SlideShare a Scribd company logo

End-User Security Awareness

S
Surya Bathulapalli

End users face common cybersecurity threats such as phishing attacks, ransomware, password reuse, using unpatched devices, lack of remote security, data leakage via social media, and disabling security controls. Key security measures for end users include setting administrator privileges, downloading and installing security updates, installing antivirus software, activating firewalls, using multi-factor authentication, and creating regular backups. Security awareness is important for end users to avoid risks to company assets from security lapses.

Related slideshows

Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
��
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
1 of 18
Download to read offline
/0 END USER AWARENESS End user potential threats and security measures
/1 Contents: OVERVIEW…………………………………………………………………………./2 THREATS - Phishing attacks……………………………….…………………………………………………………………. /4 Ransomware…………………………………………………………………………………………………….……/5 Password reuse…………………………………………………………………………………………………... /6 Using unpatched or poorly configured devices (BYOD)……………………………………. /7 Lack of remote security………………………………………………………………………………………. /8 Data leakage via social networking…………………………………………………………………….. /9 Disable security controls….….……………………………………………………………………………… /10 SECURITY - Set administrator privilege….……………………………………………………………….…………….. /12 Download and install all security update……………………………………………………………. /13 Install and run antivirus and anti-spyware software………………………………………. ./14 Activate built-in firewalls…………………………………………………………………………………….. /15 Multi-Factor Authentication (MFA) ……………………………………………………………………… /16 Create Back-ups………………………………………………………………………………………………….…/17
/2 OVERVIEW Security awareness should be a priority for any end-user. Lack of awareness or small errors can mean serious risk to security, detrimental to company assets. End users tend to make or break security efforts. Avoiding the most common security threats should always be a priority for modern-day infrastructural engineers because you are implicitly aiding a criminal if you don’t even lock your front doors rigorously. In this article, we will be sharing the most common threats that can be posed to an entity. This e-book is entailed to identify the latest, most common cyber threats to end-users because of their lack of cyber- security awareness. Also, recommended security measures that should be implemented to avoid such attacks to computer systems.
/3 THREATS
/4 PHISHING ATTACKS Workplace and personal email become problematic when opening malicious messages such as attachments, clicking embedded links, enabling macros or replying to the sender. Phishing messages are mass distributed via compromised email accounts or mail servers. Spear phishing attacks are targeted phishing attacks. This is where spear phishers use social engineering techniques to personalise the phishing email. The goals of phishing messages are to reveal confidential information (passwords, bank details) and to install malware (e.g keystroke logger, ransomware).
/5 RAN$OMWARE Ransomware restricts access to your computer system and demands a ransom to be paid in order for the restriction to be removed. (e.g WannaCry) Assets affected by ransomware within an organisation include the organisation’s data because ransomware can encrypt important files like, customer data, source code, accounting or other confidential information. Vulnerabilities can be exploited in several ways to enable Ransomware to enter to computer system including through social engineering. This can be through phishing emails, suspicious websites, bad or essentially free software from unknown sites, malicious advertising.
/6 PASSWORD REUSE Using the same password for multiple accounts can compromise all accounts if only one account is comprised. This can include social networking, emails, online banking. Each account should have unique and lengthy password to reduce security risks. Strong passwords contain a combination of numbers, special characters, lowercase and uppercase letters.
/7 USING UNPATCHED OR POORLY CONFIGURED DEVICES (BYOD) Organisations should always ensure that operating systems and software are updated with the latest security patches. And you should not be running an outdated OS such as Windows XP, which is no longer patched. Attackers would attempt to exploit known vulnerabilities on unpatched devices. Therefore, performing application and system updates/patching frequently addresses these known vulnerabilities.
/8 LACK OF REMOTE SECURITY End-users often transfer files between their personal and work devices or allow their family members to use their work devices at home, and this can create some security risks such as data misuse. The fix is simple: the enforcement of a company-wide policy prohibiting the transfer of data from corporate devices to personal ones.
/9 DATA LEAKAGE VIA SOCIAL NETWORKING Social engineers regularly review social media sites and gather information on individuals and groups to target in attacks. Moreover, risks to confidential information getting leaked/posted on networking websites which can tarnish reputations. For this reason, it is important to limit what you share about yourself and others. For example, none of your answers to security challenge question.
/10 DISABLED SECURITY CONTROLS Administrators often disable security controls to make applications more usable for other users but, risks to unauthorized application installation/usage can occur. Some users do not verify the authenticity of a third-party application. This can lead to a small program taking control of the whole computer once administrative privilege have been granted to approve the installation. Also, administrators have access to confidential data that wouldn’t want to get into the wrong hands.
/11 security
/12 SET ADMINISTRATOR PRIVILEGES Revoking administrative access for unauthorisedend-users andonly granting access tothe localoperating system and applications can prevent unauthorised changes to the system. Always follow the principle of least privilege while assigning permissions. An important precaution is to set a strong administrator password on your computer to avoid exploitation to brute force attacks and multiple malwares that needs administrative access to install and can stop many exploits since they do not have the permissions needed to compromise the system.
/13 DOWNLOAD & INSTALL ALL SECURITY UPDATES Windows 10 - automatically checks for the latest updates. Windows 7/8 – Open the Start menu and choose Windows Update or configure your computer to check for updates automatically. Mac OS X 10.11.6 or higher - To check for updates, open the App Store on your Mac and click Updates in the toolbar. Security updates should be applied to all third-party software. These can include Flash, Adobe Reader, Google Chrome, etc.
/14 INSTALL AND RUN ANTI-VIRUS/SPY SOFTWARE Spyware is malicious software that tracks your computer activity, collects your personal information, and degrades your system's performance. Therefore, a key layer of protection for your computer is antivirus and anti-spyware software. Many anti-virus software’s have free versions but come with their restrictions. Once you have installed this software, be sure to update each with the latest definitions immediately, then run a full system scan.
/15 ACTIVE BUILT-IN FIREWALL This can be fixed by installing a thick layer of firewall security measures and ensuring that nothing unwanted passes through. This way, even if an employee is about to install a malware, they will be restricted/blocked by the firewall, warned and the attempt is logged.
/16 MULTI-FACTOR AUTHENTICATION Multi-Factor Authentication (MFA) adds a second layer of security to help prevent anyone other than you from accessing your sensitive information online. It combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defence and make it more difficult for an unauthorized person to access. If single-factor or two-factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
/17 CREATE BACKUPS Preserve your important files and the time it took you to create them by saving backup copies on a weekly basis. You can back up data to external hard drives or cloud storage services. It is also a good idea to keep your original operating system and software start-up disks on hand in case your computer files get damaged. Back-ups are vital if a system crash or hard drive failure occurs.

More Related Content

End-User Security Awareness

  • 1. /0 END USER AWARENESS End user potential threats and security measures
  • 2. /1 Contents: OVERVIEW…………………………………………………………………………./2 THREATS - Phishing attacks……………………………….…………………………………………………………………. /4 Ransomware…………………………………………………………………………………………………….……/5 Password reuse…………………………………………………………………………………………………... /6 Using unpatched or poorly configured devices (BYOD)……………………………………. /7 Lack of remote security………………………………………………………………………………………. /8 Data leakage via social networking…………………………………………………………………….. /9 Disable security controls….….……………………………………………………………………………… /10 SECURITY - Set administrator privilege….……………………………………………………………….…………….. /12 Download and install all security update……………………………………………………………. /13 Install and run antivirus and anti-spyware software………………………………………. ./14 Activate built-in firewalls…………………………………………………………………………………….. /15 Multi-Factor Authentication (MFA) ……………………………………………………………………… /16 Create Back-ups………………………………………………………………………………………………….…/17
  • 3. /2 OVERVIEW Security awareness should be a priority for any end-user. Lack of awareness or small errors can mean serious risk to security, detrimental to company assets. End users tend to make or break security efforts. Avoiding the most common security threats should always be a priority for modern-day infrastructural engineers because you are implicitly aiding a criminal if you don’t even lock your front doors rigorously. In this article, we will be sharing the most common threats that can be posed to an entity. This e-book is entailed to identify the latest, most common cyber threats to end-users because of their lack of cyber- security awareness. Also, recommended security measures that should be implemented to avoid such attacks to computer systems.
  • 5. /4 PHISHING ATTACKS Workplace and personal email become problematic when opening malicious messages such as attachments, clicking embedded links, enabling macros or replying to the sender. Phishing messages are mass distributed via compromised email accounts or mail servers. Spear phishing attacks are targeted phishing attacks. This is where spear phishers use social engineering techniques to personalise the phishing email. The goals of phishing messages are to reveal confidential information (passwords, bank details) and to install malware (e.g keystroke logger, ransomware).
  • 6. /5 RAN$OMWARE Ransomware restricts access to your computer system and demands a ransom to be paid in order for the restriction to be removed. (e.g WannaCry) Assets affected by ransomware within an organisation include the organisation’s data because ransomware can encrypt important files like, customer data, source code, accounting or other confidential information. Vulnerabilities can be exploited in several ways to enable Ransomware to enter to computer system including through social engineering. This can be through phishing emails, suspicious websites, bad or essentially free software from unknown sites, malicious advertising.
  • 7. /6 PASSWORD REUSE Using the same password for multiple accounts can compromise all accounts if only one account is comprised. This can include social networking, emails, online banking. Each account should have unique and lengthy password to reduce security risks. Strong passwords contain a combination of numbers, special characters, lowercase and uppercase letters.
  • 8. /7 USING UNPATCHED OR POORLY CONFIGURED DEVICES (BYOD) Organisations should always ensure that operating systems and software are updated with the latest security patches. And you should not be running an outdated OS such as Windows XP, which is no longer patched. Attackers would attempt to exploit known vulnerabilities on unpatched devices. Therefore, performing application and system updates/patching frequently addresses these known vulnerabilities.
  • 9. /8 LACK OF REMOTE SECURITY End-users often transfer files between their personal and work devices or allow their family members to use their work devices at home, and this can create some security risks such as data misuse. The fix is simple: the enforcement of a company-wide policy prohibiting the transfer of data from corporate devices to personal ones.
  • 10. /9 DATA LEAKAGE VIA SOCIAL NETWORKING Social engineers regularly review social media sites and gather information on individuals and groups to target in attacks. Moreover, risks to confidential information getting leaked/posted on networking websites which can tarnish reputations. For this reason, it is important to limit what you share about yourself and others. For example, none of your answers to security challenge question.
  • 11. /10 DISABLED SECURITY CONTROLS Administrators often disable security controls to make applications more usable for other users but, risks to unauthorized application installation/usage can occur. Some users do not verify the authenticity of a third-party application. This can lead to a small program taking control of the whole computer once administrative privilege have been granted to approve the installation. Also, administrators have access to confidential data that wouldn’t want to get into the wrong hands.
  • 13. /12 SET ADMINISTRATOR PRIVILEGES Revoking administrative access for unauthorisedend-users andonly granting access tothe localoperating system and applications can prevent unauthorised changes to the system. Always follow the principle of least privilege while assigning permissions. An important precaution is to set a strong administrator password on your computer to avoid exploitation to brute force attacks and multiple malwares that needs administrative access to install and can stop many exploits since they do not have the permissions needed to compromise the system.
  • 14. /13 DOWNLOAD & INSTALL ALL SECURITY UPDATES Windows 10 - automatically checks for the latest updates. Windows 7/8 – Open the Start menu and choose Windows Update or configure your computer to check for updates automatically. Mac OS X 10.11.6 or higher - To check for updates, open the App Store on your Mac and click Updates in the toolbar. Security updates should be applied to all third-party software. These can include Flash, Adobe Reader, Google Chrome, etc.
  • 15. /14 INSTALL AND RUN ANTI-VIRUS/SPY SOFTWARE Spyware is malicious software that tracks your computer activity, collects your personal information, and degrades your system's performance. Therefore, a key layer of protection for your computer is antivirus and anti-spyware software. Many anti-virus software’s have free versions but come with their restrictions. Once you have installed this software, be sure to update each with the latest definitions immediately, then run a full system scan.
  • 16. /15 ACTIVE BUILT-IN FIREWALL This can be fixed by installing a thick layer of firewall security measures and ensuring that nothing unwanted passes through. This way, even if an employee is about to install a malware, they will be restricted/blocked by the firewall, warned and the attempt is logged.
  • 17. /16 MULTI-FACTOR AUTHENTICATION Multi-Factor Authentication (MFA) adds a second layer of security to help prevent anyone other than you from accessing your sensitive information online. It combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defence and make it more difficult for an unauthorized person to access. If single-factor or two-factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
  • 18. /17 CREATE BACKUPS Preserve your important files and the time it took you to create them by saving backup copies on a weekly basis. You can back up data to external hard drives or cloud storage services. It is also a good idea to keep your original operating system and software start-up disks on hand in case your computer files get damaged. Back-ups are vital if a system crash or hard drive failure occurs.