SlideShare ist ein Scribd-Unternehmen logo

Cyber Essentials for Managers

Als PPTX, PDF herunterladen
blogzilla
blogzilla

A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme

Technologie
1 von 16
CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
MOBILE DEVICE MANAGEMENT
SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Empfohlen

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer securityAbhishek Pansuriya
 
Internet
InternetInternet
Internetyoussefchefcher
 
security issues
security issuessecurity issues
security issuesPratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities IssuesOm Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.JorgeGilMartnez2
 

Empfohlen

online and offline computer security
online and offline computer securityonline and offline computer security
online and offline computer securityAbhishek Pansuriya
 
Internet
InternetInternet
Internetyoussefchefcher
 
security issues
security issuessecurity issues
security issuesPratham Gupta
 
Internet Securities Issues
Internet Securities IssuesInternet Securities Issues
Internet Securities IssuesOm Prakash Mishra
 
Network security (syed azam)
Network security (syed azam)Network security (syed azam)
Network security (syed azam)sayyed azam
 
Presentation about security i.t.
Presentation about security i.t.Presentation about security i.t.
Presentation about security i.t.MarianaGilMartnez1
 
Presentation about security I.T.
Presentation about security I.T.Presentation about security I.T.
Presentation about security I.T.HugoBarrionuevoSobri
 
Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.Jorge gil martínez presentation about security i.t.
Jorge gil martínez presentation about security i.t.JorgeGilMartnez2
 
VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+Venkasys Technologies Pvt. Ltd.
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
Malware
MalwareMalware
MalwareAvani Patel
 
Spyware
SpywareSpyware
SpywareAvani Patel
 
Heartbleed
HeartbleedHeartbleed
HeartbleedHemant Mittal
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Computer security
Computer securityComputer security
Computer securityRobin E. Beavers
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST ladies networking group
 
Hackers
HackersHackers
HackersohHELLOmynameisTOMMY
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 

Weitere ähnliche Inhalte

Was ist angesagt?

Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacycdunk12
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESSumit Pandey
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah Akemi
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I Kazman21
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0 Arjunsinh Sindhav
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutionshassanmughal4u
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 

Was ist angesagt? (18)

VenkaSure Total Security+
VenkaSure Total Security+VenkaSure Total Security+
VenkaSure Total Security+
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
User's Guide to Online Privacy
User's Guide to Online PrivacyUser's Guide to Online Privacy
User's Guide to Online Privacy
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
 
Malware
MalwareMalware
Malware
 
Spyware
SpywareSpyware
Spyware
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
NETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSESNETWORK SECURITY AND VIRUSES
NETWORK SECURITY AND VIRUSES
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
Computer security
Computer securityComputer security
Computer security
 
Syafiqah slideshare of security measures
Syafiqah slideshare of security measuresSyafiqah slideshare of security measures
Syafiqah slideshare of security measures
 
S P Y W A R E4 S I K
S P Y W A R E4 S I KS P Y W A R E4 S I K
S P Y W A R E4 S I K
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
 
ASSIST - Fraud Presentation
ASSIST - Fraud PresentationASSIST - Fraud Presentation
ASSIST - Fraud Presentation
 
Hackers
HackersHackers
Hackers
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 

Ähnlich wie Cyber Essentials for Managers

Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From CybercrimeDavid J Rosenthal
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityVenkat Alagarsamy
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Rahman_Hussain
 
Computers.ppt
Computers.pptComputers.ppt
Computers.pptSdhrYdv1
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data SheetSutedjo Tjahjadi
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptxReshmaBV2
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksSolarwinds N-able
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxjuliennehar
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Network security
Network securityNetwork security
Network securityPreethi B
 

Ähnlich wie Cyber Essentials for Managers (20)

Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Protecting Your Business From Cybercrime
Protecting Your Business From CybercrimeProtecting Your Business From Cybercrime
Protecting Your Business From Cybercrime
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
 
Securing The Computer From Viruses ...
Securing The Computer From Viruses ...Securing The Computer From Viruses ...
Securing The Computer From Viruses ...
 
Computers.ppt
Computers.pptComputers.ppt
Computers.ppt
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Isolation Platform - Data Sheet
Isolation Platform - Data SheetIsolation Platform - Data Sheet
Isolation Platform - Data Sheet
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptx
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
How to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware AttacksHow to Help Your Customers Protect Themselves from Ransomware Attacks
How to Help Your Customers Protect Themselves from Ransomware Attacks
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety Cyber-savvy Cyber-safety
Cyber-savvy Cyber-safety
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security
Network securityNetwork security
Network security
 

Mehr von blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloudblogzilla
 

Mehr von blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 

Kürzlich hochgeladen

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Kürzlich hochgeladen (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Cyber Essentials for Managers

  • 1. CYBER ESSENTIALS FOR MANAGERS PROF. IAN BROWN RESOURCES FROM UK NATIONAL CYBER SECURITY CENTRE; US NAVY; AND GOOGLE
  • 2.
  • 3. NOTPETYA, “THE MOST DEVASTATING CYBER ATTACK IN HISTORY” • Malware which rapidly spread across networks, locked and encrypted machines, originating from Russian military via Ukraine • It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency.” • Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring vessels, including container ships carrying tens of millions of tons of cargo, representing close to a fifth of the entire world’s shipping capacity, was dead in the water.” • Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US assessed total damages around $10bn • Source: Andy Greenberg, Wired, Sept. 2018 • See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
  • 4.
  • 5. HOW CAN USERS PROTECT THEMSELVES AGAINST SECURITY BREACHES? 1. Secure settings and passwords 2. Protect devices/networks using firewalls 3. Control access to data and software 4. Protect against viruses and other malicious software 5. Keep devices and software up to date 6. Watch out for phishing e-mails
  • 6. SECURE SETTINGS • New devices are often configured to be open and “easy to use” – but therefore hackable – as possible. Make sure you disable or remove any functions, accounts or services you don’t need (e.g. “guest” accounts on laptops) • Always password/PIN-protect your computers and devices – they allow access to your data and your online accounts • CHANGE DEFAULT PASSWORDS
  • 8. SECURE PASSWORDS • Use password managers where possible (generate strong random passwords for every account) • Make passwords from three words (not related to you, like family/pet names, favourite teams, significant dates – these might be discovered from social media or elsewhere) • Don’t share passwords between accounts • Don’t force users to change passwords unless they have been breached • Use multi-factor authentication for sensitive accounts Source: Sueheim on Wikimedia
  • 9.
  • 10. ACCESS TO DATA AND SOFTWARE • Don’t use administrator accounts for normal work – if you are hacked, an attacker can then do much more damage • Restrict the software that can be installed on devices – use a whitelist or approved sources, such as Google Play or Apple’s App Store (which screen apps for malicious code)
  • 11. DEVICE AND NETWORK FIREWALLS • Firewalls block unauthorised traffic from a network onto your device – can protect against both external hackers, and compromised internal machines • Most PC operating systems (eg Windows, macOS) contain them – make sure they are turned on, especially for devices that access public WiFi • Can also be configured in your network’s gateway(s) to other networks (and the Internet)
  • 12. VIRUSES AND OTHER MALICIOUS SOFTWARE • Malicious software such as viruses and ransomware can come in e-mail attachments, from websites, public WiFi networks, and even USB sticks • Protect against it using built- in operating system tools, such as Windows Defender and macOS XProtect • Use tools with sandboxes, which contain malicious software and stop it accessing the rest of your system • BACKUP data frequently
  • 13. KEEP SOFTWARE AND DEVICES UP TO DATE • It’s essential you enable automatic updates for your operating system, software, apps etc. • Once manufacturers stop providing updates for systems, you should replace them
  • 14. AVOID PHISH • Fake e-mails, trying to “hook” users to click on a website or malicious attachment that will infect their system or steal passwords • “Spear” phishing uses targeted messages, often sent to senior staff
  • 15.
  • 16. CHECKLIST Configure software and devices securely, and use strong passwords Use firewalls on devices and networks Control access to data and software by separating administrator accounts and using whitelists and app stores Protect against viruses and other malicious software by using tools such as Windows Defender, macOS XProtect, and sandboxing Keep devices and software up to date, and stop using out-of-date software Watch out for phishing e-mails

Hinweis der Redaktion

  1. Q – what is the largest breach suffered to date in terms of numbers of people’s data compromised?
  2. https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Large breaches can happen by targeting large centralised databases – but also by infecting many PCs and local systems
  3. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware
  4. https://gsuite.google.com/faq/index.html Will ECG allow BYOD? Enable MDM?
  5. https://en.wikipedia.org/wiki/YubiKey#/media/File:YubiKey-4-keychain-and-YubiKey-4-Nano.png
  6. http://www.publicdomainfiles.com/show_file.php?id=13965078618698