Public - Cybersecurity Awareness Presentation

Cybersecurity
Awareness
Tips To Protect You And Your Data
CONTENT BY PRESENTED BY
Your info
and/or
www.treetopsecurity.com company logo here
From the makers of Peak. Protecting small businesses using
affordable, comprehensive, and common sense defenses.
1
TreeTop Security - CAT - v1.1
# whoami
● Tell the audience about yourself
○ Where you work
○ Background
■ Education
■ Work experience
○ Why you are doing this
○ Why you like volunteering
3
About this presentation
Slides available at
https://www.treetopsecurity.com/CAT
Downloaded in over Shared and recommended

150 countries in < 1 year at the RSA conference
Sept 2019 - March 2020 Feb 2020
5
6
Overview
Why security awareness?
Patching your devices
Backups are a must!
Passwords
2-factor authentication
Internet safety & email
Privacy concerns
Phone scams
7
Why is
cybersecurity
awareness
important?
8
Awareness training is a must!
● Technology alone cannot protect you from everything
● Attackers go where security is weakest
● People -> a link in the chain & the last first line of defense
● Essential to reducing cybersecurity risk
● Cybersecurity awareness is for...
○ Employees ○ Parents ○ Seniors
○ Business owners ○ Kids ○ Everyone!
Reminder: Many tips that keep you safe

at work will also keep you safe at home!
9
But an attacker isn’t interested in me...
Wrong!!! You are exactly what an attacker wants!
● Credit card and financial data

● Medical data
○ Prescription, insurance, or identity fraud
○ Far more valuable than financial data
● Computer resources
○ Cryptomining ○ Ransomware
○ Advertising ○ Jump point
● User or email credentials
○ Sending spam ○ “More” access
○ Recovery/reset other accounts
10
HELP!!!
Ways to protect
yourself!
11
Backups
● NO level of protection is perfect
○ Backups are frequently overlooked
○ Only “guaranteed” protection against ransomware
● Backup media should not be connected at all times
● If you backup, have you tested them recently?
35% 20% 14% 6%
Users that Users that Users that Users that

have never backup backup backup
backed up yearly monthly daily
12
Updates are essential to security
• What was secure yesterday may
not be secure today
• New software vulnerabilities found
every day
• Over 360K new malware (viruses &
ransomware) released every day
• Nothing is “Set & Forget”
13
Keeping your system up-to-date
● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ Windows 7 end of life was January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
14
Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Opera, Edge, Safari, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & laptops
● Internet of Things (IoT) - Alexa, Google Home,
thermostats, doorbells, surveillance system, light
bulbs, smart locks, pet feeder, health monitors...
This could keep going forever!
15
All
About
Passwords
16
17
Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ LastPass ○ KeePass ○ 1Password
● Benefits of a password manager
○ Single password to remember them all
○ Encrypted storage of passwords
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
18
Password Tips
● Avoid using items that can be associated with you
○ Address ○ Child names
○ Phone numbers ○ Birthdays
○ Pet names ○ Sports teams
● Separate passwords for every account Possible with a
● Auto-generated, unmemorable password manager
69% 95% 59% 86%
Passwords shared Passwords shared One password for all Passwords are too
with colleagues with household accounts “simple”
19
Passwords vs passphrases
● Useful when passwords must be typed in
● Should not be easy to guess
○ At least 12 Characters, but 15 or more is far better
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (24): MysonwasbornNovember1995!
61% 9.6 6.1 0.2
Passwords exactly 8 Average Length of Average number of Average number of

characters Password lowercase letters special characters
20
Top 25 passwords by rank & year
Rank 2017 2018 2019 Rank 2017 2018 2019
1 123456 123456 123456 14 login 666666 admin
2 password password 123456789 15 abc123 abc123 qwertyuiop
3 12345678 123456789 qwerty 16 starwars football 654321
4 qwerty 12345678 password 17 123123 123123 555555
5 12345 12345 1234567 18 dragon monkey lovely
6 123456789 111111 12345678 19 passw0rd 654321 7777777
7 letmein 1234567 12345 20 master !@#$%^&* welcome
8 1234567 sunshine iloveyou 21 hello charlie 888888
9 football qwerty 111111 22 freedom aa123456 princess
10 iloveyou iloveyou 123123 23 whatever donald dragon
11 admin princess abc123 24 qazwsx password1 password1
12 welcome admin qwerty123 25 trustno1 qwerty123 123qwe
13 monkey welcome 1q2w3e4r
If you use any of these, change them NOW!!!

21
TreeTop Security - CAT - v1.1 Source: Gizmodo
2FA - two-factor authentication
● What is 2FA?
○ “Beyond” a username and password
○ Second form to prove it is you
○ Typically out-of-band
● “Your one-time code is…”
○ SMS ○ Email
○ Phone Call ○ Snail Mail
○ Phone pop-up
● Applications
○ Google Authenticator
○ Authy <- ability to recover on new device
22
Just
A Little
Click
23
Is the link safe in 4 steps
1. Verify 4. Click
04
Were you expecting to If it passes the three
receive a link? previous tests, it
○ Not just email! should be okay to
○ Social Media browse to
○ SMS/iMessage 01 03
2. Hover 3. Sniff test
Hover over the link to Is it a site you recognize?

ensure that it leads 02 Does it feel “familiar” to you?
where it says it does Be skeptical my friends
24
Easy to recognize scam
○ Viagra <- ?!?!?! ○ Domain name

○ Strange wording ○ Expected email?
Red flags?
○ Email address ○ Interesting link
25
Known email account
Hacked or
spoofed email
from someone
you know
○ Email address ok ○ Expected email?

○ Name ok ○ Link - .fr is France
Red flags?
○ Odd “signature”
26
Text messaging example
Source: CNN
○ Name in SMS ok ○ Received a text regarding

Red ○ Number ok? a package before?
flags? ○ Expected text? ○ Recognized domain?
27
Hover before you click
Desktop - Hover
● Why hover?
Blue text can be deceiving
Underlying URL may be different
Foreign domains - .uk, .cn, or .ru Mobile - Long Press
Numbers instead of letters http://www.evil.com/

Example: 192.168.1.1
Don’t trust it!
Hover on mobile/tablet?
Long press (hold)
Any doubts? Don’t click it!!!
28
Shortened or obfuscated links?
● Instead of 300 characters, the link is reduced to 15 characters
Bit.ly
TinyURL
Extremely common and helpful, but...
Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
29
Hover is your friend
○ Email address ok? ○ Sense of urgency

Red flags? ○ Expected email? ○ Hover!!!
30
TreeTop Security - CAT - v1.1 Source: Malware Traffic Analysis
More email attacks
92% of malware is
delivered by email
31
TreeTop Security - CAT - v1.1 Source: CSO Online
Email Attachments Attachments in Microsoft Outlook
● Stop & think before you click!

● Recognized sender?
● Expecting attachment?
● Is it normal for that contact to
send attachments?
Macros Enable Macros <- NOOOOOO!!!!
● Step 1: Don’t do it!!!

● Step 2: See step 1
● Found in downloaded files too
32
Other Email Scams
Wire transfer
● Can be “non-technical”
● Spear phishing (CEO <-> CFO)
○ Published organization chart
○ Policy requiring phone call?
● What they want
○ Prepaid cards
Account credentials
○ Wire transfers
○ Account & email credentials
● Sense of urgency
Technical safeguards cannot help

33
Scammer favorites Recent events - coronavirus
● Mimic recent news

○ Worldwide
■ Health scares
■ Protests
■ Elections
○ Local and regional Order Cancelled
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
Keep your guard up!

34
Reach Out
& Scam
Someone
35
Phone Scams
● Social engineering, what is it?
○ Make the caller provide verification
○ Hang up & call back published number
● Phone numbers can be easily spoofed
○ Banks & credit card companies
○ Medical & insurance
○ IRS or past due account balance
○ Robocalls
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average user
“out of the blue” 36
Phone scam example
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
○ Sense of urgency
○ Purposefully confusing
Red flags?
○ Expected call from Microsoft?
Technical safeguards can only do so much...

That’s why security awareness is a must!
37
General Tips
&
Privacy
38
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
39
Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone
PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
40
Internet Safety Quick Tips
● Never install anything based on a
Do NOT assume a site is legitimate
pop-up when visiting a website simply because of the green padlock
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo,
etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers
(hotels, libraries), charging, etc.
41
Internet Privacy
● Data is the new gold -> your data is valuable!
If you’re not paying for it, are you the product?
Data analytics & predictive results
Examples: advertising & insurance rates
Are you oversharing?
Default privacy settings on social media
Vacation photos & “checking-in” (location sharing)
Thieves see that information also
Would you be comfortable telling people on
the street?
42
More Resources
● Don’t stop here!
Attacks change, continue learning
Help educate others
When in doubt, ask questions
Your IT department? ○ Me?
Your IT provider?
Additional Resources
SANS Ouch! Newsletter (free)
https://www.sans.org/security-awareness-training/ouch-newsletter/
TreeTop Security - Cybersecurity Awareness Training (free)
Slides, feedback, quiz, & certificate of completion
https://www.treetopsecurity.com/CAT
43
Questions?
Your info
and/or
company logo here
45

Public - Cybersecurity Awareness Presentation

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Public - Cybersecurity Awareness Presentation

Caricato da

Copyright:

Formati disponibili

Cybersecurity

Downloaded in over Shared and recommended

Reminder: Many tips that keep you safe

● Credit card and financial data

35% 20% 14% 6%

Users that Users that Users that Users that

69% 95% 59% 86%

61% 9.6 6.1 0.2

Passwords exactly 8 Average Length of Average number of Average number of

If you use any of these, change them NOW!!!

Hover over the link to Is it a site you recognize?

○ Viagra <- ?!?!?! ○ Domain name

○ Email address ok ○ Expected email?

○ Name in SMS ok ○ Received a text regarding

Numbers instead of letters http://www.evil.com/

○ Email address ok? ○ Sense of urgency

● Stop & think before you click!

Macros Enable Macros <- NOOOOOO!!!!

● Step 1: Don’t do it!!!

Technical safeguards cannot help

● Mimic recent news

Keep your guard up!

Technical safeguards can only do so much...

Potrebbero piacerti anche