Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Cyber Essentials for Managers

164 Aufrufe

Veröffentlicht am

A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Cyber Essentials for Managers

  1. 1. CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
  2. 2. NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
  3. 3. HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
  4. 4. SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
  5. 5. MOBILE DEVICE MANAGEMENT
  6. 6. SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
  7. 7. ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
  8. 8. DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
  9. 9. VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
  10. 10. KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
  11. 11. AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
  12. 12. CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

×