2023

CYBER SECURITY

Fatma DEMİR
FD
28.01.2023
Hello, I'm Fatma Demir. I prepared a report about the Cyber Security seminar
where Ozztech founder Özen Özer shared the information I attended on
December 21, 16.00 at Üsküdar University Main Campus.
Topics:
1.Purpose of Cyber Security Awareness Training
2. Information Security
3. Social Engineering
4. Web Browser Security
5. Mobile Device Security
6. I was hacked. What should I do?

1.PURPOSE OF CYBER SECURITY AWARENESS TRAINING

With the developing technology and increasing use of the internet, many cyber
security risks occur. The first step in preventing these risks is to be aware of the
cybersecurity risks that may arise.

In this seminar, we will learn about the basic concepts of information security,
the amount of virtual information produced in a day, the well-known mistakes
about cyber security, the threats we face in terms of cyber security and the
security measures that can be taken against these threats, information
security, password security, social engineering, web browser security, mobile
device security and social engineer security.

2. INFRORMATION SECURITY
Information security is to prevent unauthorized or unauthorized access, use,
alteration, disclosure, destruction, transfer and damage of information.
Information security is not something that happens with a person's software. It
should be a team effort.
Password Security:
 To access a system is a sequence of letters, numbers. The difference between
the password and the initials is that the password is the policy. Passwords
should consist of complex strings for security. Because when you put a letter
from the extra in your password, the year of breaking the password increases.

2.SOCIAL ENGINEERING
Social engineering is about targeting people when you can't hack a computer.
It is actually an art of manipulation.
It is the most successful type of attack in the world.
Types of Attacks:
A. Baiting Attack:
The curiosity of the k urban is used. The scammer waves baits at the
victim by sending urgent alerts, using tempting offers and promises.
Example: Gifts from homes or businesses that come in the name of
Netflix.

B. Scareware Attack:
In the Malware Attack (Scareware) technique, victims are exposed to
false alarms and imaginary threats. For example, on the website, even
if your computer does not have a virus, you will come up with a pop-
up such as "your computer may be infected with x virus".

C. Phishing Attack:
It is one of the oldest, most common, and most effective attack
techniques. This attack technique sends gifts, discounts, or other
enticing and intriguing fake messages to victims' e-mail accounts and
intercepts the victim's information when they click on malicious links.

D. Spear Fishing Attack:

Unlike comprehensive, random phishing, it is a targeted attack. They
target specific individuals or businesses and, accordingly, adapt to the
characteristics, environment, and business position of their targets to
make the attack more believable.
 E. Mysterious Guest Attack:

How Can We Protect Ourselves from Social Engineering Attacks?

1. Don't open emails and attachments from suspicious sources.
2. Do not use digital media products that you do not know.
3. Use dual authentication.
4. Keep antivirus/anti-malware software up to date.
5. Pay attention to guests coming to your property.

3. WEB BROWSER SECURITY (UNDERUTILIZED)

Web2.0 refers to the version of the internet that many of us know today. An
internet dominated by companies that provide services to you in exchange for
your personal data. Web3.0, on the other hand, in the context of Ethereum,
refers to decentralized applications running on the blockchain. (Metaverse).

If the information you enter in the search engine does not lead to the right
site, you can track it from the traffic. Because there is a possibility that you will
enter a cloned site.

What is an insecure communication path?

 Entering sites that have an http protocol instead of https. The 's' here
represents the credibility of the site.
 Using weak passwords when registering on websites.

4. MOBILE DEVICE SECURITY

a. Antivirus must be installed on the device.
b. A firewall must be installed on the device.
c. The device must be able to be controlled remotely (wipe, locate, lock sim
card).
d. The software installed on the device must be controlled.
e. Must be able to generate alarms when new software is installed on the
device.
f. The data on the device must be kept encrypted.
g. A different place on the device where corporate data stops must be defined.

5.SOCIAL MEDIA SECURITY

Don't Open Every Message: The simplest way to protect yourself from fake
messages or links to your mailbox is not to open them!
Your Password/Password Must Be Strong: Never opt for easy
passwords/passwords such as date of birth, year of birth, names of your
children, etc.
Be Careful in Choosing Friends: It is necessary to pay attention to the choice of
friends in social media as in real life. Fake profiles pose a serious risk to social
media. When choosing the people to follow, it will be useful to follow the
accounts that will contribute to us.
Log Out When You're Not Using Social Media Platforms: By choosing to log
out when you're not using your social media accounts, you'll make your
account more secure.

6.I'M HACKED, WHAT SHOULD I DO?

1. Disconnect the cable.
2. Export the hard disk.
3. Back it up.
4. Start Over.
5. Scan again.
6. Change your password.
In conclusion, learning cybersecurity is a branch that must be learned in the
new age to protect yourself and your family from people's malicious activities.