Security Awareness QUIC K R E F E R E NCE

1 Overview 7 Preventing Mobile Security Threats 13 Have I Been Hacked

2 Staying Safe on Public WiFi 8 What is BEC 14 Creating a Strong Password

3 USB Safety 9 Avoiding BEC Attack 15 What is Ransomware

4 Social Media Security 10 Phishing Overview 16 Avoiding Ransomware

5 Shadow IT - The hidden Dangers 11 How to Detect Phishing 17 What is Vishing

6 Mobile Security Threats 12 Common Phishing Examples 18 What is Smishing

1

Overview

The most common and dangerous method that hackers use is

social engineering

Cyber-attacks are becoming more common and harder to

detect

A single click of an employee can hack an entire company

Cyber security awareness is the first line of defense in

securing the company

Follow company protocol and report unusual activity ASAP

2

Staying Safe on Public WiFi

Connect to legitimate WiFi only

Avoid websites that expose personal, financial, or organization

information

Use a firewall and Virtual Private Network (VPN)

3

USB Safety

Delete contents when not needed

Protect with a password and encrypt the data

Change passwords stored on USB if it becomes lost or stolen

4

Social Media Security

Verify posted links, downloads, or email attachments before

clicking

Avoid naming or referencing customers, partners, or suppliers

Never disclose personal or confidential organization

information

Use different passwords for social media than used to access

organization accounts

Only speak for yourself and not on behalf of another person or

organization
5

Shadow IT - The hidden Dangers

Avoid using shadow IT for critical organization applications

Limit Shadow IT to personal productivity tools, time tracking,

and blogging

Make a case to your IT department if you want another

application,system, or program
6

Mobile Security Threats

Once your phone is hacked, hackers can see everything on

your phone to include call logs, text messages, emails, photos,
videos, and GPS tracking data, and they can listen to and
record actual voice calls

Hacking tools are easily available on the internet and cost less
than $100

Change your device default password ASAP

7

Preventing Mobile Security Threats

Disable Bluetooth and WiFi when not in use

Change the device default password ASAP

Download apps only from the Apple Store or Google Play

Store

Never "jailbreak" a device

Update mobile devices often

8

What is BEC

When a hacker impersonates an executive (e.g. CEO, County

Executive\Administrator, City Manager, etc.) or vendor in an
attempt to gain access to sensitive information or funds

Typically comes in an email phishing attack with the sender’s

email address spoofed – from your [email protected]

Attack is often an urgent email to the financial department

with fraudulent wire instructions
9

Avoiding BEC Attack

BEC Identification tips

 Email typically possesses a sense of urgency

 Style is unusual and short, often with spelling and grammar mistakes

 Email address is spoofed or has a slight spelling mistake

Never hit reply, instead manually type the email of the sender

Call the sender over the phone and verify the request

Verify that the bank account matches the one in your

accounting system

Always follow organizational protocol and procedures

10

Phishing Overview

Phishing is when a hacker pretends to be someone you trust

to gain full access to your computer or sensitive information

It only takes one employee to click to hack an entire

organization

Common examples
 Bank sends you an email stating your account has been closed or locked

 An email requiring you to reset your password due to a compromise or other reason

 Package wasn’t delivered

11

How to Detect Phishing

Hover over the link in the email, and verify it is pointing to the
official website

Verify that the sender’s email is correct and does not include
spelling mistakes

If the browser address bar warns you that “this website is not
secure”, close it

If you click on a link make sure the address bar displays the
official website

If you need to login to a website, manually type the address

instead of clicking a link

Don't open attachments you’re not expecting

12

Common Phishing Examples

A fake Dropbox email with a link to a virus

A message from your IT department asking you to reset your

password

A fake invoice on behalf of a vendor with fraudulent wire

instructions

A phishing email from HR requesting your W-2

Fedex/UPS alerting you about an issue with your package

13

Have I Been Hacked

Over 5 billion accounts have already been stolen

Statistically speaking your user name and password have

already been stolen

Change your password 2 to 4 times a year, or according to any

compliancy requirements you may be governed by

Go to https://HAVEIBEENPWNED.COM to see if your accounts

have been compromised
14

Creating a Strong Password

Step 1 - Think about at least 3 things you like (vacations,

books, music)

Step 2 - Combine the 3 words to form the initial password

(vacationsbooksmusic)

Step 3 - Add a special character in between these words

(vacations$books$music)

Step 4 - Add a number you can remember to the end of the

password vacations$books$music1402)

Step 5 - To make it unique for different websites, append the

website name to the end of the password (vacations$books
$musicFB) - FB for Facebook
15

What is Ransomware

Ransomware is malicious software that takes control over your

computer and denies you access to your own data

Once your PC is infected, the hacker demands payment to

restore control

Government agencies and medical facilities are common

targets due to their dependence on data to operate

Phishing emails are one of the most common methods

hackers use to infect a PC with Ransomware
16

Avoiding Ransomware

If an unsolicited email, phone call, text, or instant message is

received, do not give out any personal information, open
attachments, or click any links

If unsure about the authenticity of the message then consult

with IT

Use a Virtual Private Network (VPN) when outside the office

Keep computers and devices patched, up to date, and make

sure anti-

Don't install software or give administrative privileges to any

program

Backup your files frequently

17

What is Vishing

Vishing is when an attacker poses as someone you trust over

the phone

Common examples
 Your bank calling about suspicious activity on your account

 The IRS calling about overdue or unpaid taxes

 An "all-expense" vacation

 Tech support calling to remotely access your PC

Never give up passwords or other sensitive information to

anyone over the phone
18

What is Smishing

Smishing is a mobile scam that works like phishing, but via

text

Common examples
 Past due payments from a service provider

 Unauthorized access warnings from your bank

 You won a prize

Always call the official number of the organization in question

- if they can't verify the content of the message, ignore it