This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.

1. Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015

2. Training Staff in End User IT Security
Community IT Innovators Webinar Series
September 17, 2015

3. Webinar
Tips
• Interact
Ask questions via chat
Connect on Twitter
• Focus
Avoid multitasking. You may just miss the
best part of the presentation
• Webinar Slides & Recording
PowerPoint and recording links will be
shared after the webinar

4. About
Community IT
Advancing mission
through the effective
use of technology.
• Invested
Work exclusively with nonprofit
organizations, serving over 900
since 1993.
• Strategic
Help our clients make IT decisions
that support mission.
• Collaborative
Team of over 30 staff who
empower you to make informed IT
choices.

5. Mark Kraemer
Network Administrator
mkraemer@communityit.com
Nuradeen Aboki
Network Manager
naboki@communityit.com

6. Common Internet Activities
• Check emails, collaborate and share documents online…
• Communicate with friends on Facebook, Twitter, Whatsapp…
• Pay bills, view health and financial records…
• Read blogs, articles, magazines, and news…
• Order books, electronics, apparel…
• Listen to music, watch videos, and play games..
• Download digital content..

7. Threat Landscape
• “Digital Extortion” through Malware
• Data Breaches
• Scams through Social Media platforms
• Mobile attacks on the rise
• Internet of Things including wearables, and even cars
• Targeted Attacks
• Web Threats

8. Corporate IT Security Systems
Some say, “Our organization is SAFE because we have Antivirus software
on computers and servers, Anti-spam filters for email protection,
encryption on our websites, firewall security to secure our local area
network, and password-protected WiFi connections.”
Unfortunately, these alone may not be enough to keep your network
secure from all threats. An organization is more likely to be jeopardized
from employees unintentionally, erroneously, carelessly, or deliberately.

9. IT Security for End Users
• Trickiest to manage
• Balance between security and
convenience
• Best defense is awareness and education

10. IT Security - Basics
Physical
Workstation
Password
Email
Web
Mobile
Remote Access

11. Physical Threats
• Your Workplace, desk, cubicle, office space
• Your Workstation, desktop PC, laptop, and
mobile devices
• Your paperwork

12. Physical Security
• Lock your screen before you leave your computer or mobile device unattended
– For Windows, press & hold the Windows Key, then press L.
– For Mac, press these keys at the same time:
• Control + Shift + Eject (Mac with eject key)
• Control + Shift + Power (Mac without eject key)
• Store documents containing sensitive data in a lockable safe or cabinet
• When destroying sensitive documents, at least shred them properly
• Report all suspicious activities

13. Workstation Security
Tips:
1. Antivirus software should always receive the latest
virus signatures, and set to ran full virus scans weekly.
2. Antivirus software should be configured to scan web
pages, attachments, and downloads.
3. Operating System and 3rd party applications should
be patched regularly

14. Password Security
Tips:
1. Create Strong or hard-to-guess Passwords
• For example, it must have at least 8 characters, 1 uppercase, 1 lowercase,1 numeric, & a special
character. You use a phase with space between words
2. Change passwords after every 90 days
3. Set a lockout threshold for failed logon attempts
4. Disable password caching on workstation and mobile devices
5. When necessary, end users may share passwords with authorized persons only
6. Do not store your password on or near your workstation
7. If available, use two-factor authentication when accessing password protected websites
8. Protect password files

15. Email Threats
Source - http://cdn2.hubspot.net/hub/204663/file-277596927-
jpg/images/email-security.jpg

16. Email Security
• Basic Rules
– Do not click unless you are certain that it’s safe
– Think about the source, identify the sender, scan or
preview the attachment, verify the legitimate web address
– Sign out of your email client after use
– If you are in doubt or compromised contact your IT
helpdesk

17. Web Threats
• Instant Messaging Spam
• Unsecure Websites, & Compromised Sites
• Browser & Plug-in Vulnerabilities
• “Malvertising” or Malicious Advertising
• Denial of Service

18. Web Security
Tips:
1. Do not click until you are confident about the Internet link or website
2. Make sure that pop-up blocker is enabled on your web browser
3. Look at the actual web address by “hovering” mouse pointer over the link
4. Verify that you are browsing a HTTPS website, especially transmitting personal data
5. Do not assume all plug-ins are safe. Take some time to do a little research.
6. Be sure to update your browser and your plugins regularly or set them to auto update on
your home PC.
1. Firefox, Chrome, Java, Flash
7. When in doubt ask your IT helpdesk

19. Mobile Threats
• Fake Apps
• Short Messaging Spamming
• Improper use of camera
• Tracking users
• Stealing Information

20. Mobile Security
Tips:
1. Keep patches updated on your device and mobile applications
2. Do not assume all apps are safe. Fake apps exist!
a. Beware of apps that are mobile websites many ads
b. Read the Reviews/Ratings to learn about the apps
c. Look for apps with most downloads, especially those with labeled “Editor’s choice”
d. Check the developer’s profile
3. Verify the source of any shared images, videos, and links before opening it.
4. Make sure location services are enabled to help find your mobile if lost or stolen.
5. When in doubt, or attacked, contact your IT helpdesk

21. Remote Access Security
Tips:
– Wireless Networks
1. Home WiFi
 Make sure your home network is password-protected.
 Avoid using your personal information as Network Name or Password.
 Keep firmware updated on your home wireless router.
2. Public WiFi
 Beware of Fake WiFi Hotspots in coffee shops, restaurants, airports, and public areas
3. Switch off the wireless card when not in use to avoid automatically connecting to an unsecure network.
– For Remote Desktop (RD) Connection, do not save your logon credentials on RD client software
– If available, use Virtual Private Network (VPN) encryption when accessing work files remotely across an
untrusted network.

22. Takeaways
Source - Security Best Practices, https://www.opswat.com/blog/10-things-include-
your-employee-cyber-security-policy

23. Upcoming Webinar
Guidelines for Annual Nonprofit
IT Budgeting
Thursday October 22
4:00 – 5:00 PM EST
Cedric Boyd
Steve Longenecker

24. Provide feedback
Short survey after you exit the webinar. Be sure to
include any questions that were not answered.
Missed anything?
Link to slides & recording will be emailed to you.
Connect with us

25. Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia
http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG