Upload
ecosil-technologies-llc
View
261
Download
0
Tags:
Embed Size (px)
DESCRIPTION
10 ways to protect your business and data. Cyber security for small businesses.
Citation preview
WELCOME TO:
Cyber-Security Workshop June 26 Time: 8 - 10 AMLocation: Madison Lakes Training &
Conference Center581 Olive RoadDayton, OH
About Dayton SCORESCORE Helps Small Businesses by:
• Providing mentoring and training to those
Preparing to start up a business To existing small business owners
Wanting to grow Needing to improve performance
• Mentoring is “free and forever”• Seminars are at no or a small charge
•www.daytonscore.org - 937-225-2887
Art Helmstetter Niki Chaudhry
• 35 years - business experience
• Started and Grew two businesses to $25 MM
• Owner-investor in three small businesses
• Trainer for Web-Based Marketing
• Education:
MBA,
BS & MS Engineering,
About Us:
• 25 years computer experience
Programmer
System Analyst
• President CEO and owner
Linked Technologies Inc.
• Education
BS Computer Science
CEO, Linked Technologies, Inc.Computer Services
Owner, B2B Planners Ltd.
Small Business Cyber SecurityWhat If?
Home And Small Business Computer Security
Security is a process-not software or hardware
Pop Quiz – What is your risk level
You share your computer with others You travel and use public WiFi Personal & financial data is on your
computer Business files are on your computer You use a smartphone like a
computer You are running Windows XP
Cyber-Security Definitions
What is Cyber-Security?
Protecting your computer, network, and information from online threats
What is Cyber-Crime?
Any crime conducted via the Internet to cause damage or steal data
Cyber-Crime Targets
Why do hackers hack? Steal money Collect information to steal money,
or commit identity theft
Why attack small companies? Least secure in general Unwary users
Avenues That Subject You to Attack
Hardware Unsecured Wi-Fi (Panera) No Router Router with default password
Software No anti-virus/anti-spyware No Firewall Old virus definitions Out of date Windows O.S.
Personal Behavior Failure to use strong passwords Clicking on unsafe links or emails Downloading questionable files Leaving computer logged on Leaving your computer accessible
Cost of Getting A Virus
Virus Type
Impact Solution Cash Cost
Minor Virus
Lose some data2- 4 hours
Use installed anti-virus
$75-100
Major Virus
Loss of docs 5-10 hours
Use service to remove
$100-$130
Catastrophic Virus
Loss of ALL data & photos15+ hours
Use service to wipe & reload entire system
$300- $$$
Also Add What is YOUR time worth? $25, $50 $75?
Windows XP WARNING!
Change your operating system
No option will be fun or easy Done with Microsoft? Switch to Apple
or Linux Want to stay? Update to 8.1 which
works fineYou will probably need to buy a new computer
Go to a reputable reseller and buy a used computer loaded with Windows 7
Layered SecurityCyber Security Part II
Multiple Defenses In Layers of Protection
FirewallSPAM Filter
Web Filter
Anti-Malware
People!
BackupYOUR INFO!
Passwords
1
23
4. 5 6
Conceal
Deny
Detect
Filter
Decide
Router
A Safe Network Uses a Router
GOODBAD
Typical Business Network
Router Firewall
• Closes and locks “open doors”
• Keeps intruders and unknowns out
• Allows the recognized & trusted in
• Not perfect, Cyber-criminals exploit trusted doors
• May block desired sites
Router Protection
The First Line of Defense “Hides” your network and computers
from being directly accessible on the Internet
Routers Can Provide Firewall Protection
Default Router Access Settings – Huh?
Default Usernames/Passwords for most routers can also be found at: http://portforward.com/default_username_password
Setting Up Router Access Password
Access Router via your web browser
Enter your Routers IP Address
Enter the default username & password
Find administration settings
Select Change/Reset Password
Tip: To Find IP address go to your PC’sControl Panel > Network and Internet > Network and Sharing Center and click on your network
Password Protection
Rule #1 Require a password to access your computer
Why? Prevents unauthorized access Provides a first line of defense Prevents easy access from a
network
TIP: Set up automatic lockout that requires a password. A good timeout value is 5 to
10 minutes.
Good Password Procedures
Rule #2 Don’t forget your cell phone Use strong passwords –
>8 characters, letters, numbers and symbols
Use “coded” phrases (e.g. H@m5t3@k!) Don’t store passwords in a file
(unencrypted) Don’t keep them near the computer Use a password vault such as “Lastpass”
Encryption Protection
Makes files and disks unreadable without the encryption key
You can encrypt:Hard Drive or USB Drive – Windows BitLocker Windows 7 upgrade $139, Windows 8.1 included.Start button>all programs>Windows anytime upgrade
Individual Files – Axcrypt– Free open sourceBusiness Email – using a virtual personal network
(VPN)Windows 7 Start button > type VPN into the program search
window
Protects against theft or loss of a computer
Confidential Information
Confidential Information your business is required to protect with encryption includes:
Medical Data defined by HIPAA (Health Insurance Portability and Accountability Act) Must also include staff training
Financial Data defined by PIC (Payment Card Industry) Do NOT permanently store card data on your system Recommend using 3rd party providers
SPAM
URL
Filters
SPAM Filters Keeps out email from
unknown senders Catches majority of
SPAM Catches non-SPAM Allows known email SPAM Filters aren’t
perfect!
WEB Filters Prohibits bad websites Pre-examines website
content and warns you Catches good websites Allows known websites Web filters aren’t
perfect!
Malware Protection
• Anti-Virus & Anti-Spyware Programs
• Scans email, attachments files, & downloads
• Detects threats and Removes them
• Not perfect, does not detect everything, cannot remove all threats
Most Important Is You
You and your employees are the last line of defenseAfter all the layers of protection, you are the decision maker
DENY !!!Do I Open it?
Do I Allow it?
Cyber Security Part III
Are Customers Your Weak Link?
If you provide Wi-Fi for Customers
1.Your existing router may have a “guest” feature1. Be sure to use WPA2 encryption on your Private Network 2. Verify firewall
Install dedicated customer “hot spot” hardware and software
Does not require company to have any Wi-Fi exposure.Protect private proprietary information from public users.
• Improve customer internet experience and security• Include filtering to avoid risky or offensive websites• Provides features such as terms of service or time limits.
2. Worry free 24x7 Technical Support, Monitoring, & Maintenance
Arming Your Employees to Fight Attacks
Are Employees Your Weak Link?
Provide security trainingHave company policies
For email & internet useCompany & confidential informationMake them written and update them
Limit administrative and password access
Restrict software on company computers
The Worst Offender - Downloads
Control Downloads of Software
Never allow “pirate” websitesmusic, games, movies (BitTorrent)
Beware of ALL free software, know the sourceDanger areas
Adobe Flash files – update oftenShortened urls you can’t check – know the sourceEmail attachments or links – hover over “click here”
“STOP” Virus Infection From Downloads
S ource of file?
T ype & size of file?
O thers recommend?
P repared to scan?
This is a fake anti-virus program. Once loaded it claims your computer is infected and directs you to to buy the program via credit card.
Internet Threats
Type Source Purpose ProtectionVirus Email
AdsLinksWarningsUpdates
Malicious attackDisable your computerDestroy your data
Anti-virus softwareFirewall softwareFirewall hardwareData back-up
Phishing
EmailWebsite
Steal Identity or money
Surfing behavior
Adware Ads Virus delivery, steal information
Good practices
Spyware
Steal personal information
Anti-spyware & firewall software
Tip: Have both Anti-Virus AND Anti-Spyware installed on your computer..
But DO NOT install two anti-virus programs.
Phishing, Pharming, Vishing and Smishing
These scams will come in the form of: Email (phishing) Website (pharming) Phone Call (vishing) Text Message (smishing) A Combination of These
Email Phishing Warning Flags
Requests personal information?
Contains grammatical errors or misspellings?
How do they address you? Is it too good to be true? Have you checked the link?
Tip: “Mouse Over” Does the website URL look legitimate?
Tip: Legitimate companies will NEVER ask you for personal or confidential information via email, a website, telephone, or
text message.
Avoid the “RISK” In Your Email
R eceived Before?
I nside Links?
S ensible Message?
K now sender?
This email link delivers a Trojan
Virus right to your computer
Websites
Tip: When installing programs pay attention to installation options. They make you think
you’re declining, but you’re approving!
Beware of search engine results
Do not download unknown or free software
“Unclick”/DECLINE any OPTIONAL Downloads or Toolbars
Use Sucuri Site Check
http://sitecheck.sucuri.net/
Tips for Using the Internet
Only login or send personal information to websites you know are encrypted
A website is encrypted when you see the “lock” symbol or https://
Beware of websites using encryption only on the login page
Tips for Using the Internet
Don't stay signed in to accounts When you are done, log out
Don’t do sensitive business on public WiFi Don’t use the same password, vary it Keep your browser(s) up-to-date
Or switch to Firefox Chrome, or Apple
Browser Security - Settings
Tip: Don’t use your browser to store passwords, not secure.
Social Media - Identity Theft
Do NOT friend, link, or message people you don’t know
Do not allow untrusted applications to access your account
Do not click on posted videosNEVER POST
• You or your family’s full birthdates or places of birth
• Your mother’s maiden name
• The names of young family members
• Your relationship status
A Short Break ?
Virus Diagnosis and Action
Cyber Security Part IV
Signs of Infection
Boots very slowly or hangs up Responds slowly, crashes Programs won’t run or crash Popups, website redirection Broken antivirus or security
Tip: You can “right click” on the task bar and select the “Task Manager” to see the memory and CPU usage that is currently taking place on your computer. Should not be constantly 100%.
Is My Computer Infected?
http://www.youtube.com/watch?v=LGtq_el4p_8
You Have a Virus!(what do you do now?)
Tip:
A foolproof way to keep a virus from
stealing your personal info - disconnect the network cable or turn off the Wi-Fi. THEN
take action.
Serious Infections Need Professional Help
(When to call for help) Anti-virus can’t remove it
Computer is not unusable
Your files are missing
You must manually edit Windows
Your not absolutely sure your actions won’t make matters worse!
What to Do To Protect YourselfHome PC Security Part V
Back-up Options
External Hard Drive Backup Windows Backup Time Machine (Mac)
Cloud Backup Carbonite CrashPlan
File Sync Service (not really a backup)
Dropbox Google Drive
REGULAR BACKUPJUST DO IT.
How to Backup Windows 7
Step by Step Tutorial at:http://www.slideshare.net/B2BPlanner/file-back-up-using-windows-7-back
Restoring from Backup
Final Notes on Windows 7 Backup
Backup saves/restores your data files Backup also creates a separate system
image for restoring programs & Windows Overwrites EVERYTHING when restored Can only be used if a system repair disk
was created
Cost of Prevention
Hardware orSoftware
Cost of Requir
ed
Suggested Source
Router $50 Various – Netgear, Linksys, Belcan, et. Al.
Cloud backup OR
External Hard Drive
$60/year $75 once
Carbonite - www.carbonite.comWindows Backup Software
Anti-Virus $40/year AVG Antivirus – www.avg.com
Firewall $0 Windows Firewall
Anti-Spyware $0 Malwarebytes – www.malwarebytes.org
Anti-spam $0 Built in to Apple Mail & Outlook, need setup
Password vault $0 Great, but dangerous - Lastpass
Total cost $150 -$165
Do it yourself cost (Complete packages, installation, and
training available from Computer Troubleshooters)
The things you MUST do TODAY!
1. Use a Router to hides your computer/network
2. Make sure your Windows Firewall is enabled
3. Use strong passwords on your Router and Computer
4. Use anti-virus/anti-spyware to detect/remove malware
5. Backup your files and data – regularly6. Practice safe surfing: if you aren’t sure,
don’t click!
Thank You:
Questions?