SlideShare a Scribd company logo

Phish training final

Download as PPTX, PDF
Jen Ruhman
Jen Ruhman

test

Art & Photos
1 of 95
Agenda Threats Overview Password Safety Web Protection Email Protection Preventive Measures 1 2 3 4 5
THREATS OVERVIEW
Root Cause of Data Breaches 25% Human Error 27% Process Failure 48% Malicious Ponemon Institute 2016 Cost of Data Breach Study: Global Analysis
Lost or stolen device Data Breach Breakdown Human Error Verizon Data Breach Report 2016
Data Breach Breakdown Malicious Breaches Overview Verizon 2016 Data Breach Investigations Report – specifically: incidents involving credentials
Threats Overview Malware Phishing Social Engineering
Threats Overview Malware
Threats Overview Malware Video Please click to watch this video: https://youtu.be/juw6sPEGuEk
Malware includes numerous threat families, all with different names. Viruses Trojans Ransomware Rootkits Bootkits Worms
Growth of Malware
• On average, 390,000 unique threats per day.1 • Unique threats ≠ extremely dissimilar. • Malicious threats are changed in the smallest amount possible to evade detection. • Malicious threats are targeted in order to have the highest penetration (success) rate. Malware 1AV-TEST GmbH, www.av-test.org
• Malware definitely exists on other operating systems (Oses) outside of Windows. • Windows is typically the major target due to high market share. • When new malware is released on other Oses, it typically has a high penetration rate due to people believing their Android, Mac, and Linux devices are safe without having any endpoint security installed. Is malware on Windows only?
• Mobile phone malware is a growing threat due to users doing the majority of their internet browsing on a cell phone. • Ransomware, or screen locking malware, is a popular threat on mobile devices. • In 2016, malware targeting Apple iOS (iPhones, iPads) increased. Apple doesn’t allow vendors to create antivirus for these products, so users must depend on the company to fix any vulnerabilities. Is malware on mobile phones?
• Clicking malicious links in email • Plugging in an unknown flash drive • Downloading malware masquerading as other software How does my computer get infected?
• Clicking malicious links in email • Downloading malware masquerading as other software • Installing 3rd party apps directly from the internet instead of via official stores such as Google Play or Apple’s App Store. How does my mobile device get infected?
Top Tips to Avoid Malware Install Endpoint Security on all devices. Be careful what you plug in. Be careful what you click. Get awareness training for entire family. 1 2 3 4
Threats Overview Phishing
Threats Overview Phishing Video Please click to watch this video: https://youtu.be/-0Ql6xnNj7g
• Is the act of setting the bait (trap)… • Casting it out into a wide ocean… • Hoping that something bites that you can then hook. Phishing? Or fishing?
• Intentionally deceiving someone by posing as a legitimate company. • Typically, utilizes email by pretending to be a company or service requesting you to do something. • Hoping that you click the link and fill out the requested info. Phishing
• 54% of all inbound email is spam • 1 in 20 email messages has malicious content Phishing Stats Spam Types 2016 Trustwave Global Security Report
Phishing Stats Verizon 2016 Data Breach Investigations Report 30% of people Open phishing messages (23% last year) 12% of people Open attachments (11% last year)
Phishing Examples (Please enable full screen mode) Not paypal.com
Phishing Examples (Please enable full screen mode)
Top Tips to Avoid Phishing Check who the email sender is. Check the email for grammar and spelling mistakes. Mouse over the link to see where it goes. Do not click the link – manually type it in. 1 2 3 4
Threats Overview Social Engineering
• Manipulation of people into divulging confidential or sensitive information • Most commonly done over email, but also regularly carried out over the phone Social Engineering
• Can be a slow gain of information • Can attempt to gain all information needed at once Social Engineering
• Phone call targets employees at a business. • Caller asks who the boss/CEO is. • Requests his/her email address. • Now the attacker has the username and the name of the person targeted for compromise. Social Engineering Examples
• A person walks into office pretending to be a contractor. • Due to his/her uniform, people assume it’s OK. • Person walks into room with sensitive info and steals it. Social Engineering Examples
Top Tips to Avoid Social Engineering Be careful with the information you disclose. Verify credentials of contractors. If you have any doubts on the identity of callers, hang up and call their official company number back. 1 2 3
PASSWORD SAFETY
Password Overview Video Please click to watch this video: https://youtu.be/nARrIdmE8BY
• What city did you grow up in? • What is your dog’s name? • What high school did you attend? • What is your favorite book? • What is your dream job? • What is your mother’s maiden name? Can these answers be found on your Facebook account?
Does this look familiar?
How about this?
• Typically, users are honest when filling out security questions. • Malicious parties can utilize social media to find out the answers to these questions, which allows them to reset your password. • Best practice is to not be honest when filling out these questions. Treat security questions as another password field. Security Questions
• Typically, users practice risky behavior with respect to passwords. • Passwords nowadays can be a gateway into identity theft. Users and Poor Password Hygiene
Document or sticky note with passwords written on it Poor Password Hygiene
Freely sharing password with friends, family members, colleagues Poor Password Hygiene
Poor Password Hygiene 8 characters 8 characters + 1 number 8 characters + 1 number + 1 symbol 8 characters + 1 number + 1 symbol + 1 capital elephant elephant1 elephant1! Elephant1! = = = =
dolphin1! dolphin2@ dolphin3# dolphin4$ Poor Password Hygiene Change password every 90 days !
• Passwords sometimes are extracted • Very simple to try all alternative options of password-base Data breaches lead to password problems because… Example • Password that was stolen was dolphin • Password required by website is 8 characters 1 symbol • 32 symbols on the computer(would take a human 5 minutes) • Computers can carry out these tasks in fractions of a second
• If you have trouble remembering passwords or creating unique passwords, utilize a password manager. • There are several very secure password managers on the market that work across all Oses. • They will remember and auto-complete your passwords for you once your “master” password is entered. Password Managers
https://haveibeenpwned.com/ • Currently checks 210 websites • 2.6 billion compromised accounts contained • Treat it like a credit-check Password Hygiene Checkup
• As opposed to the standard password authentication, 2FA OTP (one-time password) uses two elements. These are “something that user knows,” such as a password or a PIN code, and “something that user has,” typically a mobile phone or hardware token. • Used in combination, they provide greatly enhanced security for data access. Two-factor Authentication (2FA) Explained
• Data breach through weak or stolen passwords • User-created passwords that are not random characters • Re-use of passwords intended for access to company assets for private accounts • Passwords containing user-specific data – e.g. name, date of birth • Simple patterns to derive new passwords, such as “elephant1,” “elephant2,” etc. 2FA solves the problem of:
Top Tips for Password Safety Utilize unique passwords across all websites/applications Enable and utilize 2FA on all websites that allow it Choose unique, non-true security questions 1 2 3
INTERNET PROTECTION
Internet Protection Overview Search Engine Safety Web Content Filter HTTPS Public Wi-Fi Internet of Things
Internet Protection Overview Search Engine Safety
• Nowadays, users utilize search engines to ask every question they can think of. • Users click on search results without first checking if it is a legitimate site. • This happens commonly on social media websites as well. Search Engine Safety
• Even if the website is reputable, the advertisement being displayed could be malicious and infect your computer or mobile device. • Free things (music, movies, game cheats, etc.) are very commonly filled with malware, and are rarely what they say they are. Search Engine Safety
Top Tips for Search Engines Stick to clicking on sites on the first page of results. Be careful when clicking on non-name recognizable sites. Malware commonly masquerades as free things. 1 2 3
Internet Protection Overview Web Content Filter
• Filters web traffic based off pre-configured policies set by the administrator. • There are both home versions and corporate versions. • Home versions focus on child safety, while corporate versions focus on employee productivity. Web Content Filter
• Not only can it restrict the content that is displayed to a certain audience, it can also be utilized to filter malicious content and protect the user. Web Content Filter
Top Tips for Web Content Filter Increase employee productivity by implementing a web filter. Curb risky user behavior and reduce malware exposure by implementing a web filter. Protect children’s mobile devices and computers from displaying inappropriate content with a web filter. 1 2 3
Internet Protection Overview HTTPS
Internet Protection Overview HTTPS Video Please click to watch this video: https://youtu.be/gpLZg6gSs6g
• Is a protocol for secure communication over a computer network which is widely used on the internet • HTTPS is typically notated by displaying a green lock in the web address bar: HTTPS
• No sensitive information should be typed into a page that is not secured by HTTPS. • Even though a page is secured with HTTPS, it does not automatically mean the page is safe. • Most browsers have begun to let users know more easily when they are on a non-secure page. HTTPS
Top Tips for Secure Websites (HTTPS) Before entering sensitive information, check to see if the site is secured by HTTPS. Check to make sure this is a reputable website before entering credit card information; don’t just depend on the HTTPS indicator. 1 2
Internet Protection Overview Public Wi-Fi
Internet Protection Overview Public Wi-Fi Video Please click to watch this video: https://youtu.be/05mL4dF1iMM
• Is a non-secure network that users can connect to for free • Typically found in hotels, coffee shops, libraries and many other places Public Wi-Fi
• Do not assume that a network named “Library” is actually the wireless network for the Public Library. • Verify with the business owner the name of their network. Public Wi-Fi
• Is very insecure, so you should treat every public Wi-Fi connection as compromised (unsafe). • This means you should not utilize any sensitive websites when connected (banking, social networking, etc.) • If you need to access one of these sites, utilize your cell phone and do not connect it to Wi-Fi, just use the cell service. Public Wi-Fi
Top Tips for Public Wi-Fi Verify the Wi-Fi name with the business owner prior to connecting. Treat public Wi-Fi connections as compromised (unsafe). Utilize an anti-malware product to help prevent against cyberattacks while connected. 1 2 3
Internet Protection Overview Internet of Things
• This type of internet connection is convenient, but opens up a security hole that needs to be secured. • Examples of IoT devices include internet-connected thermostats and closed circuit cameras. • If you can connect to it from anywhere, that means anyone can—by simply guessing your password. • Disable any web features that you do not utilize. • Make sure all IoT devices are kept up to date. Internet of Things (IoT)
• Routers are the first line of defense to protect IoT devices from exploitation. • Routers should be immediately configured to change the default username and password to something unique. • If someone gains access to your router they can see all other devices on your network. • Make sure your router is regularly updated to avoid exploitation. Internet of Things (IoT)
Top Tips for Internet of Things (IoT) Change default usernames and passwords on all devices including routers. If you do not utilize the web features, disable them. Make sure all IoT devices, including routers, are kept up to date with the newest firmware (software). 1 2 3
EMAIL PROTECTION
Email Protection Overview 2FA Password Reset Spam Protection Attachment Policy
Email Protection Overview 2FA
• Email is most important account needing protection, because if someone gains access to your email, they can utilize the password reset function to gain access to other services. • As we mentioned earlier, 2FA is a great way to protect your email from being compromised. 2FA (Two-Factor Authentication) and Email
• Most major email providers allow you to set up 2FA with your email account. • Once set up, the attacker would need your password and your cell phone in order to break into your email account. 2FA and Email
Top Tips for 2FA and Email Password protect or utilize fingerprint reader to protect your 2FA app in case of a lost device. Do not utilize SMS if you can help it as a 2FA method; always use an application or push. Enable 2FA not just on email but all critical websites and applications that allow it. 1 2 3
Email Protection Overview Password Reset
• When passwords are forgotten, the ability to reset your password is very convenient, but if not utilized properly this can allow someone to easily take over your account. • Some websites do not require any security questions to be answered or any additional information besides account email address to initiate a password reset. Password Reset
• Usually when someone requests a password reset, an email is sent to the email address on file with this information. • Monitor these emails and contact the vendor directly if you see these and did not initiate them yourself. (But remember the spam/phishing rules from earlier.) Password Reset
Top Tips for Password Reset Utilize strong unique passwords. Utilize strong, not correct, security questions. Monitor attempted password resets on your accounts for fraudulent activity. 1 2 3
Email Protection Overview Spam Protection
• Everyone gets spam; even with the best protection, some still slips through the cracks. • Some email providers have better spam protection than others. • A third party anti-spam product can supplement protection provided by the email provider. Spam Protection
• Never open spam emails, even if you think it is funny to see the content inside. • Never respond to spam emails. • Be careful using your email address to sign up for contests or enter websites. • When posting your email to a public website, always add special breaks in your email address. Example: ben(at)eset dotcom Spam Protection
Top Tips for Spam Protection Utilize a different provider or 3rd party product if necessary. Never click, open or respond to spam messages. When posting email to classified sites, use the following format to keep spam bots from retrieving and using your address: john.smith (at) email.com. 1 2 3
Email Protection Overview Attachment Policy
• Attachments are one of the most common ways to get viruses or malware. • Even though an attachment might look like a document or Excel file, it might contain a virus or malware. Attachment Policy
• Rules should be in place at your company to prevent receiving certain types of attachment files. • Employees should receive training that describes why attachments can be harmful. • Never open attachments from unknown senders. • If you see something that is questionable, send to your IT department for verification. Attachment Policy
Top Tips for Attachment Policies Employees need training and a clear attachment policy. Never open or save attachments from an unknown sender. Even though something looks like a file that you do not think is malicious… doesn’t mean it isn’t malicious. 1 2 3
PREVENTIVE MEASURES
Top Tips for Preventive Measures Utilize an AV product on all devices, not just Windows computers. Define a clear attachment policy coupled with a spam filter. Implement a Web content filter to help with malicious content, inappropriate content, and productivity issues. Utilize unique passwords and maintain a clear password policy. If needed, use a password manager. Keep all internet-connected devices up to date, including routers, IoT devices, computers, mobile devices. 1 2 3 4 5
Phish training final

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
William Mann
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
peterhitch
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
Blake Carver
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & Anywhere
Blake Carver
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDS
Camille Hazellie
 

Recommended

Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
William Mann
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
peterhitch
 
An Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and LibrariesAn Introduction To IT Security And Privacy for Librarians and Libraries
An Introduction To IT Security And Privacy for Librarians and Libraries
Blake Carver
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
Blake Carver
 
An Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & AnywhereAn Introduction To IT Security And Privacy In Libraries & Anywhere
An Introduction To IT Security And Privacy In Libraries & Anywhere
Blake Carver
 
INTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDSINTERNET SAFETY FOR KIDS
INTERNET SAFETY FOR KIDS
Camille Hazellie
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
salleh1n
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
Wilmington University
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the web
Joel May
 
Internet security
Internet securityInternet security
Internet security
Mohammed Adam
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
Moumita Chatterjee
 
Online reputation
Online reputationOnline reputation
Online reputation
esl2m
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
Kazi Sarwar Hossain
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
Sophos
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
Nicholas Davis
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
Rapid7
 
Internet safety
Internet safetyInternet safety
Internet safety
jonathancallcott-efc
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
Angelito Quiambao
 
Empowerment Technology Lesson 2
Empowerment Technology Lesson 2Empowerment Technology Lesson 2
Empowerment Technology Lesson 2
alicelagajino
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Jacqueline Fick
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
Chris Nickerson
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Mark Jhon Oxillo
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
MuhammadShahidulIsla8
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 

More Related Content

What's hot

Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the web
Joel May
 
Online reputation
Online reputationOnline reputation
Online reputation
esl2m
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
Chris Nickerson
 

What's hot (20)

Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
 
Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
The most dangerous places on the web
The most dangerous places on the webThe most dangerous places on the web
The most dangerous places on the web
 
Internet security
Internet securityInternet security
Internet security
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri Cyber Security For Kids by Shounak Ray Chaudhuri
Cyber Security For Kids by Shounak Ray Chaudhuri
 
Online reputation
Online reputationOnline reputation
Online reputation
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
 
It security in healthcare
It security in healthcareIt security in healthcare
It security in healthcare
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Online safety, security, ethics & etiquette
Online safety, security, ethics & etiquetteOnline safety, security, ethics & etiquette
Online safety, security, ethics & etiquette
 
Empowerment Technology Lesson 2
Empowerment Technology Lesson 2Empowerment Technology Lesson 2
Empowerment Technology Lesson 2
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
 

Similar to Phish training final

Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
Sadaf Walliyani
 
CYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptxCYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptx
QuiMo3
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
apyn
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 

Similar to Phish training final (20)

12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
 
Staying safe on the internet
Staying safe on the internetStaying safe on the internet
Staying safe on the internet
 
Executive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdfExecutive Directors Chat:It's easy to stay safe online.pdf
Executive Directors Chat:It's easy to stay safe online.pdf
 
Cybersecurity awareness session.pptx
Cybersecurity awareness session.pptxCybersecurity awareness session.pptx
Cybersecurity awareness session.pptx
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
CYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptxCYBER_SECURITY_BASICS_FINAL.pptx
CYBER_SECURITY_BASICS_FINAL.pptx
 
Internet security
Internet securityInternet security
Internet security
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Cybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptxCybersecurity Awareness Training for Employees.pptx
Cybersecurity Awareness Training for Employees.pptx
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer security
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
 

Recently uploaded

如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
avy6anjnd
 
Van Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson todayVan Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson today
lucygibson17
 
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
ss
 
architect Hassan Khalil portfolio Year 2024
architect Hassan Khalil portfolio Year 2024architect Hassan Khalil portfolio Year 2024
architect Hassan Khalil portfolio Year 2024
hassan khalil
 
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
Sheetaleventcompany
 
codes and conventions of film magazine and website.pptx
codes and conventions of film magazine and website.pptxcodes and conventions of film magazine and website.pptx
codes and conventions of film magazine and website.pptx
17duffyc
 
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
20goy65g
 
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
8jg9cqy
 
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptxLESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
matthewmirafuentes
 
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu DhabiMussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
romeke1848
 
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
Nitya salvi
 
Museum of fine arts Lauren Simpson…………..
Museum of fine arts Lauren Simpson…………..Museum of fine arts Lauren Simpson…………..
Museum of fine arts Lauren Simpson…………..
mvxpw22gfc
 

Recently uploaded (20)

如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
如何办理澳洲迪肯大学毕业证(Deakin毕业证书)毕业证成绩单原版一比一
 
Van Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson todayVan Gogh Powerpoint for art lesson today
Van Gogh Powerpoint for art lesson today
 
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
一比一原版(UEA毕业证书)东英吉利亚大学毕业证如何办理
 
architect Hassan Khalil portfolio Year 2024
architect Hassan Khalil portfolio Year 2024architect Hassan Khalil portfolio Year 2024
architect Hassan Khalil portfolio Year 2024
 
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
Call Girl In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandigar...
 
Storyboard short: Ferrarius Tries to Sing
Storyboard short: Ferrarius Tries to SingStoryboard short: Ferrarius Tries to Sing
Storyboard short: Ferrarius Tries to Sing
 
SB_ Pretzel and the puppies_ Rough_ RiverPhan (2024)
SB_ Pretzel and the puppies_ Rough_ RiverPhan (2024)SB_ Pretzel and the puppies_ Rough_ RiverPhan (2024)
SB_ Pretzel and the puppies_ Rough_ RiverPhan (2024)
 
codes and conventions of film magazine and website.pptx
codes and conventions of film magazine and website.pptxcodes and conventions of film magazine and website.pptx
codes and conventions of film magazine and website.pptx
 
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
一比一原版Offer(文凭)意大利那不勒斯美术学院毕业证成绩单学历认证
 
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
如何办理(Flinders毕业证)弗林德斯大学毕业证毕业证成绩单原版一比一
 
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptxLESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
LESSON-1-MUSIC-Q4 also a reviewer mapeh.pptx
 
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
SB_ Dragons Riders of Berk_ Rough_ RiverPhan (2024)
 
Jaunpur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Jaunpur
Jaunpur Escorts Service Girl ^ 9332606886, WhatsApp Anytime JaunpurJaunpur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Jaunpur
Jaunpur Escorts Service Girl ^ 9332606886, WhatsApp Anytime Jaunpur
 
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu DhabiMussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
Mussafah Call Girls +971525373611 Call Girls in Mussafah Abu Dhabi
 
Ignite Your Brand: Tailored Creative Solutions Proposal
Ignite Your Brand: Tailored Creative Solutions ProposalIgnite Your Brand: Tailored Creative Solutions Proposal
Ignite Your Brand: Tailored Creative Solutions Proposal
 
Theoretical Framework- Explanation with Flow Chart.docx
Theoretical Framework- Explanation with Flow Chart.docxTheoretical Framework- Explanation with Flow Chart.docx
Theoretical Framework- Explanation with Flow Chart.docx
 
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
Call Girls Sultanpur Just Call 📞 8617370543 Top Class Call Girl Service Avail...
 
HUMA Final Presentation About Chicano Culture
HUMA Final Presentation About Chicano CultureHUMA Final Presentation About Chicano Culture
HUMA Final Presentation About Chicano Culture
 
Museum of fine arts Lauren Simpson…………..
Museum of fine arts Lauren Simpson…………..Museum of fine arts Lauren Simpson…………..
Museum of fine arts Lauren Simpson…………..
 
Digital C-Type Printing: Revolutionizing The Future Of Photographic Prints
Digital C-Type Printing: Revolutionizing The Future Of Photographic PrintsDigital C-Type Printing: Revolutionizing The Future Of Photographic Prints
Digital C-Type Printing: Revolutionizing The Future Of Photographic Prints
 

Phish training final

  • 1.
  • 2. Agenda Threats Overview Password Safety Web Protection Email Protection Preventive Measures 1 2 3 4 5
  • 4. Root Cause of Data Breaches 25% Human Error 27% Process Failure 48% Malicious Ponemon Institute 2016 Cost of Data Breach Study: Global Analysis
  • 5. Lost or stolen device Data Breach Breakdown Human Error Verizon Data Breach Report 2016
  • 6. Data Breach Breakdown Malicious Breaches Overview Verizon 2016 Data Breach Investigations Report – specifically: incidents involving credentials
  • 9. Threats Overview Malware Video Please click to watch this video: https://youtu.be/juw6sPEGuEk
  • 10. Malware includes numerous threat families, all with different names. Viruses Trojans Ransomware Rootkits Bootkits Worms
  • 12. • On average, 390,000 unique threats per day.1 • Unique threats ≠ extremely dissimilar. • Malicious threats are changed in the smallest amount possible to evade detection. • Malicious threats are targeted in order to have the highest penetration (success) rate. Malware 1AV-TEST GmbH, www.av-test.org
  • 13. • Malware definitely exists on other operating systems (Oses) outside of Windows. • Windows is typically the major target due to high market share. • When new malware is released on other Oses, it typically has a high penetration rate due to people believing their Android, Mac, and Linux devices are safe without having any endpoint security installed. Is malware on Windows only?
  • 14. • Mobile phone malware is a growing threat due to users doing the majority of their internet browsing on a cell phone. • Ransomware, or screen locking malware, is a popular threat on mobile devices. • In 2016, malware targeting Apple iOS (iPhones, iPads) increased. Apple doesn’t allow vendors to create antivirus for these products, so users must depend on the company to fix any vulnerabilities. Is malware on mobile phones?
  • 15. • Clicking malicious links in email • Plugging in an unknown flash drive • Downloading malware masquerading as other software How does my computer get infected?
  • 16. • Clicking malicious links in email • Downloading malware masquerading as other software • Installing 3rd party apps directly from the internet instead of via official stores such as Google Play or Apple’s App Store. How does my mobile device get infected?
  • 17. Top Tips to Avoid Malware Install Endpoint Security on all devices. Be careful what you plug in. Be careful what you click. Get awareness training for entire family. 1 2 3 4
  • 19. Threats Overview Phishing Video Please click to watch this video: https://youtu.be/-0Ql6xnNj7g
  • 20. • Is the act of setting the bait (trap)… • Casting it out into a wide ocean… • Hoping that something bites that you can then hook. Phishing? Or fishing?
  • 21. • Intentionally deceiving someone by posing as a legitimate company. • Typically, utilizes email by pretending to be a company or service requesting you to do something. • Hoping that you click the link and fill out the requested info. Phishing
  • 22. • 54% of all inbound email is spam • 1 in 20 email messages has malicious content Phishing Stats Spam Types 2016 Trustwave Global Security Report
  • 23. Phishing Stats Verizon 2016 Data Breach Investigations Report 30% of people Open phishing messages (23% last year) 12% of people Open attachments (11% last year)
  • 24. Phishing Examples (Please enable full screen mode) Not paypal.com
  • 25. Phishing Examples (Please enable full screen mode)
  • 26. Top Tips to Avoid Phishing Check who the email sender is. Check the email for grammar and spelling mistakes. Mouse over the link to see where it goes. Do not click the link – manually type it in. 1 2 3 4
  • 28. • Manipulation of people into divulging confidential or sensitive information • Most commonly done over email, but also regularly carried out over the phone Social Engineering
  • 29. • Can be a slow gain of information • Can attempt to gain all information needed at once Social Engineering
  • 30. • Phone call targets employees at a business. • Caller asks who the boss/CEO is. • Requests his/her email address. • Now the attacker has the username and the name of the person targeted for compromise. Social Engineering Examples
  • 31. • A person walks into office pretending to be a contractor. • Due to his/her uniform, people assume it’s OK. • Person walks into room with sensitive info and steals it. Social Engineering Examples
  • 32. Top Tips to Avoid Social Engineering Be careful with the information you disclose. Verify credentials of contractors. If you have any doubts on the identity of callers, hang up and call their official company number back. 1 2 3
  • 34. Password Overview Video Please click to watch this video: https://youtu.be/nARrIdmE8BY
  • 35. • What city did you grow up in? • What is your dog’s name? • What high school did you attend? • What is your favorite book? • What is your dream job? • What is your mother’s maiden name? Can these answers be found on your Facebook account?
  • 38. • Typically, users are honest when filling out security questions. • Malicious parties can utilize social media to find out the answers to these questions, which allows them to reset your password. • Best practice is to not be honest when filling out these questions. Treat security questions as another password field. Security Questions
  • 39. • Typically, users practice risky behavior with respect to passwords. • Passwords nowadays can be a gateway into identity theft. Users and Poor Password Hygiene
  • 40. Document or sticky note with passwords written on it Poor Password Hygiene
  • 41. Freely sharing password with friends, family members, colleagues Poor Password Hygiene
  • 42. Poor Password Hygiene 8 characters 8 characters + 1 number 8 characters + 1 number + 1 symbol 8 characters + 1 number + 1 symbol + 1 capital elephant elephant1 elephant1! Elephant1! = = = =
  • 44. • Passwords sometimes are extracted • Very simple to try all alternative options of password-base Data breaches lead to password problems because… Example • Password that was stolen was dolphin • Password required by website is 8 characters 1 symbol • 32 symbols on the computer(would take a human 5 minutes) • Computers can carry out these tasks in fractions of a second
  • 45. • If you have trouble remembering passwords or creating unique passwords, utilize a password manager. • There are several very secure password managers on the market that work across all Oses. • They will remember and auto-complete your passwords for you once your “master” password is entered. Password Managers
  • 46. https://haveibeenpwned.com/ • Currently checks 210 websites • 2.6 billion compromised accounts contained • Treat it like a credit-check Password Hygiene Checkup
  • 47. • As opposed to the standard password authentication, 2FA OTP (one-time password) uses two elements. These are “something that user knows,” such as a password or a PIN code, and “something that user has,” typically a mobile phone or hardware token. • Used in combination, they provide greatly enhanced security for data access. Two-factor Authentication (2FA) Explained
  • 48. • Data breach through weak or stolen passwords • User-created passwords that are not random characters • Re-use of passwords intended for access to company assets for private accounts • Passwords containing user-specific data – e.g. name, date of birth • Simple patterns to derive new passwords, such as “elephant1,” “elephant2,” etc. 2FA solves the problem of:
  • 49. Top Tips for Password Safety Utilize unique passwords across all websites/applications Enable and utilize 2FA on all websites that allow it Choose unique, non-true security questions 1 2 3
  • 53. • Nowadays, users utilize search engines to ask every question they can think of. • Users click on search results without first checking if it is a legitimate site. • This happens commonly on social media websites as well. Search Engine Safety
  • 54. • Even if the website is reputable, the advertisement being displayed could be malicious and infect your computer or mobile device. • Free things (music, movies, game cheats, etc.) are very commonly filled with malware, and are rarely what they say they are. Search Engine Safety
  • 55. Top Tips for Search Engines Stick to clicking on sites on the first page of results. Be careful when clicking on non-name recognizable sites. Malware commonly masquerades as free things. 1 2 3
  • 57. • Filters web traffic based off pre-configured policies set by the administrator. • There are both home versions and corporate versions. • Home versions focus on child safety, while corporate versions focus on employee productivity. Web Content Filter
  • 58. • Not only can it restrict the content that is displayed to a certain audience, it can also be utilized to filter malicious content and protect the user. Web Content Filter
  • 59. Top Tips for Web Content Filter Increase employee productivity by implementing a web filter. Curb risky user behavior and reduce malware exposure by implementing a web filter. Protect children’s mobile devices and computers from displaying inappropriate content with a web filter. 1 2 3
  • 61. Internet Protection Overview HTTPS Video Please click to watch this video: https://youtu.be/gpLZg6gSs6g
  • 62. • Is a protocol for secure communication over a computer network which is widely used on the internet • HTTPS is typically notated by displaying a green lock in the web address bar: HTTPS
  • 63. • No sensitive information should be typed into a page that is not secured by HTTPS. • Even though a page is secured with HTTPS, it does not automatically mean the page is safe. • Most browsers have begun to let users know more easily when they are on a non-secure page. HTTPS
  • 64. Top Tips for Secure Websites (HTTPS) Before entering sensitive information, check to see if the site is secured by HTTPS. Check to make sure this is a reputable website before entering credit card information; don’t just depend on the HTTPS indicator. 1 2
  • 66. Internet Protection Overview Public Wi-Fi Video Please click to watch this video: https://youtu.be/05mL4dF1iMM
  • 67. • Is a non-secure network that users can connect to for free • Typically found in hotels, coffee shops, libraries and many other places Public Wi-Fi
  • 68. • Do not assume that a network named “Library” is actually the wireless network for the Public Library. • Verify with the business owner the name of their network. Public Wi-Fi
  • 69. • Is very insecure, so you should treat every public Wi-Fi connection as compromised (unsafe). • This means you should not utilize any sensitive websites when connected (banking, social networking, etc.) • If you need to access one of these sites, utilize your cell phone and do not connect it to Wi-Fi, just use the cell service. Public Wi-Fi
  • 70. Top Tips for Public Wi-Fi Verify the Wi-Fi name with the business owner prior to connecting. Treat public Wi-Fi connections as compromised (unsafe). Utilize an anti-malware product to help prevent against cyberattacks while connected. 1 2 3
  • 72. • This type of internet connection is convenient, but opens up a security hole that needs to be secured. • Examples of IoT devices include internet-connected thermostats and closed circuit cameras. • If you can connect to it from anywhere, that means anyone can—by simply guessing your password. • Disable any web features that you do not utilize. • Make sure all IoT devices are kept up to date. Internet of Things (IoT)
  • 73. • Routers are the first line of defense to protect IoT devices from exploitation. • Routers should be immediately configured to change the default username and password to something unique. • If someone gains access to your router they can see all other devices on your network. • Make sure your router is regularly updated to avoid exploitation. Internet of Things (IoT)
  • 74. Top Tips for Internet of Things (IoT) Change default usernames and passwords on all devices including routers. If you do not utilize the web features, disable them. Make sure all IoT devices, including routers, are kept up to date with the newest firmware (software). 1 2 3
  • 76. Email Protection Overview 2FA Password Reset Spam Protection Attachment Policy
  • 78. • Email is most important account needing protection, because if someone gains access to your email, they can utilize the password reset function to gain access to other services. • As we mentioned earlier, 2FA is a great way to protect your email from being compromised. 2FA (Two-Factor Authentication) and Email
  • 79. • Most major email providers allow you to set up 2FA with your email account. • Once set up, the attacker would need your password and your cell phone in order to break into your email account. 2FA and Email
  • 80. Top Tips for 2FA and Email Password protect or utilize fingerprint reader to protect your 2FA app in case of a lost device. Do not utilize SMS if you can help it as a 2FA method; always use an application or push. Enable 2FA not just on email but all critical websites and applications that allow it. 1 2 3
  • 82. • When passwords are forgotten, the ability to reset your password is very convenient, but if not utilized properly this can allow someone to easily take over your account. • Some websites do not require any security questions to be answered or any additional information besides account email address to initiate a password reset. Password Reset
  • 83. • Usually when someone requests a password reset, an email is sent to the email address on file with this information. • Monitor these emails and contact the vendor directly if you see these and did not initiate them yourself. (But remember the spam/phishing rules from earlier.) Password Reset
  • 84. Top Tips for Password Reset Utilize strong unique passwords. Utilize strong, not correct, security questions. Monitor attempted password resets on your accounts for fraudulent activity. 1 2 3
  • 86. • Everyone gets spam; even with the best protection, some still slips through the cracks. • Some email providers have better spam protection than others. • A third party anti-spam product can supplement protection provided by the email provider. Spam Protection
  • 87. • Never open spam emails, even if you think it is funny to see the content inside. • Never respond to spam emails. • Be careful using your email address to sign up for contests or enter websites. • When posting your email to a public website, always add special breaks in your email address. Example: ben(at)eset dotcom Spam Protection
  • 88. Top Tips for Spam Protection Utilize a different provider or 3rd party product if necessary. Never click, open or respond to spam messages. When posting email to classified sites, use the following format to keep spam bots from retrieving and using your address: john.smith (at) email.com. 1 2 3
  • 90. • Attachments are one of the most common ways to get viruses or malware. • Even though an attachment might look like a document or Excel file, it might contain a virus or malware. Attachment Policy
  • 91. • Rules should be in place at your company to prevent receiving certain types of attachment files. • Employees should receive training that describes why attachments can be harmful. • Never open attachments from unknown senders. • If you see something that is questionable, send to your IT department for verification. Attachment Policy
  • 92. Top Tips for Attachment Policies Employees need training and a clear attachment policy. Never open or save attachments from an unknown sender. Even though something looks like a file that you do not think is malicious… doesn’t mean it isn’t malicious. 1 2 3
  • 94. Top Tips for Preventive Measures Utilize an AV product on all devices, not just Windows computers. Define a clear attachment policy coupled with a spam filter. Implement a Web content filter to help with malicious content, inappropriate content, and productivity issues. Utilize unique passwords and maintain a clear password policy. If needed, use a password manager. Keep all internet-connected devices up to date, including routers, IoT devices, computers, mobile devices. 1 2 3 4 5

Editor's Notes

  1. First we will go through a threats overview, which is designed to bring awareness to the different security concerns surrounding specific threats. Next Password Safety that will run through some best practices not just when creating passwords but utilizing them. Then Web Protection, which will go through different things to know about when utilizing the internet Then Email Protection, which will focus on email borne threats and spam. Then finally we will finish up with preventative measures. Keep in mind throughout this webinar I will be giving tips and best practices not just for you to utilize in the business world, but at home as well
  2. Does this screen or others like this look familiar?
  3. How about this? This is extremely important in the conversation around passwords due to the fact that most passwords can be simply changed or reset by knowing a few answers to questions about yourself. Most of these answers can be commonly found on users’ social media accounts. So it is very important to not just practice good password policies but also strong security questions as well.
  4. So typically due to the complexity requirements of passwords usually users end up writing their passwords on sticky notes or in documents on their desktop.
  5. Others freely share their passwords with other users. We see this especially in organizations that require users to clock in at the beginning and end of the day. They do not want to be late again so they call their friend who is already at work and ask them to clock in for them.
  6. Current password policies that are often used today are not adequate at protecting users. As you can see this is what a typical user does. If a password requires 8 characters they might choose something like elephant. But if they go to another application or website and now it requires a number, they are not going to think of a brand new unique password, they are just going to tack on a 1 at the end. This continues when websites require a symbol, or capital. Users are re-using the exact same password base, which is Elephant.
  7. This leads to current password policies that typically have users change their password every 90 days or every 6 months. Users are not increasing your businesses security by changing their password on these scheduled intervals due to them doing the above. They are simply going to the next number and next symbol on the keyboard. In fact now NIST is recommending against having users change passwords every 90 days due to the above.
  8. So when data breaches occur passwords are sometimes extracted, it would be very easy for me to go to another website and figure out what your password is. For example if the password that was stolen was elephant, and I went to a website that required 8 characters and 1 symbol. There are only 32 symbols on the keyboard, therefore I only need to type in elephant and then try every symbol and see if I gain access into whatever system I am trying to break into.
  9. So a great resource to inform your users about is this website. which will check all of the databases of compromised credentials to see if your credentials are any of the ones that have been stolen. You can enter in your commonly used usernames or email address and it will let you know if there has been a breach and what was breached. If your password was stolen it is recommended to completely change your password, don’t just change the number or symbol!
  10. So Two-Factor is a solution that can prevent poor password policies, and ultimately turns the login process into requiring a User, Password, and a One time password. This one time password typically comes from a mobile device or hard token. So it turns the password authentication into something that the user knows (such as a password) and something they have (a cell phone). If you do not have both pieces of information you are unable to log in.