Cybersecurity & Data

Protection Awareness Training

Nuvven Ltd T/A Coastr

1
Agenda:

1. Definition of Cybersecurity.
2. What is Information
3. Types of threats.
4. Best Practise
5. Data Protection
6. Work from home

2
What is Cybersecurity?

Cyber security is the practice of defending computers servers, mobile

devices, electronic systems, networks and data from malicious attacks.
It’s also known as information technology security or electronic security.

3
 What is Information

Information is an asset, as important as other business assets, that could bring value to the organization and
need to be properly protected. The storage of information includes the following methods:

4
 The form of information
The Form of Information:
◆Computer Data
◆Network Transmission
◆Fax
◆Record on Paper
◆Image
◆Digital Image
◆Disc & Tape
◆Phone Conversation
 What is information assets?
Information, exists with the help of media, becomes information assets by
bringing value to modern companies.
Types of Security threats?

MALWARE SOCIAL ENGINEERING WEAK PASSWORD

PUBLIC WI-FI INTERNET BROWSING PERSONAL DEVICE

Phishing:

➢ What is phishing? When someone wants to distribute malware or steal personal

information they send out an email with bait that looks like something worthwhile and
then cast it to a wide audience intentionally deceiving people by posing as a legitimate
company service or individual.
➢ Criminals typically utilized that you do something usually urgently they're roping that
you then click the link and fill out the requested information and once they have this
information they may be able to use it in the future to steal your identity or access your
accounts.

8
Example of phishing email:

9
 Top Tips to avoid phishing are:
➢ Check who the email sender really is.

➢ Check email address for grammar and spelling mistakes.

➢ Mouse over the link (if any) to see where it goes to.

➢ If you are ever at all unsure do not click the link.

• Phishing – what to Do? If you do identify a phishing email, take these steps:
➢ DO NOT reply or click any link or attachment from that email

➢ Inform your IT or similar department with an immediate effect, and take a screenshot if possible.

➢ Select the email, right-click it and mark it as junk.

➢ Ensure suspicious email domains are blocked and associated emails are sent to the spam or junk folder.
➢

10
 Email Attachments:
➢ Email attachments are one of the most common ways to get infected with
malware it’s critical that you avoid opening it an attachment if you do not know
who an email us coming from.
➢ Even if it looks like an excel, word and pdf file it may be malicious.
➢ A download attachment can sometimes immediately infect your computer.

11
 Top Tips for Email Attachments:

➢ Never open or save an attachment from an unknown sender even the email
comes from someone you trust since they might hacked their account.
➢ If it looks fishy do not open or save the attachment as well.

12
 Spam Protection:
➢ Never open spam emails even if you think it is funny to see the content inside.

Many times the spam providers have read receipt on the email they sent this
means they know how many people open their emails and which email address
are legitimate.

➢ Never use the work email address to sign up on social media, offers etc.

Ensure that you use the work email address only for work purposes not to any
social media accounts or other third parties.

13
 Top Tips for Spam Protection:

➢ Never open a spam email.

➢ Never respond to a spam email.
➢ Do not use work email address to sign up on websites, social media
accounts, or newsletter that are irrelevant to work.

14
Social Engineering:

SHRED- Any document which is of no use to you, shred them before throwing away in
the bin!
DESTROY. If you are getting rid of any electronics (USB drive, old phones, hard disks,
make sure your wipe off the data and physically destroy the same before dumping them

15
 Passwords:
➢ Can the below answers be found on your facebook account or on another social
media?:
What city you grow up? Or what is your favourite colour? etc.
➢ It’s very risky to post this information on social media because of security questions
exist on just about every website that requires a username and a password.
➢ The above security questions are information that your friends, family and social
media connection know and that anyone can likely find out.
➢ Also, malicious parties can utilize your social media account to find out the answers
that to these questions which then allows them to reset your password.
➢ Ther best practice is to not be honest when filling out these questions just treat the
security questions as another password field if it asks you for instance your mum’s
name just enter something completely unrelated.
16
 Poor Password Hygiene:

➢ Poor Password Hygiene is another security risk.

➢ Typically people use the same password across all the websites.
➢ Once the people gain access to the password they can really ruin your life by
changing them, sending emails to people and accessing your accounts you
do not want them to access.

17
 Tips For Passwords:

➢ Create a complicated password for your work accounts.

➢ Never share your work account passwords with friends and family and any
other parties.
➢ Change your work account password every 90 days.
➢ Set a two factor authentication (in your phone) to protect your work email
account any other work account that you may use.

18
 Malware:
➢ Malware includes numerous threat families all with different names:
● Viruses
● Worms
● Trojans
● Ransomware
● Spyware etc.

➢ Often several of these combined into one attack.

➢ Ransomware encrypts all of your files so that you lose access to them then asks you to pay a
ransom in order to regain access but usually despite paying you never regain access to your files
anyway.
➢ Malware continues to grow over the years and that’s why we need to ensure that we have the
antivirus software installed in our company’s laptop as attackers are often targeting businesses and
industries.

19
How to protect your laptop/ computer get infected:

➢ Keep software up to date. Attackers know about weaknesses in the software

on your device before you do.
➢ Do not click malicious links in email.
➢ Do not plug in an unknown flash drive.
➢ Download the antivirus software on your company’s laptop.

20
 Public Wifi:

➢ Public Wifi is a non secure network that users can connect for free (libraries,
cafe, restaurants etc.)
➢ Malicious actors will set up their own wifi hotspot.
➢ Public wifi insecure and you should treat it as unsafe.
➢ Cell phone data can be used instead.

21
 HTTPS:

➢ HTTPS is a protocol for secure communication over a computer network

which is widely used on the internet.
➢ No sensitive information should be typed into a page that is not secured by
https://
➢ Some people can put a fake icon and display to look as a https://

22
 Best Practice

Data Privacy Mobile Security Unsecured WiFi

▪ Pause and reflect on the impact of ▪ Use a strong password to lock your ▪ Turn off automatic WiFi
the information you share device connectivity on all devices
▪ Keep privacy settings high on ▪ Ensure device auto locks within set time ▪ Use password protected WiFi.
social networks to prevent sensitive ▪ Regularly update Operating Software ▪ Connect to legitimate/password-
information being shared with public (OS) and apps protected public WiFi hotspots
▪ Format / destroy your hard disk ▪ Delete all unused application ▪ Avoid performing any financial
before disposing ▪ Read through what type of information transactions while connected to a
▪ Print documents only if necessary, apps will have access to and restrict the public / free WiFi services
▪ Shred all unused / unnecessary same ▪ Do not key in or access
documents ▪ Download app only from official app store sensitive information while using
▪ Check app reviews and ratings to verify unsecured WiFi networks
its authenticity before downloading
 Data Protection:
Various types of data which must be protected from unauthorized access and disclosure
Employees Sensitive Data
Employees’ Data ► Medical Records
Personal identifiable information (PII) ► Sexual orientations
► Full name ► Trade data/information
► Address ► Genetic Data
► Postal code
► Telephone number Coastr Data

► Date of Birth ► Financial data

► Bank routing and account numbers ► Trade data/information

► Social security number ► Intellectual capital

► Academic and professional background ► Confidential client communication

► Income/Salary

24
 Data Protection:

➢ Be aware of various kinds of the of PII you have and who is authorized to
access it
➢ Stay alert for social engineering attacks and refuse to give your PII to a bad
actor who is trying to extract it from you
➢ Shred any document containing customer PII before disposal
➢ Think twice before sharing PII and ensure that there is a necessary reason to
do so
➢ Avoid placing PII on portable devices such as flash drives, external hard drive,
smartphones
➢ If data must be placed on an portable device, ensure that it’s encrypted
➢ Completely destroy the document once it is no longer needed when you write
your PII in a piece of paper
 Data Protection:
When protecting data, it’s important to consider the different ways that data is transmitted and
used

Data at rest Data in transit Data in use

► Data stored in storage ► Data currently travelling ► Data being processed by
media (e.g., hard across a network. This an application or data
Definition drives, file servers, includes email, instant being viewed by a user
database, etc.) message, HTTP etc.

► Theft, loss of data ► Attacker may intercept data ► Modification of data by

Risk across the network unauthorized individual

► Strong encryption at ► Transmit data using only ► Control access to data so

disk/drive level and at strong security protocols that only authorized
How to file-level (e.g., HTTPS) personnel can modify
protect? data
► Physically securing
disk/drive
Work from home considerations:
➢ Technology is a key component that enables you to do remote work. You can have a secure data
handling and transfer with the following best practices:
➢ Enable Wi-Fi Protected Access 2 (WPA2) or WPA 3 and use a strong password/key for home
wireless network connectivity. Use the company VPN when transferring confidential information.
➢ Utilize approved cloud storage and avoid storing work related documents on home computers, as well
➢ as sending work-related emails to personal email accounts.
➢ Turn off or disable the microphone of voice assistants (e.g., Alexa, Google). Update your device’s
privacy settings to enable you to easily delete conversations.
➢ Download and install the security updates on your computer regularly. Never disable or circumvent
security features provided by your company.
➢ Pay attention to files you exchange via email (e.g., ensure ‘private’ setting) and Skype/chats, and also
to documents and software you open when sharing the desktop via conference calls.
➢ Be vigilant and report suspicious emails, attachments and phone calls. During crisis, there is usually a
rise of security threats.
➢ Pay attention when taking confidential calls. If you cannot step out from areas shared by other family
members or people, avoid saying client or vendor names.
If you have any questions please
contact : [email protected]

28
29