Cyber Security Awareness Program.pptx

Cyber
Security Awareness
Program -ISMO
SECURITY BEST PRACTICES…….
STANDARD….. NON STANDARD

Basic InfoSec……..?
 Introduction…? My Self …… Yourselves……
 Let us stop fussing…….! And see $whoami C:>whoami
 Safety is not a slogan, it’s a way of life
 Start with YOU and ends with YOU.
 Skip these intros and lets see WhatsApp ? What's up in InfoSec World..
 Current ongoing in Cyber/Information Security Arena …..!
 Look for Threat post , the hacker news….
 Still need explanation…… think…..Back to Basics….
 Normal User ……. Get more on google..
 Information Security Standards (ISO/IEC 27001-2013 ISMS)
 11 Domains, 30 Control Objectives, 130 + controls to adopt an international Standard and certification of ISO/IEC-
27001-2013
 Center for Internet Security- Benchmarking for security of the various IT System..
 How to harden OS/Server/Firewall/Router/Switches.

InfoSec/Cyber Security. Start/End….
You/Me/We…!
 Basic Practices of System (PC/Laptop/Desktop) handling …..
 Start at ….? End up with……? Observe….Cautiously….!
 Windows user Task Manager/Even Viewer…. Need more… !
 https://docs.microsoft.com/en-us/sysinternals/downloads/
 Linux user much more to look @ ps aux/ufw /netstat/system monitor.
 End of the working day …..Disconnect (Physically)

Types of organizations…..
THERE ARE ONLY TWO TYPES OF ORGANIZATIONS
Those that have been hacked,
And those that will be.

Cyber Security Threat Landscape..
 92% of the Indians/ youth was found to have shared private information online
despite being aware that this is risky.
 53% of youngsters trust the virtual world and interact with strangers.
 51% of those polled didn’t care about their online privacy at all.

Lime Lights of Today may can be….
Password Security
USB Device Security
Data Protection and Destruction
Email Security & Phishing Awareness
Protecting Against Ransom Virus
URL and Safer Web Browsing
Safe Social Networking
Mobile Device Security

Threats identification…..Trailing ….
 Does your screen name identify you as your actual name…? Administrator…?
 Have you ever posted any personal information of yours or anyone else without explicit consent?
 Have you ever uploaded your picture of sensitive area of organization, wihtout prior consent of
management.
 Have you ever filled out online forms, questionnaires, profile pages considering your official profile ?
 Have you ever purchased anything online while sharing your credit /debit cards number insecurely?
 Have you ever shared your passwords with someone other ?
 Have you ever downloaded and installed software without consulting your team mate.
 Have you opened emails from total strangers?
 Have you ever agreed to meet in person someone you have only met online?
 Have you ever been involved in chat sessions with people using vulgar expressions or sexually explicit
language?

Information Hacking History
 The first recorded cyber crime was recorded in the year 1820.(France) Loom
Device.
 The first spam email took place in year 1978 when it was sent over the Arpanet.
 The first Virus was installed on an Apple Computer in year 1982.
(Rich Skrenta wrote first Elk Cloner virus)
(On every 50th boot the Elk Cloner virus would display a short poem)

Cyber Crime Includes…..
 Illegal Access/ interceptions.
 System/Data Interference,
 Misuse of Device,
 Hacking.
 Denial of Services.
 Virus Dissemination.
 Cyber Terrorism.
 Software Piracy.

Hacker & Types of Hackers….
1) White Hat – Good guys. Report hacks/vulnerabilities to appropriate people.
2) Black Hat – Only interested in personal goals, regardless of impact.
3) Gray Hat – Somewhere in between.
Script Kiddies
 Someone that calls themselves a ‘hacker’ but really isn’t
Ethical Hacker
 Someone hired to hack a system to find vulnerabilities and report on them.
 Also called a ‘sneaker’

Security…. Password…
Why would someone wants to steal your password ?
Passwords are the only keys that prevent unauthorized
entry to many systems.
Password Security Preventions –
1. It should be separate for diff-2 email accounts.
2. Don’t ever reveal your passwords to anyone.
3. Write down in a secure location.
4. Change your passwords if compromised suspected.
5. Add Complexity to passwords .
6. Last but not least for Banking related…Forgot the Password…only if….?

How to Make password more Secure…
 Choose at least 8 characters, including:
- Uppercase
- Lowercase
- Numbers
- Symbols such as @#$%^&*()!~’”
 Avoid simple words
 Don’t pick names or nicknames of people….Notice……!
 Don’t include repeated characters
 Avoid your special person’s like BF/GF name 
EXAMPLE: 0mBhUrBhur@v3Sw@h
Note: for Organizations pls always refer a password policy for life cycle of Information
system.

Security…… USB Devices….
USB flash drives are hard to track physically, being stored in bags,
backpacks, laptop cases, jackets or left at unattended workstations.
 STUXNET (Siemens ICS-SCADA, Programmable Logic Controller)
A survey shows end users most frequently copy:
- Customer Data (25%)
- Financial Information (25%)
- Business Plans (15%)
- Employee Data (13%)
- Source Code (6%)

Securing USB Drives…….
- Manually save files with a password.
- Avoid Direct Plug-Ins. (Hold a Shift key and then attach)
- Lock your flash drive with USB Safeguard.
- Encrypting the drive with third party tools like True Crypt.
- Ensure that all USB devices are checked for malware before
they are connected to the network.

Data Protection….
Computer data security is the process of preventing and detecting unauthorized
use of your computer data.
It is concerned with 4 main areas – (CIA)
 Confidentiality
 Integrity
 Availability
 Authentication

System Security Tools/ Websites
Tool - FileAnalyzer
Tool - ComboFix
Tool - Comodo Firewall
Tool - Process Explorer
Tool - Sandboxie
Website - Virustotal.com
Website - Nosharescanner.com

•Linux was originally built by Linus Torvalds
at the University of Helsinki in 1991.
•Linux is a Unix-like, Kernel-based OS.
•Flavors – Redhat, Fedora, Ubuntu,
Backtrack, Debian, BSD, Suse, Slackware.
Windows/Linux…
First version of Windows – Windows 3.1 released in 1992 by Microsoft.
Windows is a GUI based operating system
Flavors – Windows 95, 98, ME, NT, XP, 2000, 2003, Vista, 7, 8, 8.1, 10. expecting 11

Virus Attack…. Symptoms….
 Processes take more resources and time.
 Computer beeps with no display.
 Drive label changes.
 Unable to load OS.
 Computer slows down when program starts.
 Anti-virus alerts.
 Computer freezes frequently or encounters error.
 Files & Folders are missing.
 Hard Drive is not accessible.
 Browser window freezes.

Security … Email…. Why….?
Email is important because it creates a fast, reliable form of communication that
is free and easily accessible.
Basic Reasons of attacks on Email Accounts –
- When one discloses his or her password to other person.
- Forgetting to logout from public computers.
- Lack of awareness about legal remedies to sue a bad man.

Securing….Email…….
To scan email headers – http://cyberforensics.in
For Latest Email Scams – http://hoax-slayer.com
Tips:
 Use a wacky email address
 Don’t recycle your password
 Know how to catch a phish
 Don’t use free Wi-Fi
 Never open any Spam/Junk Email

Ransomware….. What……?
 A Ransomware is a type of malware that locks your files, data or the PC itself and
extorts money from you in order to provide access.
 Ransomware is considered “scare virus” as it forces users to pay a fee (or ransom)
by scaring or threatening them.
Example: cyberware, wannacry, petya
For more info, www.yeahhub.com

Securing …. Ransomware……
 Backup your data.
 Show hidden file extensions.
 Filter EXEs in email.
 Disable file running from AppData/LocalAppData Folders.
 Disable RDP (Remote Desktop Protocol).
 Patch or Update your software.
 Disconnect your Wi-Fi or unplug.
 Use System Restore to get back to a known clean state.
 Set the BIOS clock back.
 Google the leaked private key.

Safe Surfing of Internet…. Browsing
Secure web browsing is a game of changing tactics. Just when you think you’ve
made your computer as safe to use as possible, the landscape changes.
Always use HTTPS for banking
transactions.
Builtwith.com, who.is, centralops.net

Safe Browsing ..to do…Please
 Don’t download free media.
 Don’t store your payment information online.
 Don’t over share personal information on social media accounts.
 Change passwords regularly.
 Keep your browser software up-to-date.
 Run Anti-Virus software.
 Scan downloaded files before executing.
 Watch out for phishing.
 Don’t Reuse Passwords.
 Use HTTPS for banking transactions.
 Read Privacy Policies.
 Avoid Public or Free Wi-Fi.
 Disable Stored Passwords.

Social Networking….. Glance…
 Today’s world is a global village. Everyone is connected to one another in this vast network
generated by network.
 Till date, the world’s largest social networking company, Facebook has 340 million active
users in INDIA (2.85 billion world wide), and the no. of users are increasing every year.
70% - Ages 18-29 Years
77% -Ages 30-49 Years
73% - Ages 50-64 Years
50% -Ages 65+ Year
Total of 77% Women verses 61% Men

Securing Social Networking..
Lets not do it…….!
 Never post illegal activities.
 Avoid Bullying others.
 Don’t trash your Seniors/mentors/ Colleges.. And more…..
 Don’t post objectionable content from organizational networks.
 Don’t post confidential information.
 Don’t overlay specific location check-ins.
 Never rely on privacy settings 100%.

Facebook Security….
 Koobface (2009) – A Must see viral video
 Zeus – Botnet
 LikeJacking – Fake Likes
 Facebook Black – JS Malware
 Who Viewed Your profile? – Browser Hijacking
Security –
1. For Account Recovering - https://facebook.com/hacked
2. To Report anything - https://www.facebook.com/help/contact/
485974059259751
3. About Safety Check - https://www.facebook.com/about/safetycheck/

Security…Mobile Device(Android)
1) Do not save all of your passwords
2) Use Android in-built security
3) Lock your apps (Ex. App Lock)
4) Importance of App Permissions
5) Securing your network (Ex. Hideninja VPN, Wi-Fi Protector)
6) Use Mobile Security App
7) Create Multiple User Account to protect privacy
8) Prepare a Backup of your data
9) Enable Remote Wipe (Ex. 3cx Mobile Device Manager)
10) Track your lost device (Ex. Where’s My Droid, Plan B, SeekDroid Lite,
AntiDroidTheft, Prey AntiTheft)

Security Best Practices….
1) Use antivirus software (AVAST, AVG…..)
2) Insert firewalls , pop up blocker (Windows, Comodo)
3) Uninstall unnecessary software (Adwares)
4) Maintain backup (Weekly/Monthly)
5) Check security settings (Netstat)
6) Use secure connection (HTTPS)
7) Open attachments carefully
8) Use strong passwords , don’t give personal identifiable
information (PII) unless required.

Some Promises to keep while…. On
internet….
1) I will make my organization secure while using given resources securely
2) I will not submit any of my organization information in public forum.
3) I will segregate my duty and social life on internet.
4) If anyone endorsing me to spread information, please don’t forward it without
verification or trust.
5) I will change password of my sensitive information (personal/official) on
domain of internet/Intranet.
6) I will put my system offline (disconnect form network) if I am not using it..
7) I will contact ISMO/ISO if I found something malacious to IT system of My
organization.

Thanks….. But No thanks….
The only system which is truly secure is one which is switched off and
unplugged ,when it is not in use. But otherwise to be safe is Pay
attention and Act smart.
{ Any Enquiry keep in touch with ISMO/ISO }
https://haryanaismo.gov.in
Information Security Management Office, Haryana

Cyber Security Awareness Program.pptx

More Related Content

What's hot

Similar to Cyber Security Awareness Program.pptx

Recently uploaded

Cyber Security Awareness Program.pptx