Common Cyber Threats. Common cyber threats include:



Similar documents
Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Section 12 MUST BE COMPLETED BY: 4/22

An Introduction on How to Better Protect Your Computer and Sensitive Data

Best Practices For Department Server and Enterprise System Checklist

Network Incident Report

How to stay safe online

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Data Management Policies. Sage ERP Online

Cyber Security Awareness

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

NATIONAL CYBER SECURITY AWARENESS MONTH

GFI White Paper PCI-DSS compliance and GFI Software products

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cyber Security Awareness

Information Security. Louis Morgan, CISSP Information Security Officer

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Corporate Account Takeover & Information Security Awareness. Customer Training

Global Partner Management Notice

Desktop and Laptop Security Policy

Corporate Account Takeover & Information Security Awareness

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

Protecting Your Organisation from Targeted Cyber Intrusion

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Network Security and the Small Business

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

PC Security and Maintenance

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Mifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Evaluation Report. Office of Inspector General

Computer Security Maintenance Information and Self-Check Activities

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Incident Response Plan for PCI-DSS Compliance

Information Technology Cyber Security Policy

Computing Services Information Security Office. Security 101

Computer Viruses: How to Avoid Infection

Windows Operating Systems. Basic Security

Infocomm Sec rity is incomplete without U Be aware,

Cyber Essentials Scheme

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Don t Fall Victim to Cybercrime:

Protecting your business from fraud

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Boston University Security Awareness. What you need to know to keep information safe and secure

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

National Cyber Security Month 2015: Daily Security Awareness Tips

Network Security Policy

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Windows Remote Access

Data Management & Protection: Common Definitions

Defending Against Data Beaches: Internal Controls for Cybersecurity

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Reliance Bank Fraud Prevention Best Practices

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Cyber Self Assessment

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Keeping you and your computer safe in the digital world.

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How To Protect Your Information From Being Hacked By A Hacker

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Introduction. PCI DSS Overview

How To Protect The Time System From Being Hacked

Information Security

Presentation Objectives

Business ebanking Fraud Prevention Best Practices

Protection from Fraud and Identity Theft

Host-based Intrusion Prevention System (HIPS)

How To Protect Research Data From Being Compromised

The information contained in this session may contain privileged and confidential information. This presentation is for information purposes only.

Computer Networks & Computer Security

Paul Nguyen CSG Interna0onal

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Online Banking Fraud Prevention Recommendations and Best Practices

ON-LINE BANKING, BILL PAYER and MOBILE BANKING Terms and Conditions Effective 5/14/12

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

AUTHOR CONTACT DETAILS

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Course: Information Security Management in e-governance

Retail/Consumer Client. Internet Banking Awareness and Education Program

How to easily clean an infected computer (Malware Removal Guide)

A Decision Maker s Guide to Securing an IT Infrastructure

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Why The Security You Bought Yesterday, Won t Save You Today

What are Viruses, Trojans, Worms & Spyware:

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

Corporate Account Takeover & Information Security Awareness

Transcription:

Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities... 7... 7... 7 Removable Media... 8... 8... 8 Course Library: Common Cyber Threat and Page 1

Common Cyber Threats If you suspect you may have been a target of any of the threats included here, or have been targeted by any other cyber threat, report it to your FSO or security point of contact immediately. Common cyber threats include: Phishing and spear phishing Malicious code Weak and default passwords Unpatched or outdated software vulnerabilities Removable media Course Library: Common Cyber Threat and Page 2

Phishing and Spear Phishing Phishing is a high-tech scam that uses e-mail to deceive you into disclosing personal information. It puts your personal information and your organization s information at risk. Spear phishing is a type of targeted phishing that appears to be directed towards a specific individual or group of individuals. The following are suspicious indicators related to phishing and spear phishing: Uses e-mail May include bad grammar, misspellings, and/or generic greetings May include maliciously-crafted attachments with varying file extension or links to a malicious website May appear to be from a position of authority or legitimate company: Your employer Bank or credit card company Online payment provider Government organization Asks you to update or validate information or click on a link Threatens dire consequence or promises reward Appears to direct you to a web site that looks real Spear phishing specifically: Has a high level of targeting sophistication and appears to come from an associate, client, or acquaintance May be contextually relevant to your job May appear to originate from someone in your email address book May contain graphics that make the email look legitimate Effects include, but are not limited to: Deceiving you into disclosing information Allowing adversary to gain access to your and/or your organization s information Course Library: Common Cyber Threat and Page 3

The following countermeasures can be taken to guard against phishing and spear phishing: Watch out for phishing and spear phishing Delete suspicious e-mails Contact your system security point of contact with any questions Report any potential incidents Look for digital signatures Configure Intrusion Detection Systems (IDS) to block malicious domains / IP addresses Ensure anti-virus software and definitions are up to date Do not: Open suspicious e-mails Click on suspicious links or attachments in e-mails Call telephone numbers provided in suspicious e-mails Disclose any information If you suspect you may have been a target of phishing, report it to your Facility Security Officer (FSO) or security point of contact. Course Library: Common Cyber Threat and Page 4

Malicious Code Malicious code is software that does damage and/or creates unwanted behaviors. Malicious code includes: Viruses Trojan horses Worms Keyloggers Spyware Rootkits Backdoors The following are suspicious indicators related to malicious code; malicious code may be distributed via: E-mail attachments Downloading files Visiting an infected website Removable media Effects include, but are not limited to: Corrupt files and destroyed or modified information Compromise and loss of information Hacker access and sabotaged systems The following countermeasures can be taken to guard against malicious code. To guard against malicious code in email: View e-mail messages in plain text Do not view e-mail using the preview pane Use caution when opening e-mail Scan all attachments Delete e-mail from senders you do not know Turn off automatic downloading To guard against malicious code in websites: Block malicious links / IP addresses Block all unnecessary ports at the Firewall and Host Disable unused protocols and services Stay current with all operating system service packs and software patches If you suspect your information system has been compromised, report it to your FSO or security point of contact. Course Library: Common Cyber Threat and Page 5

Weak and Default Passwords The use of weak and default passwords creates easily exploitable system vulnerabilities. The following are indicators of weak passwords; weak passwords include those that use: Words found in the dictionary Readily available information significant to you (names, dates, cities, etc.) Lack of character diversity (e.g., all lower case letters) Effects include, but are not limited to, hackers: Exploiting users habit of repeating passwords across sites and systems Cracking passwords to less secure sites Accessing your and your organization s information The following countermeasures can be taken to guard against password compromise, when creating a password: Combine letters, numbers, special characters Do not use personal information Do not use common phrases or words Do not write down your password, memorize it Change password according to your organization s policy Enforce account lockout for end-user accounts after a set number of retry attempts Do not save your passwords or login credentials in your browser NEVER share your password If you suspect your password has been compromised, report it to your FSO or security point of contact. Course Library: Common Cyber Threat and Page 6

Unpatched or Outdated Software Vulnerabilities Unpatched or outdated software provide vulnerabilities and opportunities for adversaries to access information systems. The following is a list of suspicious indicators related to unpatched and outdated software: Unauthorized system access attempts Unauthorized system access to or disclosure of information Unauthorized data storage or transmission Unauthorized hardware and software modifications Effects include, but are not limited to: Corrupt files and destroyed or modified information Hard drive erasure and loss of information Hacker access and sabotaged systems The following countermeasures can be taken to guard against software vulnerabilities: Comply with the measures in your organization s policies, including the Technology Control Plan (TCP) Stay current with patches and updates Conduct frequent computer audits - Ideally: Daily - At minimum: Weekly Do not rely on firewalls to protect against all attacks Report intrusion attempts Disconnect computer system temporarily in the event of a severe attack If you suspect your information system has been compromised, report it to your FSO or security point of contact. Course Library: Common Cyber Threat and Page 7

Removable Media Removable media is any type of storage device that can be added to and removed from a computer while the system is running. Adversaries may use removable media to gain access to your system. Examples of removable media include: Thumb drives Flash drives CDs DVDs External hard drives The following is a list of suspicious indicators related to removable media. Adversaries and hackers may: Leave removable media, such as thumb drives, at locations for personnel to pick up Send removable media to personnel under the guise of a prize or free product trial Effects include, but are not limited to: Corrupt files and destroyed or modified information Hacker access and sabotaged systems The following countermeasures can be taken to guard against removable media vulnerabilities. Contractors: Follow your organization s removable media policy DoD personnel: Do not use flash media unless operationally necessary and government-owned Do not use any personally owned/non-government removable flash media on DoD systems Do not use Government removable flash media on non-dod/personal systems Encrypt all data stored on removable media Encrypt in accordance with the data's classification or sensitivity level Use only removable media approved by your organization Store in GSA approved storage containers at the appropriate level of classification The DoD severely restricts or prohibits the use of removable media. Consult your security point of contact (POC) for current policy. If you suspect you have been targeted via removable media, report it to your FSO or security point of contact. Course Library: Common Cyber Threat and Page 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information