Post on 10-Feb-2017
transcript
Keeping your Organization
Safe
Pure Perfection Catering Carr Workplaces Who is OptfinITy Network Security Email Security Desktop Security Data Loss People Quiz Questions
Agenda
Pure Perfection Catering is a chef owned and operated catering company serving the Northern Virginia and Washington D.C. Metro area.
With our combined experience of more than 40 years working in catering, hotel, and fine dining restaurants, we provide our clients with food that is great tasting and beautifully presented.
We believe in using the freshest ingredients and sourcing local when available to not only provide a successful event, but a memorable one.
Pure Perfection Catering
Whether you’re an independent professional, a startup, or an ever-expanding company, Carr Workplaces offers the office space, services, and community to help you grow.
Look no further for supportive staff, flexible options on ways to work, nationwide office locations, and a vibrant, collaborative community of professionals just like you.
Carr Workplaces
Founded in 2002 with a focus on providing Peace of Mind to small businesses and non-profit organizations.
Headquartered in the Washington, DC Metropolitan area with clients across the United States.
We have worked with over 200 clients.
About Optfinity
IT Strategy and Assessments Managed Services◦ 24 x 7 Network Operations Center◦ 24 x 7 Technical Support Helpdesk ◦ Infrastructure Support◦ OptfinITy Sync (Cloud Infrastructure and Solutions)
Software and Database Development Website Development◦ Content Management (CMS Works, WordPress) ◦ SharePoint◦ Search Engine Optimization
Mobile Application Development ◦ iOS (iPhone, iPad), Android (Phone & Tablet)
Phone Systems
Services and Core Competences
Network Security (Protect the Infrastructure)
Email Security (Keeping Communication Safe)
Desktop Security (Protecting Desktops) Data Loss (Backup and Disaster Recovery) People (USB, Social Engineering)
Areas of Concern
Network Security
Use a Firewall which offers network intrusion and detection
Use Complex Passwords and only allow remote access via certain IP
Use Network monitoring app to monitor for changes and unauthorized users
Keep Firmware Updated Make ALL default rules DENY traffic and
only make exceptions where needed
Routers / Firewall
Use Strong Network and Administrative Passwords
Use Strong Encryption (WPA2 and AES Encryption)
Use Separate Wifi for Guests Physically Secure Wifi Equipment Have employees use VPN Software when
using external Wifi connections
Wifi Access Points
Need to have plan in place to manage and monitor BYOD (Bring Your Own Device) devices and phones.
All Phones connected to network and system resources should be encrypted with the ability to find the device and remotely wipe
Delete unneeded apps
Mobile Devices
Use Strong Passwords and Strong Encryption when using VPN’s
Limit Access to only those who have a valid business need.
Provide strong antivirus protection to users
Virtual Private Networks / Remote Access
Email Security
An email is very likely to be spam if it… Shows up in the spam filter Contains more than one link Is overly complimentary Tells a long personal story Attempts to sell you drugs, luxury products,
or some random services Seems to be sent by yourself
Spam
Emails are used to transmit viruses and other threats.
Consider using hosted spam protection software to keep the messages out of your network.
Use Strong Passwords on your accounts Utilize 2 Factor Authentication for your
Protecting Email from Spam and Antivirus Protection
In addition to the characteristics of spams, an email is likely to be a phishing email if it… Contains mismatch URLs. e.g.
http://www.dell.com/support Contains misleading URLs. e.g.
www.shop.ebay.maliciousdomain.com Asks you to send money to cover expenses Makes a unrealistic threat Appears to be from a government agency
Phishing
Example of a Phishing Email
To Trust or not to Trust
Train your employees on what Phishing is – use automated testing and educational videos
“When in doubt, throw it out” – delete emails that are questionable and if from someone you know, email them separately.
Use Phishing monitoring software (hosted solutions) which track phishing emails and delete them.
Phishing
Utilize email encryption when sending emails with any protected information (PHI, Social Security Information, Company information)
Implement policies on who can send information and what it may contain.
Email Encryption
Desktop Security
Keep Security Software Current – Have the latest security software, web browser and operating system are the best defenses against viruses and online threats.
Automate Software Updates – many software programs need to release security patches and it is important to have them managed installed/auto installed
Protect EVERYTHING: - protect all machines including smartphones, gaming systems, etc.
Scan EVERYHING: - USB and other External Devices can be infected by viruses and malware – scan them as well
Keep Machine Clean
Antivirus Software Antimalware Software Application Level Encryption -
Utilize Desktop Protection
Data Security
Utilize an automatic backup solution which copies the data and moves it offsite via the cloud
Utilize Encryption on the data backups Use MULTIPLE BACKUPS OF FILES
Backup Continuously and Securely
Website Protection
Data is kept on a server You view the data through a web browser The web browser has codes that can:◦Send requests to the web server on your behalf◦Render the web page into a human-friendly form
The concerns may include: ◦Can anyone else see the data exchanged between the
web browser and the server?◦How can I verify the identity of a website?◦How can I be protected if the website I visit has been
compromised?
How Does a Website Work?
Except ye see signs and wonders, ye will not believe
How to Tell If a Webpage is Secure
URL is spelt correctly
URL begins with HTTPS
Green, Clickable Lock Icon
HTTPS: The “s” at the end of “http” stands for secure and is using an SSL (Secure Sockets Layer) connection. Your information will be encrypted before being sent to a server.
Green Icon: It indicates that the owner of the website has been verified and is trustworthy
Technologies Under the Hood
Don’t Ignore Warning MessagesWeb browsers displays a warning message when it detects that…. The certificate for the a website has
expired The name of the certificate and the
name of the website don’t match The validity of the certificate
cannot be verified The website you’re trying to visit
contains malicious code
Keep your web browser up to date Utilize Web Filtering◦A local filter rejects the request for visiting
harmful website◦A remote filter blocks dishonest IP addresses◦A filtering proxy inspects the traffic between the
user and the server and filters out malicious contents
Ways to Protect
Scams
Criminals are…
Using social engineering to convince you to install malicious software, or hand over personal information under false pretenses.
Trying to sell you overprized services/products
Tech Support Scam
Examples
Examples
Quiz
Question 1
Question 1 You receive an email as shown above, you should:
A. Use the link to update your credit cardB. Type www.paypal.com in a web browser and log in
to check your information
Question 2IRS sends you an email and instructs you to provide credit card info for tax return. You should:
A. Fill the form and click “submit” button
B. Ignore this email
You find a flash drive on the parking lot, it looks brand new. You should:
A. Plug it into the company computer and see if it works
B. Stare at it for a few seconds, and put it back to where you find it
Question 3
Question 4
You see this pop up window, you should:
A. Ignore itB. Click the “Accept and Install” button immediately
Question 5
Which of the following files looks suspicious?
Under the current security landscape, everyone is a target
Be paranoid
Summary