What you can do to keep your email, bank accounts and business safe from cybera7ack. Richard Baker Nexxtep Technology Services h7p://nexxtep.com 2296711513
Oct 17, 2014
What you can do to keep your email, bank accounts and business
safe from cybera7ack.
Richard Baker Nexxtep Technology Services
h7p://nexxtep.com 229-‐671-‐1513
SMB Security Concerns
• Small Businesses are the path of least resistance for a7ackers.
• Generally have weaker security seOngs and are easier to penetrate.
• Last year, 31% of all targeted a7acks hit businesses with less than 250 employees.
• On average, there is a 156 day lapse between when a system is compromised and when it is detected.
Top 5 ways SMB are targeted
• P2P applicaUons • Drive-‐by downloads • AcUve content inside a7achments • Phishing a7acks • Social networking
Malware?
• Short for malicious soYware • SoYware that is designed to gain access or damage a computer without the knowledge of the owner.
• Forced adverUsing (adware) • Stealing sensiUve informaUon (spyware) • Spreading email (spam) • Extort money (ransomware) • Viruses
How to prevent theY of your data
• MulU layered approach • At a minimum: – Firewall at each site. – Virus protecUon on every computer. – Employee training. – Timely Windows patching. – Update 3rd party soYware.
How to prevent theY of your data
AddiUonal steps that can be taken: – AcUve scanning at the firewall. – Content filtering at the firewall. – Malware protecUon on the endpoints. – UUlize encrypUon. – Employee training.
How to prevent theY of your data
• Use a VPN service hotspotshield.com -‐ Offers a free (ad supported) version and a paid version.
• Check your links before you click – h7p://longurl.org – h7p://virustotal.com
Phishing Quiz
• h7p://www.opendns.com/phishing-‐quiz/
• h7p://www.sonicwall.com/furl/phishing/
Phishing Quiz
Phishing Quiz
Phishing Quiz
Phishing Quiz
Password RecommendaUons
-‐ Use 2 factor authenUcaUon. -‐ Use a password manager. (lastpass, 1password, keepass to name a few)
-‐ If absolutely can’t use an automated tool, choose 4 or 5 passwords. -‐ Social media, throwaway, email and finance.
Password RecommendaUons
-‐ Use a password with at least 12 characters. -‐ Use words. (i.e. I Love KoolAid!) -‐ Be7er yet: I@Love@KoolAid2!! -‐ Use capital, lowercase, numbers and special characters.
-‐ Don’t tell anyone.
2 Factor AuthenUcaUon
-‐ Makes it much more difficult for the a7acker to impersonate you and access your accounts.
-‐ Can be in the form of: smartcard, USB drive, app on your phone, text message, biometrics.
-‐ Sites that uUlize 2 factor: Google, MicrosoY, Yahoo, Apple, Twi7er, Evernote, LinkedIn, Dropbox
Use a password manager
-‐ Firefox bu7on OpUons Security Saved Passwords Show Passwords
Use a password manager
-‐ Chrome seOngs Show Advanced SeOngs Passwords and forms -‐> Managed saved passwords
2012 Hacking Milestones • Jan 1 – 24 million idenUUes stolen from Zappos.com • March 3 -‐ A payment processor for Visa & Mastercard was compromised; exposing
1.5 million accounts. • April 4 – Over 600,000 Mac computers are infected by a java exploit. • June 6 – LinkedIn suffers data breach. 6.5 million accounts were stolen by Russian
cybercriminals. • July 7 – Japanese finance ministry discovers their network has been infected for 2
years. • August 8 – Reuters news service is hacked resulUng in fake news stories posted on
twi7er and it’s website. • October 10 – 63 Barnes & Noble stores had their credit card machines
compromised. • November 11 – Burglars discovered using a known exploit in hotel locks that
effects 4 million locks. • Facebook reports that .06% of log-‐ons each day are compromised. That amounts
to 600,000 Umes daily.
What can you do to protect yourself?
-‐ Go to www.annualcreditreport.com -‐ You can check for free up to 3 Umes a year. -‐ Credit score is $8. -‐ Freeze your credit for $9. -‐ h7p://consumer.georgia.gov/consumer-‐topics/credit-‐freeze
QuesUons?
Richard Baker Nexxtep Technology Services
h7p://nexxtep.com 229-‐671-‐1513