Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Common threats
  • Attacker Tactics
  • Simple things to protect your device

Basic Terminology

Before we continue, let's cover some basic terminology around device security:

  • Malware 
  • Phishing 
  • Software Vulnerability

Demo - Phishing Attack

<video here>Video!

Protecting Yourself - What you can do

Some simple things you can do to protect yourself








OS and Application Patching

Software companies push out security fixes to customers in the form of a patch. Applying software patches as they come out is a great way to protect yourself new threats.

Everyone should be familiar with these:

Image RemovedImage Removed

Limiting Admin Privileges

Image Removed

Accounts on a computer operating system will come it 2 varietiesUpdate your operating system and programs



These should be familiar

Image AddedImage Added







Don't Log in as Admin

Image Added








There are 2 types of accounts:

  • User
  • Administrator




Administrator accounts are like having the keys to the kingdom. Attackers love them.
Don't Ignore Warnings

...

Understand the Warnings


...but, warnings don't always make a lot of sense..

Do I?

...





Verified Publishers










Software signing a A way of checking who authored a piece of software.



Office Macros

Macros allow users to write and execute code snippets in Microsoft Office files

Image Added


And another one...


Image Added


Attackers try to trick victims into opening Office files with malicious macros inside

...

Image Removed

Image Removed



Basic Macro tips:
  1. Don't run macros from unknown sources
  2. If you're not sure why a document requires a macro, don't run it
  3. Just disable macros all togetherDisable Macros
  4. Only run a macro if you know who wrote it
Backups

The safest way to ensure you don't lose your data


How to Backup:
  • Storage Device - USB or External Hard Drive
  • Cloud - Dropbox, Google Drive, etc.


Ransomware: WannaCry[pt]




Background

...

  • May 2017 an exploit for Windows was released
  • Attackers used exploit to distribute ransomware
  • Microsoft had patched the vulnerability in April 2017

Victims of the ransomware would be locked out of their files and attackers demand payment to unlock them

...

  • one month before
What happened when you get ransomware'd
  • Can't access your files
  • Pay $300 to get them back
  • but, you never get them back
How to protect yourself:
  • Apply security patchesUpdate Windows
  • Backup your dataDon't pay the attackers


Thanks!

Questions welcome