Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio - - PowerPoint PPT Presentation

Cyber Security Awareness Seminar

Presented By: Ryan Moore

Ohio Cyber Range Institute, University of Cincinnati

Ohio Cyber Range Institute, University of Cincinnati

About This Seminar

• Designed for everyday cyber citizens
• Online Webinar
• 2 – hour Presentation
• 10 Minute break
• Questions?
• Resource Guide
• Follow-up survey

Ohio Cyber Range Institute, University of Cincinnati

Outcomes of this Seminar

• Describe common cybersecurity threats
• Take simple steps to take to protect:
• Information
• Devices
• Home networks
• Yourself
• Identify threats

Ohio Cyber Range Institute, University of Cincinnati

Security Mindset

Protecting our lives and our property

• Locking doors
• Checking who is at the door
• Alarm systems
• Washing your hands
• Leaving a light on
• Firesafe for valuables

Ohio Cyber Range Institute, University of Cincinnati

Cyber Security Mindset

• Become aware of the threats
• Initiate behaviors to minimize threats
• Take steps to prevent attacks
• Protect your self and others

Ohio Cyber Range Institute, University of Cincinnati

Cyber Security – It doesn’t affect me….

…I barely use the Internet …I don’t shop/bank online …I don’t have anything to steal …That’s what the IT person is for

Ohio Cyber Range Institute, University of Cincinnati

Cyber Security – Affects Everyone

• We are more connected than we realize
• Your information is valuable
• 95% of all Cyber Security Breaches are caused by

human mistakes and misunderstanding

• It doesn’t just affect you

Ohio Cyber Range Institute, University of Cincinnati

Don’t Be Afraid

Ohio Cyber Range Institute, University of Cincinnati

Common Security Threats

• Cyber Security Awareness - the knowledge combined with the

attitudes and behaviors that serve to protect our information assets

• Cyber Security Threat - the potential for an attack to occur
• Cyber Security Attack – Occurs when a threat has been exploited

Ohio Cyber Range Institute, University of Cincinnati

Malicious Software - Distribution

Categorized by how they spread

• Worms & Viruses – Self Replicating
• Trojan horse – Disguised as legitimate program
• Malvertising - false/fake advertisement

Ohio Cyber Range Institute, University of Cincinnati

Malicious Software - Actions

Categorized by what they do

• Ransomware – Holds files for ransom
• Adware – Pop-up Ads
• Spyware – Hides and steals info
• Botnets and zombies – Used to attack others

Ohio Cyber Range Institute, University of Cincinnati

Malicious Software - Demo

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Social Engineering

Ohio Cyber Range Institute, University of Cincinnati

Man in the Middle

Eavesdropping on you communications

• Public Wifi Risks
• Website Redirection

Ohio Cyber Range Institute, University of Cincinnati

Vulnerability Exploitation

Vulnerability - a weakness in a system

• Virtually impossible to completely eliminate

Easily Avoidable Causes

• Outdated Software
• Misconfigurations
• Default Settings
• Human Error

Ohio Cyber Range Institute, University of Cincinnati

Vulnerability Exploitation

Ohio Cyber Range Institute, University of Cincinnati

Protecting Your Information

• Authentication
• Privacy
• Encryption
• Backups

Ohio Cyber Range Institute, University of Cincinnati

Authentication

First line of defense! Identify and Prove Forms of Authentication

• Username and Password
• Finger Print Readers
• Facial Recognition
• Card and Pin

Ohio Cyber Range Institute, University of Cincinnati

Password Security

• Most often used method of authentication
• Simple, inexpensive, and effective
• Not full proof!

Ohio Cyber Range Institute, University of Cincinnati

Creating Strong Passwords

Length – The longer the harder to crack Complexity – More character options = more time to crack Randomness – Don’t use words, phrases, or numbers that are common

Ohio Cyber Range Institute, University of Cincinnati

Strong and Easy Passwords

The Sun Will Come Out, Tomorrow, Bet Your Bottom Dollar

tswcotbybd

Random!

tswco)t(bybd

12 Characters + Symbols!

TsWc0)t(ByBd

Mixed case and numbers!

a$TsWc0)t(ByBd

Add “a$” for Amazon.com

emTsWc0)t(ByBd

Add “em” for email https://howsecureismypassword.net/

Ohio Cyber Range Institute, University of Cincinnati

Protect Your Password

Always keep your secret to yourself!

• Don’t write it down!
• If you do, keep it in a secure place
• Don’t store passwords in programs
• Browser/Website
• Save login
• Don’t tell anyone for any reason
• Not to family
• Not to the IT Guy
• Not to anyone on the phone
• Change your password from time to time
• Secure passwords can be compromised
• Recommended every 90-180 days

Ohio Cyber Range Institute, University of Cincinnati

Multifactor Authentication

Using two or more methods to authenticate Something you have

• Smartphone
• Text, App, Phone call
• Smart card, ID card, Credit Card

Something you know

• Password
• PIN Number
• Passphrase

Something you are

• Fingerprint
• Facial Recognition
• Eye Scan

Ohio Cyber Range Institute, University of Cincinnati

Personal Information Online

Image Source: https://www.attogtech.com/product/protecting-your-personally-identifiable-information/

Ohio Cyber Range Institute, University of Cincinnati

Protect Your Identify

• Don’t give out personal information when asked
• Read your credit card and bank statements
• Bring in your mail everyday
• Use a paper shredder
• Freeze your credit or use credit monitoring services
• Set up alerts
• Follow all the other tips in this seminar

Ohio Cyber Range Institute, University of Cincinnati

Privacy Online

Social Media

• Use privacy settings and security settings
• Be careful what you share
• Understand the terms and conditions

Cookies (Web tracking)

• Deleting cookies
• Use private browsing modes

Location Services

• Choose which apps or website can use your location
• Disable geo-tagging features
• Disable Location Services completely

Ohio Cyber Range Institute, University of Cincinnati

Social Media Security and Privacy

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Browser Privacy

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Data Protection - Encryption

Protect data you send, receive, or store Scrambles text and other data into an unreadable format Online encryption

• Secure web browsing (HTTPS)
• Encrypted Messaging
• Text Messages
• E-mail
• Virtual Private Networks (VPNs)

Ohio Cyber Range Institute, University of Cincinnati

Data Protection - Encryption

Data at Rest Full Disk Encryption

• Windows 10 –Bitlocker
• Apple OSX – FileVault
• 3rd Party Software

Encrypt Sensitive Files

• Tax, Payroll, Financial Documents
• Data stored on flash drives

Smart Phone Encryption

• Requires Password, PIN, Patter, etc.

Ohio Cyber Range Institute, University of Cincinnati

Data Protection - Backups

3-2-1 Rule

3 Copies of your data

One Primary Copy and Two Backups

2 Types of Media

Hard Drive, File Server, Cloud

1 Off-Site Storage

Cloud Backup Methods Manual Backup Scheduled Automated Backup Sync Backup

Ohio Cyber Range Institute, University of Cincinnati

Data Protection – Backup Methods

Manual Backup

• Copy Important Files to External Storage

Scheduled Automated Backup

• Built in Tools for Windows or Apple OSX
• 3rd Party Tools

Sync Backup

• Desktop Sync Services
• Google Drive
• Microsoft One Drive
• Apple iCloud
• Phone Sync Services
• Google Sync
• iOS Backup
• 3rd Party

Ohio Cyber Range Institute, University of Cincinnati

Windows Backup

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Protecting Your Devices

• Updates
• Antivirus
• User Permissions
• Mobile Devices

Ohio Cyber Range Institute, University of Cincinnati

Software Updates

Why are Updates Important?

• Fix Security Vulnerabilities
• Fix Bugs or unexpected errors
• May include enhancements or new features

Are there downsides to updating?

• Your device may need to be restarted
• Make sure to save your work
• Updates can be slow
• Doing them regularly reducing the time
• Don’t power down your device until updates complete
• Can cause the things to break

Ohio Cyber Range Institute, University of Cincinnati

What to Update

Operating System

• Windows
• Mac OSX
• iPhone –iOS
• Android

Applications

• Microsoft Office
• Adobe
• Java
• Phone Apps

Connected Hardware (Firmware)

• Printers
• Web Cams
• Keyboard/Mouse
• Digital Camera
• External Drives

Ohio Cyber Range Institute, University of Cincinnati

When and How to Update

Update Often

• Most updates released monthly
• Important security updates released ASAP
• Setup Automatic Updates
• Make sure you are using the latest versions

Use Settings Menus to Configure Updates

• Windows
• Mac OSX
• iOS
• Android

Download Manufacture Software for Devices Logitech Dell HP Cannon Epson

Ohio Cyber Range Institute, University of Cincinnati

Windows Update

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Antivirus

Software designed to detect, remove, and/or prevent malicious software Types of Antivirus

• Signature-based Detection Scan
• Heuristic Detection Scan
• Real-Time Protection
• Intrusion Detection
• Full-featured Protection

Ohio Cyber Range Institute, University of Cincinnati

Antivirus – Pros and Cons

Pros

• Works automatically
• Can prevent and/or remove malware
• Can protect while surfing the web
• Can protect from spam

Cons

• Slows down your system
• Not 100% affective
• Can be cost money

Ohio Cyber Range Institute, University of Cincinnati

Antivirus – Which is best?

Free

• Windows Defender
• Malware Bytes
• AVG Free

Paid

• Norton Security
• McAfee
• Bitdefender
• Kaspersky

Internet Service Provider Options

• Cincinnati Bell
• Spectrum
• Comcast
• AT&T

Ohio Cyber Range Institute, University of Cincinnati

Antivirus – I don’t use Windows?

Yes! Apple MacOSX can get viruses Yes! Smartphones can get viruses Yes! Linux can get viruses Yes! Any computing device could get a virus

Ohio Cyber Range Institute, University of Cincinnati

Local User Accounts

Why use different accounts

• Enforce password usage
• Manage security for each person
• Using standard account can prevent malicious software
• Creates isolated workspace for each person
• Set up parental controls (Windows)
• Allow guests safe access to computer

Ohio Cyber Range Institute, University of Cincinnati

User Accounts

Types of Accounts

• Administrator
• Complete Control over Settings/Installing Software
• Standard User
• Control over user settings only. Can’t install

software

• Child Account (Windows 10)
• Can use Family Safety Settings
• Guest
• Can use the computer, but can’t make any changes

Ohio Cyber Range Institute, University of Cincinnati

Windows Local Users

Demo Video

Ohio Cyber Range Institute, University of Cincinnati

Protecting Mobile Devices

• Lock your phone
• Setup passcode, pattern, fingerprint, etc
• Setup auto lock features
• Less than a minute is ideal
• Check app permission when downloading
• Does the app need to access you contact lists?
• Avoid public charging stations
• Carry a spare charging device
• Avoid public Wi-Fi
• If you must, use a VPN
• Install Anti-virus
• Turn off location services if not needed
• Never leave unattended

Ohio Cyber Range Institute, University of Cincinnati

Protecting Your Networks

• Securing Your Home Network
• Firewalls
• Public Networks and VPN
• Internet of Things (IOT)

Ohio Cyber Range Institute, University of Cincinnati

Home Networks – Wi-Fi (Wireless)

Wireless Router/Access Point

• Connects all your devices together and to the Internet
• First line of defense into your home network

Wireless Router Security

• Change default passwords
• Admin password and Wi-Fi Password
• Use Guest network
• Don’t share you main Wi-Fi password
• Use Wireless Network Encryption
• WPA2 Personal Recommended
• Don’t use WEP
• Keep router to date
• Software
• Replace hardware that is more than 10 years old
• Keep firewall on

Ohio Cyber Range Institute, University of Cincinnati

Home Networks – Wi-Fi (Wireless)

Advance Wi-Fi Security

• Locate wireless router centrally
• Keep signal on your property
• Hide your network from view
• Turn off SSID broadcasting
• Enable MAC Address Filtering
• Only allow your devices to connect
• Disable Remote Administration
• Stop changes to setting without a physical

connection

Ohio Cyber Range Institute, University of Cincinnati

Home Networks – Firewalls

A device or software program that blocks unwanted Internet traffic Types of Firewalls

• Wireless Router Firewall
• Operating System Firewall
• Stand alone device

How to block or allow traffic

• Default settings allow common traffic like Web Browsing
• Programs/devices may require additional access
• Whitelisting/Blacklisting

Ohio Cyber Range Institute, University of Cincinnati

Public Networks – Wi-Fi

Connecting to public Wi-Fi can be dangerous

• Avoid if possible
• Use a personal hotspot/phone
• Don’t shop, access your bank, or other sensitive activity
• Someone could be watching
• Never use open networks
• No password
• Definitely a bad network
• Look out for rouge networks
• Verify network name and password
• Turn off automatic connectivity feature
• Use a VPN (Virtual Private Network)

Ohio Cyber Range Institute, University of Cincinnati

Public Networks – VPN

Virtual Private Network Secure private network over public networks Uses encryption to make a “tunnel” Business VPN

• Provided by your workplace
• Should be used when doing work activities
• May be required to access work resources

Personal VPN

• Provided as a service
• Encryption prevents eavesdropping
• Provides privacy and anonymous browsing
• Setup your own
• Can be used to connect remotely to home network

Ohio Cyber Range Institute, University of Cincinnati

Identifying Threats

• Phishing
• Malicious Web Sites
• Physical Threats
• Disinformation

Ohio Cyber Range Institute, University of Cincinnati

Identifying Phishing Attack

Message my look legitimate, but look out for…

• A message that makes you PANIC!
• A message that asks for sensitive information
• A message that asks you to do something out of the
• rdinary
• A message that offers you money

Red Flags!

• Typos or bad grammar
• Strange e-mail or web address
• Links or attachments

Ohio Cyber Range Institute, University of Cincinnati

Identifying Malicious Websites

A website may be malicious if….

• It prompts you to download a file or run a program
• It says you are already infected with malware
• It says your browser is out of date
• Tells you won a prize
• Offers free software

Look out for other red flags

• Check the URL for misspellings
• No contact info
• Too good to be true
• No encryption/certificate

Ohio Cyber Range Institute, University of Cincinnati

Identifying Physical Attacks

Not all attacks start from a computer

• Dumpster Diving
• Skimmers
• USB Drops
• IoT (Internet of Things)

Ohio Cyber Range Institute, University of Cincinnati

Disinformation

Spotting “Fake News” Types

• Deliberate Misinformation
• Fales Headlines “Clickbait”
• Social Media Sharing
• Satire

Consider the source

• Look at the URL
• Be wary of sloppy writing
• Is there supporting information/quotes?
• Are there other sites reporting the story?
• Check against media literacy sites

Consider the motivation

• Is it opinion or reporting?
• Is it prompting a product or person?
• Are sources being paid?