This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
1. Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015
2. Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015
3. Webinar
Tips
• Interact
Ask questions via chat
Connect on Twitter
• Focus
Avoid multitasking. You may just miss the
best part of the presentation
• Webinar Slides & Recording
PowerPoint and recording links will be
shared after the webinar
4. About
Community IT
Advancing mission
through the effective
use of technology.
• Invested
Work exclusively with nonprofit
organizations, serving over 900
since 1993.
• Strategic
Help our clients make IT decisions
that support mission.
• Collaborative
Team of over 30 staff who
empower you to make informed IT
choices.
6. Common Internet Activities
• Check emails, collaborate and share documents online…
• Communicate with friends on Facebook, Twitter, Whatsapp…
• Pay bills, view health and financial records…
• Read blogs, articles, magazines, and news…
• Order books, electronics, apparel…
• Listen to music, watch videos, and play games..
• Download digital content..
7. Threat Landscape
• “Digital Extortion” through Malware
• Data Breaches
• Scams through Social Media platforms
• Mobile attacks on the rise
• Internet of Things including wearables, and even cars
• Targeted Attacks
• Web Threats
8. Corporate IT Security Systems
Some say, “Our organization is SAFE because we have Antivirus software
on computers and servers, Anti-spam filters for email protection,
encryption on our websites, firewall security to secure our local area
network, and password-protected WiFi connections.”
Unfortunately, these alone may not be enough to keep your network
secure from all threats. An organization is more likely to be jeopardized
from employees unintentionally, erroneously, carelessly, or deliberately.
9. IT Security for End Users
• Trickiest to manage
• Balance between security and
convenience
• Best defense is awareness and education
10. IT Security - Basics
Physical
Workstation
Password
Email
Web
Mobile
Remote Access
11. Physical Threats
• Your Workplace, desk, cubicle, office space
• Your Workstation, desktop PC, laptop, and
mobile devices
• Your paperwork
12. Physical Security
• Lock your screen before you leave your computer or mobile device unattended
– For Windows, press & hold the Windows Key, then press L.
– For Mac, press these keys at the same time:
• Control + Shift + Eject (Mac with eject key)
• Control + Shift + Power (Mac without eject key)
• Store documents containing sensitive data in a lockable safe or cabinet
• When destroying sensitive documents, at least shred them properly
• Report all suspicious activities
13. Workstation Security
Tips:
1. Antivirus software should always receive the latest
virus signatures, and set to ran full virus scans weekly.
2. Antivirus software should be configured to scan web
pages, attachments, and downloads.
3. Operating System and 3rd party applications should
be patched regularly
14. Password Security
Tips:
1. Create Strong or hard-to-guess Passwords
• For example, it must have at least 8 characters, 1 uppercase, 1 lowercase,1 numeric, & a special
character. You use a phase with space between words
2. Change passwords after every 90 days
3. Set a lockout threshold for failed logon attempts
4. Disable password caching on workstation and mobile devices
5. When necessary, end users may share passwords with authorized persons only
6. Do not store your password on or near your workstation
7. If available, use two-factor authentication when accessing password protected websites
8. Protect password files
16. Email Security
• Basic Rules
– Do not click unless you are certain that it’s safe
– Think about the source, identify the sender, scan or
preview the attachment, verify the legitimate web address
– Sign out of your email client after use
– If you are in doubt or compromised contact your IT
helpdesk
17. Web Threats
• Instant Messaging Spam
• Unsecure Websites, & Compromised Sites
• Browser & Plug-in Vulnerabilities
• “Malvertising” or Malicious Advertising
• Denial of Service
18. Web Security
Tips:
1. Do not click until you are confident about the Internet link or website
2. Make sure that pop-up blocker is enabled on your web browser
3. Look at the actual web address by “hovering” mouse pointer over the link
4. Verify that you are browsing a HTTPS website, especially transmitting personal data
5. Do not assume all plug-ins are safe. Take some time to do a little research.
6. Be sure to update your browser and your plugins regularly or set them to auto update on
your home PC.
1. Firefox, Chrome, Java, Flash
7. When in doubt ask your IT helpdesk
19. Mobile Threats
• Fake Apps
• Short Messaging Spamming
• Improper use of camera
• Tracking users
• Stealing Information
20. Mobile Security
Tips:
1. Keep patches updated on your device and mobile applications
2. Do not assume all apps are safe. Fake apps exist!
a. Beware of apps that are mobile websites many ads
b. Read the Reviews/Ratings to learn about the apps
c. Look for apps with most downloads, especially those with labeled “Editor’s choice”
d. Check the developer’s profile
3. Verify the source of any shared images, videos, and links before opening it.
4. Make sure location services are enabled to help find your mobile if lost or stolen.
5. When in doubt, or attacked, contact your IT helpdesk
21. Remote Access Security
Tips:
– Wireless Networks
1. Home WiFi
Make sure your home network is password-protected.
Avoid using your personal information as Network Name or Password.
Keep firmware updated on your home wireless router.
2. Public WiFi
Beware of Fake WiFi Hotspots in coffee shops, restaurants, airports, and public areas
3. Switch off the wireless card when not in use to avoid automatically connecting to an unsecure network.
– For Remote Desktop (RD) Connection, do not save your logon credentials on RD client software
– If available, use Virtual Private Network (VPN) encryption when accessing work files remotely across an
untrusted network.
22. Takeaways
Source - Security Best Practices, https://www.opswat.com/blog/10-things-include-
your-employee-cyber-security-policy
23. Upcoming Webinar
Guidelines for Annual Nonprofit
IT Budgeting
Thursday October 22
4:00 – 5:00 PM EST
Cedric Boyd
Steve Longenecker
24. Provide feedback
Short survey after you exit the webinar. Be sure to
include any questions that were not answered.
Missed anything?
Link to slides & recording will be emailed to you.
Connect with us
25. Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia
http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG
Hinweis der Redaktion
GTM starts recording after first slide change. Advance to second Title slide after hitting Record.
Johan’s
Johan’s
Johan’s
Mark first, then Nura
Trk
Trk
Trk
Here are examples of threats with suggestions on how to protect yourself, your data, your organization from harm:
Abstract – “You control what you choose to Click.”
Trk
Locking all your mobile devices is important in case of theft- if the have no barriers to get into your phone, they not only have the devices, they have your data!
Don't leave your PW on a sticky note on your laptop, don't make it obvious.
Locking all your mobile devices is important in case of theft- if the have no barriers to get into your phone, they not only have the devices, they have your data!
Don't leave your PW on a sticky note on your laptop, don't make it obvious.
For physical documents this especially includes passwords, pin numbers etc.
All of this is for work and home
Trk
Trk
Data Breaches
Malicious URLs
Harmful attachments
Phishing attacks
Social Engineering Attacks
Scams
Trk
Trk
Trk
Trk
– Not Apps are created equal
Trk
1. Netflix, Angry Birds, have multiple fake versions. Take some time to examine the apps, and do a little research on the apps
2. Beware of apps that are just mobile websites with a lot of ads. Mostly, approached free app sites with caution.
3.
Clarify "Any public wifi“ – Someone may easily be accessing your information, emails, and passwords without your knowledge when your connected to a WiFi hotspot at your local coffee shop, library, or at the airport. Steal transmitted data. If you are banking online or sending work e-mail from this fake hotspot, a hacker can see and steal your information.
Don’t use any personal information.