This document provides an overview of cyber security awareness training. It defines cyber security as protecting internet-connected systems from cyberattacks. Information security aims to maintain confidentiality, integrity, and availability of data. Modern threats include viruses, worms, Trojans, logic bombs, rootkits, botnets, and social engineering. Social engineering manipulates people into revealing information or gaining access. The document provides best practices for strong passwords, protecting devices and information, identifying compromises, and reporting issues. It concludes with alerts on cyber security agencies and questions.
2. What is Cyber Security?
Cyber Security is the protection of
internet-connected systems,
including hardware, software and
data, from cyberattacks.
3. What is Information Security?
•Protect the Confidentiality of data
•Preserve the Integrity of data
•Promote the Availability of data for authorized use
5. Viruses
•Viruses are malicious programs that hide
themselves on your computer
•May destroy your documents, format your
hard drive, send emails from your
computer or a variety of other actions
8. Logic Bombs
Malware logic executes upon certain
conditions. The program is often used for
otherwise legitimate reasons.
9. Root Kits
•Low level programs that embed
themselves in the operating system
itself
•Difficult if not impossible to detect
10. Botnets
A botnet is a number of compromised computers
used to create and send spam or viruses or flood
a network with messages as a denial of service
attack.
The compromised computers are called zombies.
11. Social Engineering
Social engineering manipulates people into performing
actions or divulging confidential information. Similar to a
confidence trick or simple fraud, the term applies to the
use of deception to gain information, commit fraud, or
access computer systems.
12. Social Engineering
• People are often the weakest links
• All the technical controls in the world are worthless if you share your
password or hold the door open
• Attempts to gain
• Confidential information or credentials
• Access to sensitive areas or equipment
• Can take many forms
• In person
• Email
• Phone
• Postal Mail
13. How do you know you are been
Social Engineered?
• Lack of business credentials or identification
• Making small mistakes
• Trying too hard to sound more convincing
• Rushing
14. How to Protect Yourself Against Social
Engineering?
• Verify the visit with management
• Always request identification and credentials
• Closely monitor and observe visitors and vendors
• Never trust suspicious emails
• Do not reveal any information.
• If the visit cannot be verified, the visitor should not be granted access
15. Email
• Common Attacks
• Phishing
• Malicious attachments
• Spam
• Scams
• Best Practices
• Don’t open suspicious attachments
• Don’t follow links
• Don’t attempt to “unsubscribe”
17. Phishing
• Deceptive emails to trick users to click on malicious links
• Enter sensitive information
• Run applications
• Look identical to legitimate emails
• Your Bank
• PayPal
• Government
21. Strong Password Policy
Why need strong password?
• The stronger the password, the less likely it will be cracked
Cracking: Using computers to guess the password through “brute-force” methods or by
going through entire dictionary lists to guess the password
22. Strong Password Policy
• Never share your password with others!
• Strong passwords should be
• Minimum of 8 characters. Recommended > 12 characters
• Includes numbers 0-9
• Includes symbols !@#$%^&*()
• Includes upper and lowercase letters a-z, A-Z
• Not include personal information, such as your name or family name, previously used
passwords, important dates, FIN, NRIC, mobile numbers, car number, home address
Examples:
Strong Password: H81h@x0rZ
Weak Password: jack1
• Change your password regularly or when it is need to.
• Make sure that the login page has a timeout policy for unsuccessful retries.
23. How to protect your Portable Devices?
•Avoid USB Drives if you can.
•Use USB Drives with proper encryption.
•Encrypt your notebook
•Do not leave it unattended and unsecured.
•Avoid connecting to Free Wireless
•Do not download free apps from unknown
sources
•Report any loss of devices immediately.
24. Be Careful of your Trash…
• Dumpster Diving is the act of sorting through garbage to
find documents and information that has been improperly
discarded
• Some things we’ve found:
• Computer Harddisk
• USB Drives
• Customer information
• Internal records
• Applications
• Credit cards
• Technical documentation
• Backup tapes
• Loan applications
• Floor plans/schematics
• Copies of identification
25. How to Protect Your Paper Trash?
• Destroy all confidential paper data with a good office
paper shredder
• Make Cross-cut only – Straight-cut is easy to re-assemble
• Split into 2 or more different bags and disposed in different
location on different days
• Do not recycle your printed paper
26. How to Dispose your old PC,
Notebook or Copier?
•Remove Harddisk or some form of disk storage
from Most PC, Notebook and printers.
•Make you have wiped the data securely before
you dispose them (DOD Standards)
27. How do you know that you
compromised?
Possible Symptoms:
Antivirus software detects a problem.
Running of Disk space unexpectedly.
More Pop-ups appearing
Files or transactions appear that should not be there.
PC slowing down.
Unusual messages, sounds, or displays on your monitor.
The mouse pointer moves by itself.
The computer spontaneously shuts down or reboots.
Often unrecognized or ignored problems.
28. What should you do when you
suspect that you are compromised?
• Disconnect any USB connection
• Disconnect any Wireless and Wired Connection
• Make sure that your antivirus is running
• Make sure that your firewall is running
• Report to your boss
29. 13 Ways to Protect Your Company
1. Use Strong Password. Never share your passwords with others. Change
password regularly.
2. Never pre-open the door or allow strangers inside the building
3. Destroy all confidential paper with shredder.
4. Dispose IT equipment carefully.
5. Avoid using mobile devices. Encrypt Mobile Devices.
6. Wipe data securely before disposal
30. 13 Ways to Protect Your Company
8. Wipe data securely before disposal
9. Treat Email with cautions. Do not open attachments or click suspicious
links
10.Secure all confidential information when you are not around.
11.If noticed abnormal PC behavior, then Report to Boss
12.Report suspicious activity or persons immediately
13.Always lock your workstation when you step away
31. Alerts and Advisories
• Cyber Security Agency of Singapore
• https://www.csa.gov.sg/
• National Cybersecurity and Communications Integration Center
• https://www.us-cert.gov/
• Microsoft:
• http://www.microsoft.com/security/
• Security Focus:
• http://www.securityfocus.com/