Information Security

Awareness – Basic
Training
Mohammed Abdul
Mateen

Version: 0.2
Date: November 21, 2020
WHY INFORMATION SECURITY?
 DATA CLASSIFICATION

File types, Pdf, sql, exe, bat, mov, jpg …

DATA IS THE NEW OIL
 THE 90/10 RULE

 Good security standards follow the 90/10 rule:

 10% of security safeguards are technical
 90% of security safeguards rely on the computer user
to adhere to good computing practices
 Example: The lock on the door is the 10%.
Remembering to lock, checking to see if it is closed,
ensuring others do not prop the door open, keeping
control of keys is the 90%. Don't take shortcuts.
 PART 1.
PHISHING

Safeguarding your email.

A. Emails
B. Email attachments
C. Spam
 A. EMAILS

 Phishing is a cybercrime in which a target or targets

are contacted by email, telephone or text message by
someone posing as a legitimate institution to lure
individuals into providing sensitive data such as
personally identifi able information, banking and credit
card details, and passwords.

 Top Tips:
1. Check who the email sender really is.
2. Check the email for grammar and spelling mistakes.
3. Mouse over the link. Type in the company's URL in
your browser.
4. Contact your IT Security team if you're unsure at all
about an email.
 B. EMAIL ATTACHMENTS

 Most viruses, Trojan horses, and worms are activated

when you open an attachment or click a link
contained in an email message. If your email client
allows scripting, then it is possible to get a virus by
simply opening a message. It's best to limit what
HTML is available in your email messages.

 Top Tips:
1. Never open or save attachments from an unknown
sender.
2. If it looks fi shy, don't open or save the attachment.
3. Let your IT department know if you receive a
suspicious email.
 C. SPAM

 Spam email is unsolicited and unwanted junk email

sent out in bulk to an indiscriminate recipient
list. Typically, spam is sent for commercial purposes.
It can be sent in massive volume by botnets,
networks of infected computers.

 Top Tips for Spam Protection

1. Utilize a diff erent provider or 3rd party product if
necessary.
2. Never click, open, or respond to spam messages.
3. When posting email to classifi ed sites, use the
following format to keep spam bots from retrieving
and using your address: abdul.mateen (at)
email.com
 THE FREE WORLD

 Nothing is free.
 No Nigerian princes
 No Swedish lottery winners, etc.
 PART 2.
PASSWORD
S

Fortify your accounts with secure passwords

1. Perso n al In fo in Passw o rd s
2. Reu sin g Passw o rd s
3. Passw o rd Ma n ag em en t
4. Tw o - fa ct o r au t h en t ic at io n
 USERS AND POOR PASSWORD
HYGIENE

 Typically, users practice risky behavior with respect

to passwords.
 Passwords nowadays can be a gateway into identify
theft.
 DATA BREACHES LEAD TO
PASSWORD PROBLEMS BECAUSE ..
 Passwords sometimes are extracted
 Very simple to try all alternative options of password-
base

Example
 Password that was stolen was elephant
 Password required by website is 8 characters 1 symbol
 32 symbols on the computer (would take a human 5
minutes)
 Computers can carry out these tasks in fractions of a second
 SECURITY QUESTIONS

 Typically, users are honest when fi lling out security

questions.
 Malicious parties can utilize social media to fi nd out
the answers to these questions, which allows them to
reset your password.
 Best practice is to not be honest when fi lling out
these questions. Treat security questions as another
password fi eld.
 PASSWORD MANAGERS

 If you have trouble remembering passwords or

creating unique passwords, utilize a password
manager.
 There are several very secure password managers on
the market that work across all OSes.
 They will remember and auto-complete your
passwords for you once your "master" password is
entered.
 PASSWORD HYGIENE CHECKUP

https://haveibeenpwned.com/
 Currently checks 210 websites
 2.6 billion compromised accounts contained
 Treat it like a credit-check
 PASSWORDS SHOULD BE TREATED
LIKE TOOTHBRUSHES

 Choose a good one

 Don't share it
 Replace it often
 Don't recycle an old one
 MULTIFACTOR AUTHENTICATION

Two-Factor Authentication for better protection

 2FA is a great way to protect your email from being

compromised, particularly important for email.
 As opposed to the standard password authentication,
2FA OTP (One-time password) uses two elements:
Something that user knows
Something that user has
 TOP TIPS FOR PASSWORD SAFETY

 Utilize unique passwords across all

websites/applications
 Enable and utilize 2FA on all websites that allow it
 Bigger is better
 Choose unique, non-true security questions.
 If a data breach occurs, fully change your password
 PART 3.
MALWARE

Steer clear of Malware

1. Types of Malware
2. Malware Targets
3. How Malware gets to you
 MALWARE FAMILIES

Malware includes numerous threat families, all with

diff erent names like,
Viruses,
Worms,
Trojans,
Ransomware,
Rootkits,
Spyware ..
 IS MALWARE ON WINDOWS ONLY?

 Malware defi nitely exists on other operating systems

(OSes) outside Windows.
 Windows is typically the major target due to high
market share.
 High penetration rate when new malware is released
on other OSes, because people believe their devices
are safe without having any endpoint security
installed.
 IS MALWARE ON MOBILE PHONES?

 Mobile phone malware is a growing threat because users do

most internet browsing on a cell phone.
 Ransomware, or screen locking malware, is a popular threat
on mobile devices.
 In 2016, malware targeting Apple iOS (iPhones, iPads)
increased.
 Users must depend on the company to fi x any vulnerabilities.
 HOW DOES WE GET INFECTED?

How does my computer get infected?

 Clicking malicious links in email
 Plugging in an unknown fl ash drive
 Downloading malware masquerading as other
software

How does my mobile device get infected?

 Clicking malicious links in email
 Downloading malware masquerading as other
software
 Installing 3rd party apps directly from the internet
instead of via offi cial stores such as Google Play or
Apple's App Store.
 TOP TIPS TO AVOID MALWARE

 1. Install endpoint security on all devices.

 2. Be careful what you plug in. Be careful what you
click.
 3. Get awareness training to all of your family
members.
 PART 4.
INTERNET
S AFETY

1. Public Wi-Fi
2. IoT Devices
3. HTTPS
4. Web Content Filter
5. Search Engine Safety
 PUBLIC WI-FI

 Do not assume that a

network named "Library" is
actually the wireless
network for the Public
Library.
 Verify with the business
owner the name of their
network.  In very insecure, so you should
treat every public Wi-Fi connection
as compromised (Unsafe)
 Don't utilize any sensitive
websites when connected
(banking, social networking etc.)
 If you need to access one of these
sites, utilize your cell phone and
do not connect it to Wi-Fi
 TOP TIPS FOR PUBLIC WI-FI

 Seriously, Don't. Life or Death - Use your phone as a hotspot.

 Verify the Wi-Fi name with the business owner prior to
connecting
 Treat public Wi-Fi connections as compromised (Unsafe)
 Utilize an anti-malware product to help prevent against cyber
attacks while connected
 INTERNET OF THINGS (IOT)
DEVICES
 Examples of IoT devices include internet-connected thermostats,
appliances, and closed circuit cameras.
 This type of internet connection is convenient, but opens up a
security hole that needs to be secured.
 If you can connect to it from anywhere, that means anyone can -
by simply guessing your password
 Disable any web features that you do not utilize
 Make sure all IoT devices are kept up to date
 Routers are the fi rst line of defense to protect IoT devices from
 exploitation
Routers should be
immediately confi gured to
change the default
username and password to
something unique
 If someone gains access to
your router they can see all
other devices on your
network
 Make sure your router is
regularly updated to avoid
exploitation
TOP TIPS FOR INTERNET OF THINGS
(IOT)
 Change default usernames and passwords on all
devices including routers
 If you do not utilize the web features, disable them
 Make sure all IOT devices, including routers, are kept
up to date with the newest fi rmware
 HTTPS

 Is a protocol for secure communication over a

computer network which is widely used on the
internet
 HTTPS is typically notated by displaying a green lock
in the web address bar
 No sensitive information should be typed into a page
that is not secured b HTTPS
 Even though a page is secured with HTTPS, it does
not automatically mean the page is safe
 Most browsers have begun to let users know more
easily when they are on a non-secure page
 TOP TIPS FOR SECURE WEBSITES
(HTTPS)
 Before entering sensitive information, check to see if
the site is secured by HTTPS
 Check to make sure this is a reputable website before
entering credit card information; don't just depend on
the HTTPS indicator
 WEB CONTENT FILTER

 Filters web traffi c based

on preconfi gured policies
set by the administrator.
 There are both home
versions and corporate
versions
 Home versions focus on
child safety, while
corporate versions focus
on employee productivity
 Not only can it restrict the
content that is displayed
to a certain audience, it
can also be utilized to
fi lter malicious content
 TOP TIPS FOR WEB CONTENT
FILTERING
 Increase employee productivity by implementing a
web fi lter
 Curb risky user behaviors and reduce malware
exposure by implementing a web fi lter
 Protect children's mobile devices and computers from
displaying inappropriate content with a web fi lter
 SEARCH ENGINE SAFETY

 Nowadays, users utilize search

engines to ask every question they
can think of
 Users click on search results without
fi rst checking if it is a legitimate site
 This happens commonly on social
media websites as well
 Even if the website is reputable, the
advertisement could be malicious and
infect your computer or mobile device
 Free things (music, movies, game
cheats, etc.) are very commonly fi lled
with malware, and are rarely what
they say they are
 'Review' sites make money by traffi c.
 TOP TIPS FOR SEARCH ENGINE
SAFETY
Search Engines - Results aren't
necessarily results

 Stick to clicking on sites on the fi rst page of results

 Be careful when clicking on non-name recognizable
sites
 Malware commonly masquerades as free things
 PART 5.
PERSONALIZ
ED THREATS

1. Social Engineering
2. Insider Threats
TOP TIPS FOR SOCIAL ENGINEERING

 Be cautious disclosing information

 Verify the credentials of all contractors
 When in doubt call the offi cial company
 TOP TIPS FOR INSIDER THREATS

 Increase employee awareness to cybercriminal tactics

 Implement a data use policy for what employees may
or may not do
 Implement security tools to help prevent, protect,
detect and respond
 Consider physical security as part of your data
protection plan
 DON'T MIX BUSINESS WITH
PLEASURE
 Avoid doing personal activities on work computers,
when possible.
 Avoid doing work activities on personally owned
devices, when possible.
 Co-mingling of information is bad for you and bad for
your employer.
 DON'T ASSUME ANYTHING

 Report suspected malware and phishing incidents

 Report suspected social engineering
 Report suspicious behavior of insiders
 Report anything that seems odd or out of place,
including the circumvention of physical, technical and
administrative controls
 PART 6.
CURRENT
ERA

1. Cyber Security Risks during current pandemic

has increased many folds
 PART 7.
TO OUR
KIDS

GO SAFE ONLINE
Cyber Security awareness to Kids at our homes
 THE DIGITAL LIVES OF CHILDREN

 Kids ages 8-18 spend 7hours and 38minutes per day

online
 Some common online issues kids face include:
 Cyber Predators
 Cyber Bullying
 Identity Theft
 TIPS TO SHARE WITH YOUR KIDS

 Keep your p ersonal info rmation private; avoid sharing your name,
address, telep ho ne number, b irthday, passwo rds, and the name of
yo ur scho o l when using the internet
 Think twice before you po st o r say anything o nline; once it is in
cyberspace, it's o ut there fo rever
 Treat others like yo u want to be treated
 Sp eak up . If yo u see so mething inappro priate, let the website know
and tell an adult yo u trust. Do n't stand fo r bullying -- Online or Off .
 Cho o se a screen name o r email address that isn't your real name
to p ro tect your identity. Fo r instance, instead of "Abdul Mateen",
why not cho o se "Sk8bo ardKing ?"
 Don't share your passwords with
anyone
 Think before you click - don't open
emails from strangers and don't click
on links for unfamiliar sites
 Use and check your privacy settings
on social networking sites like
Facebook and Twitter
 Thank you.

Mohammed Abdul
Mateen
mateen.a@liveewire.co
m
+91 96424 11000