Real Estate Online Risk Management

1. AVOID THE HACK
Cyber Security Measures for Your
Customers and Yourself
Jason M. Jakus

2. What this session is about!

5. HACKING
Hacking is the act of illegally
accessing the computer system
or Network of an individual,
group or business enterprise
without the consent of approval
of the owner of the system.

7. CRACKING
Cracking is a higher form of
hacking in which the
unauthorized access culminates
with the process of defeating
the security system for the
purpose or acquiring money or
information and/or free services.

10. LAUNCHING OF HARMFUL COMPUTER VIRUSES
A computer virus is a program that can
copy itself and infect a computer without
permission or knowledge of the user. The
original may modify the copies or the
copies may modify themselves.
A virus can only spread from the one
computer to another when the host is
taken to the uninfected computer, for
instance by a user sending it over a
network or carrying it on a removable
medium such as a USB drive.

11. DISTRIBUTED DENIAL OF SERVICEATTACKS
DDOS attacks can be committed
by employment multiple computers
controlled by a single master
computer server to target a
particular server by bombarding it
with thousands of packets of data
in an attempt to overwhelm the
server and cause it to crash.

12. WEBSITE DEFACEMENT
• WEBSITE DEFACEMENT IS THE UNAUTHORIXED
MODIFICATION OF A WEBSITE.

13. ACQUIRING CREDIT CARD INFORMATION FROMA
WEBSITE THAT OFFERS E-SERVICES
Hackers prefer VISA, American
Express and MasterCard when
filtering credit card information. It is
because VISA and MasterCard are
widely accepted by almost all
internet shopping sites.

14. Phishing Explained
Phishing scams are typically fraudulent email messages
appearing to come from legitimate enterprises (e.g., your
university, your Internet service provider, your bank).
These messages usually direct you to a spoofed website
or otherwise get you to divulge private information (e.g.,
passphrase, credit card, or other account updates). The
perpetrators then use this private information to commit
identity theft.
One type of phishing attempt is an email message stating
that you are receiving it due to fraudulent activity on your
account, and asking you to "click here" to verify your
information.

22. Avoiding Phishing Scams
• Be suspicious of any email message that asks you to
enter or verify personal information, through a
website or by replying to the message itself
• The safest practice is to read your email as plain text
• If you choose to read your email in HTML format:
Hover your mouse over the links in each email
message to display the actual URL. Check whether
the hover-text link matches what's in the text, and
whether the link looks like a site with which you would
normally do business.

23. Passwords
• If possible, make your password at least 12-15
characters in length
• Use at least 2 upper-case letters, 2 lower-case
letters, 2 numbers, and 2 special characters
(except the common ones such as "!@#$")
• Never use whole words. Make the password as
random as possible
• Avoid using personal information as part of your
password

24. Securing Your Router
• Change the password used to access the router.
Anything but the default is OK.
• Turn off WPS
• Wi-Fi security should be WPA2 with AES (do not
use TKIP)
• The Wi-Fi passwords need to be long enough to
stall brute force attacks. Opinions on the
minimum length differ, my best guess is that 14
characters should be sufficient. A totally random
password is not necessary, "999yellowtulips" is
both long enough and easy to remember.

25. Securing Your Router
• Turn off Remote Administration (its probably off
already)
• If any of your Wi-Fi networks (a router can create
more than one) use the default name (a.k.a.
SSID) then change it. Also, if they use a name
that makes it obvious that the network belongs to
you, then change it.
• Use a Guest Network whenever possible. Any
computer running Windows 10 should never be
allowed on the main network, always restrict them
to a Guest Network.

26. Picking Out A Router
• The devices shipped by ISPs suffer from a general level
of incompetence both in their initial configuration and
ongoing maintenance.
• Spying: We have seen that ISPs, at times, co-operate with
spy agencies and governments. Even without outside
influence, an ISP may well put a backdoor in the devices
they give to their customers, if for no other reason than to
make their life easier in some way.
• Don't be a prime target. Any router provided by an ISP to
millions of customers is a prime target for bad guys and
spies. More bang for the hacking buck. You are safer
using a less popular device.

27. Testing Your Router
• https://www.grc.com/shieldsup

28. Open Wi-Fi Networks
• Public Wi-Fi networks—like those in coffee shops
or hotels—are not nearly as safe as you think.
Even if they have a password, you're sharing a
network with tons of other people, which means
your data is at risk.

29. Turn Off Sharing

30. Use HTTPS and SSL Whenever Possible

31. Use Firewall

32. Automate Your Settings

33. Computer Virus, Malware, Spyware

34. New Viruses Daily

35. Top 2016 Anti Virus Software
http://www.top10antivirussoftware.com

37. Mobile Device Security

38. Have you ever seen this screen?

39. Probable Ways to Get Phone Hacked
• Wi-Fi in public places, such as cafes and airports
could be unsecure, letting malicious actors view
everything you do while connected.
• Applications add functionality to smartphone, but also
increase the risk of a data breach, especially if they
are downloaded from websites or messages, instead
of an app store.
• Despite the best intentions of smartphone
manufacturers, vulnerabilities are found which could
let attackers in.

40. Passwords Best Practices
• Don't re-use passwords. One ultra-secure one won't be any
good if someone finds it
• While combining upper and lower case passwords with
numbers to alter a memorable word - M4raD0na - is often
advised, these are more easily cracked than you might think
• Good advice is to make a memorable, unusal sentence: "I am a
7-foot tall metal giant" is better than "My name is John", and
use the first letter of each word with punctuation: "Iaa7-ftmg”
• Alternatively, you can use a password manager such as
1Password, which can generate secure passwords and store
them online
• The best way to protect yourself is to use two-factor
authentication, which will send a text with a code or use an app
to verify your log-in

41. If you think you got hacked!!

42. Ghostery for Individuals

43. URL X-Ray tells you where URL is going

44. Best Practices
• Don’t use the same password for every system
• Change Passwords frequently
• Update your Anti-Virus Software
• Protect Yourself in open wi-fi environments
• Install the HTTPS Everywhere browser extension.

45. More Information
• http://www.slideshare.net/JJakus
• http://www.linkedin.com/in/jasonjakus
• @JasonJakus on Twitter
Complete Evaluations
Please