www.them.com

www.them.com

Critical Steps To Avoid Being A Cyber Security Victim How to secure your information with todays Internet risks February 22, 2018 David Mandala Who is David Mandala & What Does He Know? Ive worked in the Electronics and Computer Industries for 40+ years. Ive been with seven startups, the principal of three of them. I spent the last 10 years developing embedded computer operating systems or improving them. Ubuntu Linux for ARM System on Chip (SoC). Improving Linux for the ARM SoCs with Linaro. Standardization of the 96Boards platform so that binaries run on

any board without recompilation of source code. I started Secured by THEM LLC to specifically help small businesses2018secure their business computers and networks.Slide Copyright Secured by THEM 2017 2 What is Cybersecurity Cybersecurity, computer security, or IT security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. - Wikipedia Copyright Secured by THEM 2017

2018 Slide 3 Cyber Attacks Occur Daily Nearly every day you hear about a new cyber crime from credit card theft to personal/business information loss. Target Chipotle & Pizzeria Locale The Buckle Inc. 450 stores hit between Oct. 28, 2016 and April 14, 2017

Equifax Credit-Card-Data Breach Could Be Largest in U.S. History Yahoo loses more than 1 Billion account records In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn't made public until last November. Copyright Secured by THEM 2018 Slide 4 Ka ching Stolen credit card info, paid for in untraceable cyber currency such as Bitcoin, can sell for anywhere from $5 to $250 each. Email addresses (useful for phishing campaigns) sell for $10 to $15 per thousand. Online bank accounts in the U.S. sell for two percent of the account balance.

PayPal accounts can net six to 20 percent of the balance. Stolen health insurance information can bring in a whopping $1,300 per record. According to Havocscope, the global black market price guide . Copyright Secured by THEM 2018 Slide 5 Easy Things to Avoid Avoid using public networks; Hackers love public networks Avoid using public computers for sensitive business; Could have keyloggers installed

Avoid downloading unknown applications Do not use pirate software, ie software downloaded from unsafe sources, including torrents and other peerto-peer file sharing. It is not about morality or ethics it is simply unsafe. Copyright Secured by THEM 2018 Slide 6 What to Do? Install/Turn on the firewall for your network; Make sure UPnP is turned OFF Install anti-virus, anti-malware and anti-spyware software; Keep the software active at all times and keep it updated to the most current. Encrypt data. Backup data regularly. Log off and shut down their computers when they are not

being used. Install OS updates as soon as they become available. Copyright Secured by THEM 2018 Slide 7 What to Do? Keep up to date on major security breaches. If you have an account on a site thats been impacted by a security breach, find out what the hackers know and change your password immediately. Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about you, your employees, your colleagues or any other internal information. Use a VPN to Hide Your IP Address, your IP address can tell people geographical data and, with some digging, can be cross-referenced with online activity to reveal a rather disturbing amount of your information.

Copyright Secured by THEM 2018 Slide 8 Credit Card Readers - Stay Alert ATMs, gas pumps, any kind of a machine where you slide your credit card into the machine are potentially dangerous. Before you insert your card, reach out and pull on the card reader, try to pull it out of the device, see if your fingernails catch on any part of the reader and pull; Try to wiggle everything, real machines are solid, with no loose parts or wiggle ALWAYS cover your hand with your other hand if you have to enter a pin number. The supplied visual cover is not good enough, cameras are so small they can be pasted on the back of the visual cover! If at a gas station and you have any reason to be suspicious go inside and pay the clerk. Copyright Secured by THEM 2018

Slide 9 Credit Card Readers - Stay Alert Copyright Secured by THEM 2018 Slide 10 Credit Card Readers - Stay Alert If you have an android phone download and install the Skimmer Scanner app it will spot some types of skimmers, but not all of them.

Copyright Secured by THEM 2018 Slide 11 Web Browsing and Staying Secure Set your browser security high enough to detect unauthorized downloads Limit the use of browser plugins. Disable commonly exploited ones such as Flash Player and Silverlight when youre not using them. You can do this through your web browser under the plugin settings. Use a pop-up blocker (the links in pop-up ads are notorious sources of malware) When filling out personal information on a site, make sure they arent asking for your social security number or excessive financial information. Both are telltale signs of a fraudulent website. Copyright Secured by THEM 2018

Slide 12 Web Browsing and Staying Secure Whenever possible use a credit card when paying for something rather than a debit card. Credit cards have limits on what you can spend whereas debit cards are tied directly to a bank account. Make sure and review your statements, to see if there are any unauthorized charges. If there is a discrepancy, its important to report it immediately. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). When using websites that take info from you make sure they are using secure traffic layers (SSL) so the URL should start with https:// the s shows it is secure. Never provide information of any kind to a website that only uses insecure traffic layer: http://. Copyright Secured by THEM 2018

Slide 13 Password Dos & Donts Use strong passwords, long and random are best but hard for humans to remember. Do not share or give out your passwords. Do not re-use old passwords. Implement an employee password policy. Use password vaults (PV), perhaps buy employees a subscription to one as a perk? If you supply it you can require that employees use the password vault for all work related passwords, if you do that, require 70+ character random passwords be used for all work related items (unless some stupid websites force shorter passwords). Dont the

Copyright Secured use by THEM 2018 same passwords on different websites. Slide 14 Password Dos & Donts Here again a PV is your friend and is a strong perk for employees. Its trivial to have long random passwords for every site you use with a PV. Opt for 2-step verification whenever offered: The 2-step verification (2FA) system means that stealing your password by itself wont be enough. Once you enter your password, the system will send a notification to your e-mail or phone with an additional code in it, or you have a token generator on your phone. You will have to enter this code to access your account. While its not impossible for a thief to get

this information, hacking becomes much more difficult and less likely. Copyright Secured by THEM 2018 Slide 15 Your Pocket Computer Dont trust caller ID, worthless anymore Dont trust text messages, (same problem as caller ID) Install anti-virus, anti-malware and anti-spyware software. Keep the software active at all times and keep it updated to the most current. Avoid using public WiFi. Your devices battery life is suddenly and drastically shortened! Malware or a virus could be running.Slide 16

Copyright Secured by THEM 2018 The IoT - Home/Work Automation The Internet of Things (IoT) are devices that are useful, do things for you and have an embedded computer in them. Items such as video doorbells, thermostats, home audio/video devices, smart TVs, Google Home, Alexa, really any device that connects to Ethernet or WiFi to do something for you. These devices: Generally lack security. Will upgrade themselves when they want to or not. Should NEVER be connected to your main home/office network.. WiFi devices should be on a Guest network, Ethernet devices should be on an isolated network, either vlan or totally separate from your primary network. Yes this will take some work to set Copyright Secured by THEM 2018 Slide

17 SOME Smart Devices Available There are more more than 43 classes of IoT devices sold on Amazon alone:

Smart Lightbulbs Smart Locks Smart Wall Plugs Smart Light Switches Smart Wall Touchscreen Smart Thermostat Smart Garage Door Opener Smart Blinds Smart Curtains Amazon Alexa Amazon Dot Smart Keyrings Smart Egg Minder Smart Blu-Ray Player Smart TV Smart Outdoor Switch/Plug

Copyright Secured by THEM 2018

Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Smart Trackers (keys, luggage, etc)

Speakers Cameras (security) Alarm Systems Pet Feeder Smoke Detector Carbon Monoxide Detector Air Quality Detector Landscape Lighting Home Controller Doorbell Pet Treat Feeder / Camera Weather Station Plant Watering Device Garden Sensors Picture Frames

AeroGarden with WiFi Smart Plant Pots Smart Sprinkler Controller Smart Crock Pot Streaming Media Player Smart Coffee/Tea Pot WiFi Video Projector Smart Robot Vacuum Smart Range Smart Microwave

Smart Dishwasher Slide 18 Ransomware Petya, WannaCry and NotPetya are all strains of ransomware that affected the computer systems of organisations worldwide. Ransomware is a type of malware that is delivered by social engineering and blocks access to the information stored on your device/system. Users will be denied access to their information unless they pay a ransom to the attacker usually in an electronic currency such as bitcoin. If you are doing your backups regularly ransomware is an annoyance at best, no backups? Now you have a problem.. Copyright Secured by THEM 2018 Slide

19 Copyright Secured by THEM 2017 2018 Slide 20 Dont Fall for Phishermen The attacker tries to manipulate you into giving them either your information, or access to your computer so that they can get the information themselves. This can take place through many types of communication, including the telephone (vishing), email (phishing), text messages (smishing) or chats within games or apps. The aim of social engineering is to exploit human nature by targeting common human traits such as the fear of being attacked.

Copyright Secured by THEM 2018 Slide 21 Dont Assume Any Email is Legitimate! If you get an email that appears to come from a company you know, and it says that you owe money or you need to click HERE to verify your account DONT DO IT. This is an example of a Phishing Email. These emails falsely claim to be from legitimate vendors and typically try to dupe the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information. A good rule of thumb is to not click any links in an email. Instead go to the site by typing the address into your browser, or call the phone number onby the

company website. You can then verify if the email was Copyright Secured THEM 2018 Slide 22 Its an Easy Trick Criminals frequently send email that appears to come from someone you know. Theyll disguise malicious software as images or documents attached to these email messages. Word to the wise: You should never open or download email attachments from any email without (1) expecting the information or (2) confirming with the person that supposedly sent it to you. Copyright Secured by THEM 2018 Slide

23 So how can customers know email is really from me? Use a Secure Email certificate, this adds security and authenticity to your email communications. Encryption keeps your email private, digital signing ensures the integrity and authenticity of the message. Its easy to have all email from your company signed. https://www.comodo.com/e-commerce/emailcertificates/email-privacy.php Copyright Secured by THEM 2018 Slide 24 WiFi WPA2 security on WiFi networks is no longer secure, in fact, you

cant trust it! All traffic over WiFI must be secured via an additional method. SSL for web, SSH for other file transfers, encryption for any files leaving your system. Dont allow anyone to use your WiFi at the office or home: Create a separate guest network with a strong password and allow people to use that only. Copyright Secured by THEM 2018 Slide 25 Uh-oh, Now What? If the worst should happen and your company suffers a natural disaster, data breach or similar attack, you should have a Business Continuity Plan in place. A Business Continuity Plan should identify potential risks, along with the recovery team at your company

assigned to protect personnel and property in the event of an attack. The recovery team should conduct a damage assessment of the attack and guide the company toward resuming operations. Copyright Secured by THEM 2018 Slide 26 Uh-oh, Now What? A Business Continuity Plan will: Facilitate timely recovery of core business functions Protect the well-being of employees, their families and your customers Minimize loss of revenue/customers Maintain public image and reputation Minimize loss of data Minimize the critical decisions that need to be made in a time

of crisis Copyright Secured by THEM 2018 Slide 27 Last but not least! LOCK your credit report, this should have been done months ago but if you have not done it yet, get it done ASAP. TransUnion - https://www.transunion.com/ Equifax - https://www.equifax.com/personal/ Experian - http://www.experian.com/ Copyright Secured by THEM 2018 Slide

28 I Listened, I Must Be Secure Even if you do everything I suggest, being 100% securite is not possible. You will certainly be more secure than before, but the truth is this presentation only scratches the surface. There is no such thing as a completely secure device, only levels of security. Security is like an onion, the more layers you have the more secure you are. Everyones situation is unique, and must be addressed individually. Feel free to reach out and talk with me. ([email protected]) Copyright Secured by THEM 2018 Slide 29 Copyright Secured by THEM 2017

2018 Slide 30 Questions? 31 Reference Links Credit Card Readers: https://www.engadget.com/2014/07/28/credit-card-skimming-explainer/ https://krebsonsecurity.com/all-about-skimmers/ Password Vault: https://www.lastpass.com https://www.roboform.com/ Whole disk encryption: https://www.veracrypt.fr/en/Home.html

https://www.microsoft.com/en-us/store/d/windows-10-pro/df77x4d43rkt/48DN Comparsion of veracrypt and bitlocker: http://lifehacker.com/windows-encryption-showdown-veracrypt-vs-bitlocker-1777855025 Copyright Secured by THEM 2018 Slide 32 Reference Links Secured by THEM https://www.them.com/ [email protected] (469) 298-8436 Copyright Secured by THEM 2018 Slide

33 Thank you for your time. February 22, 2018 David Mandala Whos on your Network?

Recently Viewed Presentations

  • Rolling HAC & 2013 MYR - UNICEF

    Rolling HAC & 2013 MYR - UNICEF

    (add columns to report on funds received 30 June 2014, including 2013 carry over - See PARMO Guidance Note) Any changes in funding ceilings to be approved by Rep, RD and EMOPS. Define . humanitarian situation . and impact on...
  • Airmyn Park Primary School, Percy Drive, Airmyn, Goole,

    Airmyn Park Primary School, Percy Drive, Airmyn, Goole,

    Our topic this term is 'The Wonder Emporium' (Toys)We will be learning about toys that children like to play with now and those that were popular many years ago. ... Maths - Learning times tables 2's, 5's and 10's, doubling...
  • default BG with logo only

    default BG with logo only

    Applying each element of the Nertney Wheel - FFP equipment, competent people, proper processes within a managed framework The NSW regulator regards IEC standards and the IEC Ex scheme as an essential and critical component of the life cycle management...
  • Snímek 1 - Fakultní nemocnice Plzeň

    Snímek 1 - Fakultní nemocnice Plzeň

    T cell selection. Negative selection - the elimination of autoreactive cells, when thymocytes binds strongly by their TCR complex of MHCgp with normal peptides (from autoantigens) which are presented on surface of thymic cells thymocyte receives signals leading to apoptotic...
  • Material Naturalism - mypcom.com

    Material Naturalism - mypcom.com

    Science vs. Religion?Science vs. Scientism. Modern Western science originated and flourished in the bosom of Christian theism and originated nowhere else…The fact is it was Christian Europe that fostered, promoted, and nourished modern science…modern science is a legacy of Christianity.
  • Presentación de PowerPoint

    Presentación de PowerPoint

    REUNIÓN DE TRABAJO CON LA COMISIÓN DE SEGURIDAD HEMISFÉRICA Segunda Reunión del Grupo de Trabajo Técnico Subsidiario sobre Gestión de la Policía
  • Kingdom Plantae

    Kingdom Plantae

    KINGDOM PLANTAE. THE ORGANISMS IN THIS KINGDOM ARE VARIOUS TYPES OF PLANTS. Copy on front inside cover of foldable. Overview of Plants: All plants are multicellular & contain chlorophyll inside of chloroplasts. ... Water Vs.Land Plant. Cells.
  • Information Session for Students, Parents and Guardians Transition

    Information Session for Students, Parents and Guardians Transition

    myBlueprint is a career and post-secondary planning tool provided by the TDSB Designed for present and future planning (e.g. High School Planner/Post-Secondary Planner/Occupation Planner). All students in Grades 7 to 12 in the province willhave access and support with educational...