internet security in the workplace...don’t recognize: especially if it claims to protect your...

Internet

security in the

workplace

Protecting online data for

company, customer and

employee

www.appsonnet.com© Applications on Networks Inc.

TWO MYTHS

Myth 1

The norm is to think that cyber threats to business are usually

nefarious hackers writing malicious code designed to pilfer

corporate intelligence and siphon confidential or financial

information.

Myth 2

Small and medium businesses may feel that they aren’t likely to

be a target due to their size and that hackers couldn’t possibly be

interested them


TWO REALITIES

REALITY 1

More often than not, the threat is actually from within the organization because we as employees can quite easily, and usually unintentionally, open the door for cybercriminals. After all to Err is …

It is far easier for a cyber criminal to con a person into giving access than it is to try a multitude of attack combinations to break into a computer system.

REALITY 2

Cybercriminals prey on businesses that tend to have lower defenses vs. larger organizations like conglomerates that usually have financial and human resources to better protect themselves.

Its easier and there’s a better chance to get gains by attacking tens of thousands of smaller businesses vs. a big corporation (although it does happen).


WHY

• IT’S LUCRATIVE!

• The global cost of cybercrime will reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion.

• Some hackers make more than $80,000 a month

• These are real business models selling Exploits and Kits, renting out BOT Nets, supplying ransomware etc.


Two Common Threats

• SOCIAL ENGINEERING: Phishing attacks –

designed to con you into installing malware

• MALWARE: The Computer Virus – Infects and

steals information and spreads to other

machines


1.Strengthen computer defenses

2. Be cautious and don’t download malicious software or install unlicensed software

3.Help protect company information

4.Use strong passwords and keep them private.

5.Guard data and devices (phones, flash drives, laptops, tablets, etc.) when on the road.

WHAT CAN WE DO ABOUT IT – 5 STEPS


• Keep the firewall on: A firewall creates a security barrier between your computer and the

Internet.

• Keep Anti-Malware software enabled: This software helps protect your computer by

scanning downloaded files and attachments for the latest threats, and detecting and

removing thousands of specific viruses before they have a chance to do any damage

• Never download anything in response to a warning from a program you didn’t install or

don’t recognize: especially if it claims to protect your computer or offers to remove viruses.

Same for any pop-up message that advertises security software. These are likely to be fake,

and do exactly the opposite of what they advertise. USE CTRL-F4 to close dialogue boxes.

• Install legitimate software, also it’s also a good idea to remove any software that you don’t

use / not needed.

• Keep software up to date for example stay current with Windows Update.

1. Strengthen your computer defenses


• Stop and think before you click links, open photos, songs, or other attachments in a message from someone you don't know. Be wary of "free" games, apps, and the like, which are notorious for including malware in the download.

• PLEASE BE CAUTIOUS OF STRANGE EMAILS AND / OR STRANGERS CALLING YOU AND MAKING STATEMENTS THAT YOU OR YOUR COMPUTER HAS BEEN COMPROMISED AND ASKING FOR PERSONAL DETAILS

� If you receive a phone call from an 'expert' offering to fix your PC --- IT’S A SCAM ---

� If you receive an unexpected email from a stranger or from a personal email account of someone you know requesting to click on a link go to a website or change a password

--- IT’S MORE THAN LIKELY A SCAM ---

• HOW IT WORKS:

� The Scammer calls you and asks for you by name, they state that they are a "computer security" expert from a legitimate tech company like Microsoft or a 'partner' company. The Scammer sounds polite, official and quite convincing . They say that your PC or laptop has been infected, and that they can help you solve the problem.

� There are many variations of this scam and what happens from this point onwards depends on the particular type of scam of which you are a targeted, for example there are scams that target email accounts, Dropbox password compromise, Microsoft and PC's, WhatsApp Gold, Payments, expired Apple ID, fake tickets to events like the Olympics, TAX/CRA and more.

2. Don’t download malicious software


WHAT TO DO

WHAT TO DO IF YOU GET CALLED:

1. Hang up, as it is not a legitimate call.

2. Don't provide any personal or company information.

3. Never hand over your credit card or bank details.

4. Don't allow a stranger to guide you to a certain webpage, or

instruct you to change a setting on your PC or download software.

5. Collect any details you can and report back to your technology

support or if significant issue or loss has occurred, report it to the

authorities.

6. Tell everyone about it as the best defence is sharing knowledge.


WHAT TO DO

WHAT TO DO IF YOU GET SUSPICIOUS EMAIL:

1. Don’t open the email, definitely don’t open ANY attachment even Word documents, PDF’s and images are dangerous.

2. Don't click on any links or go to mentioned websites

3. Don’t forward the email to anyone

4. Collect any details you can and report back to IT.

5. Tell everyone about it as the best defence is sharing knowledge.

6. Move the email to Junk folder


• Handle sensitive data with special care: Avoid putting confidential information such as account numbers, passwords, intellectual property, sensitive customer data in email. Also note that instant/text messages are generally not secure.

• Beware of scams and fraud � Look for telltale signs like messages (imitations) claiming from banks,

government, post office, PayPal etc. asking for sensitive information. These organizations know better and never ask for such information. Never follow the links in the messages.

� Alarming messages like “A Virus has infected your computer, call 1.800…

� Misspellings are a common tactic to break filters

� Confirm a suspicious looking message from a company you do business with by calling them or sometimes using a different device

3. Protect company data and financial assets


You lock your house, your car, your bike.

We also need to lock corporate assets, client info, devices (like phones, laptops, and company routers), online accounts and so on with passwords and PINs.

1. Lock devices, company routers, and online accounts with strong passwords or PINs. Strong passwords are long phrases or sentences and mix capital and lowercase letters, numbers, and symbols.

2. Don’t disclose passwords or PINs to anyone including coworkers.

3. Use a unique password on each account or device containing personal or business data, and change them regularly.

4. Use strong passwords


1. WEAK: “Password1” is the most common business password, so it’s at the top of criminal lists to test.

2. WEAK: A date, birthday, anniversary, pets name can be known and easily found by a criminal.

3. WEAK: Don’t use a single word that you can find in any dictionary in any language (advantageous). Criminals can easily break common replacements such as an exclamation point for “t” or zero for “o.”

4. WEAK: Avoid using only numbers--number sequences, repeated numbers or Social Security numbers.

5. BETTER: 2$PlumFinePunUses words that don’t make sense grammatically, but mean something to whomsoever made up the password. It’s also long and uses upper and lower case letters, numbers, and symbols. Estimated time to crack 6 days by Botnet.

6. STRONGER:N3T3w0b3ad4rThis password took the first two letters from this sentence and second letter is a number:New Tesla would be a dandy ride.This is a sentence that was easy to remember for someone who created it, and difficult for others to guess. Mixing in capital and lowercase letters, symbols, and numbers adds complexity.

Its easier if you think of a pass phrase instead of a password


• Connect securely and save sensitive activities for trusted connections

• Treat all public Wi-Fi networks as a security risk. � Choose the most secure option—it could include password-protection or

encryption—even if you have to pay for it.

� Confirm the exact spelling of the wireless network you’re connecting to—beware of clever (slightly misspelled) fakes, such as Starbvcks Free WiFi

� Never make financial and other sensitive transactions on any device over public wireless networks.

• Use flash drives carefully. Minimize the chance that you’ll infect your company network with malware: � Don’t put any unknown flash (or USB) drive into your computer.

� On your flash drive, don’t open files that are not familiar.

� Flash drives: watch out for unknowns

Guard company data when on the road


WHAT TO DO

WHAT TO DO IF YOU HAVE BEEN A VICTIM:First of all don't feel bad, take action. These scams happen to many people, that’s why these scams still exist.

1. Turnoff your laptop in case they managed to get access to it

2. You need to change all the personal data that you can change.

3. Change all your passwords :

- Company Computer Account / Domain Account.

- Main email account .

- Bank & Credit card logins.

!!! Remember your PC is turned off, so please don’t use the potentially compromised computer to change your information !!!

4. Check your bank accounts from a secure location, call in by phone is usually a good choice.

5. Contact your bank to ask them to be on the lookout for anything dodgy and ask them for advice.

6. Collect any details you can and report it to your tech support.


THANK YOU!

www.appsonnet.com


internet security in the workplace...don’t recognize: especially if it claims to protect your...

Documents