Cybercrime Prevention and Awareness



Similar documents
How to Identify Phishing s

Identity Theft Protection

Learn to protect yourself from Identity Theft. First National Bank can help.

Malware & Botnets. Botnets

Tips for Banking Online Safely

Cyber Security. Maintaining Your Identity on the Net

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

10 Quick Tips to Mobile Security

Infocomm Sec rity is incomplete without U Be aware,

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

Fraud Prevention Tips

Protection from Fraud and Identity Theft

Protecting your business from fraud

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

National Cyber Security Month 2015: Daily Security Awareness Tips

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Cybersecurity Best Practices

Retail/Consumer Client. Internet Banking Awareness and Education Program

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Introduction to Computer Security

What are the common online dangers?

Safe Practices for Online Banking

Phishing Scams Security Update Best Practices for General User

Internet Basics. Meg Wempe, Adult Services Librarian ABOUT THIS CLASS. P a g e 1

platforms Android BlackBerry OS ios Windows Phone NOTE: apps But not all apps are safe! malware essential

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

NATIONAL CYBER SECURITY AWARENESS MONTH

Cyber Security Awareness. Internet Safety Intro.

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Identity Theft, Fraud & You. Prepare. Protect. Prevent.

ANDRA ZAHARIA MARCOM MANAGER

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Don t Fall Victim to Cybercrime:

Hot Topics in IT Security PREP#28 May 1, David Woska, Ph.D. OCIO Security

Social Media and Cyber Safety

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Computer Security Self-Test: Questions & Scenarios

Personal. Protecting Yourself in a Digital World

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Internet threats: steps to security for your small business

Member FAQ. General Information: Security:

Identity Theft: A Growing Problem. presented by Melissa Elson Agency Liaison Office of Privacy Protection - Bureau of Consumer Protection

How to stay safe online

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Detailed Description about course module wise:

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Cybersecurity: Is Your Company Prepared?

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

Protecting Yourself from Identity Theft

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

How To Protect Yourself Online

Corporate Account Takeover & Information Security Awareness. Customer Training

Protecting Yourself from Identity Theft

& INTERNET FRAUD

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Computer Security Literacy

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

Market Intelligence Cell. Fighting Financial Crime

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

Hesperbot. Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone

Advice about online security

What you need to know to keep your computer safe on the Internet

Welcome to the Protecting Your Identity. Training Module

ONE Mail Direct for Mobile Devices

Protect yourself online

COB 302 Management Information System (Lesson 8)

Safeguarding Your information and accounts

How-To Guide: Cyber Security. Content Provided by

Transcription:

April, 2014 Cybercrime Prevention and Awareness Basic Security Principles to Help You Better Navigate Through Cyberspace To join conference call dial (305) 433-6663 option 4 PIN # 42014 Presented by: Miguel Fra miguel@falconitservices.com www.falconitservices.com Sources: Neostrategos, onlinecollegecourses.com, forbes.com, go-gulf.com, us-cert.gov, microsoft.com, staysafeonline.org, ncsa

Why We Need Security Training 3 in 4 Americans have been hacked or have been victims of cyber crime. 90% of businesses have been hacked in the last 12 months. Of those, 77% have been hacked more than once. Last year, $ 1 trillion in intellectual property was stolen by cyber criminals. 600,000 Facebook accounts get hacked every day. 92% of top 100 paid mobile apps have been hacked. 30,000 Web site hacked per day. Estimated annual cost of cybercrime is 100 Billion US$ 1.5 million cybercrime victims per day. 233 million identities stolen each year.

How Cyber Criminals get Access Types of Attacks Viruses Insider Device Theft SQL Injection Phishing Web Based

Hacked Bank Funds Recovery Able to hold on Able to recover funds Unrecoverable

Situational Awareness is Key Security is an individual as well as a business investment. Learn as much as you can so that you can help prevent cybercrime. Individual training and awareness is an additional layer added to your company s existing hardware and software security infrastructure.

Security vs. Convenience

Good Password Policies Use strong passwords with upper case, lower case, number and special characters and a minimum of 6 characters. Don t use passwords that contain names, birthdays, pet names, phone numbers, etc. Don t use names or dictionary words followed by numbers, i.e. Stingray2010, Fireman1, Baseball1234 Don t share passwords across multiple services i.e. same password for Gmail, Credit Cards, Work, Twitter, etc. Don t use sequential passwords for different services i.e. mypassword10, mypassword11, mypassword12, etc. Don t store your passwords under your keyboard, in your drawer, in Outlook, Gmail, Phone, password wallet software, etc.). Best place to store passwords is in your brain, second best is written on a piece of paper and kept in your wallet. If you have a bad memory, use meaningful words with a twist like: 1L0v3Ch0c0l@t3 (ILoveChocolate) Be weary of shoulder surfers that may be looking at you when you enter your password. Never tell your password to anyone, including people from support, customer service, helpdesk, etc.

Good Desktop PC Security Policies Log off from your desktop when you leave your desk. Do not store private information such as social security numbers, etc. on your desktop or unsecured network folders. If you receive an anti virus alert, immediate report it. Don t install any software/apps that have not been specifically authorized. Keep your desktop and AV up to date. Accommodate time for our technicians when they periodically call you to do desktop maintenance. Read computer alerts and understand them. Don t just click on them to get rid of them! Adhere to Web surfing policies.

Beware of Phishing & Social Engineering Phishing is the practice of luring users to visit fake Web sites in order to steal passwords, pin numbers and other sensitive information. Social Engineering is the practice of using personal charm, charisma, deception and trickery in order to elicit sensitive information from the victim. Social engineers use social media (Twitter, Facebook, Web Sites, etc.) to discover information about the victim (reconnaissance). Be as discreet as possible.

E-Mail &Phishing Do not follow links from e-mail asking you to visit a Web page. Be weary of banks, credit cards, IRS, utilities, and others asking you to visit their site via unsolicited e-mail link. Always make sure that login pages use SSL and that the login pages starts with https:// Always make sure that the domain name is darker than the rest of the URL when visiting sites. Look for inconsistencies, bad grammar and/or misspelled words on e-mails and web sites as signs of potential fake phishing sites. Don t send confidential information by e-mail, Instant messaging or text message. Situational awareness: don t open e-mails with attachments if they are out of context ( i.e. iloveponies.pdf from your boss or businessmeeting.pdf from a relative) View all e-mail attachments and links with suspicions. No matter who they are from. Beware of: generic salutations, suspicious email addresses, alarmist messages, grammatical errors/misspellings, request to verify, update or change account settings. We weary of unsolicited requests by e-mail to reset your PIN, ID or password. Don t open attachments from unsolicited or unexpected e-mails. Avoid opening ZIP files unless you know who it s from AND you are specifically expecting it! Don t access your personal e-mail from your work computer.

Social Engineering If you get a call from a bank, credit processor, IRS, phone company etc. and they ask for private information, DO NOT divulge the information. Instead, ask for their name and extension and call them on the number listed on their corporate Web site. Unless you can positively identify the identity of the person you called you, never give out information to an inbound caller. Reduce the amount of information about yourself in Facebook, LinkedIn and other social media sites. That information is useful in social engineering. Do not give passwords or personal information to helpdesk or support technicians. They should have access to your system via their own user names and passwords. Careful who you add as a friend or connect to when using social media. Don t post business owners or manager information on social engineering sites. They are high value targets for social engineers. Common Social Engineering Tactics Familiarity Exploit Posing as familiar entities or using those positions for reconnaissance. Do not give information to people from the phone company, mailmen, electric company, etc. Creating emergencies or urgency. This makes the victim nervous, anxious and more likely to divulge information. Creating hostile situations. People often try hard to avoid fights and hostilities and in trying to do so, may lose situational awareness and divulge information. Using social media and searches to gather information.

Web Surfing 30,000 Web sites get hacked each day, so be weary even when surfing known Web sites. Don t download and install Apps from unknown Web sites. Don t download and install unsolicited Apps even from known Web sites. Read alerts. Don t just click on them to get rid of them! Use situational awareness and be extra careful when surfing new or unknown Internet sites. Do you have awareness?

If you see pop up while surfing, and it s claiming that you are infected with a virus, press ALT+F4 to close the window or CTRL+AL+DEL to log off. Do not click on any part of the pop up, not even the X to close the window!!! Read Windows pop-up alerts. Don t just click on them to get rid of them. Beware of threats of inaction, over the top virus alerts and demagoguery. These tend to be viruses. Drive By Infections

Social Media & On-Line Services Social Media and Free Services such as Facebook, Twitter, Gmail and other want as much personal information about you as possible so that they can sell it to advertisers (big data). Hackers want the same information so that they can use social engineering to gain unauthorized access to your valuables. On-Line services opt for convenience over security because they do not want to push customers away. Don t post anything you would say only to a close friend such as feelings, money problems, etc. These types of posts expose you to cyberbullying and online scammers. Keep sensitive data to yourself. Especially information that can be used by scammers to impersonate you. Talk to your family, friends and employees about what you don t want posted on line. On-Line services rely on common social media comments as password reset or authentication mechanisms for forgotten passwords (favorite movie, favorite pet, elementary school). That same information people usually post willingly on social media! Laws have not caught up with technology, in fact they are YEARS behind. Laws are needed for people and corporations to behave ethically. Those laws have yet to catch up to new technologies and online privacy. Although it s illegal for an employer to ask you about race, religion or ethnicity during a job interview, it s not illegal for an employee to filter out those same things using social media tools. According to WSJ, lenders are mining Facebook and other social media sites to determine credit worthiness. You can be denied disability claims based or pay higher life insurance premiums based on what you or your relatives post on-line.

Smart Phones 52% of large businesses have reported smartphone incidents in the past year. 93% of workers connect their smartphones to corporate networks. Risk comes via apps that have access to phonebooks, e-mail, microphone, cameras, etc. Abuse/Spying/Misuse of corporate data by ISP s/ Handset Makers/ Apps. Ask yourself: Why are so many apps FREE? Rogues are apps usually undetected since smartphone security is in its infancy and smartphones seldom have antimalware. Don t keep sensitive data on your smartphone. Turn off smartphones during private meetings or when talking about extremely private information. Apps such as CrowdPilot, Facebook, Flexispy, etc. can listen in to your conversations, read your call log, etc. Many insider exploiters usually go unnoticed if it were not for human error (see case of Google engineer David Barksdale)

Resources http://www.microsoft.com/security/resources http://www.staysafeonline.org/ncsam/ http://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html http://gawker.com/5638874/david-barksdale-wasnt-googles-first-spying-engineer http://articles.latimes.com/2011/jan/25/business/la-fi-facebook-evidence-20110125 http://www.relevanza.com/denied-loan-facebook-posts/ http://www.motherjones.com/politics/2013/09/lenders-vet-borrowers-social-media-facebook Thank you for attending this presentation. If you would like to continue, stay on the call for questions and answers!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information