WELCOME TO:

Cyber-Security Workshop June 26 Time: 8 - 10 AMLocation: Madison Lakes Training &

Conference Center581 Olive RoadDayton, OH

About Dayton SCORESCORE Helps Small Businesses by:

• Providing mentoring and training to those

Preparing to start up a business To existing small business owners

Wanting to grow Needing to improve performance

• Mentoring is “free and forever”• Seminars are at no or a small charge

•www.daytonscore.org - 937-225-2887

Art Helmstetter Niki Chaudhry

• 35 years - business experience

• Started and Grew two businesses to $25 MM

• Owner-investor in three small businesses

• Trainer for Web-Based Marketing

• Education:

MBA,

BS & MS Engineering,

About Us:

• 25 years computer experience

Programmer

System Analyst

• President CEO and owner

Linked Technologies Inc.

• Education

BS Computer Science

CEO, Linked Technologies, Inc.Computer Services

Owner, B2B Planners Ltd.

Small Business Cyber SecurityWhat If?

Home And Small Business Computer Security

Security is a process-not software or hardware

Pop Quiz – What is your risk level

You share your computer with others You travel and use public WiFi Personal & financial data is on your

computer Business files are on your computer You use a smartphone like a

computer You are running Windows XP

Cyber-Security Definitions

What is Cyber-Security?

Protecting your computer, network, and information from online threats

What is Cyber-Crime?

Any crime conducted via the Internet to cause damage or steal data

Cyber-Crime Targets

Why do hackers hack? Steal money Collect information to steal money,

or commit identity theft

Why attack small companies? Least secure in general Unwary users

Avenues That Subject You to Attack

Hardware Unsecured Wi-Fi (Panera) No Router Router with default password

Software No anti-virus/anti-spyware No Firewall Old virus definitions Out of date Windows O.S.

Personal Behavior Failure to use strong passwords Clicking on unsafe links or emails Downloading questionable files Leaving computer logged on Leaving your computer accessible

Cost of Getting A Virus

Virus Type

Impact Solution Cash Cost

Minor Virus

Lose some data2- 4 hours

Use installed anti-virus

$75-100

Major Virus

Loss of docs 5-10 hours

Use service to remove

$100-$130

Catastrophic Virus

Loss of ALL data & photos15+ hours

Use service to wipe & reload entire system

$300- $$$

Also Add What is YOUR time worth? $25, $50 $75?

Windows XP WARNING!

Change your operating system

No option will be fun or easy Done with Microsoft? Switch to Apple

or Linux Want to stay? Update to 8.1 which

works fineYou will probably need to buy a new computer

Go to a reputable reseller and buy a used computer loaded with Windows 7

Layered SecurityCyber Security Part II

Multiple Defenses In Layers of Protection

FirewallSPAM Filter

Web Filter

Anti-Malware

People!

BackupYOUR INFO!

Passwords

1

23

4. 5 6

Conceal

Deny

Detect

Filter

Decide

Router

A Safe Network Uses a Router

GOODBAD

Typical Business Network

Router Firewall

• Closes and locks “open doors”

• Keeps intruders and unknowns out

• Allows the recognized & trusted in

• Not perfect, Cyber-criminals exploit trusted doors

• May block desired sites

Router Protection

The First Line of Defense “Hides” your network and computers

from being directly accessible on the Internet

Routers Can Provide Firewall Protection

Default Router Access Settings – Huh?

Default Usernames/Passwords for most routers can also be found at: http://portforward.com/default_username_password

Setting Up Router Access Password

Access Router via your web browser

Enter your Routers IP Address

Enter the default username & password

Find administration settings

Select Change/Reset Password

Tip: To Find IP address go to your PC’sControl Panel > Network and Internet > Network and Sharing Center and click on your network

Password Protection

Rule #1 Require a password to access your computer

Why? Prevents unauthorized access Provides a first line of defense Prevents easy access from a

network

TIP: Set up automatic lockout that requires a password. A good timeout value is 5 to

10 minutes.

Good Password Procedures

Rule #2 Don’t forget your cell phone Use strong passwords –

>8 characters, letters, numbers and symbols

Use “coded” phrases (e.g. H@m5t3@k!) Don’t store passwords in a file

(unencrypted) Don’t keep them near the computer Use a password vault such as “Lastpass”

Encryption Protection

Makes files and disks unreadable without the encryption key

You can encrypt:Hard Drive or USB Drive – Windows BitLocker Windows 7 upgrade $139, Windows 8.1 included.Start button>all programs>Windows anytime upgrade

Individual Files – Axcrypt– Free open sourceBusiness Email – using a virtual personal network

(VPN)Windows 7 Start button > type VPN into the program search

window

Protects against theft or loss of a computer

Confidential Information

Confidential Information your business is required to protect with encryption includes:

Medical Data defined by HIPAA (Health Insurance Portability and Accountability Act) Must also include staff training

Financial Data defined by PIC (Payment Card Industry) Do NOT permanently store card data on your system Recommend using 3rd party providers

SPAM

URL

Filters

SPAM Filters Keeps out email from

unknown senders Catches majority of

SPAM Catches non-SPAM Allows known email SPAM Filters aren’t

perfect!

WEB Filters Prohibits bad websites Pre-examines website

content and warns you Catches good websites Allows known websites Web filters aren’t

perfect!

Malware Protection

• Anti-Virus & Anti-Spyware Programs

• Scans email, attachments files, & downloads

• Detects threats and Removes them

• Not perfect, does not detect everything, cannot remove all threats

Most Important Is You

You and your employees are the last line of defenseAfter all the layers of protection, you are the decision maker

DENY !!!Do I Open it?

Do I Allow it?

Cyber Security Part III

Are Customers Your Weak Link?

If you provide Wi-Fi for Customers

1.Your existing router may have a “guest” feature1. Be sure to use WPA2 encryption on your Private Network 2. Verify firewall

Install dedicated customer “hot spot” hardware and software

Does not require company to have any Wi-Fi exposure.Protect private proprietary information from public users.

• Improve customer internet experience and security• Include filtering to avoid risky or offensive websites• Provides features such as terms of service or time limits.

2. Worry free 24x7 Technical Support, Monitoring, & Maintenance

Arming Your Employees to Fight Attacks

Are Employees Your Weak Link?

Provide security trainingHave company policies

For email & internet useCompany & confidential informationMake them written and update them

Limit administrative and password access

Restrict software on company computers

The Worst Offender - Downloads

Control Downloads of Software

Never allow “pirate” websitesmusic, games, movies (BitTorrent)

Beware of ALL free software, know the sourceDanger areas

Adobe Flash files – update oftenShortened urls you can’t check – know the sourceEmail attachments or links – hover over “click here”

“STOP” Virus Infection From Downloads

S ource of file?

T ype & size of file?

O thers recommend?

P repared to scan?

This is a fake anti-virus program. Once loaded it claims your computer is infected and directs you to to buy the program via credit card.

Internet Threats

Type Source Purpose ProtectionVirus Email

AdsLinksWarningsUpdates

Malicious attackDisable your computerDestroy your data

Anti-virus softwareFirewall softwareFirewall hardwareData back-up

Phishing

EmailWebsite

Steal Identity or money

Surfing behavior

Adware Ads Virus delivery, steal information

Good practices

Spyware

Steal personal information

Anti-spyware & firewall software

Tip: Have both Anti-Virus AND Anti-Spyware installed on your computer..

But DO NOT install two anti-virus programs.

Phishing, Pharming, Vishing and Smishing

These scams will come in the form of: Email (phishing) Website (pharming) Phone Call (vishing) Text Message (smishing) A Combination of These

Email Phishing Warning Flags

Requests personal information?

Contains grammatical errors or misspellings?

How do they address you? Is it too good to be true? Have you checked the link?

Tip: “Mouse Over” Does the website URL look legitimate?

Tip: Legitimate companies will NEVER ask you for personal or confidential information via email, a website, telephone, or

text message.

Avoid the “RISK” In Your Email

R eceived Before?

I nside Links?

S ensible Message?

K now sender?

This email link delivers a Trojan

Virus right to your computer

Websites

Tip: When installing programs pay attention to installation options. They make you think

you’re declining, but you’re approving!

Beware of search engine results

Do not download unknown or free software

“Unclick”/DECLINE any OPTIONAL Downloads or Toolbars

Use Sucuri Site Check

http://sitecheck.sucuri.net/

Tips for Using the Internet

Only login or send personal information to websites you know are encrypted

A website is encrypted when you see the “lock” symbol or https://

Beware of websites using encryption only on the login page

Tips for Using the Internet

Don't stay signed in to accounts When you are done, log out

Don’t do sensitive business on public WiFi Don’t use the same password, vary it Keep your browser(s) up-to-date

Or switch to Firefox Chrome, or Apple

Browser Security - Settings

Tip: Don’t use your browser to store passwords, not secure.

Social Media - Identity Theft

Do NOT friend, link, or message people you don’t know

Do not allow untrusted applications to access your account

Do not click on posted videosNEVER POST

• You or your family’s full birthdates or places of birth

• Your mother’s maiden name

• The names of young family members

• Your relationship status

A Short Break ?

Virus Diagnosis and Action

Cyber Security Part IV

Signs of Infection

Boots very slowly or hangs up Responds slowly, crashes Programs won’t run or crash Popups, website redirection Broken antivirus or security

Tip: You can “right click” on the task bar and select the “Task Manager” to see the memory and CPU usage that is currently taking place on your computer. Should not be constantly 100%.

Is My Computer Infected?

http://www.youtube.com/watch?v=LGtq_el4p_8

You Have a Virus!(what do you do now?)

Tip:

A foolproof way to keep a virus from

stealing your personal info - disconnect the network cable or turn off the Wi-Fi. THEN

take action.

Serious Infections Need Professional Help

(When to call for help) Anti-virus can’t remove it

Computer is not unusable

Your files are missing

You must manually edit Windows

Your not absolutely sure your actions won’t make matters worse!

What to Do To Protect YourselfHome PC Security Part V

Back-up Options

External Hard Drive Backup Windows Backup Time Machine (Mac)

Cloud Backup Carbonite CrashPlan

File Sync Service (not really a backup)

Dropbox Google Drive

REGULAR BACKUPJUST DO IT.

How to Backup Windows 7

Step by Step Tutorial at:http://www.slideshare.net/B2BPlanner/file-back-up-using-windows-7-back

Restoring from Backup

Final Notes on Windows 7 Backup

Backup saves/restores your data files Backup also creates a separate system

image for restoring programs & Windows Overwrites EVERYTHING when restored Can only be used if a system repair disk

was created

Cost of Prevention

Hardware orSoftware

Cost of Requir

ed

Suggested Source

Router $50 Various – Netgear, Linksys, Belcan, et. Al.

Cloud backup OR

External Hard Drive

$60/year $75 once

Carbonite - www.carbonite.comWindows Backup Software

Anti-Virus $40/year AVG Antivirus – www.avg.com

Firewall $0 Windows Firewall

Anti-Spyware $0 Malwarebytes – www.malwarebytes.org

Anti-spam $0 Built in to Apple Mail & Outlook, need setup

Password vault $0 Great, but dangerous - Lastpass

Total cost $150 -$165

Do it yourself cost (Complete packages, installation, and

training available from Computer Troubleshooters)

The things you MUST do TODAY!

1. Use a Router to hides your computer/network

2. Make sure your Windows Firewall is enabled

3. Use strong passwords on your Router and Computer

4. Use anti-virus/anti-spyware to detect/remove malware

5. Backup your files and data – regularly6. Practice safe surfing: if you aren’t sure,

don’t click!

Thank You:

Questions?