Cybersecurity awareness Security, safety and hygiene - PowerPoint Presentation

1. Cybersecurity awarenessSecurity, safety and hygieneClassification: Confidential

2. 2Background to the CoEIISc is the Anchor instituteInitiative of GoK, Department of IT, BT, S&T and Karnataka Innovation and Technology SocietyKSCST is the Implementation Agency

3. 3CySecK Programme structureCybersecurity awareness to citizensCybersecurity awareness to school studentsCybersecurity awareness for GoK staffTechnology community (students / working professionals)Faculty development programmeCreate a marketplace for cybersecurity coursesCommunity cyber labResearch Grant Programme – for top institutesResearch Development Programme for Tier 2 institutesCybersecurity startup acceleratorDevelopment of standard specifications / best practices / reference architecturesCybersecurity awareness to MSME sectorPolicy advocacy for enabling industryAwarenessSkill buildingResearch CollaborationIndustry and startupsGovernmentProvide cybersecurity assistance / guidance to state government entitiesSupport the Dept with actionising Cyber Security StrategyProvide technical support to K-CSIRT

4. Why is Cybersecurity important?A philosophical view

5. What story connects the two images?

6. Why is it easy to commit cyber crime?Anonymity

7. Why is it easy to commit cyber crime?IaaSPaaSSaaSCcaaSAnonymityCrumbling barriers

8. Why is it easy to commit cyber crime?AnonymityCrumbling barriersLack of jurisdiction

9. Why is it easy to commit cyber crime?AnonymityCrumbling barriersLack of jurisdictionEase of laundering

10. Why is it easy to commit cyber crime?AnonymityCrumbling barriersLack of jurisdictionEase of launderingIaaSPaaSSaaSCaaS

11. The varied threat actors…Script kiddiesHobby hackersHacktivistsInsiderSyndicatesNation-state actors

12. Cybersecurity during Covid19

13. Importance of cyber hygieneSource- cyber-observer.com

14. Cyber hygiene practices

15. Phishing Pre-email eraEmail era

16. Phishing identification cheat sheet Did you expect this?Are there spelling / grammatical mistakesObserve the email id – both displayed as well as actual email idDo not trust URL text; see the URL carefully by hovering overDo not click on the URL; login to the legitimate site directlyDo not go by look and feelCheck full URL of shortened URLsBe wary of unsolicited attachmentsIs it trying to bait you with urgency?http://www.karnataka.gov.in/

17. Case Study You receive this message through SMS.

18. Click Email Links with caution Examples of when to clickYou just ordered something from Flipkart. Feel free to click the shipment tracking link in the email they send you. Just make sure it’s exactly what you’re expecting. If you get a tracking link that you weren’t expecting, or for a product you don’t recognize, delete the email right away.You just signed up for an account on a website. If they send you a link to confirm your email address, it’s okay to click it. But again, make sure it’s exactly what you’re expecting, and you remember requesting it.Examples of when NOT to clickYou get an unexpected email from your Organization. Maybe it says that you need to log in and take care of something important. Don’t click the link they give you. If you didn’t know it was coming, there’s no guarantee it’s a legitimate email.Your friend sends you a link that you weren’t expecting. Don’t click it. Remember, the sender’s address can be spoofed or their account hacked. Yeah, I know, this is all awfully annoying, so is there anything else we can do?

19. Other types of phishing attacksVishingSmishingVoice phishingSMS phishing

20. Spear phishing / Business Email CompromiseTargeted phishing attack!

21.

22. WhalingWhaling is also a type of phishing attack where a high-profile target is attacked. The objective of whaling?Target a senior person in the organisationGet money transferred by masquerading as the senior personSteal sensitive information like intellectual property

23.

24. Socially Engineered attacks Socially Engineered Attacks aim at taking advantage of human trust and using psychological manipulation to deceive users to gain access to sensitive information or to conduct fraud. Stages in a socially engineered attack

25.

26. Fake customer service numbersFraudsters look for popular, but unclaimed businesses on GoogleCreate fake pages on FacebookCreate fake handles on Twitter

27. Fake customer service numbersObtain the number from verified websitesIf in social media, look for how old the profile is and any review commentsDisconnect if anything suspicious like sharing OTPs, installing apps, etcTips

28. Matrimonial / romance scamsGifts sent from broad and held at customsEmergency hospitalisations

29. Matrimonial / romance scams – Red flagsAre not willing to show their face / reluctant to come on video chat / reluctant to meet in personAsk for a money transfer, citing some emergency, initially a small sum and later a large amountMay not have a social profile or have few friends on social mediaHesitate to share family/ workplace detailsExpress "love" too quickly even before fully understanding each otherThe profile looks too good to be true for that person to express interest in youRequest for deletion of your profile immediately after getting in touch with youCome up with false stories to gain sympathy

30. Ransomware

31. Prevention Keep anti-virus on your machine always running and updatedDo regular backups – and make sure those have added protection or are stored offlineBe wary of unexpected emails especially if they contain links and/or attachmentsUsers should be especially careful of any Microsoft Office email attachment that advises enabling macros to view content

32. Cyber hygiene practices

33. Secure Passwords

34. How hackers gain access to your passwords? Password guessing- Don’t be predictable. Resist the urge make passwords based on name of family / friends, birthdays, anniversaries, pet name, etc.Shoulder surfing- Watch out when entering password in presence of others. Do not be embarrassed to ask to step back.Keyloggers and other malwareKeep your computer virus-free. Brute Force – Full frontal attackCreate long, complex, unique passwords. Access to written passwordsKeep your passwords in your head or encrypted on your computerPhishing – Dangling the tasty baitDon’t bite the bait. Don’t ever click on links in emails or pop-ups that say they need you to log in somewhere, even if they say it’s an emergency.Hacking password databasesDo not reuse passwords

35. DOsPassword Security DON’TsDon’t give out your passwords: if someone else knows your password, then it’s no longer under your controlIt was Benjamin Franklin who said, “Three may keep a secret, if two of them are dead.”Don’t reuse important passwordsDon’t write them downDon’t create passwords based on personal information like name, date of birth,Address, etcUse a reliable password manager ORDevelop a method for password creation

36. Method for password creationJo Jo Laali Naa Haaduve Chinna Ninna MuddaduveJJLNHCNM$JLNHC1m$JLNHI1mInstagram$JLNHH1mHDFC Bank$JLNHP1mPaytm

37. Multi Factor Authentication

38. How to enable MFA? – Gmail

39. How to enable MFA? - Facebook

40. MFA on WhatsApp

41. User best practices

42. Ensure regular backups To obtain protection from…RansomwareData corruptionDevice damage / loss / theft

43. Mobile security risks Inadequate OR poor OS patching No PIN or Password protectionMalicious / shortened URLsPoor WiFi / Hotspot passwordsJailbroken Or Rooted devicesJuice jacking – attack through public USB charging pointsFraudulent public Wi-Fi access points

44. Be careful about what apps you install Install from trusted app storeInstall from the original organisationLook for review ratings / comments

45. Careful about already installed apps

46. Share minimum data on social mediaCareful with PII and social data - Date of birthLiving addressPhone numberEmail addressVacation plansWebsites that want you to sign in with your social networking accounts are only mining you for advertising potentialReasons Why Linking Sites Is a Bad IdeaDecreased securityDecreased privacyDecreased professional reputation

47. Online Shopping Investigate credibility - Be wary of fraud websites; they are promoted using digital marketing and SEOInvestigate free offers / high discountsWebsites asking for refundable paymentsIf something is too good to be true, it is probably not true!

48. Mobile Addiction: The Silent TrapExcessive and compulsive use of mobile devices, leading to negative consequences in various aspects of life.Impact of Mobile Addiction:Impaired social interactions and decreased face-to-face communication.Reduced productivity at work or school due to distractions.Negative effects on mental health, including anxiety, depression, and sleep disturbances.Physical health problems like eye strain, neck and back pain, and poor posture.Potential risk of accidents and injuries when using phones while driving or walking.

49. Cyber Safe Parenting1. Tech fixes to protect your children online Tips for Parents to Keep their Children Safe Online

50. Fake News sharing6. Think before sharing: Consider the potential impact of sharing the information.

51.

52. Responsible use of technologyDigital citizenship is about responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

53. Responsible use of technologyBe awareBe carefulBe updatedBe waryKnow what is personal dataName, address, date of birthAadhar number, PAN, Passport number, Driving license number, etcMedical or financial dataBiometric dataWhen sharing personal dataHow securely do they handle it?Will they share with anyone else?Follow those who study privacy policies and explain in simple termsTake privacy related news seriouslyAutomated recommendations Keep an open mindFollow accounts providing differing views Be always in pursuit of truthValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

54. Responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

55. Responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

56. Responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

57. Responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

58. Responsible use of technologyThe world contains far more information than any single person can learn in their lifetime.The question is not whether you are ignorant, but what you choose to be ignorant about.Few topics are worth your precious time. Choose what you pay attention to with great care. - James ClearValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overload

59. Responsible use of technologyValue privacyBe scepticalBe civilKeep yourself updatedDo not fall for distractionsReport bad behaviourAvoid information overloadThe greatest tragedy is not the strident clamor of the bad people, but the appalling silence of the good people.- Martin Luther King Jr

60. How to report?Report on the platformReport to government agenciesTwitterInstagramWhatsAppProfilesPostsDMsFacebookPinterestDiscordReport oncybercrime.gov.inMinistry of Women & Child DevelopmentEmail: complaint-mwcd@gov.inAllows even anonymous reportingSexual abuse towards women / childrenCan file Cyber Crime Incident ReportNational Helpline Call 1930

61.