SlideShare una empresa de Scribd logo

Protecting Your Business From Cybercrime

David J Rosenthal
David J Rosenthal

Overview of the business of cybercrime How Cybercrime as a Service has changed cybercrime Some techniques to mitigate cybercrime

Tecnología
1 de 28
Descargar para leer sin conexión
1
Agenda • Overview of Cybercrime • Cybercrime as aService • Tipsto Protect your SmallBusiness 2
What is cybercrime? Cybercrime is criminal activity involving the internet, a computer system, or computer technology. 93 percent of all money is digital. That’s what is at risk here. –Bill Nelson Bill Nelson, Financial Services Information Sharing & Analysis Center 3
Financial impact of cybercrime • One large company breached per month • Many small to medium sized companies are breached per week Key ways that hackers earn money: 4
Cybercrime is big business. Cybercrime activity is at the highest, ever Insights about one group of three Blackhats recently indicted: • Stole information on 100 million people • Breached 12 companies, including • Earnings at over $100 million • Employed 270 employees in Ukraine and Hungary in just one of their illicit businesses http://www.reuters.com/article/us-hacking-indictment-idUSKCN0SZ1VM20151110 Cybercrime is more organized and motivated than at any time in history. The blackhat cybercriminal is a professional adversary. This industry has evolved with the evolution of the internet and opportunities associated with PC/computer/mobile devices. 5
Blackhat cybercrime is a form of malicious online behavior motivated by profit and a predictable ROI What is Blackhat cybercrime? • Understanding Blackhat criminal tools, techniques, motivations, cultures, and ecosystems are critical to defending against current attacks and deterring future ones • Treating Blackhat cybercrime as a purely technological problem makes mitigation difficult and costly 6
State Sponsored BlackhatsGrayhatsScript-kiddies The bad actors are not a monolithic group • Non-professional cybercriminals • Use crime kits to make spending money • Little to no business or technical expertise • Even though they are not professional, their impact can be significant • Treatcybercrimeasa business • Businessandtechnical expertise • Oftenworkinaclosed groupofother professional cybercriminals • Criminalreputationis everything • Theybelievetheyare offeringlegitimate services. However,their customerscanbeboth “legitimate”orcriminal • Ranasabusiness • Individualsorgroups whohackforasocial cause,without economicmotivation • Havebothtechnical peopleandfollowers • Nationalsecurityand/or economicmotivation • Technicalexpertise • Workinaclosedgroupof otherprofessionals • OftenuseBlackhat resourcesand/or techniquestomasktheir identity Some elite Blackhats, some elite hactivists, and most state sponsored actors use “APT” techniques Hactivists
The cybercrime problem is broad, and getting worse • More professional cybercrime services make it easier for would-be attackers to become cybercriminals • Many cybercriminals don’t need technical abilities when entering the world of cybercrime • In many regions, it is socially acceptable to steal from victims on the Internet • The line is blurring between state sponsored attackers and cybercriminals • Elite teams of attackers that have the same resources, skills, and patience as state actors 8
It has never been easier for new entrants into the market Chinese Gmail account creation tool, interfaces with SMS and CAPTCHA solving services Cybercrime as a Service (CaaS): Crimekits and services available Russian checker Private Keeper. It is a universal checking tool supporting 17 different web services (PSN, PayPal, Skype, Twitter, etc.) and many email providers. It has an IMAP/POP3 server editor that supports “almost any email service” and allows users to parse the content of messages and check email accounts validity Account CheckersTools to create abuse accounts
Cybercrime as a Service (CaaS): Market for freshly infected PCs to push malware to It has never been easier for new entrants into the market
Cybercrime as a Service (CaaS): Market for freshly infected mobile devices to push malware to It has never been easier for new entrants into the market
How kits are used • A botnet is a network of devices infected with malicious software that is centrally controlled • “Good” malware cannot be detected by users • It holds your PC or files for "ransom.” • Prevents you from using your PC • Victim has to pay to regain access • Campaigns can include spam, SMSishing, Vishing, etc. • The intent is to trick the user into giving up their password, account recovery information, or PII Botnet Phishing Ransomware
• Defenders must not rely on your users doing the right thing at the right time • Be proactive, prevent the attack, and prevent the attacker from predicting their ROI • This can include monitoring for their probes and enabling defensive measures to act between their probes and attack Considerations when combating cybercrime To be successful in Cyber defense, one needs to know what are effective and durable mitigations
Tips to keep your Business Safe 14
1. Strengthen your computer’s defenses ➢Keep the firewall on (work, home, public networks) ➢Install legitimate antimalware software (http:/aka.ms/wkactd ) ➢Keep software up to date (automatically) 1 statistics noted from Flexera software 1 15
➢ Train your users to use malware and phishing protection in their browsers. ➢ Keep Antivirus on and updated 2. Don’t be tricked into downloading malware 16
2. Don’t be tricked into downloading malware Think before you click Confirm that the message is legitimate Close pop-up messages carefully Ctrl F4 17
3. Protect company data and financial assets Encrypt confidential data Use rights management solutions to handle sensitive data Train your users to identify scams and fraud Use HoneyTrap accounts in your domain. Notify on successful and unsuccessful logins Use HoneyTrap documents. Notify on successful and unsuccessful access 18
Look for telltale signs Think before you click Keep sensitive information private Train employees to identify socially engineered attacks www.snopes.com 3. Protect company data and financial assets How to evade scams 19
4. Passwords. Keep them strong, private, and don’t reuse them 20
Guess which passwords are strong? WEAKSTRONG Password106/04/79Advan!age0us!$wanR!ceRedD00r510152025MsAw3yO!D SwanRiceRedDoorAdvantageous!My son Aiden was 3 years old in December 4. Passwords. Keep them strong, private, and don’t reuse them 21
Protect your accounts and passwords Make passwords strong (still needed) Keep them private (don’t share among users) Use unique passwords for different websites Limit use of employees using corporate e-mail accounts as their identifier on third- party website Defend against checkers Enable disabling accounts on too many invalid login attempts Don’t use insure interfaces (e.g. unprotected POP/IMAP/SMTP) Monitor for brute force and snowshoe checkers 4. Passwords. Keep them strong, private, and don’t reuse them 22
5. Guard data and devices when you’re on the go 23
Connect securely Confirm the connection Encrypt storage on mobile devices Save sensitive activities for trusted connections Flash drives: watch out for unknowns and disable auto run Enable features like Work Folders and cloud storage to manage work data on mobile devices HLTONHOTELS.NET 5. Guard data and devices when you’re on the go 24
What to do if there are problems Have a predefined process and checklist to identify company identities, data, services, and applications on the device Report abuse and other problems Immediately report phishing Immediately report missing devices or theft of company data Change all passwords Wipe mobile phones 5. Guard data and devices when you’re on the go 25
Use this interactive risk assessment tool to select all threats your company might face and estimate the cost of each. This worksheet will then calculate the total cost and provide countermeasures you can take to protect your company. Let’s assess your security risk STRONGhttp://aka.ms/knowyourrisk Time: 10 min 26
Questions? 27
Contact us for additional information & deployment offers David.Rosenthal@razor-tech.com

Recomendados

Cybercrime
CybercrimeCybercrime
CybercrimeMarite Rojas Ojeda
 
Cyber security
Cyber securityCyber security
Cyber securityPawanKalyanAmbati
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraudFCA - Future Chartered Accountants
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & TipsDeepak Kumar (D3)
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber Crime Awareness Project
Cyber Crime Awareness ProjectCyber Crime Awareness Project
Cyber Crime Awareness Projecttsdikshit
 

Recomendados

Cybercrime
CybercrimeCybercrime
CybercrimeMarite Rojas Ojeda
 
Cyber security
Cyber securityCyber security
Cyber securityPawanKalyanAmbati
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Cyber crime and fraud
Cyber crime and fraudCyber crime and fraud
Cyber crime and fraudFCA - Future Chartered Accountants
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & TipsDeepak Kumar (D3)
 
Cybe Crime & Its Type
Cybe Crime & Its TypeCybe Crime & Its Type
Cybe Crime & Its TypeDeepak Kumar (D3)
 
Cyber Crime Awareness Project
Cyber Crime Awareness ProjectCyber Crime Awareness Project
Cyber Crime Awareness Projecttsdikshit
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeyazad dumasia
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityBhavanaKudkyal1
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimeslittle robie
 
Cyber crime (2018 )updated
Cyber crime (2018 )updatedCyber crime (2018 )updated
Cyber crime (2018 )updatedPrabhatChoudhary11
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet vimal kumar arora
 
Cyber crime
Cyber crime Cyber crime
Cyber crime Jayant Raj
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)Thangaraj Murugananthan
 
CYBER CRIME ppt
CYBER CRIME pptCYBER CRIME ppt
CYBER CRIME pptSuyash Sinha
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick SurveyArindam Sarkar
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeRamesh Upadhaya
 
Cyberlaw
CyberlawCyberlaw
Cyberlawambadesuhas
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptRitesh Thakur
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSanket Gogoi
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?Mubaraka Halvadwala
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012Muhibullah Malyar
 

Más contenido relacionado

La actualidad más candente

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityBhavanaKudkyal1
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet vimal kumar arora
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick SurveyArindam Sarkar
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar ReportArindam Sarkar
 

La actualidad más candente (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimes
 
Cyber crime (2018 )updated
Cyber crime (2018 )updatedCyber crime (2018 )updated
Cyber crime (2018 )updated
 
Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet Cybercrime and its effects on personal life who uses internet
Cybercrime and its effects on personal life who uses internet
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
CYBER CRIME ppt
CYBER CRIME pptCYBER CRIME ppt
CYBER CRIME ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick Survey
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime - What is it ?
Cyber Crime - What is it ?Cyber Crime - What is it ?
Cyber Crime - What is it ?
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 

Destacado

Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012Alex de Jong
 
70-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 201270-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 2012drakoumu
 
Data center maintenance
Data center maintenanceData center maintenance
Data center maintenanceanilinvns
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanDavid J Rosenthal
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410omardabbas
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017David J Rosenthal
 
Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Adel Alghamdi
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsZeshan Sattar
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012anilinvns
 
Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Sameh AboulDahab
 
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Microsoft Technet France
 

Destacado (15)

Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012
 
What’s new in windows server 2012
What’s new in windows server 2012What’s new in windows server 2012
What’s new in windows server 2012
 
70-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 201270-410 Installing and Configuring Windows Server 2012
70-410 Installing and Configuring Windows Server 2012
 
Data center maintenance
Data center maintenanceData center maintenance
Data center maintenance
 
Windows 10
Windows 10Windows 10
Windows 10
 
Windows Server 2012 R2
Windows Server 2012 R2Windows Server 2012 R2
Windows Server 2012 R2
 
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by AtidanMicrosoft Windows Server 2012 R2 Overview - Presented by Atidan
Microsoft Windows Server 2012 R2 Overview - Presented by Atidan
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
 
Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017Introducing Microsoft SQL Server 2017
Introducing Microsoft SQL Server 2017
 
Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...Active Directory Domain Services Installation & Configuration - Windows Ser...
Active Directory Domain Services Installation & Configuration - Windows Ser...
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil Things
 
Windows Server 2012
Windows Server 2012Windows Server 2012
Windows Server 2012
 
Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012 Step by Step Installation of Microsoft SQL Server 2012
Step by Step Installation of Microsoft SQL Server 2012
 
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
Automatisez, visualisez et améliorez vos processus d’entreprise avec Nintex
 

Similar a Protecting Your Business From Cybercrime

Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101David J Rosenthal
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank ReportYogesh Kumar
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfMansoorAhmed57263
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...AwodiranOlumide
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 

Similar a Protecting Your Business From Cybercrime (20)

Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101Protecting Your Business from Cybercrime - Cybersecurity 101
Protecting Your Business from Cybercrime - Cybersecurity 101
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Hacking
Hacking Hacking
Hacking
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Digital Security and Hygiene.pptx
Digital Security and Hygiene.pptxDigital Security and Hygiene.pptx
Digital Security and Hygiene.pptx
 
DWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for NonprofitsDWP Cybersecurity 101 for Nonprofits
DWP Cybersecurity 101 for Nonprofits
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 

Más de David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleDavid J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from MicrosoftDavid J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainDavid J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldDavid J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the EnterpriseDavid J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantDavid J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active DirectoryDavid J Rosenthal
 

Más de David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 

Último

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Último (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Protecting Your Business From Cybercrime

  • 1. 1
  • 2. Agenda • Overview of Cybercrime • Cybercrime as aService • Tipsto Protect your SmallBusiness 2
  • 3. What is cybercrime? Cybercrime is criminal activity involving the internet, a computer system, or computer technology. 93 percent of all money is digital. That’s what is at risk here. –Bill Nelson Bill Nelson, Financial Services Information Sharing & Analysis Center 3
  • 4. Financial impact of cybercrime • One large company breached per month • Many small to medium sized companies are breached per week Key ways that hackers earn money: 4
  • 5. Cybercrime is big business. Cybercrime activity is at the highest, ever Insights about one group of three Blackhats recently indicted: • Stole information on 100 million people • Breached 12 companies, including • Earnings at over $100 million • Employed 270 employees in Ukraine and Hungary in just one of their illicit businesses http://www.reuters.com/article/us-hacking-indictment-idUSKCN0SZ1VM20151110 Cybercrime is more organized and motivated than at any time in history. The blackhat cybercriminal is a professional adversary. This industry has evolved with the evolution of the internet and opportunities associated with PC/computer/mobile devices. 5
  • 6. Blackhat cybercrime is a form of malicious online behavior motivated by profit and a predictable ROI What is Blackhat cybercrime? • Understanding Blackhat criminal tools, techniques, motivations, cultures, and ecosystems are critical to defending against current attacks and deterring future ones • Treating Blackhat cybercrime as a purely technological problem makes mitigation difficult and costly 6
  • 7. State Sponsored BlackhatsGrayhatsScript-kiddies The bad actors are not a monolithic group • Non-professional cybercriminals • Use crime kits to make spending money • Little to no business or technical expertise • Even though they are not professional, their impact can be significant • Treatcybercrimeasa business • Businessandtechnical expertise • Oftenworkinaclosed groupofother professional cybercriminals • Criminalreputationis everything • Theybelievetheyare offeringlegitimate services. However,their customerscanbeboth “legitimate”orcriminal • Ranasabusiness • Individualsorgroups whohackforasocial cause,without economicmotivation • Havebothtechnical peopleandfollowers • Nationalsecurityand/or economicmotivation • Technicalexpertise • Workinaclosedgroupof otherprofessionals • OftenuseBlackhat resourcesand/or techniquestomasktheir identity Some elite Blackhats, some elite hactivists, and most state sponsored actors use “APT” techniques Hactivists
  • 8. The cybercrime problem is broad, and getting worse • More professional cybercrime services make it easier for would-be attackers to become cybercriminals • Many cybercriminals don’t need technical abilities when entering the world of cybercrime • In many regions, it is socially acceptable to steal from victims on the Internet • The line is blurring between state sponsored attackers and cybercriminals • Elite teams of attackers that have the same resources, skills, and patience as state actors 8
  • 9. It has never been easier for new entrants into the market Chinese Gmail account creation tool, interfaces with SMS and CAPTCHA solving services Cybercrime as a Service (CaaS): Crimekits and services available Russian checker Private Keeper. It is a universal checking tool supporting 17 different web services (PSN, PayPal, Skype, Twitter, etc.) and many email providers. It has an IMAP/POP3 server editor that supports “almost any email service” and allows users to parse the content of messages and check email accounts validity Account CheckersTools to create abuse accounts
  • 10. Cybercrime as a Service (CaaS): Market for freshly infected PCs to push malware to It has never been easier for new entrants into the market
  • 11. Cybercrime as a Service (CaaS): Market for freshly infected mobile devices to push malware to It has never been easier for new entrants into the market
  • 12. How kits are used • A botnet is a network of devices infected with malicious software that is centrally controlled • “Good” malware cannot be detected by users • It holds your PC or files for "ransom.” • Prevents you from using your PC • Victim has to pay to regain access • Campaigns can include spam, SMSishing, Vishing, etc. • The intent is to trick the user into giving up their password, account recovery information, or PII Botnet Phishing Ransomware
  • 13. • Defenders must not rely on your users doing the right thing at the right time • Be proactive, prevent the attack, and prevent the attacker from predicting their ROI • This can include monitoring for their probes and enabling defensive measures to act between their probes and attack Considerations when combating cybercrime To be successful in Cyber defense, one needs to know what are effective and durable mitigations
  • 14. Tips to keep your Business Safe 14
  • 15. 1. Strengthen your computer’s defenses ➢Keep the firewall on (work, home, public networks) ➢Install legitimate antimalware software (http:/aka.ms/wkactd ) ➢Keep software up to date (automatically) 1 statistics noted from Flexera software 1 15
  • 16. ➢ Train your users to use malware and phishing protection in their browsers. ➢ Keep Antivirus on and updated 2. Don’t be tricked into downloading malware 16
  • 17. 2. Don’t be tricked into downloading malware Think before you click Confirm that the message is legitimate Close pop-up messages carefully Ctrl F4 17
  • 18. 3. Protect company data and financial assets Encrypt confidential data Use rights management solutions to handle sensitive data Train your users to identify scams and fraud Use HoneyTrap accounts in your domain. Notify on successful and unsuccessful logins Use HoneyTrap documents. Notify on successful and unsuccessful access 18
  • 19. Look for telltale signs Think before you click Keep sensitive information private Train employees to identify socially engineered attacks www.snopes.com 3. Protect company data and financial assets How to evade scams 19
  • 20. 4. Passwords. Keep them strong, private, and don’t reuse them 20
  • 21. Guess which passwords are strong? WEAKSTRONG Password106/04/79Advan!age0us!$wanR!ceRedD00r510152025MsAw3yO!D SwanRiceRedDoorAdvantageous!My son Aiden was 3 years old in December 4. Passwords. Keep them strong, private, and don’t reuse them 21
  • 22. Protect your accounts and passwords Make passwords strong (still needed) Keep them private (don’t share among users) Use unique passwords for different websites Limit use of employees using corporate e-mail accounts as their identifier on third- party website Defend against checkers Enable disabling accounts on too many invalid login attempts Don’t use insure interfaces (e.g. unprotected POP/IMAP/SMTP) Monitor for brute force and snowshoe checkers 4. Passwords. Keep them strong, private, and don’t reuse them 22
  • 23. 5. Guard data and devices when you’re on the go 23
  • 24. Connect securely Confirm the connection Encrypt storage on mobile devices Save sensitive activities for trusted connections Flash drives: watch out for unknowns and disable auto run Enable features like Work Folders and cloud storage to manage work data on mobile devices HLTONHOTELS.NET 5. Guard data and devices when you’re on the go 24
  • 25. What to do if there are problems Have a predefined process and checklist to identify company identities, data, services, and applications on the device Report abuse and other problems Immediately report phishing Immediately report missing devices or theft of company data Change all passwords Wipe mobile phones 5. Guard data and devices when you’re on the go 25
  • 26. Use this interactive risk assessment tool to select all threats your company might face and estimate the cost of each. This worksheet will then calculate the total cost and provide countermeasures you can take to protect your company. Let’s assess your security risk STRONGhttp://aka.ms/knowyourrisk Time: 10 min 26
  • 28. Contact us for additional information & deployment offers David.Rosenthal@razor-tech.com