Chapter 4

Awareness and Understanding

 Aim
​

• Carry out formal or informal security education, training, and awareness tasks

• Compare various mental models and their impact on how users perceive,

judge, communicate, and respond to cybersecurity risks

• Evaluate security education, training, and awareness tasks

• Assess individual responsibilities related to cyber hygiene, such as

password creation, maintenance, and storage; mitigation tools; identification

and use of safe websites; and identifying and using appropriate privacy setting

• To recognize the importance of data security, maintaining data integrity, and

confidentiality.
Cyber Security Awareness

• The rapid advancement of technology has transformed our life, and in particular,

there is a continuous evolvement in the methods of communication used for

providing information and interacting with other internet users.

• Everywhere, several networking techniques have been developed to give users

data access anywhere at any time and from any place.

• However, in a continuously evolving digital world, cybercrime is on the rise

Protecting our lives and our property

• Locking doors

• Checking who is at the door

• Alarm systems

• Washing your hands

• Leaving a light on

• Firesafe for valuables

Introduction

Cyber Security Awareness - the knowledge combined with the

attitudes and behaviours that serve to protect our information assets

• Cyber Security Threat - the potential for an attack to occur

• Cyber Security Attack – Occurs when a threat has been exploited

Cyber Security – Affects Everyone

• We are more connected than we realize

• Your information is valuable

• 95% of all Cyber Security Breaches are caused by human

mistakes and misunderstanding

• Since hacking attacks of data systems in schools and universities are

increasing every year, it is very important to take measures to reduce the

risk of cyber attacks and protect against the unauthorized exploitation of

systems, networks and technologies

• It is crucial to design comprehensive training programs to raise

awareness of cyber security to enhance student knowledge about protection

of systems
 There is not a single solution for effective cybersecurity.

 The best practice is to use multiple layers of security. (physical security, network

security, endpoint security, data security, application security,IAM)

 Some great first steps you can take to improve security and build a solid

 foundation to protect against cyberattacks are to use strong passwords, good

password management, and multi-factor authentication.

 You should also limit access to data and resources to only those people who need

them.
Malicious Software - Distribution

Categorized by how they spread

• Worms & Viruses – Self Replicating

• Trojan horse – a types of malware that downloads onto a computer

Disguised as legitimate program

• Malvertising - false/fake advertisement

Malicious Software - Actions

Categorized by what they do

• Ransomware – Holds files for ransom

• Adware – Pop-up Ads

• Spyware – Hides and steals info

Social Engineering
Man in the Middle

Eavesdropping on you communications

• Public Wifi Risks

• Website Redirection
Vulnerability Exploitation

Vulnerability - a weakness in a system

• Virtually impossible to completely eliminate

Easily Avoidable Causes

• Outdated Software

• Misconfigurations

• Default Settings

• Human Error
Protecting Your Information

• Authentication

• Privacy

• Encryption

• Backups
Authentication

First line of defence! Identify and Prove

Forms of Authentication

• Username and Password

• Finger Print Readers

• Facial Recognition

• Card and Pin

Password Security

Creating Strong Passwords

Protect Your Password

Always keep your secret to yourself!
• Don’t write it down!
• If you do, keep it in a secure place
• Don’t store passwords in programs
• Browser/Website time
• Recommended every monthly
• Save login
• Don’t tell anyone for any reason
• Not to family
• Not to anyone on the phone
• Change your password from time to
Privacy Online

Social Media

• Use privacy settings and security settings

• Be careful what you share

• Understand the terms and conditions

Cookies (Web tracking)

• Deleting cookies

• Use private browsing modes

Location Services

• Choose which apps or website can use your location

• Disable geo-tagging features

• Disable Location Services completely

Data Protection - Encryption

Protect data you send, receive, or store

• Scrambles text and other data into an unreadable format

• Online encryption

• Secure web browsing (HTTPS)

Encrypted Messaging

• Text Messages

• E-mail

• Virtual Private Networks (VPNs)

Data at Rest
Full Disk Encryption
• Windows 10 –Bitlocker
• Apple OSX – FileVault
• 3rd Party Software
Encrypt Sensitive Files
• Tax, Payroll, Financial Documents
• Data stored on flash drives
Smart Phone Encryption
• Requires Password, PIN, Patter, etc
Data Protection - Backups

3-2-1 Rule
3Copies of your data

One Primary Copy and Two Backups

2 Types of Media

Hard Drive, File Server, Cloud

1Off-Site Storage

Cloud
Backup Methods

Manual Backup

Scheduled Automated Backup

Sync Backup
Manual Backup
• Copy Important Files to External Storage
Scheduled Automated Backup
• Built in Tools for Windows or Apple OSX
• 3rd Party Tools
Sync Backup
• Desktop Sync Services
• Google Drive
• Microsoft One Drive
• Phone Sync Services
• Google Sync
• 3rd Party
Protecting Your Devices

• Updates

• Antivirus

• User Permissions

• Mobile Devices
Software Updates

Why are Updates Important?

• Fix Security Vulnerabilities
• Fix Bugs or unexpected errors
• May include enhancements or new features
Are there downsides to updating?
• Your device may need to be restarted
• Make sure to save your work
• Updates can be slow
• Doing them regularly reducing the time
• Don’t power down your device until updates complete
• Can cause the things to break
What to Update

Operating System
• Windows
• Mac OSX
• iPhone –iOS
• Android
Applications
• Microsoft Office
• Adobe
• Java
• Phone Apps
Connected Hardware (Firmware)
• Printers
• Web Cams
• Keyboard/Mouse
• Digital Camera
• External Drives
When and How to Update

Update Often

• Most updates released monthly

• Important security updates released ASAP

• Setup Automatic Updates

• Make sure you are using the latest versions

Download Manufacture Software for Devices

Logitech ,Dell , HP ,Cannon ,Epson

Antivirus

Software designed to detect, remove, and/or prevent malicious

software

Types of Antivirus

• Signature-based Detection Scan

• Heuristic Detection Scan

• Real-Time Protection

• Intrusion Detection

• Full-featured Protection
User Accounts
Types of Accounts
• Administrator
• Complete Control over Settings/Installing Software
• Standard User
• Control over user settings only. Can’t install software
• Child Account (Windows 10)
• Can use Family Safety Settings
• Guest
• Can use the computer, but can’t make any changes
Protecting Mobile Devices

Lock your phone

• Setup passcode, pattern, fingerprint, etc
• Setup auto lock features
• Less than a minute is ideal
• Check app permission when downloading
• Does the app need to access you contact lists?
• Avoid public charging stations
• Carry a spare charging device
• Avoid public Wi-Fi
• If you must, use a VPN
• Install Anti-virus
• Turn off location services if not needed
• Never leave unattended
Protecting Your Networks

• Securing Your Home Network

• Firewalls

• Public Networks and VPN

Home Networks – Wi-Fi (Wireless)

Wireless Router/Access Point

• Connects all your devices together and to the Internet

• First line of defence into your home network

Wireless Router Security
• Change default passwords
• Admin password and Wi-Fi Password
• Use Guest network
• Don’t share you main Wi-Fi password
• Use Wireless Network Encryption
• WPA2 Personal Recommended
• Don’t use WEP
• Keep router to date
• Keep firewall on
Advance Wi-Fi Security
• Locate wireless router centrally
• Keep signal on your property
• Hide your network from view
• Turn off SSID broadcasting
• Enable MAC Address Filtering
• Only allow your devices to connect
• Disable Remote Administration
• Stop changes to setting without a physical
connection
Home Networks – Firewalls

A device or software program that blocks unwanted

Internet traffic
Types of Firewalls
• Wireless Router Firewall
• Operating System Firewall
• Stand alone device
How to block or allow traffic
• Default settings allow common traffic like Web Browsing
• Programs/devices may require additional access
• Whitelisting/Blacklisting
Public Networks – Wi-Fi

Connecting to public Wi-Fi can be dangerous

• Avoid if possible

• Use a personal hotspot/phone

• Don’t shop, access your bank, or other sensitive activity

• Someone could be watching

• Never use open networks

• Look out for rouge networks

• Verify network name and password

• Turn off automatic connectivity feature

• Use a VPN (Virtual Private Network)

Public Networks – VPN

Virtual Private Network

Secure private network over public networks
Uses encryption to make a “tunnel”
Business VPN
• Provided by your workplace
• Should be used when doing work activities
• May be required to access work resources
Personal VPN
• Provided as a service
• Encryption prevents eavesdropping
• Provides privacy and anonymous browsing
• Can be used to connect remotely to home network
Thanks