Security Awareness Training

[Audio] Welcome to our cybersecurity awareness training program. Today, we will explore various types of phishing attacks and learn how to identify them..

[Audio] Cybersecurity awareness is crucial in today's digital age. As we navigate through our daily lives, it's essential to understand the importance of cybersecurity and how it affects us. This training aims to educate individuals on the basics of cybersecurity and provide them with the necessary tools to stay safe online..

[Audio] Cybersecurity is the set of measures taken to safeguard computer systems and networks against unauthorized access, use, disclosure, disruption, modification, or destruction. This encompasses protecting personal, financial, and sensitive information from being stolen, altered, or destroyed. The significance of cybersecurity lies in its capacity to prevent such threats from happening, thus guaranteeing the confidentiality, integrity, and accessibility of crucial data..

[Audio] Cyber attacks have become increasingly sophisticated, with cybercriminals already exploiting artificial intelligence to their advantage. In 2023, there was a notable surge in data breaches, with a 72 percent increase compared to 2021. Additionally, a remarkable 88 to 95 percent of these breaches were caused by human error, emphasizing the significance of being vigilant in preventing such occurrences. Furthermore, phishing attacks accounted for 30 to 45 percent of these breaches, highlighting the necessity for robust cybersecurity measures..

[Audio] When it comes to cybersecurity, one needs to take proactive measures to ensure online presence remains secure. To do this, understanding the five-step process for responding to a cyber attack is crucial. The first step is recovering from the incident, which involves containing the damage and preventing further harm. This includes isolating affected systems, restoring backups, and patching vulnerabilities. The second step is protecting against future attacks by implementing additional security measures such as updating software, configuring firewalls, and enforcing strong passwords. The third step is identifying the root cause of the attack through analyzing logs, reviewing system configurations, and conducting forensic analysis. The fourth step is identifying potential weaknesses in defenses and addressing them before they're exploited. This involves conducting regular vulnerability assessments, penetration testing, and compliance audits. Finally, the fifth step is detecting potential threats before they become incidents by monitoring network traffic, analyzing system logs, and using threat intelligence feeds. By following these five steps, minimizing the impact of a cyber attack and reducing the risk of future incidents is possible..

[Audio] Phishing is a type of cyber attack where scammers try to trick victims into revealing sensitive information or performing certain actions. They often use distraction and misdirection to achieve their goals. This could include posing as a trusted individual or organization, creating a sense of urgency, or using social engineering tactics to manipulate victims..

[Audio] Phishing attacks take various forms, including email phishing attempts where attackers pretend to be legitimate organizations to steal sensitive information. They might employ targeted attacks, utilizing data from social media, public databases, or prior breaches to boost their credibility. Moreover, criminals utilize text message phishing scams, recognizing that individuals react to text and instant messages more quickly than email. Furthermore, phishers replace genuine QR codes with malicious ones, directing users to fake websites. Fake social media profiles are also employed to extract sensitive and confidential information. Additionally, attacks are carried out using artificial intelligence and spoofed numbers, making calls that seem to originate from recognized trusted sources. Lastly, deceitful websites are concealed in search engine results, utilizing paid advertisements and search optimization..

Which email is real? which is the scam?. From: SUQQQn@miGEQåQtt.GQ.UE sent: 16/01/2023 11:44 To: Bob Smith <Bob.Smith@company.com> Subject: Urgent Action Needed! Outlook Microsoft Account Verify your account We detected some unusual acivity about a recent sign in for your Microsoft account. you rnight be signing in from a location app or To help keep your account safe. We've blocked access to ymr inbox , contacts list aM calander for that sign ül. Please review ymr recent activity and well help you secure your accourn. To regain access you'll need to confirm that the recent activiY was yours. The Microsoft Team From: sent: 16/01/2023 11:44 To: Bob Smith <Bob.Smith@company.com> Subject: Unusual Sign In Activity Outlook Microsoft Account Verify your account we detected unusual activity about a recent Siyi in for your Microsoft accmjnt you might be signing in from a new location or device. To help keep your account safe. Weve blocked access to your inbox, contacts list md calendar for that sign in. Please review ymr recent activity and well help you secure ymar account. To regain access you'" need to confirm that the recent activiW was Review_recem activity The Microsoft Team.

[Audio] As we examine the visual representation on slide number 9, we notice a striking contrast of a bold red text against a clean white background. Our attention is drawn to the center where "Image preview" is written in all caps, followed by a repetition of the same text. The emphasis created by this repetition highlights the importance of the information presented. The two words "sCAM" and "REAL" stand out in a different font, holding significant meaning for those familiar with the topic. This slide serves as a reminder to remain vigilant and distinguish between reality and deception. The image preview is a call to action, urging us to stay alert and continue our exploration..

[Audio] Phishing tactics frequently exploit a sense of urgency or fear to prompt victims into taking action. Be wary of emails or messages demanding immediate attention, such as "Click this link immediately or your account will be closed." Verify the sender's email address matches the company it claims to represent. For example, if an email appears to be from Amazon, ensure the domain name is indeed amazon.com, not amaz0n.com. Unusual or unexpected communications should raise suspicions, as well as requests for personal information. Legitimate organizations typically do not request sensitive data via email or unsolicited calls. Furthermore, be cautious of misspellings, grammatical errors, and unusual URLs, which may indicate phishing attempts. As AI becomes increasingly prevalent, it is crucial to remain vigilant and informed about these tactics..

[Audio] Don't click links from unknown senders. Delete suspicious emails or texts. Avoid opening attachments from unfamiliar sources. Refrain from sharing personal data online or via phone calls. Instead, confirm the authenticity of the message and contact the sender directly through recognized phone numbers or emails. Inform your IT department or email/phone provider about the incident. Utilize email filters to block phishing messages from reaching your employees' inboxes. Erase the suspicious communication..

[Audio] The longer the password, the more time it takes to crack. This table illustrates how much time it would take to crack various lengths of passwords. For instance, if someone attempts to guess a seven-character password, they could accomplish this in approximately one minute. However, if we extend the password's length to twelve characters, it would require over two thousand years to crack. This emphasizes the significance of employing robust and distinct passwords..

[Audio] Passwords should be long, unique, and random. At least 12 characters are required, but longer is better. Do not reuse passwords anywhere else. To create a strong password, combine lowercase letters, uppercase letters, numbers, and special characters. Ensure the password is at least 12 characters long. Alternatively, use a passphrase consisting of four to five random words that hold personal significance, making it easier to remember..

[Audio] Even though you may have a strong password, it's possible that it could still be compromised. You can visit haveibeenpwned.com to find out if your password has been leaked. Reports indicate that over 11 billion accounts were stolen from hacked websites and applications..

[Audio] When your password is compromised, it's essential to take prompt action to safeguard your account. Enabling multi-factor authentication is an effective method to achieve this. This added layer of security demands not only your password but also another form of verification, such as a code sent to your phone or a biometric scan. This makes it substantially harder for attackers to access your account, even if they've acquired your password. By employing multi-factor authentication, you can notably diminish the likelihood of unauthorized access to your account..

[Audio] When choosing a Multi-Factor Authentication method, it's essential to consider security. The most common method is text-based, using SMS, but this is actually the least secure option. A better choice would be to use authenticator apps, such as DUO or Microsoft Authenticator. These apps provide a more secure way to verify your identity..

[Audio] Ransomware is a type of cyber attack where criminals hack into your computer or network, lock you out, and demand a ransom to regain access. This can occur when you open a malicious email attachment, click on a suspicious link, or download software from an untrusted source. Once they gain control, they will encrypt your files and demand payment in exchange for the decryption key..

[Audio] Phishing emails can be very dangerous because they often contain malicious attachments or links that can compromise our security. We should exercise caution when opening emails from unknown senders, never clicking on suspicious links or opening attachments unless we're certain they're legitimate. It's also crucial not to use our company email or password for personal activities, which can put our work account at risk. Moreover, we shouldn't download files from untrusted sources, as they may contain malware. Furthermore, we must never store passwords in plain text files or spreadsheets, as this can lead to unauthorized access. By following these guidelines, we can significantly reduce the likelihood of falling prey to phishing scams and ransomware attacks..

[Audio] Data and information safety is crucial because nefarious individuals prey on our desire to be helpful and appear knowledgeable. They may disguise themselves as strangers asking innocent-sounding questions, aiming to extract valuable information. It's essential to trust your instincts and ask yourself why someone would want to know specific details. Remember, being cautious about what you share with others is vital, especially when it comes to government contracts and regulations such as CUI NIST, CMCC, etc..

[Audio] Data stored on USB devices should be encrypted to prevent unauthorized access in case the device is lost or stolen. This precaution can help protect sensitive information from falling into the wrong hands. When using public charging stations, it's essential to exercise caution as they may have been compromised. Refrain from plugging in any unfamiliar USB devices to other devices. By taking these simple precautions, you can significantly reduce the risk of data breaches and maintain the security of your digital assets..

[Audio] When browsing online, it's crucial to limit your activities to only essential job-related websites. Avoiding non-essential sites like social media platforms can compromise your security. By doing so, you'll reduce the risk of exposing yourself to potential threats and maintain a secure online environment..

[Audio] Enable the firewall on your device and use a Virtual Private Network. Be cautious of free VPNs, as some may be owned by criminals. When connecting to public Wi-Fi, ask the barista or receptionist for the official network name. Using your mobile data plan is generally safer than relying on public Wi-Fi. It is crucial to avoid processing confidential information over public Wi-Fi networks..

[Audio] Your system may have been compromised if you notice unusual activity such as access from strange locations or IP addresses, security features being deactivated, files or folders going missing, system functions being affected with very slow speeds, random shutdowns or restarts, high resource usage, mysterious applications being removed or added, and increased outbound network traffic. These signs indicate that your system has been compromised..

[Audio] To recap, it's essential to use strong passwords and a password manager to protect your online accounts from unauthorized access. Turning on multifactor authentication adds an extra layer of security to your login process. Recognize and report phishing attacks, which aim to trick you into revealing sensitive information. Keep your software updated, as outdated versions may contain vulnerabilities. Avoid clicking on links or downloading attachments without verifying their authenticity. Be mindful of what you share and say online, as this can have unintended consequences. By following these simple tips, you'll be better equipped to defend yourself against cyber threats and maintain a secure digital presence..

[Audio] Wire fraud occurs when you're tricked into sending money to a fraudulent bank account. This can happen when hackers gain access to your vendor's systems and send you an invoice with fake bank information. For example, an urgent request to wire money may come from a criminal who has impersonated your CEO by hacking their email account..

[Audio] Verify that the bank information matches the information on file. Call a known number that you have previously used or obtained from the vendor management system. Additionally, call and confirm any requests for funds transfer. Furthermore, verify any requests to modify information on file, including changes to phone number, address, or bank information..