Cybersecurity awareness for the masses 2025
MastersonByorn
0 views
56 slides
Oct 12, 2025
Slide 1 of 56
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
About This Presentation
Cybersecurity awareness for the masses
Slide Content
Cybersecurity Awareness
Goals
What is Cybersecurity? Cybersecurity is the practice of protecting computers, mobile devices, electronic systems, networks, and data from malicious attacks. In other words: Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
Why Should You be aware of Cybersecurity? In today’s digital world, we cannot ignore cybersecurity. A single security breach can expose the personal information of employees, project participants, donor details, and financial data of the organization. These breaches have a strong financial impact on the organisation and result in the loss of the trust of donors. Pandemic, cryptocurrency, and the rise in remote working are coming together to create a target-rich environment for criminals to take advantage of. Hence, cybersecurity awareness is very essential to protect organisational and individual data from spammers and cybercriminals.
Types of Attack
Types of Attack… Every attack has a motivation; the primary motivation for attacks is money. Hackers breach the system and demand a ransom from the victims. Other motives include a financial loss to the target, attaining a state's military purpose, harming the target's reputation, or political manipulation. The main five types of attacks: Distributed denial of service( DDoS ) Man in the middle Email attacks Password attacks Malware attacks The DDoS and MITM will note be cover in this sessions.
Phishing A phishing attack is a category of cyber-attack in which hackers send messages pretending to be a trusted person or entity. Phishing messages influence users, causing them to perform actions like installing malicious files, clicking harmful links, or exposing sensitive information such as bank account credentials. This message can be sent to the target via emails, messaging applications, or even SMS services.
Prevention from Phishing Attacks
Prevention from Phishing Attacks… Email Authenticity: Always double-check the source and contents of a sensitive email that requests private information. Checking the sender's address, whether from a bank or a shopping website, is the first step in safeguarding oneself.
Prevention from Phishing Attacks… HTTPS Websites: Users must make every effort to only visit websites with an HTTPS certification. In addition to being less likely to be phishing websites, it is more difficult to launch network attacks on such secure websites.
Prevention from Phishing Attacks… Avoid Pop-Ups : One must avoid following random pop-ups that advertise games or enticing monetary rewards for clicking on them. Designed to dupe innocent users, these pop-ups are primarily used to inject malware into a target system or steal important credentials.
Prevention from Phishing Attacks… Password Rotation: To ensure the best security of our data, you must change our passwords every few months. For example, even if a phishing website successfully obtains some credentials, there is a good possibility the target has already reset the compromised password.
Email Attacks
Spam Emails Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets, networks of infected computers.
Email Attachments Email attachments are one of the most common ways to get viruses or malware. Even though an attachment might look like a document Excel file.PDF etc. it might contain a virus or malware. A significant number of people open attachments from unknown email addresses. But it's critical that if you don’t know who an email is coming from then don't open or download the attachment. Download these attachments only if you are sure that it is a legitimate email.
Password Attacks
Dictionary attack & Brute force To crack a password or find a password, hackers use these techniques: Dictionary attack: In this method, hacker handle every password that is possible through the dictionary. Brute force: This is a trial and error method used to decode the password or data. This attack takes the most amount of time.
Key Logger As the name suggests, a key logger records all keystrokes on a keyboard. Most hackers use key loggers to get passwords and account details .
Shoulder surfing The attackers observe the user’s keyboard by looking over the user’s shoulder.
Rainbow table There are rainbow tables that contain precomputed hash values. Attackers use this table to find the password of the user.
Tips for Password Safety Make sure to use unique passwords across all websites and applications. Enable and utilize 2FA, or two-factor authentication, on all websites that allow it. When you're creating security questions, make sure to choose unique, non-true answers, so you don't have to worry about someone resetting your password by knowing information about your personal life, or finding information on your social media accounts. If a data breach does occur, make sure to fully change your password, not just the number and symbol, and make sure to change your security questions as well.
Search Engine Safety Search engines are being used by users to ask any question they can think of. People write in questions about how to do their duties at work, seek up formulas and terms, plan projects, download documents and templates that have already been customized to their needs, and much more. The problem is that some users click on search results without first checking to see if the website is legitimate. Additionally, social networking sites frequently experience this. They click on the link because a friend posted something because they believe it to be secure.
Tips for Safe Search Stick to clicking on sites on the first page of results. After you start going past the first page, start being very cautious about things that you click on, because that’s when you're getting results that are not as reputable, not as commonly clicked on, and don't have as much related content. Be careful when clicking on non-name recognizable sites as you don't know where it's going to take you. Be very careful when you're downloading anything that says that it's free, because even if it is actually free and it is a legitimate download, they might put something on your computer that you didn't want, or something that is malicious.
Malware Attacks Malware: This is a malicious program or software that disrupts or damages the computer.
Virus A computer virus is a malicious code that replicates by copying itself to another program or document and changes how a computer works. The virus requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator.
Worm A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems. A computer worm duplicates itself to spread to uninfected computers.
Malware's Functions Overwhelming system resources: Malware, especially worms, can spread around and overwhelm a system or network. Some malware creates so many folders that no memory is left and slows a computer down.
Malware's Functions… Creating a backdoor: Explanation by an example: Microsoft sends updates every Sunday on all Windows platforms. How do these updates reach to your Windows OS? They create backdoors from where they can send updates. Similarly, hackers create backdoors from where they can continuously send viruses after getting into a system.
Malware's Functions… Disabling security functions: Some malware can disable antivirus software, as well as security updates. This malware tends to last longer because there is no security to stop it. They tend to keep the system vulnerable to other malware.
Malware's Functions… Creating botnets: Hackers make botnets by purely coding. A botmaster controls botnets, and they are usually used to crash websites. Botmaster tells all botnets to flood the website by accessing the website at the same time.
Sources of Malware
Sources of Malware Removable media, like Pen drive, CDs, and DVDs. Viruses can be hidden in document files with the .exe extension. As soon as you open them, the virus activates. If you download from untrusted websites, there may be chances that those files will contain viruses, and as soon as you open them, the hacker might get access to your system. If the network is unsecured, then it can be accessed by anyone. Never open email attachments unless the sender can be trusted. These files may contain viruses to create backdoors. Never click on ads that you don’t trust. They are created so that you can click on them, and hackers will receive details about you.
Data Backup Data backup involves creating copies of data to secure and protect it from loss or damage. Data can exist in various forms, including documents, images, audio files, videos, and databases. Backing up data plays a crucial role in maintaining business continuity by providing access to critical information when needed.
Data Backup Local Backup: Local backups provide a practical means of safeguarding data against cyber threats. They are easy to set up and ensure the availability of an extra copy of important files stored securely in case of unforeseen events. Local backups can be performed on same computer different drive and storage devices like external hard drives. Cloud Backup: Cloud backup is an increasingly popular form of data backup, offering secure storage accessible from anywhere in the world.
CYBERSECURITY AWARENESS Agenda: Introductions Current Local Trends Common Types of Cyber Attacks Best Practices Resources Questions
Introduction to Cybersecurity Cybersecurity is the process of protecting your digital information and computer systems from cybercriminals. Cybercrime can impact all businesses and organizations regardless of size The average cost of recovering from a cyber incident was over $1.8M in 2022 (Forbes) Cybersecurity awareness and implementation of best practices can help protect your organization
State of Cybercrime National Trends: In 2022, over 800,000 complaints were received by the FBI’s Internet Crime Complaint Center (IC3). This is a 5% decrease from 2021. However, the total loss as grown from $6.9 billion in 2021 to more than $10.2 billion in 2022. Ransomware continues to be the #1 threat which is facilitated by phishing attempts. Phishing attempts are increasing with the use of ChatGPT Supply chain attacks are a major concern - SolarWinds Attack has over 30,000 victim organizations to date Data Breaches - average cost of remediation is $4.5 million Cloud Security Misconfiguration is a growing trend - If you store your data in the Cloud, you may still be responsible for its security Cryptojacking has decreased recently due to the devaluing of cryptocurrencies. San Diego County alone lost $80 million in 2022 Threats from Nation State Actors is on the rise - Russian, North Korean, Iranian and Chinese - affiliated groups are using ransomware to fund war, nuclear programs and gather intelligence. San Diego Trends: Non-payment/non- delivery scam is #1 - over 28,000 instances in 2022 Personal Data Breach - over 8,000 instances Investment impersonation scam - over 4,900 instances Extortion (Ransomware) - 4,700 instances Tech Support - 4,400 instances Keep your systems up to date! Validate and Verify!
Common Types of Cyber Attacks Phishing A social engineering scam where the hacker lures the victim to provide information such as account numbers or passwords. They may pose as a coworker or friend using email, phone, or text. Ransomware Ransomware is a type of malicious code (malware) designed to encrypt files. The cyber actors then request ransom to restore the files. Ransomware can be delivered in an email, text message, or by clicking a malicious link. Email Compromise Business email compromise occurs when a hacker takes control of someone elses email account. They are then able to read emails and often spread malware using the compromised address book. EFT Fraud Electronic Funds Transfer Fraud occurs when a fraudster posing as someone else such as a vendor redirects payments to their accounts. They may use business email compromise to intercept emails from a business for this purpose. Network hacker attack This would typically occur to a business’s: marketing website employee/partner portal e- commerce website The main security issues are: services missing patches application misconfigurations
Cyber Security Best Practices Security is a layered approach There is no “Silver Bullet” Like any security system, there needs to be multiple means of protection (Think Castle) This briefing is a good start, but NOT all inclusive …
Cyber Security Best Practices For more detailed security guidance: Use a security framework* CIS 18 Critical Controls https://www.cisecurity.org/controls/cis- controls- list NIST 800-53 https://nvlpubs.nist.gov/nistpubs/SpecialPublications /NIST.SP.800- 53r5.pdf NSA Best practices for security home networks https://media.defense.gov/2023/Feb/22/200316517 0/-1/- 1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOU R_HOME_NETWORK.PDF *These assume a surprisingly high level of understanding of cyber and IT. If needed, ask your IT expert for help!
Cyber Security Best Practices Best practices - Overview: Have a plan (Incident Response Plan) - If you don’t have a plan on where you are going … Identify who is responsible for security and have a backup person as well Create a contact list: Know who in your organization to work with (Executive team, Legal, RISK, IT) and when. Other important entities: Law Enforcement coordination center - for reporting and incident assistance, IC3.gov (FBI reporting) Key Vendors contacts and phone #s MSP (Managed Security Provider) - A contracted security provider monitoring your systems Buy cyber insurance Use a managed security provider (MSP) - if you can Know which systems are most important to your organization and what is in place to protect them! Educate your users (online training is available, some for free) Keep systems patched, use multi- factor authentication, ensure you have firewalls, anti- virus, endpoint security and other security software in place and monitored “Think before you click” Have good backups and TEST them We will explain some best practices in the following slides:
@fterTheB3@chW33@tBurritos Complex Passwords The longer a password is, the harder it is to crack. A current length of 12 characters or greater is recommended. The password should contain: a combination of special characters numbers upper- case lower- case letters
Multi Factor Authentication (MFA) MFA requires a minimum of two pieces of information to access a system such as a password and a code texted to your phone. What about just complex passwords? (haveibeenpwned.com) MFA/2FA - Effective means of protecting your access REQUIRED for effective security
Inventory Maintain an inventory listing the hardware and software your business or organization uses including: Vendor Name Vendor Contact Information Make/Model Version An inventory is useful for keeping informed regarding patches and security bulletins related to your computer assets. It is also useful if you are breached to receive customer support assistance.
Patching Devices Patching is the process of installing software updates to keep your systems secure. Most basic line of defense ALL organizations struggle While with the FBI, 100’s of incidents.. 90% could have been prevented with proper patching Patch everything.. not just Operating System. Don’t forget your applications
Anti- virus/End Point Detection Response Is Antivirus enough? “Depends” (probably not) Favorite part of a layered defense approach is End Point Detection and Response (EDR)... If malicious content gets past all the other layers, this is the last line of defense. Ransomware example.. EDR can stop the encryption before it occurs and alert IT.
Email Filtering Email and file filtering check emails and attachments for malicious code and quarantine these files before the user receives them in their email box. A “sandbox” may be included where attachments are opened and analyzed before a user receives them. Examples include: Microsoft Defender Avanan GMail Spam Filter
Firewall A firewall acts as a security guard for your network allowing certain traffic identified by IP Addresses to access your network while blocking other traffic. Firewalls can be configured to receive updated lists of malicious IP Addresses to block.
Geofencing Geofencing is when an organization creates virtual boundaries around specific locations or zones For example, only allowing access from specific counties This is done via software and/or hardware at various levels including your firewall, email systems and more Increasingly common
Virtual Private Network (VPN) A VPN encrypts (scrambles) data that is passed over a network to make it illegible if it is intercepted by a hacker. This is useful for protecting confidential information while it is in transit such as intellectual property, bank account information, and network credentials.
Be cautious when using AI What is AI? AI is a double edged sword It is VERY difficult (if not impossible) to get back sensitive information once entered into ChatGPT/Google Bard Need governance and policies in place Users need guidance on what is ok to share with AI systems and what is not. Checkout AI policy frameworks shared online - Google “AI policy examples”
Training The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. - Kevin Mitnick Make sure to train yourself & your staff on these best practices! Encinitas Chamber of Commerce Learning Workshops CISA | StopRansomware.gov San Diego Cyber Lab Local Colleges
Cybersecurity Resources CISA www.cisa.gov https://www.cisa.gov/cyber- guidance-small-businesses Action plan for small and medium sized businesses to create a secure environment and security culture within their companies. https://www.cisa.gov/audiences/small- and- medium- businesses Free tools and information that will help get your business into what we call a more secure cyber posture. https://www.cisa.gov/about/regions/region- 9 CISA Region 9 (California, Hawaii, etc) regional cybersecurity information StopRansomware.gov one stop location for tools and resources to combat ransomware IC3 (Internet Crime Complaint Center) www.ic3.gov FBI's platform for reporting cybercrime San Diego Regional Cyber Lab www.sandiego.gov/cyber-lab Cyber information, training, tools, and virtual and physical lab facilities to learn and sharpen your cyber skills Encinitas Chamber of Commerce Cybersecurity Resources Guide https://encinitaschamber.com/cyber-security/ Free webinars, links to resources, compact and comprehensive starting line to help small businesses build a cyber program
Who should I contact if breached? Cyber IC3 Internet Crime Complaint Enforcement Coordination Center
Tags
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 56
- Age 50 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views