cert.govt.nz security week slides https://www.cert.govt.nz/ PART - - PowerPoint PPT Presentation

cert govt nz security week slides https cert govt nz
SMART_READER_LITE
LIVE PREVIEW

cert.govt.nz security week slides https://www.cert.govt.nz/ PART - - PowerPoint PPT Presentation

Apr 10, 2023 471 likes •873 views

Before we get started cert.govt.nz security week slides https://www.cert.govt.nz/ PART 2 Matts Security Tips and Tricks Hackers What do they want? Your Financial or Personal Info Hack your bank accounts, transfer money Sell

slide-1
SLIDE 1

cert.govt.nz security week slides

Before we get started

slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6
slide-7
SLIDE 7

https://www.cert.govt.nz/

slide-8
SLIDE 8

PART 2

slide-9
SLIDE 9

Matt’s Security Tips and Tricks

slide-10
SLIDE 10

Hackers – What do they want?

  • Your Financial or Personal Info

– Hack your bank accounts, transfer money – Sell / Use your credit cards – Blackmail you / Scam you / Randsom(ware) – Steal / Use / Sell your passwords – Impersonate you

  • Remote Control of your computer

– As a proxy for the purpose of illegal activity – Botnet – Storage for illegal programs or images etc – Hidden Illegal Darkweb service or website

slide-11
SLIDE 11
slide-12
SLIDE 12

How do they do it?

  • Phishing – Phishing attacks involve sending

email messages to you in hopes of tricking you into revealing something you shouldn’t, or doing something dangerous.

  • Pharming – Pharming attacks use a hack of

your Domain Name Service (DNS) or manipulation of the files on your computer to redirect you to a phony website matching the

  • ne you think you are going to.
slide-13
SLIDE 13

How do they do it?

  • Malware – Thieves may send you email

messages or documents that contain

  • malware. This malicious software then

directly or indirectly gives the thief access to personal or financial data on your computer.

  • Hacking – Hacking attacks take advantage
  • f weaknesses in your computer’s security to

steal data. Alternately, they may break into the network your computer is connected to, getting at your data from the inside. This is a particular problem on public WiFi networks, which often have little or no security.

slide-14
SLIDE 14

Hacker Tools

Kali Linux https://www.kali.org

slide-15
SLIDE 15

Seniors lose the most from identity fraud

  • Age Range % of People Report a Fraud Loss

Median Amount Lost

  • 19 and under 29%

$262

  • 20 to 29

29% $400

  • 30 to 39

32% $380

  • 40 to 49

28% $440

  • 50 to 59

25% $500

  • 60 to 69

20% $500

  • 70 to 79

18% $621

  • 80 and over 18%

$1092

slide-16
SLIDE 16
slide-17
SLIDE 17

So what can we do?

  • 1. Security At Home

– Secure your Home WiFi, Computers and Devices

  • 2. Mobile Security

– Secure all mobile devices / iPads etc – Careful using public computers

  • 3. Social Media Privacy and Security

– Tighten up your privacy / Minimal Footprint

  • 4. Security and Privacy Mindset

– Privacy and Security go hand in hand

Overview - Will go into more details in next 4 sections

slide-18
SLIDE 18

Security Tips At Home

  • Wifi Password + Strong Encryption Method
  • Install an Antivirus and Keep It Updated
  • Use Different Email Addresses for Different Kinds
  • f Accounts
  • Use different browsers for different activity
  • Clear Your Browser Cache on exit
  • Turn Off the 'Save Password' Feature in Browsers
  • Don't Fall Prey to Click Bait / Visit unknown sites
  • Password Manager
slide-19
SLIDE 19

Example - Use 2 Web Browsers

BROWSER 1 (Private)

  • Online Banking
  • Trademe / Ebay
  • Govt Websites

– Rates – IRD – Tollroad – RealMe

BROWSER 2 (General Browsing)

  • News sites
  • On demand
  • Facebook / Twitter
  • Youtube
  • Google searching
  • General Web use
slide-20
SLIDE 20

Home Security Continued ....

  • Dont allow websites to store your Credit Card
  • Log out of websites when you are finished
  • Don’t Open Mail From Strangers
  • Don’t Click on Strange-Looking Links / URLs
  • Back up Your Data Regularly
  • Consider Browser add-ons
  • 2-factor authentication
slide-21
SLIDE 21

Example – URLs and Certificates

  • Check website URL / Certificate before login
  • Demo

– URL – HTTP vs HTTPS – Is your communication encrypted? – Certificate – Subdomains

slide-22
SLIDE 22

Password Manager

  • Keepass Password Manager

– (offline) – Open source

  • Never store passwords online.

– Don’t use online password managers – Don’t sync passwords to Google – Don’t sync to Dropbox or any other

cloud platform.

slide-23
SLIDE 23

Search Engines

DuckDuckGo – This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads. They also have a zero-sharing policy with other features, but they do record search terms. StartPage – StartPage gives you Google search results, but without the tracking.

slide-24
SLIDE 24

Browser Privacy and Security Add-ons

  • uBlock Origin

– ublock Origin is an efficient, light-

weight blocker that filters both ads and tracking.

  • HTTPS Everywhere

– https everywhere add-on that

basically forces an HTTPS connection with the websites you visit, provided HTTPS is available for the site.

slide-25
SLIDE 25

Turn off Browser Sync

slide-26
SLIDE 26

How private is your browser?

  • More Privacy (Open-Source)

– Firefox – Chromium

  • Brave
  • Less Privacy (Proprietary)

– Chrome (Google) – Edge (Microsoft) – Safari (Apple)

slide-27
SLIDE 27

Browser Demos

  • Firefox Setup
  • Chrome Setup
  • Add-ons
  • Settings
  • Private Browsing – Public Computer
slide-28
SLIDE 28

2 - Mobile Security

slide-29
SLIDE 29

Basic Mobile Phone Security Tips

  • Secure your mobile against loss and theft

– Always secure PIN Lock Screen – Encrypt your data – Install Google “Find My Device”

  • Back up your mobile data
  • Update your phone’s operating system
  • Be smart with your apps
  • Be careful using public hotspots and free WiFi
  • Remember to log out of your accounts
  • Factory Reset / wipe before selling.
slide-30
SLIDE 30

Example - Encrypt Phone - Android

slide-31
SLIDE 31

Android Demo

slide-32
SLIDE 32

3 - Social Media Privacy and Security

slide-33
SLIDE 33

Social Media Privacy and Security

  • Privacy and security settings

– Unique Passwords – 2FA

  • Remember that what goes online, stays online
  • Your online reputation
  • Keep personal info personal

– Pet names .. First school .. Security questions? – Residential address or full name

  • Know and manage your friends
  • Clickbait – be careful. External Links
slide-34
SLIDE 34

Facebook

  • Minimal Personal Info
  • Make personal info available to Friends only
  • Make your posts to Friends only
  • Limit info on your public page

– DoB (Change to Day of Year only)

  • Make your friends list viewable “Only by Me”
  • Contact only Anyone vs “Friends of Friends”?
  • Careful joining groups
  • Careful with likes and comments
slide-35
SLIDE 35
  • 4. Mindset – Privacy and Security
slide-36
SLIDE 36
  • Privacy and Security are different but

related

  • A loss of one leads to a loss of the other
  • Remain vigilant
  • Make it a daily routine
  • Become security conscious
  • 4. Mindset – Privacy and Security
slide-37
SLIDE 37

Privacy and why it matters

  • Giving your personal information to a 3rd

party?

– Can you trust them? – Whats their privacy policy? – Are they secure? – What information of yours do they hold? – What happens if they are hacked?

slide-38
SLIDE 38

Privacy and why it matters

  • The more personal information you share, or

can be found / stolen, the greater your attack profile becomes.

slide-39
SLIDE 39

Questions??