Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Best Practices

Published byOdette Lebeau Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security Best Practices"— Presentation transcript:

1 Cyber Security Best Practices
Oct 17, 2018 Presented by: Daryl Craig Director, Information Technology

2 Cyber Security Current Cyber Security environment
Who are the Major players Cyber Security – Recommendations for not for profit organizations Questions & answers

3 Current Cyber Security environment
Cyber crime/hacking is increasing year over Year Cyber crime costs are expected to hit $6 trillion annually by 2021 Beyond dollar costs, the hit to an organization’s brand and reputation is unmeasurable NSFs are a High Risk and High Value cyber targets WAWADA Canadian Centre for Ethics in Sports During opening ceremonies systems where hacked and had to be shut down and restarted – Pyeongchang Olympics 2018 Australian Olympic Committee is believed to be cyber hacked during the Pyeongchang Olympics for a few days – 2018 Bell Canada lost 1.9 million customer personal information – 2017 City Of Atlanta lost control of its infrastructure (courts, police, etc.) 2018 Air Canada Mobile app lost 20k customer personal information – 2018

4 Cyber Security –The Major Players
Also known as Fancy Bears, Sofacy Group, Sednit or STRONTIUM Linked to the Russian government Believed to be behind: Democratic National Committee server hack WADA, IOC Hack Meddling with the US, German and French elections Modus Operandi: Anything to get the job done Successfully deployed an UEFI rootkit ~~~~~~~~~~~~~~~~ Also known as Hidden Cobra Strong relations with APT38 and APT37 Linked to DPRK government Sony Hack Wannacry Attack Crypto currency exchange market in South Korea attack Recipe Unlimited Ransomware attack Very prolific in writing malware

5 Cyber Security - Recommendations
Remove Local Admin Rights (Free) Standard Login can not install software or make system changes, IT or a special account must be used to make such changes/installs Common spyware/malware requires Local Admin Rights to be successful Remove PowerShell – PCs Only (Free) Used only by Advanced Users, not required in every day use Most common spyware/malware requires PowerShell to be successful Ensure Firewalls are enabled on both PCs and MACS (Free) Most PCs are hacked within an hour if their firewall is not turned on and the PC is connected to the internet Corporate Next Generation Firewalls (NGF) with Instruction Detection (can be costly) Only protects equipment while at the office Can enable Web Filtering which blocks known malicious websites These 4 Items can reduce Hacking by 90%!

6 Cyber Security - Recommendations
Enable Two Factor authentication for all access (close to free, MS and Google have Charity Pricing) Requires a separate code in addition to ones password Passwords are not secure and often guessed or stolen

7 Cyber Security - Recommendations
Apply security updates monthly (free/time) Windows MACs Mobile Devices Applications such as Adobe, Office, etc. 50% of hacking could have been prevented if all security updates where applied

8 Cyber Security - Recommendations
Encrypt the hard drive of all Desktops/Laptops (Free) If a laptop/desktop is stolen or lost the data can not easily be recovered If a laptop/desktop is stolen or lost and its not encrypted you may need to report it to both the Federal and/or Province Privacy Commissioners Consider encrypting your USB keys as well

9 Cyber Security - Recommendations
Anti Spam Service (Free to small cost) Microsoft has a great product called Advanced Threat Protection ($0.73/month per mailbox) Educate Staff on Cyber Security ideally how to identify and be informed of the consequences of Phishing s (Free/Time) Enable SPF A protocol that advertises to the world what IP addresses your organizations should come from Don’t forget to include the IP addresses of any mass blast products you may use i.e. MailChimp, Constant Contact When other organizations receive s from yours, their server will check what IP addresses your s should be coming from and if the IP addresses are suspicious the is blocked because it is considered spam. 91% of cyber crime starts with an

10 Cyber Security - Recommendations
Have a Password Policy (Free/Time) Require complex password Passwords should change every 90 days Do not allow the last 5 passwords to be used again Ensure contractors PCs, Systems adhere to the same or have stricter Cyber Security as your organization requires (Free/Time)

11 Cyber Security – Other Recommendations
Cyber Security Audit (Can be costly) Cyber Liability Insurance (Extra cost can be reasonable) Limit Rights to just enough for each staff member (Requires advanced IT knowledge) Have an IT acceptable use and Incident Response Policy (Time)

12 Questions

13 THANK YOU MERCI

Download ppt "Cyber Security Best Practices"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Network security policy: best practices

Network security policy: best practices
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
1 C-DAC/Kolkata C-DAC All Rights Reserved www.cdackolkata.in Computer Security.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.

Similar presentations

Ads by Google