What You Can Do to Keep Your Email, Bank Accounts and Business Safe from Cyberattack

What  you  can  do  to  keep  your  email,  bank  accounts  and  business  

safe  from  cybera7ack.  

Richard  Baker  Nexxtep  Technology  Services  

h7p://nexxtep.com  229-­‐671-­‐1513  

SMB  Security  Concerns  

•  Small  Businesses  are  the  path  of  least  resistance  for  a7ackers.  

•  Generally  have  weaker  security  seOngs  and  are  easier  to  penetrate.  

•  Last  year,  31%  of  all  targeted  a7acks  hit  businesses  with  less  than  250  employees.  

•  On  average,  there  is  a  156  day  lapse  between  when  a  system  is  compromised  and  when  it  is  detected.  

Top  5  ways  SMB  are  targeted  

•  P2P  applicaUons  •  Drive-­‐by  downloads  •  AcUve  content  inside  a7achments  •  Phishing  a7acks  •  Social  networking  

Malware?  

•  Short  for  malicious  soYware  •  SoYware  that  is  designed  to  gain  access  or  damage  a  computer  without  the  knowledge  of  the  owner.  

•  Forced  adverUsing  (adware)  •  Stealing  sensiUve  informaUon  (spyware)  •  Spreading  email  (spam)  •  Extort  money  (ransomware)  •  Viruses  

How  to  prevent  theY  of  your  data  

•  MulU  layered  approach  •  At  a  minimum:  – Firewall  at  each  site.  – Virus  protecUon  on  every  computer.  – Employee  training.  – Timely  Windows  patching.  – Update  3rd  party  soYware.  

How  to  prevent  theY  of  your  data  

AddiUonal  steps  that  can  be  taken:  – AcUve  scanning  at  the  firewall.  – Content  filtering  at  the  firewall.  – Malware  protecUon  on  the  endpoints.  – UUlize  encrypUon.  – Employee  training.  

How  to  prevent  theY  of  your  data  

•  Use  a  VPN  service  hotspotshield.com  -­‐  Offers  a  free  (ad  supported)  version  and  a  paid  version.  

•  Check  your  links  before  you  click  – h7p://longurl.org  – h7p://virustotal.com  

Phishing  Quiz  

•  h7p://www.opendns.com/phishing-­‐quiz/  

•  h7p://www.sonicwall.com/furl/phishing/  

Phishing  Quiz  

Phishing  Quiz  

Phishing  Quiz  

Phishing  Quiz  

Password  RecommendaUons  

-­‐  Use  2  factor  authenUcaUon.  -­‐  Use  a  password  manager.  (lastpass,  1password,  keepass  to  name  a  few)  

-­‐  If  absolutely  can’t  use  an  automated  tool,  choose  4  or  5  passwords.  -­‐  Social  media,  throwaway,  email  and  finance.  

Password  RecommendaUons  

-­‐  Use  a  password  with  at  least  12  characters.  -­‐  Use  words.  (i.e.  I  Love  KoolAid!)  -­‐  Be7er  yet:  I@Love@KoolAid2!!  -­‐  Use  capital,  lowercase,  numbers  and  special  characters.  

-­‐  Don’t  tell  anyone.  

2  Factor  AuthenUcaUon  

-­‐  Makes  it  much  more  difficult  for  the  a7acker  to  impersonate  you  and  access  your  accounts.  

-­‐  Can  be  in  the  form  of:  smartcard,  USB  drive,  app  on  your  phone,  text  message,  biometrics.  

-­‐  Sites  that  uUlize  2  factor:  Google,  MicrosoY,  Yahoo,  Apple,  Twi7er,  Evernote,  LinkedIn,  Dropbox  

Use  a  password  manager  

-­‐  Firefox  bu7on    OpUons    Security    Saved  Passwords    Show  Passwords  

Use  a  password  manager  

-­‐  Chrome  seOngs    Show  Advanced  SeOngs    Passwords  and  forms  -­‐>  Managed  saved  passwords  

2012  Hacking  Milestones  •  Jan  1  –  24  million  idenUUes  stolen  from  Zappos.com  •  March  3  -­‐  A  payment  processor  for  Visa  &  Mastercard  was  compromised;  exposing  

1.5  million  accounts.  •  April  4  –  Over  600,000  Mac  computers  are  infected  by  a  java  exploit.  •  June  6  –  LinkedIn  suffers  data  breach.  6.5  million  accounts  were  stolen  by  Russian  

cybercriminals.  •  July  7  –  Japanese  finance  ministry  discovers  their  network  has  been  infected  for  2  

years.  •  August  8  –  Reuters  news  service  is  hacked  resulUng  in  fake  news  stories  posted  on  

twi7er  and  it’s  website.  •  October  10  –  63  Barnes  &  Noble  stores  had  their  credit  card  machines  

compromised.  •  November  11  –  Burglars  discovered  using  a  known  exploit  in  hotel  locks  that  

effects  4  million  locks.  •  Facebook  reports  that  .06%  of  log-­‐ons  each  day  are  compromised.  That  amounts  

to  600,000  Umes  daily.  

What  can  you  do  to  protect  yourself?  

-­‐  Go  to  www.annualcreditreport.com  -­‐  You  can  check  for  free  up  to  3  Umes  a  year.  -­‐  Credit  score  is  $8.  -­‐  Freeze  your  credit  for  $9.  -­‐  h7p://consumer.georgia.gov/consumer-­‐topics/credit-­‐freeze  

QuesUons?    

Richard  Baker  Nexxtep  Technology  Services  

h7p://nexxtep.com  229-­‐671-­‐1513