeter: Tales from the Battlefield
Phil Grimes - Penetrating the Perimeter: Tales from the Battlefield
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Stackfield Cloud Security 101
Stackfield Cloud Security 101Stackfield Cloud Security 101
Stackfield Cloud Security 101
 
Awesome Tips for Data Security
Awesome Tips for Data SecurityAwesome Tips for Data Security
Awesome Tips for Data Security
 
Internet security
Internet securityInternet security
Internet security
 
Virus
VirusVirus
Virus
 
Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentation
 
DEFINING A SPYWARE
DEFINING A SPYWAREDEFINING A SPYWARE
DEFINING A SPYWARE
 

Semelhante a The Human Side of Security

Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfTechSoup
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnumARUN REDDY M
 
Cybersecurity Awareness Month Tips
Cybersecurity Awareness Month TipsCybersecurity Awareness Month Tips
Cybersecurity Awareness Month TipsKevin Fream
 
10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program 10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program Dtex Systems
 
W01 Levent Gurses X
W01 Levent Gurses XW01 Levent Gurses X
W01 Levent Gurses XMovel
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsJosiah Renaudin
 
How to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentationHow to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentationGriffin LaFleur
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudNordic Backup
 
How Do Computer Viruses Work
How Do Computer Viruses WorkHow Do Computer Viruses Work
How Do Computer Viruses WorkNoida
 
Securing your digital life - Jason Addie
Securing your digital life - Jason AddieSecuring your digital life - Jason Addie
Securing your digital life - Jason AddieDataFest Tbilisi
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guideNguyen Xuan Quang
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!EMBplc.com
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecureMedia Sonar
 
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security PitfallsDaniel Rivas
 
Basic Digital Security
Basic Digital SecurityBasic Digital Security
Basic Digital SecurityUjjwal Acharya
 

Semelhante a The Human Side of Security (20)

Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdf
 
Cyber pledge infoMagnum
Cyber pledge infoMagnumCyber pledge infoMagnum
Cyber pledge infoMagnum
 
Cybersecurity Awareness Month Tips
Cybersecurity Awareness Month TipsCybersecurity Awareness Month Tips
Cybersecurity Awareness Month Tips
 
spyware
spyware spyware
spyware
 
Secure End User
Secure End UserSecure End User
Secure End User
 
10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program 10 Tips to Strengthen Your Insider Threat Program
10 Tips to Strengthen Your Insider Threat Program
 
W01 Levent Gurses X
W01 Levent Gurses XW01 Levent Gurses X
W01 Levent Gurses X
 
Usability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile AppsUsability vs. Security: Find the Right Balance in Mobile Apps
Usability vs. Security: Find the Right Balance in Mobile Apps
 
How to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentationHow to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentation
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
 
Security overview 2
Security overview 2Security overview 2
Security overview 2
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the Cloud
 
How Do Computer Viruses Work
How Do Computer Viruses WorkHow Do Computer Viruses Work
How Do Computer Viruses Work
 
Securing your digital life - Jason Addie
Securing your digital life - Jason AddieSecuring your digital life - Jason Addie
Securing your digital life - Jason Addie
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
 
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
101 Internet Security Tips Slideshow - Know How To Protect Your Computer Online!
 
5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure5 Ways to Stay #CyberSecure
5 Ways to Stay #CyberSecure
 
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
7 Highly Risky Habits of Small to Medium-Sized Nonprofits: IT Security Pitfalls
 
Basic Digital Security
Basic Digital SecurityBasic Digital Security
Basic Digital Security
 

Mais de Randy Earl

10 Grave Precepts talk spring 2021
10 Grave Precepts talk spring 202110 Grave Precepts talk spring 2021
10 Grave Precepts talk spring 2021Randy Earl
 
Fail Early or Fail Large - WPCampus - July 2019
Fail Early or Fail Large - WPCampus - July 2019Fail Early or Fail Large - WPCampus - July 2019
Fail Early or Fail Large - WPCampus - July 2019Randy Earl
 
Embrace negative results fail early or fail large - sep 2018
Embrace negative results fail early or fail large - sep 2018Embrace negative results fail early or fail large - sep 2018
Embrace negative results fail early or fail large - sep 2018Randy Earl
 
"Open" includes users - Leverage their input
"Open" includes users - Leverage their input"Open" includes users - Leverage their input
"Open" includes users - Leverage their inputRandy Earl
 
Zen & Creativity
Zen & CreativityZen & Creativity
Zen & CreativityRandy Earl
 
Writing for the web v1-4
Writing for the web v1-4Writing for the web v1-4
Writing for the web v1-4Randy Earl
 
Meditation - The subtle art of being
Meditation - The subtle art of beingMeditation - The subtle art of being
Meditation - The subtle art of beingRandy Earl
 

Mais de Randy Earl (7)

10 Grave Precepts talk spring 2021
10 Grave Precepts talk spring 202110 Grave Precepts talk spring 2021
10 Grave Precepts talk spring 2021
 
Fail Early or Fail Large - WPCampus - July 2019
Fail Early or Fail Large - WPCampus - July 2019Fail Early or Fail Large - WPCampus - July 2019
Fail Early or Fail Large - WPCampus - July 2019
 
Embrace negative results fail early or fail large - sep 2018
Embrace negative results fail early or fail large - sep 2018Embrace negative results fail early or fail large - sep 2018
Embrace negative results fail early or fail large - sep 2018
 
"Open" includes users - Leverage their input
"Open" includes users - Leverage their input"Open" includes users - Leverage their input
"Open" includes users - Leverage their input
 
Zen & Creativity
Zen & CreativityZen & Creativity
Zen & Creativity
 
Writing for the web v1-4
Writing for the web v1-4Writing for the web v1-4
Writing for the web v1-4
 
Meditation - The subtle art of being
Meditation - The subtle art of beingMeditation - The subtle art of being
Meditation - The subtle art of being
 

Último

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Último (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

The Human Side of Security

  • 1. The Human Side of Security How to Secure Your Workforce without Ruining Their Lives
  • 3. Malware - Quick Stats - Q2 2017 + 62 million malware detections + 677,000 average daily volume + 16,582 malware variants + 2,534 different malware families + 18% of firms saw mobile malware
  • 5. Human Beings. Your Biggest Security Weak Spot?
  • 6. You Are the First Line of Defense In survey after survey, users feel that security is someone else’s job, not theirs.
  • 7.
  • 8. Someone invites you to download important files. Malware hides among these files. This tactic slips innocuous files into your system… ...In order to deliver malicious payloads later. How Malware Gets Inside
  • 9. Why People Are the Weak Link + For many employees, clicking on attachments and searching the Internet is part of their job. + Phishing attacks have become very convincing. + How do you maintain the appropriate level of skepticism and get your work done on time?
  • 10. So What Can You Do?
  • 11. Don’t Trust Unknown Files Best Practices: ● Do not download files. ● Do not click on email attachments. ● Don’t follow unsolicited web links in emails. ● Don’t collaborate on Google docs from people you don’t know. If you don’t have a tool for secure file sharing, get one!
  • 12. Patch Your S#!T This doesn’t apply only to server admins. ● Automate patching where possible. ○ Restart your PC/laptop! ● If not automated, run your updates. ○ Especially anti-malware apps ● Include your mobile devices, OS, and apps. DON’T depend on after-the-fact breach identification!
  • 13. Patch Your S#!T "...Attackers show no sign of discrimination against elderly vulnerabilities. A full 90% of organizations recorded exploits for vulnerabilities that were at least three years old."
  • 14. Install, Use, and Regularly Update a Strong Anti-Malware Suite
  • 15. How Not to Pay Ransomware You don’t have to pay if you have your data backed up! ● Syncing solutions are not backups. ● Backups must be: ○ Regular– if they don’t happen they aren’t any good ○ Frequent– you lose data since the last backup ○ Offline– they are only safe if they can’t be reached electronically
  • 16. Backups Made Easy There are lots of good backup tools and SaaS options. + I use Cobian on Windows.
  • 17. Ransomware: How Not to Pay It It is always better to prevent than to recover. ● Update AntiVirus on all devices ● Keep OS and Browser updated ● Use pop-up blocker ● Don’t open attachments from unsolicited emails ● Use attachment encryption to avoid tampering ● Strong password practice
  • 18. Passwords for Smart People Use high-entropy passwords ○ Combination of words, numbers, symbols, and both upper- and lower-case letters ○ Or very long - 12 to 15 chars min - is even better That are hard to guess/generate ○ No info related to you ○ No dictionary words Unique to each site/application ○ Great password useless if their DB is hacked
  • 19. Great Tips, Right? But... I have 718 unique logins!
  • 20. Use a Password Manager ● Remember only 1 password ● Generate random, strong passwords ● Easily change passwords ● Many have easy auto-fill features ● Use across multiple devices ● Multi-factor authentication options ● Security review of your passwords Passwords for Smart People
  • 21. Two-Factor Authentication Key principle: ● Something you Know ● Something you Have/Are Things you Have/Are: ● Phone - Google Authenticator, LastPass Authenticator, etc. ● Hardware token - e.g. Yubikey ● Fingerprint scanner
  • 22. 1 in 5 Firms See Mobile Malware
  • 23. Mobile Security Use the same precautions on mobile devices as you would on a computer: ● Good Password Practice (PW Manager mobile apps) ● Lock device, require authentication! ● 2FA (Google Authenticator, LastPass Authenticator,etc.) ● Use a VPN (yes, for a phone) ● Use a lock-down tool like Prey
  • 24. Lock Your Mobile Device! 8% of U.S. users and 14% of U.K. users lack a lock screen password on their mobile devices.
  • 25. Mobile Password Protection Lock your mobile device! “8 percent of U.S. users and 14 percent of U.K. users lack a lock screen password on their mobile devices”
  • 26. Mobile Password Protection Using a Password Manager on Mobile ● Tedious - but getting easier ● LastPass announces Auto-Fill for Android Oreo same day as Oreo is announced
  • 27. Mobile Security Mobile devices are more likely to be lost, need to be able to: ● Locate them if possible, if not ● Shut them down and ● Secure the data Example on right: Preyproject.com
  • 28. Excessive Security Can Slow You Down