Information Technology security & Training

[Audio] Information Technology security & Training.

[Audio] Agenda Importance of IT security Type of Threats Network Security Data Security Email Security IT Asset Security Best Practices.

[Audio] CYBERSECURITY AWARENESS Importance of IT security Be an Empowered Protector. At Home and at Work. Cybersecurity training is a proactive and necessary step to protect yourself and our organization from the ever-evolving cyber threat landscape. 10% of Security Safeguards are technical 90% of Security safeguard relay on the computer user "YOU!".

[Audio] Threats Overview Malware Phishing Social Engineering.

[Audio] Threats Overview Malware. Threats Overview.

[Audio] Malware includes numerous threat families, all with different names. Viruses Worms Trojans Ransomware Rootkits Bootkits.

[Audio] Is malware on windows only? Malware definitely exists on other operating systems (Oses) outside of Windows. Windows is typically the major target due to high market share. Is malware on mobile phones ? Mobile phone malware is a growing threat due to users doing the majority of their internet browsing on a cell phone. Ransomware, or screen locking malware, is a popular threat on mobile devices..

[Audio] How does my computer get infected ? Clicking malicious links in email Plugging in an unknown flash drive Downloading malware masquerading as other software By browsing malicious websites How does my mobile device get infected? Installing 3rd party apps directly from the internet instead of via official stores such as Google Play or Apple's App Store..

[Audio] Top Tips to Avoid Malware Install Endpoint Security on all devices. Be careful what you plug in. Be careful what you click. Get awareness training for entire family.

[Audio] Threats Overview Phishing. Threats Overview.

[Audio] Phishing 80% of report security incidents involve phishing. Intentionally deceiving someone by posing as a legitimate company. Typically, utilizes email by pretending to be a company or service requesting you to do something. Hoping that you click the link and fill out the requested info.

[Audio] Phishing Examples. Not paypal.com. Phishing Examples.

[Audio] Top Tips to Avoid Phishing Check who the email sender is. Check the email ID correctly before sending or replying Mouse over the link to see where it goes. Do not click the link – manually type it in.

[Audio] Threats Overview Social Engineering. Threats Overview.

[Audio] Can these answers be found on your Facebook account? What city did you grow up in? What is your dog's name? What high school did you attend? What is your favorite book? What is your dream job? What is your mother's maiden name?.

[Audio] Security Questions Typically, users are honest when filling out security questions. Malicious parties can utilize social media to find out the answers to these questions, which allows them to reset your password. Best practice is to not be honest when filling out these questions. Treat security questions as another password field.

[Audio] How about this? This is extremely important in the conversation around passwords due to the fact that most passwords can be simply changed or reset by knowing a few answers to questions about yourself. Most of these answers can be commonly found on users' social media accounts. So it is very important to not just practice good password policies but also strong security questions as well..

[Audio] Users and Poor Password Hygiene Typically, users practice risky behavior with respect to passwords. Passwords nowadays can be a gateway into identity theft..

[Audio] So typically due to the complexity requirements of passwords usually users end up writing their passwords on sticky notes or in documents on their desktop..

[Audio] Others freely share their passwords with other users. We see this especially in organizations that require users to clock in at the beginning and end of the day. They do not want to be late again so they call their friend who is already at work and ask them to clock in for them..

[Audio] This leads to current password policies that typically have users change their password every 90 days or every 6 months. Users are not increasing your businesses security by changing their password on these scheduled intervals due to them doing the above. They are simply going to the next number and next symbol on the keyboard. In fact now NIST is recommending against having users change passwords every 90 days due to the above..

[Audio] So when data breaches occur passwords are sometimes extracted, it would be very easy for me to go to another website and figure out what your password is. For example if the password that was stolen was elephant, and I went to a website that required 8 characters and 1 symbol. There are only 32 symbols on the keyboard, therefore I only need to type in elephant and then try every symbol and see if I gain access into whatever system I am trying to break into..

[Audio] Password Managers If you have trouble remembering passwords or creating unique passwords, utilize a password manager. There are several very secure password managers on the market that work across all Oses. They will remember and auto-complete your passwords for you once your "master" password is entered.

[Audio] Top tips for password safety Utilize unique passwords across all websites/applications Enable and utilize 2FA on all websites that allow it Choose unique, non-true security questions.

[Audio] Internet protection. INTERNET PROTECTION.

[Audio] Internet Protection Overview Search Engine Safety Web Content Filter HTTPS Public Wifi Internet of Things.

[Audio] HTTPS Is a protocol for secure communication over a computer network which is widely used on the internet HTTPS is typically notated by displaying a green lock in the web address bar:.

[Audio] HTTPS No sensitive information should be typed into a page that is not secured by HTTPS. Even though a page is secured with HTTPS, it does not automatically mean the page is safe. Most browsers have begun to let users know more easily when they are on a non-secure page..

[Audio] Top Tips for Secure Websites (HTTPS) Before entering sensitive information, check to see if the site is secured by HTTPS. Check to make sure this is a reputable website before entering credit card information; don't just depend on the HTTPS indicator..

[Audio] Internet Protection Overview Public Wifi.

[Audio] Is a non-secure network that users can connect to for free Typically found in hotels, coffee shops, libraries and many other places.

[Audio] Is very insecure, so you should treat every public Wi-Fi connection as compromised (unsafe). This means you should not utilize any sensitive websites when connected (banking, social networking, etc.) If you need to access one of these sites, utilize your cell phone and do not connect it to Wi-Fi, just use the cell service..

[Audio] Top Tips for Public Wi-Fi Verify the Wi-Fi name with the business owner prior to connecting. Treat public Wi-Fi connections as compromised (unsafe). Utilize an anti-malware product to help prevent against cyberattacks while connected..

[Audio] Internet Protection Overview Internet of Things.

[Audio] Top Tips for Internet of Things(IOT) Change default usernames and passwords on all devices including routers. If you do not utilize the web features, disable them. Make sure all IoT devices, including routers, are kept up to date with the newest firmware (software)..

[Audio] Email Protection. EMAIL PROTECTION.

[Audio] Email Protection Overview Password Reset Spam Protection Attachment Policy.

[Audio] Top Tips for Password Reset Utilize strong unique passwords. Utilize strong, not correct, security questions. Monitor attempted password resets on your accounts for fraudulent activity.

[Audio] Email Protection Overview Spam Protection.

[Audio] Spam Protection Everyone gets spam; even with the best protection, some still slips through the cracks. Some email providers have better spam protection than others. A third party anti-spam product can supplement protection provided by the email provider.

[Audio] Never open spam emails, even if you think it is funny to see the content inside. Never respond to spam emails. Be careful using your email address to sign up for contests or enter websites. When posting your email to a public website, always add special breaks in your email address. Example: ben(at)eset dotcom.

[Audio] Email Protection Overview Attachment Policy.

[Audio] Attachments are one of the most common ways to get viruses or malware. Even though an attachment might look like a document or Excel file, it might contain a virus or malware.

[Audio] Rules is in place at our company to prevent receiving certain types of attachment files. We need to know why attachments can be harmful. Never open attachments from unknown senders. If you see something that is questionable, send to your IT department for verification.

[Audio] Escalation Contacts IT Help Desk: [email protected] Copying Email: [email protected] Karthi (System Related concerns) Naveenkumar (ERP) 1st Level Escalation Contacts Nagesswaran – 9842204201 2nd Level Escalation Contacts Srinivasa Rao – 77609 72676.