Internet Safety and You

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
General Awareness Training
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
IT security By Tilly Gerlack.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Topic 5: Basic Security.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Cybersecurity Test Review Introduction to Digital Technology.
Personal Data Protection and Security Measures Kelvin Lai IT Services - Information Security Team 12 & 13 April 2016.
Computer Security Sample security policy Dr Alexei Vernitski.
Computer Security Keeping you and your computer safe in the digital world.
PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.
Securing Information Systems
Proactive Incident Response
Chapter 40 Internet Security.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Securing Information Systems
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Managing Windows Security
What they are and how to protect against them
E&O Risk Management: Meeting the Challenge of Change
Critical Security Controls
What Does GDPR mean for you
Common Methods Used to Commit Computer Crimes
Instructor Materials Chapter 7 Network Security
Network security threats
Data Compromises: A Tax Practitioners “Nightmare”
Business Risks of Insecure Networks
Securing Information Systems
Teaching Computing to GCSE
Call AVG Antivirus Support | Fix Your PC
Robert Leonard Information Security Manager Hamilton
Risk of the Internet At Home
Cyber Security Why You Should Care.
Cyber Issues Facing Medical Practice Managers
Information Security Session October 24, 2005
Protecting Your Information Assets
Information Security Awareness
HOW DO I KEEP MY COMPUTER SAFE?
Cybersecurity Am I concerned?
Faculty of Science IT Department By Raz Dara MA.
Computer Security By: Muhammed Anwar.
Protecting Data and Information
Cybersecurity and Cyberhygiene
Test 3 review FTP & Cybersecurity
G061 - Network Security.
6. Application Software Security
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Defencebyte THE PERFECT SECURITY FOR YOUR COMPUTER.
Presentation transcript:

Internet Safety and You

What is MePush?

Fast Facts The average cost of a malware attack on a company is 2.4 million dollars. Microsoft Office formats make up the most prevalent group of malicious file extensions at 38% of the total. 21% of all files are not protected at all. Ransomware attacks are growing more than 350% annually.

Small Businesses as a Target 43% of cyber attacks target small businesses Small businesses are easy prey for international hacking Small businesses are very vulnerable to generalized phishing and malware Small businesses are easy accidental targets for script kiddies

Small Businesses as a Target Small business owners pay ransoms Small businesses have valuable data Small businesses are easy for hackers to get in and stay in undetected Lack of budget for adequate security Lack of staff and training

Malware Malware is any form of programming or code that can be used to expose a vulnerability or open a door to your internal network. Types of malware: Trojan: Malware that pretends to be other software Spyware: Used to spy on network operations or users Rootkit: Installed to gain hidden unauthorized control Backdoor: Opening in the network for further exploitation

Phishing Phishing is the practice of sending emails claiming to be from reputable companies in order to get individuals to reveal personal information.

Email Links Do not click suspicious email links. If you are unsure about a link, do not click on the link. Use https://safeweb.Norton.com by copying the link’s URL and pastig it into the URL checker at Norton. Any link can be disguised to redirect you to somewhere else To circumvent this, just Google it.

Email Attachments The same best practices followed with the clicking links should also be applied to email attachments. There are resources you can use if you believe you have a file that might be malicious. You can upload the suspected file to the website https://www.virustotal.com/#/home/upload This site will analyze the file and brief you with results if it is malicious.

Protected View Do not use the “Enable Editing” setting if not necessary. This can potentially allow malware to run background processes on your computer. This can lead to ransomware and backdoors on the machine for identity theft.

Social Engineering Social engineering is the manipulation of people into performing actions or divulging confidential information Types of social engineering include: Phishing Tailgaiting Quid pro quo

Antivirus Antivirus tools are used to remove infections from computers using previously known hash values. Hash values are the “DNA” of the virus. Antivirus monitoring are systems that are implemented to monitor normal user use and network behavior to alert a system administrator of a potential threat. Alerts could be too many failed login attempts to DNS spoofing and other network changes.

Web Content and Media Filtering These tools are used to limit the risk of malware exposed to host machines and servers. Without proper web filtering, users may access sites that could put potential rootkits and backdoors on user machines, therefore allowing unauthorized access to the machine from a remote hacker. Sites that should be blocked include sites that allow file transferring, for example torrents and The Onion Router traffic. Furthermore, blocking not suitable for work sites is needed to prevent users from accessing crude or time-wasting sites that are not suitable for company operations.

Virtual Private Network (VPN) VPNs allow safe remote access to your company’s internal network to access documents and work remotely. They work off individual access and encrypt traffic coming into your network to prevent attackers from stalking and watching the network traffic. With a VPN, a user is able to remotely connect from a public network into a private network safely and securely.

Data Data is information. It is the documents, spreadsheets, and images stored on the computer. Data is also more than just files. Data is the configuration files, services, and programs that make your computer run. Without these files, your computer may not be able to run.

Backups A full backup is the simplest but most data intensive and timely type of backup. This type of backup will completely record your entire computer or server to external media. An incremental backup results in a copy of only the new data that has been created since the last backup of any type. It can be run as often as desired and is not usually time intensive or data intensive if managed properly. A differential backup copies all of the data that has been created since the previous backup. However, each time the differential backup is run it will continue to copy all data changed since the previous file backup.

Single Point of Failure A single point of failure is putting all your eggs in one basket. This means securing all your backups in one place such as only on a single external backup media.

Patching Patches are fixes to a piece of software that either fix bugs, fix security vulnerabilities, or add features. More than 70% of cyber attacks exploit patchable vulnerabilities. Have a policy to patch your machines regularly. Test patches on one machine before deploying to all of them.

Wireless Security There are various forms of encryption used for wireless. The most common is unhidden WPA2 with a pre-shared-key. As a business, you want a strong password, pre-shared-key, for your WiFi because it has become increasingly easier to decrypt these WiFi passwords.

Compliance Compliance means meeting all of the controls required by the governing agency Payment Card Industry (PCI) depends on your business type HIPAA compliance is universal and applies to any organization that store ePHI. These regulations help protect your business from threats. In theory if you are fully compliant, an attacker will have a difficult time compromising your data.

Dangers of Non-Compliance General Lawsuits for data loss PCI Fines from credit card companies Increase in transaction fees HIPAA Fines from HIPAA regulatory bodies Legal Fees

CyberSecurity Insurance General Liability insurance WILL NOT cover: Identity theft or fraud resulting from either a malicious or inadvertent security breach Lawsuits or fines resulting from data leaked through a breach Theft or destruction of such valuable digital assets as intellectual property or customer lists Interruption of your business or loss of business due to a hacker or malware

CyberSecurity Insurance Insurance companies offer cyber policies and data breach policies for covering your business in the event of an attack. They may cover: Forensic investigation of the breach Legal advice to determine your notification and regulatory obligations Offering credit monitoring to customers as a result Settlements, damages, and judgments related to the breach Regulatory fines and penalties (including Payment Card Industry fines)

Mange Your Risks IT Management (managing users, passwords, firewalls, PCs, servers, networks, change management, logging and monitoring) Regular training and awareness for all users Regular lifecycle and replacing old equipment and software

What is QuickWatch? QuickWatch protects your email, servers, network, website, and workstations. QuickWatch allows us to remotely access your machines to deal with certain issues that you may have. QuickWatch automatically backs up your data. QuickWatch has automatic cloud-driven patch management.

Top Tips Never believe that you are not a target to hackers. Keep your software and operating system up-to-date Beware of suspicious emails and phone calls Practice good password management Never leave devices unlocked and unattended Back up your data Use two-factor authentication Use secure internet connections Install an enterprise anti-virus and keep it up-to-date Protect sensitive data

Sources https://www.quickwatch.support/ https://blog.varonis.com/cybersecurity-statistics/ https://security.berkeley.edu/resources/best-practices-how-to-articles/top- 10-secure-computing-tips https://ist.mit.edu/security/tips https://www.zdnet.com/article/simple-security-step-by-step-guide/