1 / 32

Cyber Security Awareness Training

Cyber Security Awareness Training<br>During Cyber Security Awareness Training (CSAT), people are educated on the importance of the organization's IT security procedures, policies and best practices. These training modules not only help to ensure staff to learn these principles but that they also understand and apply them in their work. To complete the learning cycle, we also hope that the learners can also share and teach these principles to more people. <br><br>Why Is Security Awareness Training Needed?<br>Security awareness training is critical because cyber threats abound in our always-connected work environments. The point of security awareness training is to equip employees with the knowledge they need to combat these threats.<br><br>https://www.winpro.com.sg<br>https://www.winpro.com.my

ronaldsoh
Download Presentation

Cyber Security Awareness Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Awareness Training Win-Pro Consultancy Pte Ltd Ronald Soh

  2. What is Cyber Security? Cyber Security is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.

  3. What is Information Security? • Protect the Confidentiality of data • Preserve the Integrity of data • Promote the Availability of data for authorized use

  4. Modern Threats • Viruses • Worms • Trojans • Logic Bombs • Root Kits • Botnets • Social Engineering

  5. Viruses • Viruses are malicious programs that hide themselves on your computer • May destroy your documents, format your hard drive, send emails from your computer or a variety of other actions

  6. Worms • Worms are self-replicating • Typically propagate and exploit through un-patched OS systems

  7. Trojans Masquerades as a normal program while quietly destroying data or damaging your system

  8. Logic Bombs Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons.

  9. Root Kits • Low level programs that embed themselves in the operating system itself • Difficult if not impossible to detect

  10. Botnets A botnet is a number of compromised computers used to create and send spam or viruses or flood a network with messages as a denial of service attack. The compromised computers are called zombies.

  11. Social Engineering Social engineering manipulates people into performing actions or divulging confidential information. Similar to a confidence trick or simple fraud, the term applies to the use of deception to gain information, commit fraud, or access computer systems.

  12. Social Engineering • People are often the weakest links • All the technical controls in the world are worthless if you share your password or hold the door open • Attempts to gain • Confidential information or credentials • Access to sensitive areas or equipment • Can take many forms • In person • Email • Phone • Postal Mail

  13. How do you know you are been Social Engineered? • Lack of business credentials or identification • Making small mistakes • Trying too hard to sound more convincing • Rushing

  14. How to Protect Yourself Against Social Engineering? • Verify the visit with management • Always request identification and credentials • Closely monitor and observe visitors and vendors • Never trust suspicious emails • Do not reveal any information. • If the visit cannot be verified, the visitor should not be granted access

  15. Email • Common Attacks • Phishing • Malicious attachments • Spam • Scams • Best Practices • Don’t open suspicious attachments • Don’t follow links • Don’t attempt to “unsubscribe”

  16. Email Scams

  17. Phishing • Deceptive emails to trick users to click on malicious links • Enter sensitive information • Run applications • Look identical to legitimate emails • Your Bank • PayPal • Government

  18. Phishing

  19. Phishing

  20. Phishing https://www.virustotal.com

  21. Strong Password Policy Why need strong password? • The stronger the password, the less likely it will be cracked Cracking: Using computers to guess the password through “brute-force” methods or by going through entire dictionary lists to guess the password

  22. Strong Password Policy • Never share your password with others! • Strong passwords should be • Minimum of 8 characters. Recommended > 12 characters • Includes numbers 0-9 • Includes symbols !@#$%^&*() • Includes upper and lowercase letters a-z, A-Z • Not include personal information, such as your name or family name, previously used passwords, important dates, FIN, NRIC, mobile numbers, car number, home address Examples: Strong Password: H81h@x0rZ Weak Password: jack1 • Change your password regularly or when it is need to. • Make sure that the login page has a timeout policy for unsuccessful retries.

  23. How to protect your Portable Devices? • Avoid USB Drives if you can. • Use USB Drives with proper encryption. • Encrypt your notebook • Do not leave it unattended and unsecured. • Avoid connecting to Free Wireless • Do not download free apps from unknown sources • Report any loss of devices immediately.

  24. Be Careful of your Trash… • Dumpster Diving is the act of sorting through garbage to find documents and information that has been improperly discarded • Some things we’ve found: • Computer Harddisk • USB Drives • Customer information • Internal records • Applications • Credit cards • Technical documentation • Backup tapes • Loan applications • Floor plans/schematics • Copies of identification

  25. How to Protect Your Paper Trash? • Destroy all confidential paper data with a good office paper shredder • Make Cross-cut only – Straight-cut is easy to re-assemble • Split into 2 or more different bags and disposed in different location on different days • Do not recycle your printed paper

  26. How to Dispose your old PC, Notebook or Copier? • Remove Harddisk or some form of disk storage from Most PC, Notebook and printers. • Make you have wiped the data securely before you dispose them (DOD Standards)

  27. How do you know that you compromised? Possible Symptoms: • Antivirus software detects a problem. • Running of Disk space unexpectedly. • More Pop-ups appearing • Files or transactions appear that should not be there. • PC slowing down. • Unusual messages, sounds, or displays on your monitor. • The mouse pointer moves by itself. • The computer spontaneously shuts down or reboots. • Often unrecognized or ignored problems.

  28. What should you do when you suspect that you are compromised? • Disconnect any USB connection • Disconnect any Wireless and Wired Connection • Make sure that your antivirus is running • Make sure that your firewall is running • Report to your boss

  29. 13 Ways to Protect Your Company • Use Strong Password. Never share your passwords with others. Change password regularly. • Never pre-open the door or allow strangers inside the building • Destroy all confidential paper with shredder. • Dispose IT equipment carefully. • Avoid using mobile devices. Encrypt Mobile Devices. • Wipe data securely before disposal • Always check that your antivirus is running with the latest signatures

  30. 13 Ways to Protect Your Company • Wipe data securely before disposal • Treat Email with cautions. Do not open attachments or click suspicious links • Secure all confidential information when you are not around. • If noticed abnormal PC behavior, then Report to Boss • Report suspicious activity or persons immediately • Always lock your workstation when you step away • Windows Key + L lock your computer

  31. Alerts and Advisories • Cyber Security Agency of Singapore • https://www.csa.gov.sg/ • National Cybersecurity and Communications Integration Center • https://www.us-cert.gov/ • Microsoft: • http://www.microsoft.com/security/ • Security Focus: • http://www.securityfocus.com/

  32. Questions and Answers

More Related