Protecting You And Your Data

We’ve added speaker notes! The speaker notes are not meant to be read line by line!!! Similarly, don’t read everything on the slides word for word. Instead, engage with your audience. Tell stories to help back up the material. Watch your attendees to determine if you are losing them or if you need to spend more time on a topic. Ask questions or randomly poll them about various material. Even something as simple as using audience members names in theoretical examples is a great way to pull them back in. Most importantly, have fun!.

[Audio] We have a lot of ground to cover. Generally, why is security awareness important. From there, some ways to protect yourself including privacy concerns. And last but not least, what should you do if you or someone you know *thinks* they may be the victim of a scam..

[Audio] Let’s get started.... [image]. Why is cybersecurity awareness important?.

[Audio] Cybersecurity awareness training is to vital to security. This is a key topic because many people assume if they have the best security technologies, it will provide them with 100% coverage. Another common belief is that our (I-T ) department will take care of it or they assume a firewall and anti virus will protect them against anything. Cybersecurity awareness is a must for everyone! Also hit on the fact that they tips work at home too. That tends to help keep the interest of audience because they know this could save them money or time if they get malware, scammed, et cetera.

[Audio] The bottom line is that everyone has something that an attacker wants. With data, it could be financial, personal, or even medical related. Even if someone claims they don’t have anything on their computer worth stealing, an attacker can still use their computer resources for cryptomining. Cryptomining uses your computer resources for financial gain. Attackers have also injected ads into users’ browsers to provide them advertising revenue. Or they could use your computer as a jump point to attack someone else. This is also a good time to ask if everyone knows what ransomware is. A go to analogy is comparing it to a Hollywood kidnapping movie where the criminals ask for a ransom to get the person back. Ransomware is similar, except it is keeping you from accessing your data unless you pay the ransom. Something we frequently hear is that we only do email on this computer. Ok, but what other accounts might be tied to that email. For example, if I’m a bad guy and I have access to your email, do I need your bank password? Why not just go to your bank website, say “forgot password” and then have the new password sent to me? That last comment is typically a light bulb moment for a lot of attendees..

[Audio] Enough of the doom and gloom, let’s get into ways to protect yourself..

[Audio] Emphasize the importance of people being active in updating their computers..

[Audio] These transition slides are a great place to pause and ask if anyone has questions. It is also a great way for someone consuming a lot of new information to reset their thoughts..

[Audio] Give everyone a chance to read it and then explain the joke, in other words it’s easier for some people to rename their dog than for them to change their password. And he’s such a cute little puppy! ;-).

[Audio] Benefits of password manager: One strong password to access them all Passwords are stored securely with Zero Knowledge Auto fill username/password on websites Sync between desktop, laptop, and mobile.

[Audio] Pick out a few passwords and discuss them. The takeaway is that these “terrible” passwords don’t change much. The other point you might make is “how do we know what passwords people use?” These passwords are from hacked databases *after* a breach occurs. Security researchers then analyze those hacked accounts to search for similarities. Remember our discussion on why you should have a different password for each website? Source: nordpass.

[Audio] This table/data is slightly nuanced. What it does well is provide the average user an easily way to visually understand how longer passwords are exponentially better than shorter passwords. Source: hivesystems.

[Audio] People’s eyes tend to glaze over when talking about two factor authentication. I usually explain that if you have logged into your bank account and it sent you a text message stating “your passcode is…” then congratulations, you’ve used two factor authentication. A short discussion on how the phone based applications work never hurts either. While any form of 2FA is substantially better than a username/password by itself, it’s important to recognize that S-M-S and phone call based verifications have some security concerns. Aside from SIM-jacking (or SIM-swapping), which is where an attacker coerces a cell phone carrier to issue a new S-I-M card, there are other attacks that allow an attacker to re direct S-M-S and phone calls to a new device. Unfortunately, it can happen for as little as $16, although there are some caveats. Source: vice Don’t miss the opportunity to briefly discuss the quote from Microsoft stating their research showed that 99.9% accounts are less likely to be compromised if you use multi factor authentication (M-F-A--) or 2FA. < Wow! Source: microsoft.

[Audio] This page refers to the worksheet that guides through the initial setup of a password manager and some discussion on 2FA. treetopsecurity.

[Audio] Another opportunity to ask if anyone has questions and let them do a mental reset as we move onto some different concepts..

[Audio] This should hopefully be an easy to spot scam (spam) for most everyone. Go through each of the red flags and talk about how you can use this same, systematic approach to all emails and even some non email scenarios..

[Audio] Reminder: links aren’t just for email! This is an S-M-S text message claiming to be FedEx. Were you expecting a package? Have you ever received a package notification via text message before? Also, note the odd domain name..

[Audio] Hovering is your friend. Hovering shows where the link will take you *before* you click on it. If you see numbers, then there is a really good chance it isn’t legit. Also, if you are on a mobile device or table you can still hover by performing a long press. Be careful though because if you don’t hold down the long press long enough, you will unintentionally click the link!.

[Audio] Don’t spend a ton of time here other than to explain how link shortening services work. If they come across this, you can use a number of services including Link Expander to show the *actual* U-R-L--, for example if you expand the bit.ly link in the picture it expands to the fairly long U-R-L for our TreeTop cybersecurity awareness feedback..

[Audio] Go around the circle with a brief explanation on each. Go quick because we go into many of these more in depth so simply help attendees understand that these 4 simple steps can help prevent link based attacks. The big one is to point out that links aren’t just email..

[Audio] A great chance to reset and ask if anyone has questions before moving onto the next topic. A U-S phone company once said “reach out and touch someone” so this is a little play on that..

[Audio] A quick chat on social engineering and how attackers use it to gain information, gain access, et cetera Sometimes attackers will pose as banks, energy companies, or someone else to get your payment information. A social engineering tactic may include calling you from a “recognizable” phone number. Most people don’t realize how easy it is to spoof a phone number, which makes it trivial to make their phone call look like it is coming from the local electricity company, phone company, hospital, et cetera This is done in an effort to get people to let their guard down. If someone calls and their phone number matches someone you are familiar with, be skeptical. It’s usually easiest to simply tell them you are busy, hang up and call them back at a published phone number that you have in your possession. We always highlight the tech support scam because we saw it so many times over the years. As callous as it may sound, Microsoft, Apple, Dell, et cetera will never call you out of the blue to tell you about a problem on your computer or device..

[Audio] If you have audio, let the audio play. If it doesn’t work or you’re not sure on the volume/quality, let the audience know the white text is the same as what is stated in the audio clip. Highlight the red flags because several of them are the same tactics we used to spot phishing email. Also highlight that there is very little we can do from a technical perspective to block this attack..

[Audio] Once again, a great time to take a breather and ask if anyone has any questions? Moving onto the last section!.

[Audio] A short discussion on privacy and not oversharing. The “fun” surveys to figure out your IQ, which cartoon character you are most like, et cetera are all ways to get access to your social media profile and harvest data from you! Everyone knows someone who posted their vacation pictures while they were on vacation and their house was broken in as a result. I tell people to wait until they come home to post their pictures; that will make the following week of work go faster when they are reminiscing about their recent vacation. ;-).

What is Data Protection?. Data Protection refers to legislation that is intended to: Protect the right to privacy of individuals (all of us) Ensure that Personal Data is used appropriately by organisations that may have it (Data Controllers.

27. Principles of Data Protection?. Purpose Limitation Data Minimisation Integrity and Confidentiality Accuracy Lawfulness, Fairness and Transparency Storage limitation Accountability.

Data Subject Rights. Data Subject Rights to Withdraw consent Object to processing Access, rectification and erasure of data Notified of processing of data Right to data portability Right to object to any decision based on automated means.

[image]. Data Security. 29. Infosec & Travelling.

[Audio] I often use the example of how attackers have mailed U-S-B drives or even left them in parking lots knowing someone would plug them in. Most people don’t realize these devices can infect your computer simply by plugging it in..

[Audio] Here’s another topic that eyes often glaze over. Use the H-T-T-P versus H-T-T-P-S as an example. Explain how encryption helps protect all of us including shopping on the internet, when using wireless communications, et cetera If you have anyone from the medical field in attendance, then I would also point out that lost and stolen devices such as laptops are the #1 reason for patient data breaches of more than 500 records. (Source: texmed).

[Audio] My contact info. Place your information here for others to get in contact with you. Remember, you’re the expert! Don’t forget to recognize the original content was provided free of charge from TreeTop Security..