Cybersecurity for Small Businesses Dr. Debasis Bhattacharya, UH Maui College
|
|
- Alban Malone
- 2 years ago
- Views:
Transcription
1 Cri Crime and Your Credit Union Workshop Cybersecurity for Small Businesses Dr. Debasis Bhattacharya, UH Maui College 6/5/15 Cybersecurity for Small Businesses 1
2 6/5/15 Cybersecurity for Small 2
3 6/5/15 Cybersecurity for Small Businesses 3
4 6/5/15 Cybersecurity for Small Businesses 4
5 Risks to Credit Unions Stealing Membership Lists Stealing Personal and Sensitive Info Spear Phishing Spamming Social Engineering Malware Botnets Loss of Reputation, Trust Lawsuits etc. 6/5/15 Cybersecurity for Small Businesses 5
6 6/5/15 Cybersecurity for Small Businesses 6
7 6/5/15 Cybersecurity for Small 7
8 6/5/15 Cybersecurity for Small 8
9 What about small businesses? In 2011, there were over 28.2 million small businesses Small businesses make up 99.7% of US employer firms 63% of net new private-sector jobs 48.5% of private-sector employment 42% of private-sector payroll 46% of private-sector output 37% of high-tech employment 98% of firms exporting goods, and 33% of exporting value Source: US SBA Office of Advocacy, 6/5/15 Cybersecurity for Small Businesses 9
10 6/5/15 Cybersecurity for Small Businesses 10
11 6/5/15 Cybersecurity for Small Businesses 11
12 Source: Infographics (June 2012). Small business security by Veracode 6/5/15 Cybersecurity for Small Businesses 12
13 Source: Infographics (June 2012). Small business security by Veracode 6/5/15 Cybersecurity for Small Businesses 13
14 Source: Infographics (June 2012). Small business security by Veracode 6/5/15 Cybersecurity for Small Businesses 14
15 Source: Infographics (June 2012). Small business security by Veracode 6/5/15 Cybersecurity for Small Businesses 15
16 Agenda What is so special about small businesses anyway? Laws related to sensitive information Management of sensitive information How to safely transfer to others Encryption Sensitive information best practices Posting sensitive information online Storage of sensitive information Where to keep it and where not to 6/5/15 Cybersecurity for Small Businesses 16
17 Agenda Web browsing safety Password Safety Phishing & Spam Mobile Security 6/5/15 Cybersecurity for Small Businesses 17
18 Partial credit for this presentation. University of Hawaii Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Darryl Higa Information Security Specialists This entire presentation can be found at 6/5/15 Cybersecurity for Small Businesses 18
19 Security in Small Businesses Small businesses have security issues just as large businesses Lack of policies/procedures, technology or leadership styles impacts the ability to fight security problems Small businesses display a general lack of concern about security issues understandable! Security? What security? 6/5/15 Cybersecurity for Small Businesses 19
20 Common Security Problems Delayed or no security fixes or patches Incorrect preventative measures Lack of focus on security Absence of training and policies Consumed by running the business Reliance on outsourcing, cloud storage Lack of technology savvy etc. These problems are prevalent in businesses of all sizes 6/5/15 Cybersecurity for Small Businesses 20
21 What about small businesses? Open access to data and networks by a wide range of users. Reliance on outsourcing, cloud computing. Proliferation of data on devices (ipad, phones) Very basic policies and procedures in place to ensure data recovery and information security Too much reliance on tech such as anti-virus, firewalls, surge protectors, backup storage Data corruption, lost data, virus, malicious software, employee abuse and reliability issues 6/5/15 Cybersecurity for Small Businesses 21
22 What about small businesses? Open access to data and networks by a wide range of users. Reliance on outsourcing, cloud computing. Proliferation of data on devices (ipad, phones) Very basic policies and procedures in place to ensure data recovery and information security Too much reliance on tech such as anti-virus, firewalls, surge protectors, backup storage Data corruption, lost data, virus, malicious software, employee abuse and reliability issues 6/5/15 Cybersecurity for Small Businesses 22
23 Evolution of Security Issues 10 years ago after the dot-com bust - Low Internet penetration in Small Biz - Reliance on paper and the IT guy/gal - OK, if you did the basics - Windows Update - Virus Protection and Backups Today and the future - Phishing, social engineering, malware etc. - Cloud computing, HIPAA, devices etc. - Cyber breaches can ruin a small business 6/5/15 Cybersecurity for Small Businesses 23
24 Study Design Empirical, quantitative study Survey of 122 small businesses within Hawaii Over 80% of business in Hawaii have < 25 employees Study conducted in 2007 and Currently updated Tested for correlation between Information security problems and Leadership styles of business leaders 6/5/15 Cybersecurity for Small Businesses 24
25 14 Security Problems Insider abuse access Outsider access abuse Fraud Viruses Software problems Power failure Natural disaster Data integrity, data secrecy, data availability Data theft, data sabotage Transaction integrity User errors 6/5/15 Cybersecurity for Small Businesses 25
26 3 Leadership Styles Transformational Visionary, dynamic owner Transactional Focused on costs, control and boqom line benefits Passive-avoidant Absentee, unavailable 6/5/15 Cybersecurity for Small Businesses 26
27 Key Findings Policies and Procedures Computer Emergency Response Plan Computer Use and Misuse Policy Information Security Policy Cost-effective? Realistic? Proactive? 6/5/15 Cybersecurity for Small Businesses 27
28 Key Findings Technology Encryption Software Anti-virus Software Security Evaluation Systems Intrusion Detection Systems System Activity Monitors Cost-effective? Easy to install/update? Preventative? 6/5/15 Cybersecurity for Small Businesses 28
29 Key Findings Leadership Active Management by Exception Watch out for exceptons and abnormal behavior Idealized Influence ProacTve guidance, policies and training Contingent Reward Reward vigilance and safe computng practces Realistic? Achievable? Training? 6/5/15 Cybersecurity for Small Businesses 29
30 Proposed Solutions Level 1 - Basic Hygiene Train employees in security principles Provide firewall security for the entire business Make backup copies of important business data Secure your Wi-Fi networks and hide routers Limit employee access to data and information 6/5/15 Cybersecurity for Small Businesses 30
31 6/5/15 Cybersecurity for Small Businesses 31
32 6/5/15 Cybersecurity for Small Businesses 32
33 Proposed Solutions Level II - Active Defense Actively monitor your networks and property Proactive guidance, policies and training Reward vigilance and safe computing practices Watch out for exceptions and abnormal behavior 6/5/15 Cybersecurity for Small Businesses 33
34 Proposed Solutions Level III - Neighborhood Watch Share common tactics and strategies with others Obtain alerts from the crowd of small businesses Actively report information security issues and concerns to authorities and other small businesses 6/5/15 Cybersecurity for Small Businesses 34
35 Level I Basic Hygiene Sensitive Information Scanning Encryption Secure File Transfer Secure Web Links Secure Storage Information Security Policy Cloud Security Social Engineering 6/5/15 Cybersecurity for Small Businesses 35
36 Level I Basic Hygiene Back-ups Strong Passwords Web Browsing Safety URL Safety Spam Phishing Social Networking Mobile Safety 6/5/15 Cybersecurity for Small Businesses 36
37 Level I Sensitive Information Information is considered sensitive if it can be used to cause an adverse effect on the organization or individual if disclosed to unauthorized individuals Some examples are: Social Security Numbers, Customer records, Health information, credit card numbers, dates of birth, job applicant records, etc. State, Federal and Regulatory requirements provide standards for protecting sensitive information Question: Do you have a policy that defines your sensitive information? 6/5/15 Cybersecurity for Small Businesses 37
38 Know What to Protect A partial list of data considered sensitive Customer records Health information (HIPAA) Personal financial information Social Security Numbers Dates of birth Access codes, passwords and PINs Answers to "security questions" Confidential salary information 6/5/15 Cybersecurity for Small Businesses 38
39 How to Protect Information Know where it is stored Safeguard it with physical security Encrypt it Redact it Delete it 6/5/15 Cybersecurity for Small Businesses 39
40 Level I Scanning Identity Finder Windows and Macs Download at Find Social Security Numbers Virginia Tech IT resources_and_information/ find_ssns.html Scan for vulnerabilities OpenVAS Scan a single machine or a batch scan: 6/5/15 Cybersecurity for Small Businesses 40
41 Level I - Encryption Encrypting a Windows file, folder, and entire disk - BitLocker Encrypted disk images and full disk encryption for a Mac Secure Disk Image 6/5/15 Cybersecurity for Small Businesses 41
42 What Does An Encrypted File Look Like? 6/5/15 Cybersecurity for Small Businesses 42
43 DO NOT LOSE YOUR ENCRYPTION KEY When using encryption be careful to safeguard your encryption key. If lost ITS might not be able to help you recover your data. 6/5/15 Cybersecurity for Small Businesses 43
44 Ways To Securely Transfer Sensitive Information 6/5/15 Cybersecurity for Small Businesses 44
45 Level I - Secure File Transfer Providers such as SendThisFile https://www.sendthisfile.com/ solutions/overview.jsp Secure file transfer up to 100GB $19.95/mo, 10 day file access Security ends at transmission, you will still need to secure information on your computer 6/5/15 Cybersecurity for Small Businesses 45
46 Level I Spot Secure Links Look for the https:// encrypted) (the S means it is The S or the padlock means: That you have a secure (encrypted) link with this web site That this web site is a valid and legitimate organization or an accountable legal entity 19 6/5/15 Cybersecurity for Small Businesses 46
47 Level I - Do Not Use To Transfer Sensitive Information Unencrypted Third party cloud applications such as Dropbox Google Drive Unsecured USB drives or other external devices 6/5/15 Cybersecurity for Small Businesses 47
48 Level I - Where Should Sensitive Info Be Stored? Encrypted folders, partitions, or drives Secured servers Encrypted external drives Secure applications Locked file cabinets 21 6/5/15 Cybersecurity for Small Businesses 48
49 Level I - Where Not To Store Sensitive Information Your Unsecured paper files Your hard drive unencrypted Social networking sites 6/5/15 Cybersecurity for Small Businesses 49
50 Level I Create and enforce an Information Security Policy Sample UH Policy - Following policies and laws to protect sensitive information will not only protect the consumer, but it protects you from possible disciplinary action as stated in the UH General Confidentiality Notice UH Form 92 I understand that failure to abide by this notice may result in disciplinary action in accordance with University policies and procedures, State and federal laws, and applicable collective bargaining agreement up to and including dismissal. 6/5/15 Cybersecurity for Small Businesses 50
51 Level I - The Cloud The Cloud is not secure Do not store information in the cloud unless it is encrypted 6/5/15 Cybersecurity for Small Businesses 51
52 Level I - Keep Sensitive Information Secure From Social Engineers Verify callers Do not respond to scams, phishing, or suspicious phone calls requesting confidential company information or your own personal information. Remember the IRS will NEVER ask for your password over . 6/5/15 Cybersecurity for Small Businesses 52
53 Level I - Back-Up Regularly backing up your data is critical in case of a computer failure Store your backup in a secure location Secure your backup, lock it up, encrypt it. Regularly verify you can restore from this backup. 6/5/15 Cybersecurity for Small Businesses 53
54 Level I - Securing Your Password Password keepers such as KeePass or Last Pass or https://lastpass.com/ Do not store on your monitor or under keyboard Use something easy to remember but hard to guess Follow password generation guidelines CAPITALS lowercase numb3r5 $ymbols 6/5/15 Cybersecurity for Small Businesses 54
55 Use STRONG Passwords Not easily guessable Do not use dictionary words Use a combination of upper and lowercase letters, numbers, and special characters No less than 8 characters Check your password strength: https://www.microsoft.com/protect/fraud/passwords/ checker.aspx 6/5/15 Cybersecurity for Small Businesses 55
56 Creating a Strong Password Incorporate something memorable to you Replace letters with numbers or characters Example: First dog s name is Bingo You got him in 1965 Black spots Add special characters ==> B1NG01965bs! 6/5/15 Cybersecurity for Small Businesses 56
57 Level I - Web Browsing Safety Use anti-virus software on your computer Create and use strong passwords Beware of instant message links and attachments Protect yourself on all wireless networks Check the URL of a website to make sure it s legitimate Ensure your web browser software and all plugins are up to date 6/5/15 Cybersecurity for Small Businesses 57
58 6/5/15 Cybersecurity for Small Businesses 58
59 Level I - URL Safety Avoid clicking on links in pop-up ads or links in s that seem to be phony or suspicious. A good general rule is to type the Web site address in your address bar directly, rather than use a link in an message You can check the URL in any or on another Web site by simply holding your mouse above the link. The URL will appear in your browser or status bar (the bar that is usually at the bottom of your screen) and you can see what the name of the site is before you actually click on it. 6/5/15 Cybersecurity for Small Businesses 59
60 Common Signs of a Fake URL A fairly sure sign that a URL is fake is if the URL contains the sign in the middle of the address. If a URL contains the sign, the browser ignores everything to the left of the link. For example, if you go to a Web site that is you are not going to the Paypal site at all. A dead giveaway for a fake URL or a fake Web site is basic spelling mistakes in the Web address itself. Some URLs look very much like the name of a well-known company, but there may be letters transposed or left out. An example might be "mircosoft.com" instead of "microsoft.com." These slight differences can be easy to miss, and that's what phishers are counting on. 6/5/15 Cybersecurity for Small Businesses 60
61 Level I - Public Computers Remember to Logoff of any password protected webpage instead of just closing your browser Clear the browser s cache and web cookies When logging into password protected sites, do not use the Save my username and password option Do not log into banking or other sensitive sites over public or unsecured wireless hotspots Use private browsing 6/5/15 Cybersecurity for Small Businesses 61
62 Private Browsing Private Browsing allows you to browse the Internet without saving any information about which sites and pages you ve visited. Warning: Private Browsing doesn't make you anonymous on the Internet. Your Internet service provider, employer, or the sites themselves can still track what pages you visit. Private Browsing also doesn't protect you from keyloggers or spyware that may be installed on your computer. 6/5/15 Cybersecurity for Small Businesses 62
63 Level I - Don t click on attachments that you weren t expecting Do not reply to Phishing s, even to say that you aren t interested in or to ask them to stop contacting you Use spam filters Be wary of s that have misspellings or don t use your correct name Type in the URLS of your bank or other sensitive websites instead of clicking on the URL in s 6/5/15 Cybersecurity for Small Businesses 63
64 Level I - Spam Spam is the electronic version of junk mail. It involves sending unwanted messages, often unsolicited advertising, to a large number of recipients. Spam is a serious security concern as it can be used to deliver Trojan horses, viruses, worms, spyware, and targeted phishing attacks According to Symantec s latest State of Spam report, spam now accounts for 72% of all messages 6/5/15 Cybersecurity for Small Businesses 64
65 How Do You Know it s Spam? Messages that do not include your address in the TO: or CC: fields are common forms of Spam Some Spam can contain offensive language or links to Web sites with inappropriate content Spam also includes many misspellings or poor sentence structure 6/5/15 Cybersecurity for Small Businesses 65
66 Reporting Spam Report to FTC or ISP: report suspicious activity to the Federal Trade Commission (FTC) at or If you get spam that is phishing for information, forward it to If you believe you've been scammed, file your complaint at and then visit the FTC's Identity Theft Web site at to learn how to minimize your risk of damage from ID theft. If you receive a porn spam (pornography), you can report it at It should also be reported back to the ISP (Internet Service Provider) where the originated from. 6/5/15 Cybersecurity for Small Businesses 66
67 Level I - Phishing Agencies such as the IRS will NEVER ask you for your password over Social engineers will combine s with phone calls Subscribe to Phishing Alerts FraudWatch International at 6/5/15 Cybersecurity for Small Businesses 67
68 Don t Fall For This 6/5/15 Cybersecurity for Small Businesses 68
69 Digital Millennium Copyright Act (DMCA) 6/5/15 Cybersecurity for Small Businesses 69
70 Level I - What is DMCA? An act created to protect intellectual property in digital form Downloading / Distribution of copyrighted work without authority constitutes an infringement Examples of copyrighted materials are songs, movies, TV Shows, software, and games Violations are subject to civil and criminal liabilities 6/5/15 Cybersecurity for Small Businesses 70
71 Downloading Downloading and sharing of copyrighted materials via peer-to-peer file sharing software / networks WITHOUT LEGAL PERMISSION from the copyright owner or agent BitTorrent, LimeWire, and Gnutella are examples of methods used for downloading large amounts of data from the Internet 6/5/15 Cybersecurity for Small Businesses 71
72 UH Requirements for DMCA Notify the copyright infringer of the infringement Require them to remove the infringing material Provide education on Copyright Infringement 6/5/15 Cybersecurity for Small Businesses 72
73 DMCA Violation Consequences UH complies with all copyright legal obligations When presented with a subpoena UH will provide the violators information The individual can be sued Penalties include civil and criminal penalties Civil penalties may be actual damages at not less than $750 and not more than $30,000 per work infringed Criminal penalties include imprisonment of up to five years and fines up to $250,000 per offense 6/5/15 Cybersecurity for Small Businesses 73
74 Safe Social Networking Practices 6/5/15 Cybersecurity for Small Businesses 74
75 Level I - Safe Social Networking Practices Limit personal information online Ensure information you post does not answer security questions (dog s name, mothers maiden name) Check privacy settings to see who has access to online info Google yourself to see what people can piece together about you 6/5/15 Cybersecurity for Small Businesses 75
76 Social Networking Do not post TOO MUCH INFORMATION! The Internet is FOREVER! Whatever you post may circulate even AFTER you delete it New scams use social networking sites to get background personal information 6/5/15 Cybersecurity for Small Businesses 76
77 Facebook Security https://www.facebook.com/security
78 Mobile Device Security 6/5/15 Cybersecurity for Small Businesses 78
79 Level I - Mobile Best Practices Secure your mobile devices Use accounts and complex passwords Don t leave your devices unattended Enable auto-wipe Encrypt sensitive information Be aware when using location-aware services 6/5/15 Cybersecurity for Small Businesses 79
80 Mobile Malware How does a mobile device get infected? Crafted malicious URL Malicious Apps What can mobile malware do? Sends out SMS messages Destroys data on device Can spread to computers to infect them when synced 6/5/15 Cybersecurity for Small Businesses 80
81 Geotagging Pictures taken w/ a GPS-enabled smartphone tags each picture with the longitude & latitude of the location of the picture 6/5/15 Cybersecurity for Small Businesses 81
82 Turning off Location Services iphone Settings > Location Services 6/5/15 Cybersecurity for Small Businesses 82
83 Location-Aware Services 6/5/15 Cybersecurity for Small Businesses 83
84 Level I - Keep Your Computers Safe Update the software on your computer weekly (or more frequently) Install anti-virus and anti-spyware software and keep it up-to- date Scan your computer for vulnerabilities and PII Use accounts and strong passwords Encrypt sensitive information Don t install unknown software from unknown sites DO NOT SHARE your accounts/passwords Use password protected screen savers 6/5/15 Cybersecurity for Small Businesses 84
85 Level I - Wireless & Public Computers Be cautious when using open wireless networks Others using the network may be sniffing the network If you must use a public computer, change the password on the account accessed using a secure computer ASAP 6/5/15 Cybersecurity for Small Businesses 85
86 Level II and III Level II - Active Defense AcTvely monitor your networks and property ProacTve guidance, policies and training Reward vigilance and safe computng practces Watch out for exceptons and abnormal behavior Level III - Neighborhood Watch Share common tactcs and strategies with others Obtain alerts from the crowd of small businesses AcTvely report informaton security issues and concerns to authorites and other small businesses 6/5/15 Cybersecurity for Small Businesses 86
87 6/5/15 Cybersecurity for Small Businesses 87
88 What They Got Right 6/5/15 Cybersecurity for Small Businesses 88
89 Lessons Learned 6/5/15 Cybersecurity for Small Businesses 89
90 Conclusion Small businesses have security issues just as large businesses Lack of policies/procedures, technology or leadership style impacts the ability to fight security problems Level I precautions can be done today. Level II and III require work! For further information or 6/5/15 Cybersecurity for Small Businesses 90
Cyber Secure your Home and Family. 10/13/15 Cybersecurity for all of us 1
Cyber Secure your Home and Family 10/13/15 Cybersecurity for all of us 1 Agenda Securing your home network Password Safety Web browsing safety Phishing & Spam Digital Millennium Copyright Act (DMCA) Mobile
Privacy and Security: Protecting personally identifiable information (PII) and securing your mobile device
Privacy and Security: Protecting personally identifiable information (PII) and securing your mobile device UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Darryl
Think Before You Click. UH Information Security Team
Think Before You Click UH Information Security Team Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers Information Security Specialists INFOSEC@HAWAII.EDU
Management and Storage of Sensitive Information UH Information Security Team (InfoSec)
Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers
Protecting Yourself In Our Digital World. Jodi Ito Information Security Officer jodi@hawaii.edu (808) 956-2400
Protecting Yourself In Our Digital World Jodi Ito Information Security Officer jodi@hawaii.edu (808) 956-2400 New Information Security Team! Deanna Pasternak deannacp@hawaii.edu (808) 956-7975 Taylor Summers
Malware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
National Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
Computer Security and Privacy
Computer Security and Privacy 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Guidelines for Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures
How to stay safe online
How to stay safe online Everyone knows about computer viruses...or at least they think they do. Nearly 30 years ago, the first computer virus was written and since then, millions of viruses and other malware
Infocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
Impact of Cybersecurity Education in High Schools and Small Businesses in Hawaii. Challenges and Opportunities NICE Conference 2015
Impact of Cybersecurity Education in High Schools and Small Businesses in Hawaii Challenges and Opportunities NICE Conference 2015 Debasis Bhattacharya University of Hawaii Maui College debasisb@hawaii.edu
INTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org
INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup
Certified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
3 day Workshop on Cyber Security & Ethical Hacking
3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?
Protecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
Safe Practices for Online Banking
November 2012 Follow these guidelines to help protect your information while banking online. At First Entertainment Credit Union, our goal is to provide you with the best all around banking experience.
Learn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
Certified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
NATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos
David Watterson & Ross Cavazos Chief Information Officer IT Director City of Billings Yellowstone County Local Government IT Group Vice-Chairmen Classic Battle of Good vs Evil GOOD EVIL Firewall E-Mail
Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
Fraud Prevention Tips
Fraud Prevention Tips The best defense against fraud or identity theft is a proactive approach. Here are a few steps you can take to help protect yourself. Protect your identity Copy the front and back
Protect Yourself. Who is asking? What information are they asking for? Why do they need it?
Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary
Advice about online security
Advice about online security May 2013 Contents Report a suspicious email or website... 3 Security advice... 5 Genuine DWP contacts... 8 Recognising and reporting phishing and bogus emails... 9 How DWP
BE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
Protect yourself online
Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice
PROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
General Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
Protecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
Business ebanking Fraud Prevention Best Practices
Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special
Business Internet Banking / Cash Management Fraud Prevention Best Practices
Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization
Fraud Information and Security
Fraud Information and Security Updated: January 13, 2015 How We Protect You At WySTAR Global Retirement Solutions security is a top priority. We understand that your trust in us depends on how well we
E-MAIL & INTERNET FRAUD
FRAUD ALERT! FRAUD ALERT! Guarding Against E-MAIL & INTERNET FRAUD What credit union members should know to counter Phishing Pharming Spyware Online fraud On-Line Fraud Is Growing E-Mail and Internet Fraud
When visiting online banking's sign-on page, your browser establishes a secure session with our server.
The privacy of communications between you (your browser) and our servers is ensured via encryption. Encryption scrambles messages exchanged between your browser and our online banking server. How Encryption
BSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
Cybersecurity Best Practices
Ten Essential Cybersecurity Best Practices Banking Business Employees Brought to you by: 1 Did you know? One in five small-to-medium-sized companies were the victims of cyber breaches in 2013.1 In 76%
Top tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
Reliance Bank Fraud Prevention Best Practices
Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.
October Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
What you need to know to keep your computer safe on the Internet
What you need to know to keep your computer safe on the Internet Tip 1: Always install Operating System updates The most important steps for any computer user is to always install updates, especially security
Information Security
Information Security Table of Contents Statement of Confidentiality and Responsibility... 2 Policy and Regulation... 2 Protect Our Information... 3 Protect Your Account... 4 To Change Your Password...
Cyber Security. Maintaining Your Identity on the Net
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD
Email Security. 01-15-09 Fort Mac
Email Security 01-15-09 Fort Mac Most Common Mistakes in Email Security Email Security 1. Using just one email account. 2. Holding onto spammed-out accounts too long. 3. Not closing the browser after logging
Remote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
Business Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
Best Practices: Corporate Online Banking Security
Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive
Laura Royer, Extension Faculty, University of Florida/IFAS Osceola County Extension Services
Consumer Choices: Computer Security Software Prepared by: Dave Palmer, Instructional Media Faculty, University of Florida/IFAS Extension, South Central Extension District Laura Royer, Extension Faculty,
Cyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
Protection from Fraud and Identity Theft
Table of Contents Protection from Fraud & Identity Theft... 1 Simple Steps to Secure Your Devices... 1 Setting Up Your Computer and/or Mobile Device... 2 Adding Security Software... 2 Internet Safety Tips...
ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR
ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES 01 One must remember that everyone and anyone is a potential target. These cybercriminals and attackers often use different tactics to lure different
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
High Speed Internet - User Guide. Welcome to. your world.
High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a
Loophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
ITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
NC DPH: Computer Security Basic Awareness Training
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
STOP. THINK. CONNECT. Online Safety Quiz
STOP. THINK. CONNECT. Online Safety Quiz Round 1: Safety and Security Kristina is on Facebook and receives a friend request from a boy she doesn t know. What should she do? A. Accept the friend request.
OIG Fraud Alert Phishing
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a
Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud
Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity
PREVENTING HIGH-TECH IDENTITY THEFT
1 PREVENTING HIGH-TECH IDENTITY THEFT Presented by The Monument Group Companies Featured speaker: David Floyd November 19, 2014 2 Introduction Preventing Identity Theft (this session) Monitoring for Theft
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013
Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013 BACKUP SECURITY AND THE CLOUD BACK UP ALWAYS BACK UP TO AN EXTERNAL DEVICE OR REMOVAL MEDIA- NEVER DIRECTLY ON TO YOUR COMPUTER IF
Division of Information Technology. Phishing Awareness. By Chad Vantine Information Security Assistant
Division of Information Technology Phishing Awareness By Chad Vantine Information Security Assistant What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or
Don t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
TMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
How to Encrypt Files Containing Sensitive Data (using 7zip software or Microsoft password protection) How to Create Strong Passwords
How to Encrypt Files Containing Sensitive Data (using 7zip software or Microsoft password protection) How to Create Strong Passwords School IT Systems Support Herts for Learning Ltd SROB220, Robertson
INFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
Deter, Detect, Defend
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
Cyber Security Awareness
Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms
1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
Hint: Best actions: Find out more in videos and FAQ: Hint: Best actions: Find out more in videos and FAQ:
Game Cheatsheet This is a spam email, an unsolicited and unwanted email from an unknown sender. Hint: Does this offer seem too good to be true? Perhaps you need to know more? Best actions: Delete, Check
CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.
Benefits & Features CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere. What can I do with Internet Banking? You can inquire
ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
Common Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU 10-17-2013
Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU 10-17-2013 Todays Discussion Overview of Computer and Internet Security What is Computer and Internet Security Who Should
Security Statement. I. Secure Your PC
Security Statement The security of your accounts and personal information is Sonabank s highest priority. Regardless of your preferred method of banking in person, by telephone or online you need to know
Internet Security. For Home Users
Internet Security For Home Users Basic Attacks Malware Social Engineering Password Guessing Physical Theft Improper Disposal Malware Malicious software Computer programs designed to break into and create
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
4/20/2015. Fraud Watch Campaign. AARP is Fighting for You. AARP is Fighting for You. Campaign Tactics. AARP can help you Spot & Report Fraud
AARP can help you Spot & Report Fraud Fraud Fighter Call Center: Talk to a volunteer trained in how to spot and report fraud. Call the Fraud Fighter Call Center at (877) 908-3360 Fraud Watch Campaign What
Network and Workstation Acceptable Use Policy
CONTENT: Introduction Purpose Policy / Procedure References INTRODUCTION Information Technology services including, staff, workstations, peripherals and network infrastructures are an integral part of
10 Things You Need to Know About Internet Security
INFORMATION SECURITY 10 Things You Need to Know About Internet Security Presented by: Steven Blanc IT Security Officer, Bowdoin College Internet Security Versus Internet Safety Security: We must secure
Spyware. Michael Glenn Technology Management Michael.Glenn@Qwest.com. 2004 Qwest Communications International Inc.
Spyware Michael Glenn Technology Management Michael.Glenn@Qwest.com Agenda Security Fundamentals Current Issues Spyware Definitions Overlaps of Threats Best Practices What Service Providers are Doing References
Internet basics 2.3 Protecting your computer
Basics Use this document with the glossary Beginner s guide to Internet basics 2.3 Protecting your computer How can I protect my computer? This activity will show you how to protect your computer from
Identity Theft Protection
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
How-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
Recognizing Spam. IT Computer Technical Support Newsletter
IT Computer Technical Support Newsletter March 23, 2015 Vol.1, No.22 Recognizing Spam Spam messages are messages that are unwanted. If you have received an e-mail from the Internal Revenue Service or the
Computer Security. Do s and Don ts for Connecticut College staff and faculty. v.1.0
Computer Security Do s and Don ts for Connecticut College staff and faculty v.1.0 1 Objective To ensure that users are aware of information security threats and concerns, and are equipped to support organizational
Online Banking Customer Awareness and Education Program
Online Banking Customer Awareness and Education Program Electronic Fund Transfers: Your Rights and Responsibilities (Regulation E Disclosure) Indicated below are types of Electronic Fund Transfers we are
Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
Internet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
Cyber Security Awareness
Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure
Phoenix Information Technology Services. Julio Cardenas
Phoenix Information Technology Services Julio Cardenas Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous
Online Security Information. Tips for staying safe online
Online Security Information ProCredit Bank is committed to protecting the integrity of your transactions and bank account details. ProCredit Bank therefore uses the latest security software and procedures
2009 Antispyware Coalition Public Workshop
2009 Antispyware Coalition Public Workshop Jeffrey Fox Technology Editor, Consumer Reports Media contact: Lauren Hackett, 914-378-2561 Background For several years, Consumer Reports has been testing and