This document summarizes a presentation on computer security and cybersecurity. It discusses what hackers want, including personal information, credentials, financial information, and computing resources. It covers social engineering techniques like phishing emails and spear phishing. It emphasizes the importance of online reputation management and provides tips for protecting yourself such as using strong passwords, not clicking links in emails, using protection software, and keeping software updated. The overall message is the importance of cybersecurity awareness and practicing good cyber hygiene.
2. Agenda Ethics CyberSecurity What do hackers want? Social Engineering Privacy: Reputation Management How can you protect yourself?
3. “A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila.” — Mitch Ratliff CyberSecurity
19. November 2009 Phishing Sent: Thursday, November 12, 2009 10:34 AM Subject: Utk.edu Post Update Dear subscriber, Your e-mail account needs to be upgraded with our new F-Secure R HTK4S anti-virus/anti-spam 2009 version. Fill the columns below and click reply and send back or your account will be Suspended from our services. E-mail address: Password: * Please note that your password will be encrypted with 1024-bit RSA keys for increased security. Thank you for your cooperation Management 1 2 3 4 5 6 7
25. Spearphishing To: John Doe <jdoe@utk.edu> From:Scott Studham <studham@utk.edu> Subject:CyberSecurityPresentation Slides Attachment:CyberSecurity.pptx(7.5mb) Hello John, Your instructor asked me to send everyone a copy of the slides from my presentation. See attached. Best regards, Scott
27. Phishing Don’t reveal personal or financial information Contact the sender before you respond or open any attached files. Never click links in an e-mail message. Report phishing campaigns to your company or ISP. Use tools with “Phishing Filters” (Philters?)
28. Spear Phishing Personalized phishing attack Social attack Appears genuine Someone you’ve had contact with Someone from HR, IT, etc. Users of a particular website Goal: compromise an organization
29. “It is better to keep your mouth closed and let people think you are a fool than to open it and remove all doubt.” -- Mark Twain Reputation Management
37. Sick Day, Part 1 From: Kevin Colvin [mailto: REDACTED] Sent: Wednesday, October 31, 2007 3:55PM To: Jill Thompson (North America) CC: Paul Davis (North America) Subject: Paul/Jill – I just wanted to let you know that I will not be able to come into work tomorrow. Something came up at home and I had to go to New York this morning for the next couple of days. I apologize for the delayed notice. Kind regards, Kevin
38. Sick Day, Part 1 From: Paul Davis (North America) Sent: Thursday, November 01, 2007 4:54 PM To: Kevin Colvin; Jill Thompson (North America); Kevin Colvin (North America) Subject: RE: Kevin, Thanks for letting us know— hope everything is ok in New York. (cool wand) Cheers, PCD
39. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:35 a.m. To: Kyle Doyle Subject: Absence on Thursday 21st 2008 Hi Kyle, Please provide a medical certificate stating a valid reason for your sick leave on Thursday 21st 2008. Thank You NIRESH REGMI Real Time Manager, Workforce Operations
40. Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:38 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Niresh, 1 day leave absences do not require a medical certificate as stated in my contract, provided I have stated that I am on leave for medical reasons. Thanks Regards, Kyle Doyle Resolutions Expert - Technical
41. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:39 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, Usually that is the case, as per your contract. However please note that leave during these occasions is only granted for genuine medical reasons. You line manager has determined that your leave was not due to medical reasons and as such we cannot grant leave on this occasion. NIRESH REGMI
42. Sick Day, Part 2 From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:43 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 Hi Niresh, My leave was due to medical reasons, so you cannot deny leave based on a line manager's discretion, with no proof, please process leave as requested. Thanks Regards, Kyle Doyle
43. Sick Day, Part 2 From: NireshRegmiSent: Wednesday, 27 August 2008 9:50 a.m. To: Kyle Doyle Subject: RE: Absence on Thursday 21st 2008 Hi Kyle, I believe the proof that you are after is below
44. Sick Day, Part 2 (Epilogue) From: Kyle Doyle Sent: Wednesday, 27 August 2008 9:55 a.m. To: NireshRegmiSubject: RE: Absence on Thursday 21st 2008 HAHAHA LMAO epic fail No worries man Regards, Kyle Doyle http://www.theregister.co.uk/2008/10/23/sickie_woo/
57. Google Alerts Create query of choice Be specific site:utk.edu“Studham” site:utk.edufiletype:xlsssn site:tennessee.edufiletype:ppt OR filetype:pdf
58. “By trying we can easily endure adversity. Another man's, I mean.” -- Mark Twain Protecting Yourself
59. Five Good Practices Don’t click email links. Use strong passwords. Use protection software. Manage your online reputation Keep your software updated.
61. BAD Passwords Dictionary words & combos (BadIdea) Family members or pets Sports teams (GoVols!) Nicknames (princess) Word or username reversals (terces) Sequential (aaaaaaaa or hijklmnop) Letter replacement (P@$$w0rd) Any password mentioned in this presentation! Hackers guess easy passwords!
62. Strong Passwords Think passphrases Upper and lowercase letters Punctuation & numbers At least eight characters Should appear random Easy for you to remember Phrase acronyms: Y(t@Bbic!
63. Use protection software Anti-Spyware Anti-Virus Microsoft SecurityEssentials (FREE!) Firewall (built in!) Keep this software updated!
64. Be Careful what Info you Provide Join top Social Networks Minimal placeholder Setup privacy controls Monitor mentions Early warnings Watch out for mentions of yourself Don’t overreact: squeaky wheel, etc. Internet can be a good or bad advertisement … especially if its funny
65. Keep software updated! Software updates Microsoft Update OS & Applications Office (Outlook!), etc. Other software packages Acrobat and Flash Virus & Spyware definitions
66. If you do nothing else … Don’t click email links Use strong passwords Use protection software Be careful what you post. Keep software updated! … but remember that’s not all.
67. Review CyberSecurity What do hackers want? Social Engineering Privacy: Reputation Management How can you protect yourself?
68. Thank you! Most slides were stolen from Office of Information Technology Information Security Office Questions?