WELCOME Welcome to Security Awareness Month Hosted by the Office of - - PowerPoint PPT Presentation

welcome
SMART_READER_LITE
LIVE PREVIEW

WELCOME Welcome to Security Awareness Month Hosted by the Office of - - PowerPoint PPT Presentation

Jan 31, 2023 352 likes •787 views

WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology October 2018 1 What is Prevent, Plan, and Prepare National We live in a world that is more connected than ever before. The Internet touches Cyber

slide-1
SLIDE 1

Welcome to Security Awareness Month

Hosted by the Office of Information Technology

October 2018

1

WELCOME

slide-2
SLIDE 2

Prevent, Plan, and Prepare

We live in a world that is more connected than ever before. The Internet touches almost all aspects of everyone’s daily life.

National Cyber Security Awareness Month (NCSAM) is designed to raise awareness in all of us, about cyber security and increase the resiliency of the Nation in the event of a cyber incident. Cyber security is critically important to us as a University with massive amounts of sensitive information to protect. And…cyber security is important anyone who uses a device that connects them to the internet. That might be your phone or your computer…but it also includes your bank, your medical provider, and the grocery store.

2

What is National Cyber Security Awareness Month?

slide-3
SLIDE 3

Cyber Security

Cybersecurity Awareness Month

What is cyber security. Why is it important to you?

About the Speaker and Topic

Who is he and why do I care about this topic?

PHISHING!

This is not your normal Fishing trip!

PASSWORDS

How do I respond after infection?

Continue the Discussion

Where do I go from here?

3

Today’s Agenda

slide-4
SLIDE 4

Jeff Squibb

Information Security Analyst

4

Let’s Go on a Phishing Trip

This is not your normal Fishing Trip!

slide-5
SLIDE 5

Job History

  • A. Worked at SSM Health
  • B. Worked at Olan Mills
5

About Me

slide-6
SLIDE 6

Education

  • A. Bachelor’s Degree in

Information Systems Technology

  • B. Master’s Degree in

Instructional Technology

6

About Me

slide-7
SLIDE 7

Lets go on a Phishing Trip This is not your normal Fishing Trip!

7

PHISHING

slide-8
SLIDE 8

Cyber Security Touches Everyone

  • Do you have a device…any device?
  • A tablet, laptop, desktop?
  • Do you use a credit card?
  • Do you use an ATM?
  • Do you go to the doctor?
  • Do you use Wi-Fi?
  • Do you know or work with someone that has

information of importance?

8

Prevention

  • and -

Response

slide-9
SLIDE 9

Computer / E-mail Scams

  • What is a scam?
  • Does it always come with a link?
  • How do I know if it is real or fake?

Use Best Judgement! NEVER Click the Link

9

Scams

slide-10
SLIDE 10

Cybersecurity Touches Everyone

Access to your machine:

  • for your information
  • to reach other machines on your network
  • within your email domain
  • For malicious mischief

Access to your information:

  • to gain access to accounts
  • to manipulate your machine
  • to steal and reuse your information and identity
  • to hold your information for ransom

Personal information includes:

  • SS number
  • Driver’s license info
  • Birth date
  • User names and passwords
  • Account numbers
10

What are cyber criminals after?

slide-11
SLIDE 11 11

For Sale!

slide-12
SLIDE 12

Cybercrime Facts

  • Cybercrime has recently surpassed illegal

drug trafficking as a criminal money- maker.

  • A personal identity is stolen once every

3.1 seconds as a result of cybercrime.

  • Nearly half of all cybercrimes are

committed against small businesses.

  • In the month of August 2018, 215,000,000

records had been stolen.

12
slide-13
SLIDE 13 13

Lets Go Phishing

slide-14
SLIDE 14

Limit what you share online

14

The less you share about yourself, the smaller the target you are for a phishing

  • attack. Cybercriminals use information you

post online to learn how to gain your trust.

slide-15
SLIDE 15

Protect your credentials

15

No legitimate company or

  • rganization will ask for your

username and password or

  • ther personal information via

e-mail.

  • SIUC definitely won't.
  • Still not sure if the e-mail is a phish?

Contact the SalukiTech Helpdesk.

slide-16
SLIDE 16 16

E-mail attachments are the most common vector for malicious software.

  • When you get a message with an

attachment, delete it—unless you are expecting it and are absolutely certain it is legitimate.

Beware of Attachments

slide-17
SLIDE 17 17

Phishing messages can look official.

  • Cybercriminals steal organization

and company identities, including logos and URLs that are close to the links they're trying to imitate.

  • There's nothing to stop them from

impersonating schools, financial institutions, retailers, and a wide range of other service providers.

Confirm Identities

slide-18
SLIDE 18 18

Do not reply using information in a suspicious message that claims to be from an agency or service provider.

  • Use your browser to manually locate

the organization online.

  • Contact them via their website, e-mail,
  • r telephone number.

Trust your instincts

slide-19
SLIDE 19 19

Check the sender's e-mail address.

  • Any correspondence from an
  • rganization should come from an
  • rganizational e-mail address.
  • A notice from your college or the

University is unlikely to come from [email protected].

Check the sender

slide-20
SLIDE 20 20

If a message states that you must act immediately

  • r lose access, do not

comply.

  • Phishing attempts frequently

threaten a loss of service unless you do something.

  • Cybercriminals want you to react

without thinking; an urgent call to action makes you more likely to cooperate.

Take your time

slide-21
SLIDE 21 21

If you don't trust the e-mail (or text message), don't trust the links in it either.

  • Beware of links that are hidden by URL

shorteners or text like "Click Here."

  • They may link to a phishing site or a

form designed to steal your username and password.

Don't click links in suspicious messages

slide-22
SLIDE 22 22

Do not open unexpected attachments!

  • Attachments are cybercriminals’ #1

choice for spreading malicious software…

E-mail attachments

slide-23
SLIDE 23 23

Avoid getting phished— no hook for you!

  • Mouse over links in e-mail to reveal

their true URL.

Hover to discover

slide-24
SLIDE 24 24

Does that e-mail feel off? It probably is.

  • Contact the sender to confirm it's legit.

Trust your instincts

slide-25
SLIDE 25 25

Cybercriminals want you to do what you're told, when you're told.

  • Slow down.
  • Think before you click.

Is it urgent?

slide-26
SLIDE 26 26

Posting personal info online creates bait for scams and #phishing.

Manage social media carefully

slide-27
SLIDE 27 27

#Phishing is social engineering and it's not just for e-mail! You can get phished by phone or text message.

Remember

slide-28
SLIDE 28

Passwords

https://youtu.be/opRMrEfAIiI

28
slide-29
SLIDE 29 29
  • f passwords are only

8 characters long and… …can be cracked in under 24 hours!

39%

Passwords

slide-30
SLIDE 30

Top 10 Passwords 2017

30

1. 123456 2. Password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. letmein 8. 1234567 9. football

  • 10. iloveyou

Survey Says!

slide-31
SLIDE 31

PASSWORD MANAGERS

31
slide-32
SLIDE 32 33

Password Manager

slide-33
SLIDE 33 34
  • Be on the lookout for an emotional reaction

from an e-mail message that attempts to convince the reader to take some sort of action

  • Free stuff! Click here!
  • Locked out of account unless you click here!
  • Bank failure! Click here!
  • You have/owe money! Click here or else!
  • Income tax return ready! Click here!
  • You are under investigation! Click here!
  • OMG is this you in this picture? Click here!
  • I can’t open this document, can you? Click

here!

  • You are infected with viruses! Click here!

Reminder

slide-34
SLIDE 34

So…What is pwned?

https://haveibeenpwned.com/

35

Have I been pwned?

slide-35
SLIDE 35

Passwords

https://www.youtube.com/watch?v=Srh_TV_J144

36
slide-36
SLIDE 36 37
  • Make your passwords complex. Use a

combination of numbers, symbols, and letters (uppercase and lowercase).

  • Change your passwords regularly

(every 45 to 90 days).

  • Do NOT give any of your usernames,

passwords, or other computer/ website access codes to anyone.

  • Do NOT open emails, links, or

attachments from strangers.

Reminder

slide-37
SLIDE 37

Prevention

  • Install One program or two – up to

you

  • l an antivirus/anti-malware

program

  • How many is too many?
  • Be sure the program is up to date
  • Expired?
  • Free tools – Microsoft & Others
  • Don’t click the links
  • Don’t visit the “bad” sites
38

_________ Infection(s)

slide-38
SLIDE 38

Next Steps

Stay Vigilant

Don’t let it grip you, but…

  • STOP. THINK. CONNECT.

WWW.StaySafeOnline.ORG StopThinkConnect.org SecureIt.SIU.EDU

Stay Up to Date

Other training, webinar, ask friends.

What Can IT Do To Help?

What to do now…in the future.

39

What Should Your Do Now?

slide-39
SLIDE 39

Coming Up…

Please invite users in your department to register and join us. Contact (olindahubbs@siu.edu).

October 11th (tomorrow) Don’t Be Out Smarted By Your Smart Phone with Abby Razer, SalukiTech Call Center Manager and Melissa Pierce, SalukiTech Desktop Support Bring your Smartphone (Android or iPhone) and learn and practice steps to avoid phishing and other malicious phone scams. And learn to keep your identity safe when using social media. October 18th Let's go on a Phishing Trip--This is not your usual Fishing Trip! with Jeff Squibb, Information Security Analyst at SIUC Phishing is still a state-of-the-art cybersecurity threat and you have to be careful not to take the bait! Learn what lurks in the virtual depths and how to protect
  • yourself. We’ll download and set up a FREE LastPass account to keep all of your
passwords safe and secure. October 20th ISAT hosts SIU Cybersecurity Day A day of fun and learning for middle and high school students, college students— and you! Learn to stay cyber safe and participate in demos. Location TBD. October 25th What You Should Know About Sensitive Data and Keeping it Safe! with Steve Aldridge, Security Operations Specialist at SIUC What is legally-protected sensitive information? And how do you keep it safe? A hands-on session to learn about the tools the University provides to locate, secure, and send sensitive data in the course of your daily work.

October Security Events

slide-40
SLIDE 40

Thank You!

41

We have a new look To make it easier to find what you need. Visit us at:

http://oit.siu.edu/infosec urity/

slide-41
SLIDE 41
  • Run a ‘Thorough’ or ‘Deep’ clean
  • See if “odd services” are running
  • Backup?
  • Change Password?
  • SIU Computer? Call IT!
  • LAN Admin
  • SalukiTech
  • IT Expert/Consultant
42

Professional Assistance for End User Needs

Visit the SalukiTech Service Center on the first floor of Morris Library. https://oit.siu.edu/salukitech/walk-in/

slide-42
SLIDE 42

To Contact Our Experts

Office of Information Technology, Security website http://infosecurity.siu.edu/ SalukiTech 618-453-5155 salukitech@siu.edu SalukiTech Service Center, Morris Library—First Floor Mon - Thu: 8 AM - 9 PM Friday: 8 AM - 6 PM Saturday: 10 AM - 6 PM Sunday: 1 PM - 9 PM Steve Aldridge

Office of Information Technology, Security sa.sec@siu.edu

Jeff Squibb

Office of Information Technology, Security Js.sec@siu.edu

SIU Carbondale Security Experts and Information