Be open for business……not open to be Hacked

Lionel ThomasRoles:• Man. Director Web Company• Game Studio Manager• Game Producer• Web Manager• Lead Web Programmer• Online Marketing & Sales• Multi-media Developer• System/Database Administrator• Community Manager• Computer Sales, Building and Maintenance

Security is a Mindset

• Secured Million Dollar Online Store (Owner just wanted Sales)

• Cleaned a Server with 50 Websites Hacked (Actively Being Hacked)

• Access to a website in under 10 Seconds (Outsourced)

• Penetration Testing Online Stores in Australia 83% with issues

Passwords

From a list of 10 Million Common Passwords…

PasswordsTips:• Use a Password Manager (Daily Use)

• Different password per login

• Never Reuse (2012 - Dropbox 60m+)

• Change passwords regularly

• Use Phrases for Sensitive Logins

Example: IloveFlashGordon120%

Becomes faster every year…

Passwords

www.LastPass.com

Key Benefits:

• Manage

• Sync

• Share

• Auto Login

• Audit / Change Passwords

USB Sticks• Over 48% of people will pickup a USB Stick and Plug it in

• Only about 16% of those people will Scan it

Tips:

• Do NOT pickup Random USB sticks and make it a Policy

• Encrypt and/or Password protect the data on your USB sticks

Killer USB SticksCost: $79

1. Charges capacitors from device (ie. PC, Laptop, TV, Printer)

2. Once charged, it discharges all power back into device

3. And Repeats…

It’s meant to be able to kill 95% of devices that have a USB port that do not have protection, which many do not.

Pokémon GoMobile Apps.

At Release: Pokémon GO, granted itself FULL access to your Google Account.

Full Access includes the ability to:• Read your Emails• Send Emails from your Account• Access Google Drive documents• Look at Search History• Access Private Photos on Google Photos• And More…

Tip:Strick Policy around the use of Email Accounts on Mobile devices.

* Use a Burn Email

Google Apps & Siteshttps://myaccount.google.com/security#connectedapps

Phishing Attacks

Phishing Attacks• May be emailed from someone you know

• May be via a Website

• Fake web pages

• Fake Domains

• Pull your Heart Strings, Urgency, Outragous

Phishing Attacks

Tip:

Pick up the Phone!

Cloud StorageTips

• Research your requirements

• You want Protection by two-factor authentication

• Don’t use Cloud Storage as your main Backup

• Updated files sync, this includes infected files

For Home & Home Office

• Cybersecurity- Viruses and Spyware- Anti-Ransomware- Phishing Attacks- Identity Theft- Social Network Threats- Unsafe Websites

• PC and Mac

For Business

• Next-generation endpoint security

• Cloud-based threat intelligence services

• Mobile Security

• Secure web Gateway

• IoT cybersecurity

www.WebRoot.com.au

Website SecuritySome of the Reasons to Hack a Website:

• Information thief

• Malicious Distribution

• Email Spamming

• Website Hi-Jacking

• Platform for DDOS attacks

Website Security• 70% of websites have vulnerabilities

• Google search is a tool used by Hackers

• 205 days is the average time to detect a Breach

• 2/3 Stolen data is detected externally, usually when being sold

Website Security

Website Security

Sucuri: Website Hacked Trend Report 2016 - Q1

Reasons for being Hacked:

• Out of Date

• Improper deployment

• Bad configuration

• Poor maintenance

• 3rd Party Plugins

Website SecurityChallenges of staying up to date:

• Highly customized deployments

• Issues with backward compatibility

• Lack of staff

• No procedures in place

• Web Application Firewall

• Real-Time Threat Defence Feed

• Block Brute Force Attacks

• Country Blocking

• Manual Blocking

• Malware Scanner

• Website Spam Checks

• Track Site Logins

• View intrusion attempts

• File Repair

• Password Audit

• Cell Phone Sign-in

www.WordFence.com

Website Security

www.CloudFlare.com

Filtering, Server Load Reduction, Speed Optimization and more…

CloudFlare

Website Securityhttps://www.google.com/transparencyreport/safebrowsing/diagnostic/?

Website Security

Email/Domain Check:Mail, Domain, Blacklisted?www.MXToolBox.com

DNS:Check your DNS Recordswww.LeafDNS.com

Website SecuritySite Check:Scan content, Check Firewall, and more…sitecheck.Sucuri.net

Site Rating:Website Ratingsafeweb.Norton.com

Website Security

Web Vulnerability Scanner:Vulnerability and Penetration Testing,Used by Governments, Large Corp. and Militarywww.Acunetix.com

Website Host Security

Questions to Ask your Hosting:

• What Security is implemented?

• What should I be doing?

• Who Updates the Server?

• What is the Process if I am hacked?

Website Security Overview• Secure Username & Passwords

• Multiple Layered Security

• Stay Updated (Host, Website & Plugins)

• Secure Hosting

• Regular and Archived Back Ups

• Stay Informed

Common Web Admin Usernames:• Admin• Administrator• Marketing• Firstname• Domain Name• …

Suggestions

• Stay Up to Date

• Avoid the Shinny

• Pay to Stay Protected

• Have an Offline Component

• Create a Security Mindset in Staff