INTRODUCTION TO CYBER SECURITY

Head Constable (Communication)

Sahil Bhardwaj
What is Cyber Security?
 Cyber security focuses on protecting computer
systems from unauthorised access or being
otherwise damaged or made inaccessible.
Information security is a broader category that
protects all information assets, whether in hard
copy or digital form.

 Cyber Security is the set of technologies,

processes and practices designed to protect
networks, computers, programs and data from
attack, damage or unauthorized access.
Types of Cyber Security
 Network Security: It involves implementing the
hardware and software to secure a computer
network from unauthorized access, intruders,
attacks, disruption, and misuse. This security helps
an organization to protect its assets against external
and internal threats.
 Application Security: It involves protecting the
software and devices from unwanted threats. This
protection can be done by constantly updating the
apps to ensure they are secure from attacks.
Successful security begins in the design stage,
writing source code, validation, threat modeling,
etc., before a program or device is deployed.
CONT.
 Information or Data Security: It involves
implementing a strong data storage mechanism to
maintain the integrity and privacy of data, both in
storage and in transit.
 Identity management: It deals with the procedure
for determining the level of access that each
individual has within an organization.
 Operational Security: It involves processing and
making decisions on handling and securing data
assets.
CONT.
 Mobile Security: It involves securing the
organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and
other similar devices against various malicious
threats. These threats are unauthorized access, device
loss or theft, malware, etc.
 Cloud Security: It involves in protecting the
information stored in the digital environment or cloud
architectures for the organization. It uses various
cloud service providers such as AWS, Azure, Google,
etc., to ensure security against multiple threats.
Cyber Security Goals
 Cyber Security's main objective is to
ensure data protection. The security
community provides a triangle of three
related principles to protect the data
from cyber-attacks. This principle is
called the CIA triad. The CIA model is
designed to guide policies for an
organization's information security
infrastructure. When any security
breaches are found, one or more of these
principles has been violated.
CONT.
 Confidentiality
Confidentiality is equivalent to privacy that
avoids unauthorized access of information. It
involves ensuring the data is accessible by
those who are allowed to use it and blocking
access to others. It prevents essential
information from reaching the wrong
people. Data encryption is an excellent
example of ensuring confidentiality.
CONT.
 Integrity
This principle ensures that the data is
authentic, accurate, and safeguarded from
unauthorized modification by threat actors or
accidental user modification. If any
modifications occur, certain measures should
be taken to protect the sensitive data from
corruption or loss and speedily recover from
such an event. In addition, it indicates to
make the source of information genuine.
CONT.

 Availability

This principle makes the information to be

available and useful for its authorized people
always. It ensures that these accesses are not
hindered by system malfunction or cyber-
attacks.
HOW TO PROTECT YOURSELF
Measures to ensure Cyber Security

• Firewalls
 A firewall is a H/w or S/w program
which filters network data to decide
whether or not to forward them to their
destination or deny it.
 These programs will generally protect
your machine from inbound (i.e.
incoming) “net attacks.”.
 This means unauthorized network request
from foreign computers will be blocked.
Cont.

 Anti Virus Software

 This is also another piece of software we should have

on our system.

• Quick Heal, Norton Antivirus, McAfee, Trend Micro,

Symantec are common ones.

 Keep your antivirus software regularly updated

HOW WE PROTECT INFORMATION?

 People
 Training, education, awareness, repetition

 Process
 Governance, oversight, policy, reporting

 Technology
 Firewalls, IDS/ISP, SIEM, anti-malware
 Strong passwords, Logging/monitoring

 Which is the weakest link?

 SOCIAL ENGINEERING BEST PRACTICES

 USE YOUR SECURITY SPIDER SENSE!

 ALWAYS validate requests for information if
you’re not 100000% sure
 Call a number YOU know
 Google it…
 ALWAYS ASK QUESTIONS!
 Is this who I think it is FOR SURE?
 Did someone mention this to me personally, or
was it discussed at a staff meeting?
 Is this the FIRST I’m hearing about this?
BUSINESS EMAIL COMPROMISE (BEC) BEST PRACTICES

 Avoid using free web-based email for business

 Not only less-professional, but easier to hack, typosquat, or spoof

 Domains and email addresses are cheap, especially compared to

BEC(Business Email Compromise)

 Register similar domains to yours to prevent typosquatting e.g. delaplex.com

vs. delapelx.com
 Be careful about the information you share on your website or Social Media
(LinkedIn, Facebook) about job duties or positions, especially for positions
with transactional or purchasing authority

 Think through Out of Office email responders

SUN TZU ON THE ART OF WAR
 If you know the enemy and know yourself,
you need not fear the result of a hundred
battles.
 If you know yourself but not the enemy,
for every victory gained you will also
suffer a defeat.
 If you know neither the enemy nor
yourself, you will succumb in every
battle.
 Safety Measures to ensure Cyber security:-

1.Keep Your Software Up to Date

Turn on automatic system updates for your device Make

sure your desktop web browser uses automatic security
updates Keep your web browser plugins like Flash, Java,
etc. updated
2. Use Anti-Virus Protection & Firewall
 Anti-virus (AV) protection software has been the most prevalent
solution to fight malicious attacks. AV software blocks malware
and other malicious viruses from entering your device and
compromising your data. Use anti-virus software from trusted
vendors and only run one AV tool on your device.

 Using a firewall is also important when defending your data

against malicious attacks. A firewall helps screen out hackers,
viruses, and other malicious activity that occurs over the Internet
and determines what traffic is allowed to enter your device.
Windows and Mac OS X comes with their respective firewalls,
aptly named Windows Firewall and Mac Firewall. Your router
should also have a firewall built in to prevent attacks on your
network.
3. Use Strong Passwords & Use a Password Management Tool
Dropping the crazy, complex mixture of upper case letters,
symbols, and numbers. Instead, opt for something more user-
friendly but with at least eight characters and a maximum
length of 64 characters.
Don’t use the same password twice.
The password should contain at least one lowercase letter,
one uppercase letter, one number, and four symbols but not
the following &%#@_.
Choose something that is easy to remember and never leave
a password hint out in the open or make it publicly available
for hackers to see.
Reset your password when you forget it. But, change it once
per year as a general refresh.
4. Use Two-Factor or Multi-Factor Authentication

 Two-factor or multi-factor authentication is a

service that adds additional layers of security to the
standard password method of online identification.
Without two-factor authentication, you would
normally enter a username and password. But, with
two-factor, you would be prompted to enter one
additional authentication method such as a
Personal Identification Code, another password or
even fingerprint. With multi-factor authentication,
you would be prompted to enter more than two
additional authentication methods after entering
your username and password.
5. Learn about Phishing Scams – be very suspicious of emails, phone calls, and flyers

A few important cyber security tips to remember about phishing schemes

include:

Bottom line – Don’t open email from people you don’t know

Know which links are safe and which are not – hover over a link to
discover where it directs to

Be suspicious of the emails sent to you in general – look and see where it
came from and if there are grammatical errors

Malicious links can come from friends who have been infected too. So, be
extra careful!
6. Protect Your Sensitive Personal Identifiable Information (PII)

Personal Identifiable Information (PII) is any information that can be used by a

cybercriminal to identify or locate an individual. PII includes information such as name,
address, phone numbers, data of birth, Social Security Number, IP address, location details,
or any other physical or digital identity data.
7. Use Your Mobile Devices Securely
According to McAfee Labs, your mobile device is now a
target to more than 1.5 million new incidents of mobile
malware. Here are some quick tips for mobile device security:
Create a Difficult Mobile Passcode – Not Your Birthdate or
Bank PIN
Install Apps from Trusted Sources
Keep Your Device Updated – Hackers Use Vulnerabilities in
Unpatched Older Operating Systems
Avoid sending PII or sensitive information over text
message or email
Perform regular mobile backups using iCloud or Enabling
Backup & Sync from Android
8. Backup Your Data Regularly

Backing up your data regularly is an overlooked step

in personal online security. The top IT and security
managers follow a simple rule called the 3-2-1 backup
rule. Essentially, you will keep three copies of your data
on two different types of media (local and external hard
drive) and one copy in an off-site location (cloud
storage).
If you become a victim of ransomware or malware, the
only way to restore your data is to erase your systems
and restore with a recently performed backup.
9. Don’t Use Public Wi-Fi

Don’t use a public Wi-Fi without using a Virtual

Private Network (VPN). By using VPN software
, the traffic between your device and the VPN
server is encrypted. This means it’s much more
difficult for a cybercriminal to obtain access to
your data on your device. Use your cell network
if you don’t have a VPN when security is
important.
10. Review Your Online Accounts & Credit Reports
Regularly for Changes
 A credit report is a statement that has information about your credit
activity and current credit situation such as loan paying history and
the status of your credit accounts.
 With the recent Equifax breach, it’s more important than ever for
consumers to safeguard their online accounts and monitor their credit
reports. A credit freeze is the most effective way for you to protect
your personal credit information from cyber criminals right now.
Essentially, it allows you to lock your credit and use a personal
identification number (PIN) that only you will know. You can then
use this PIN when you need to apply for credit.
 Presented By :
Head Constable (Communication)
Sahil Bhardwaj
Frontier Headquarter SSB Siliguri

Thank you