Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Hygiene

Published byAmber Carroll Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Hygiene"— Presentation transcript:

1 Cybersecurity Hygiene
…because you might be picking your friend’s nose. Sam Sneed June 2017

2 Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary
November 14, 2018

3 Yes, it is your problem What you don’t know will hurt you.
Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

4 Personal or Political Agenda
Why people hack Money Organized online crime New methods to commit old crimes Personal or Political Agenda State actors “Hacktivists” Disgruntled employees Lulz Vandalism Curiosity Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

5 Why everyone is a juicy target
Information Financial (banking, credit, etc.) Health (medical records, prescriptions, etc.) Personnel files Intellectual property Critical business info Access Networks and devices Physical location or things Information or more access Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

6 What could happen when you’re hit
Create backdoors, load additional code Loss of control of devices Exfiltration of info Encryption of files Ask for ransom Nothing (yet) Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

7 Folk wisdom for the digital age
Exploits and Current Events Practical Tips Folk wisdom for the digital age Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

8 Don’t take candy from strangers
If in doubt, don’t click Attachments may contain malware Links can take you to compromised websites “Phishing” common method of attack Can use spoofing, social engineering, other methods to trick users into accessing infected files or websites Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

9 Don’t take candy from strangers (If in doubt, don’t click)
Scan and attachments Check with IT to see if this can be done automatically Use blacklists/ whitelists to control access Call and verify with the sender Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

10 Don’t eat things off the ground
Think before you connect How public is the network? How secure is the device? Man-in-the-middle attacks Dyn attack, October 2016 IoT devices infected w/ malware* became botnet (baby monitors, printers, cameras) DDoS attacks took down major online services and retailers * The malware used, “Mirai,” is Japanese for “the future” Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

11 Don’t eat things off the ground (Beware of free lunch)
Avoid public networks, especially open ones Avoid logging into sensitive services while on a public network Consider using a VPN or mobile network Do you really need an internet-connected teapot? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

12 Think about who and what you interact with
Don’t share cooties Think about who and what you interact with What is their cybersecurity hygiene like? Where have their devices been? Where have those thumb drives been? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

13 Consider the terms of accessing your company network
Don’t share cooties Consider the terms of accessing your company network May employees connect personal devices to the work network? Do contractors have access? Beware of “jailbroken” devices Consider options like mobile device management software Scan media (e.g. thumb drives) if they are coming in from unknown sources Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

14 A place for every password and every password in its place
Pick up after yourself A place for every password and every password in its place Where do you keep your credentials? When’s the last time you cleaned them out? Are credentials doubled up? How many devices across how many networks have you used your credentials on? Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

15 Info and credentials should have an expiration date
Pick up after yourself Info and credentials should have an expiration date Mind your passwords Don’t double up on credential usage How many post-its are you using? Consider using a password manager Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

16 Are you taking full advantage of security tools?
Lock your doors Are you taking full advantage of security tools? Weak passwords are easy to crack Brute force Password dictionaries Access controls frequently have publicly-accessible control panels and/or default admin passwords Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

17 Use lock screens on mobile devices Mind your passwords
Lock your doors Use lock screens on mobile devices Mind your passwords Length (8+) Complexity (Upper case, lower case, number, special character) Don’t forget about physical security Change your factory default passwords Consider multi-factor authentication Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

18 Wash your hands and take your vitamins
How often does your computer get a checkup? Automated scans? Software updated? WannaCry, May 2017 Affected unpatched Microsoft operating systems Supported OS could patch in March 2017 (Windows Vista, 7, 8.1, 10) Unsupported OS had no patch (XP, others) Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

19 Wash your hands and take your vitamins
Keep your software updated Consider SaaS models Get regular checkups Schedule regular scans Don’t ignore warning signs Error messages sometimes have important things to say Copyright 2016 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

20 making it work for your organization
Training Processes Documentation making it work for your organization Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

21 Take stock of your operations
PEOPLE Categories of users Employee lifecycle THINGS Function (Access control? Critical asset?) Mobile? Owner? PEOPLE + THINGS Inside - workflows and data lifecycle Outside - access and transfer Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

22 What is your risk tolerance?
Liability for protected information Health Financial Info re children Security-related Relationship to customers and vendors Business continuity Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

23 Formalize, document, and train!
Policies and agreements IP and employment Data classification Data retention (lifecycle handling) BYOD and network access Training and documentation Onboarding and offboarding Periodic training, changes in access rights Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

24 Find Expertise and Help
Inside your organization Departments – IT, HR, Legal Levels – Executive, front-line Generations – consider reverse mentoring Outside your organization Technical expertise Insurance Incident response Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

25 Questions? Copyright 2017 ES&A, Inc. All Rights Reserved Confidential and Proprietary November 14, 2018

Download ppt "Cybersecurity Hygiene"

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Security 101 Harper P. Johnson Information Technology Services Director of Information Security.

Security 101 Harper P. Johnson Information Technology Services Director of Information Security.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

Similar presentations

Ads by Google