Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security for Everybody simple steps for defensive surfing.

Similar presentations


Presentation on theme: "Cyber Security for Everybody simple steps for defensive surfing."— Presentation transcript:

1 Cyber Security for Everybody simple steps for defensive surfing

2 Plans for today Introduction Internet 101 Steps to prevent cyber crime Keep your PC clean (OS, Browser, security updates) Know about Browser security Never Trust s Manage your Passwords Wisely Defensive Online Shopping Mind Open Access Points Resources

3 Introduction Cyber security is much like real life security, the same rules apply, e.g.: Lock the doors Dont give away your keys Stay away from dangerous places Dont talk to strangers Dont give your contact information to random acquaintances

4 Internet plumbing – quick 101 browser DNS Server Web Server HTTP request(s) 3 HTTP response(s) 4 plugins 5

5 What is HTTPS? Web Server HTTP request(s) HTTP response(s) S S SSL

6 Protect your PC! Data source: McAfee; NCSA Regularly check OS and S/W patches Install anti-virus/spyware/phishing/spam S/W Enable Firewalls Change H/W default passwords Download software only from trusted sources Update software on a regular basis!

7 Be aware of Browser (in)security browser plugins !Browser is on the frontline of our Internet adventure !The HTML pages are not static documents anymore !Browser scripting is very powerful but also poses a serious security threat It is possible to stay secure and get maximum features via: tuning your browsers security settings regular clearing up browsers file caches and cookies explicitly logoff your (bank, retail etc.) account as soon as you are done using a different browser for adventurous surfing

8 Dont trust s (and phone calls, too) ! s are another door to you computer – just like web sites – with the exception that you dont even have to initiate the action ! s are easily faked – including the senders name and the reply-to address !Most s are easily sniffed !Malicious s are widely used to: !make you give away sensitive information (passwords, bank account numbers, SSN etc.) !infect your computer with viruses !SPAM you

9 Phishing – the most popular way to steal your valuable data

10 Some Phishing examples

11 Fighting phishing…

12 reducing the threat Never send sensitive information (e.g.: passwords, SSN, credit card number) via Never open an attachment if you are not sure about the s origin Never click on links directly from s (if you clicked) Always pay attention to the address bar to see the real address of the site you are redirected to Use anti-phishing tools – toolbars or IE7 Use different account name and password for your address Keep low profile – use your address judiciously; use lightweight providers as a substitute

13 Manage your Passwords wisely !Passwords are often the only way of identifying us !Passwords can be phished, stolen, guessed… !By taking over your password the fraudsters take over your cyber-identity Minimize the risk by following: Avoid simple passwords (never a single word from dictionary!), use special signs, digits, both upper and lower cases Use at least 6-10 characters long passwords Dont use password as a super/sub-string of your login name Come out with your own password policy Dont use the same password on multiple accounts Change your passwords regularly (at least once in 3 months) Whenever possible use two-factor authentication

14 Two-factor authentication There are three universally recognized factors for authenticating individuals: 'Something you know (e.g.: password, PIN). 'Something you have (e.g.: physical credit card, mobile phone, security token) 'Something you are (e.g.: fingerprint, a retinal scan) A system is said to leverage Two-factor authentication when it requires at least two of the authentication form factors Two-factor authentication is virtually bullet-proof

15 Defensive Online Shopping Poorly secured online stores may lose your credit card/financial data! Know your online merchant Check if the URL you post the sensitive data into uses secure connection Dont provide more information than needed for a transaction Keep good records Use one-time generated credit card numbers whenever possible Some online stores may be fake – temporary sites setup to collect your valuable data

16 Defensive Online Shopping on Check the feedback - any feedback lower than 98% is a risk Carefully read the item's description Contact the seller if you have any doubts Prefer items under eBay/PayPal cash back protection Always prefer paying by PayPal - avoid Instant Cash Transfer Services If received Second Chance Offer in the mailbox - always check its validity by logging into your eBay account's inbox Be careful with 'unusual' requests coming from other users - most probably it's a fraud Completely avoid off-eBay transactions

17 Mind Open Access Points !Web traffic going via non-secure connection is easily readable by anybody else who shares the connection When setting up your own wireless network at home be sure to turn on the encryption (WPA, not WEP) When using public access points use VPN (Virtual Private Network) services to encrypt all the traffic –

18 Resources Cyber Security Glossary Browsers: IE7 Firefox Safari Opera Tuning security zones on IE: Trusted software download site: Lightweight box provider - PayPal/eBay security key or PayPal plugin https://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hubhttps://www.paypal.com/us/cgi-bin/webscr?cmd=_vdc-hub eBay security tips VPN solutions

19 Final words… Internet is a cyber-jungle! You are responsible for your own protection! You can achieve reasonable security by following simple rules! Any questions?


Download ppt "Cyber Security for Everybody simple steps for defensive surfing."

Similar presentations


Ads by Google