Page Comparison

...

Common threats
Attacker Tactics
Simple things to protect your device

Basic Terminology

Before we continue, let's cover some basic terminology around device security:

Malware
Phishing
Software Vulnerability

Demo - Phishing Attack

...

Protecting Yourself - What you can do

Some simple things you can do to protect yourself

OS and Application Patching

Software companies push out security fixes to customers in the form of a patch. Applying software patches as they come out is a great way to protect yourself new threats.

Update your operating system and programs

These should be familiar

Image RemovedImage RemovedImage AddedImage Added

Limiting Admin Privileges <make simpler>

Accounts

on a computer operating system will come it 2 varietiesThere are 2 types of accounts:

User
Administrator

Administrator accounts are like having the keys to the kingdom. Attackers love them.

Don't Ignore Warnings

...

Listen to Warnings

...but, warnings don't always make a lot of sense..

...

Verified Publishers

Software signing a way of checking who authored a piece of software.

Office Macros

Macros allow users to write and execute code snippets in Microsoft Office files

Image Added

And another one...

Image Added

Attackers try to trick victims into opening Office files with malicious macros inside

Luckily, Microsoft knows about this and has adding in some warnings

Image Removed

And another one...

Image Removed

Basic Macro tips:

Don't run macros from unknown sources
If you're not sure why a document requires a macro, don't run it
Just disable macros all together

Disable Macros
Only run a macro if you know who wrote it

Backups

The safest way to ensure you don't lose your data

How to Backup:

Storage Device - USB or External Hard Drive
Cloud - Dropbox, Google Drive, etc.

Ransomware: WannaCry[pt]

Background

May 2017 an exploit for Windows was released
Attackers used exploit to distribute ransomware
Microsoft had patched the vulnerability in April 2017

Victims of the ransomware would be locked out of their files and attackers demand payment to unlock them

...

one month before

What happened when you get ransamware'd

Can't access your files
Pay $300 to get them back
but, you never get them back

How to protect yourself:

Apply security patchesUpdate Windows
Backup your dataDon't pay the attackers

Thanks!

Questions welcome

Versions Compared

Old Version 4

New Version 5

Key

Basic Terminology

Demo - Phishing Attack

Protecting Yourself - What you can do

OS and Application Patching

These should be familiar

Limiting Admin Privileges <make simpler>

Administrator accounts are like having the keys to the kingdom. Attackers love them.

Don't Ignore Warnings

Listen to Warnings

...but, warnings don't always make a lot of sense..

Verified Publishers

Office Macros

And another one...

Attackers try to trick victims into opening Office files with malicious macros inside

Luckily, Microsoft knows about this and has adding in some warnings

And another one...

Basic Macro tips:

Backups

How to Backup:

Ransomware: WannaCry[pt]

Background

Victims of the ransomware would be locked out of their files and attackers demand payment to unlock them

What happened when you get ransamware'd

How to protect yourself:

Thanks!