Professional Documents
Culture Documents
Public - Cybersecurity Awareness Presentation
Public - Cybersecurity Awareness Presentation
Awareness
Tips To Protect You And Your Data
CONTENT BY PRESENTED BY
Your info
and/or
www.treetopsecurity.com company logo here
From the makers of Peak. Protecting small businesses using
affordable, comprehensive, and common sense defenses.
1
TreeTop Security - CAT - v1.1
# whoami
● Tell the audience about yourself
○ Where you work
○ Background
■ Education
■ Work experience
○ Why you are doing this
○ Why you like volunteering
3
TreeTop Security - CAT - v1.1
About this presentation
Slides available at
https://www.treetopsecurity.com/CAT
13
TreeTop Security - CAT - v1.1
Keeping your system up-to-date
● Operating Systems
○ Microsoft Windows, Apple MacOS, Linux
○ Windows 7 end of life was January 2020
● Anti-virus
○ Update to the latest definitions to ensure
protection against the latest threats
○ Symantec/Norton, McAfee, Windows Defender,
Avast, and many others!
14
TreeTop Security - CAT - v1.1
Don’t forget!!!
● Browser - your portal to the internet
○ Chrome, Firefox, Opera, Edge, Safari, etc.
○ Internet Explorer (Not recommended)
● Mobile devices - cell phones & laptops
● Internet of Things (IoT) - Alexa, Google Home,
thermostats, doorbells, surveillance system, light
bulbs, smart locks, pet feeder, health monitors...
This could keep going forever!
15
TreeTop Security - CAT - v1.1
All
About
Passwords
16
TreeTop Security - CAT - v1.1
17
TreeTop Security - CAT - v1.1
Managing Passwords
● Keep your passwords in a secure location
○ Don’t use paper or sticky notes
○ Don’t store passwords in clear-text on
your computer - Word, Excel, etc.
● Utilize a password manager (aka vault)
○ LastPass ○ KeePass ○ 1Password
● Benefits of a password manager
○ Single password to remember them all
○ Encrypted storage of passwords
○ Auto-fill username/password on websites
○ Sync between desktop, laptop, and mobile
18
TreeTop Security - CAT - v1.1
Password Tips
● Avoid using items that can be associated with you
○ Address ○ Child names
○ Phone numbers ○ Birthdays
○ Pet names ○ Sports teams
● Separate passwords for every account Possible with a
● Auto-generated, unmemorable password manager
Passwords shared Passwords shared One password for all Passwords are too
with colleagues with household accounts “simple”
19
TreeTop Security - CAT - v1.1
Passwords vs passphrases
● Useful when passwords must be typed in
● Should not be easy to guess
○ At least 12 Characters, but 15 or more is far better
○ Length is better than complexity (passphrases)
○ Bad password (8): P@ssw0rd
○ Great password (24): MysonwasbornNovember1995!
23
TreeTop Security - CAT - v1.1
Is the link safe in 4 steps
1. Verify 4. Click
04
Were you expecting to If it passes the three
receive a link? previous tests, it
○ Not just email! should be okay to
○ Social Media browse to
○ SMS/iMessage 01 03
2. Hover 3. Sniff test
24
TreeTop Security - CAT - v1.1
Easy to recognize scam
Hacked or
spoofed email
from someone
you know
Source: CNN
28
TreeTop Security - CAT - v1.1
Shortened or obfuscated links?
● Instead of 300 characters, the link is reduced to 15 characters
Bit.ly
TinyURL
Extremely common and helpful, but...
Abused by criminals to hide malicious websites
Link expander
www.linkexpander.com
29
TreeTop Security - CAT - v1.1
Hover is your friend
92% of malware is
delivered by email
31
TreeTop Security - CAT - v1.1 Source: CSO Online
Email Attachments Attachments in Microsoft Outlook
● Seasonal/holidays
○ Order & delivery issues
○ Tax issues
35
TreeTop Security - CAT - v1.1
Phone Scams
● Social engineering, what is it?
○ Make the caller provide verification
○ Hang up & call back published number
● Phone numbers can be easily spoofed
○ Banks & credit card companies
○ Medical & insurance
○ IRS or past due account balance
○ Robocalls
● Other common phone scams
○ Grandparent Scam
○ Tech support - Microsoft, Apple, Dell,
etc. will never contact the average user
“out of the blue” 36
TreeTop Security - CAT - v1.1
Phone scam example
Hi! This is Kathleen from Microsoft. We have been trying to get in
touch with you. However, we will be disconnecting your license
within 48 hours because your IP address has been compromised
from several countries. So we need to change your IP address and
license key. So please press 1 to get connected…
○ Sense of urgency
○ Purposefully confusing
Red flags?
○ Expected call from Microsoft?
38
TreeTop Security - CAT - v1.1
USB Drives & More
● Do NOT connect unknown or
unauthorized media (or devices)
● Programs can run when plugged in
without you doing anything
● Examples
○ USB/flash drives
○ SD or micro SD cards
○ CDs or DVDs
○ External hard drives
○ Cell phones <- Often forgotten
39
TreeTop Security - CAT - v1.1
Encryption
● Can help protect your data
● Can also “help” an attacker, e.g. ransomware
● Protecting data sent or received
○ HTTP vs. HTTPS
○ Wireless -> WPA2 (AES) recommended
● Protecting devices
○ Helpful if device is lost/stolen
○ Often associated with phone
PIN/passcode
○ Microsoft Windows - BitLocker
○ Apple MacOS - FileVault
40
TreeTop Security - CAT - v1.1
Internet Safety Quick Tips
● Never install anything based on a
Do NOT assume a site is legitimate
pop-up when visiting a website simply because of the green padlock
● “Trusted” websites can & have
hosted malware, aka malvertising
○ Local news?
○ WSJ, Forbes, ESPN, Yahoo,
etc.
○ Limit browsing to business
relevant sites?
● Avoid public: Wi-Fi, computers
(hotels, libraries), charging, etc.
41
TreeTop Security - CAT - v1.1
Internet Privacy
● Data is the new gold -> your data is valuable!
If you’re not paying for it, are you the product?
Data analytics & predictive results
Examples: advertising & insurance rates
Are you oversharing?
Default privacy settings on social media
Vacation photos & “checking-in” (location sharing)
Thieves see that information also
Would you be comfortable telling people on
the street?
42
TreeTop Security - CAT - v1.1
More Resources
● Don’t stop here!
Attacks change, continue learning
Help educate others
When in doubt, ask questions
Your IT department? ○ Me?
Your IT provider?
Additional Resources
SANS Ouch! Newsletter (free)
https://www.sans.org/security-awareness-training/ouch-newsletter/
TreeTop Security - Cybersecurity Awareness Training (free)
Slides, feedback, quiz, & certificate of completion
https://www.treetopsecurity.com/CAT
43
TreeTop Security - CAT - v1.1
Questions?
Your info
and/or
company logo here
45
TreeTop Security - CAT - v1.1