SADDLEBROOKE COMPUTER CLUB
CYBER SECURITY CLASS
MARCH, 2019
Instructor Ken Knapp CISSP
10 Cyber Security Questions
1. What’s the most important thing to do to protect your data from any malware attack, data breach or bad actors?
A. Have “and” protect the most current backup. Backup data that has changed A.S.A.P.
2. What is the best Anti-virus software?
A. This “can” change from month to month. Why? Because there are new threats released every day.
It takes teams of cyber security engineers working together to break-even with the latest malware.
3. What should I do if I “think” I’ve been “hacked”?
A. Disconnect your network cable
B. After removing the network cable, run a full scan
C. Check with your financial institution(s)
4. I only use my system for email and communicating with friends, why would anyone want to hack me?
A. Staying within the context of the question, they probably wouldn’t unless you have or might have something
they want. Bad actors don’t know what you have so they send malware out to a range of IP addresses.
Think of it as a burglar driving down your street looking for a house where someone is not home?
B. What do they want?
1) Money or data they can sell ( or use in a Ransomware attack)
C. How did they get my name/IP?
1) Your name was on another computer; i.e.; an email contact list of a business or friend
2) Your name is the same as a person they’re searching for
3) Your name was in a breach, like Home Depot, Target, OPM, etc.
4) Most common, your IP address was part of an Internet IP scan
5. Should I stay off the Internet since this is where the majority of cyber attacks and data breaches originate?
A. No, but be mindful of how much time you spend on it and if your computer is on the internet and you’re not using it. How important is the Internet to your personal daily routine?
There is software, especially games, that keep a port open to the internet when you start the game.
When you enable the “Automatically Check for New Updates or Features”, the software might check as soon as you boot your system or only when you use that software. Think twice before enabling this.
Well written software will check and then close the port.
Poorly written software will check and then leave the port open and not let you know that it’s still connected to the internet.
Suggestion: Enable automatic security updates for your operating system, disable other updates but have one day every month when you check for updates or upgrades of the application you use frequently.
(Short answer, don’t be on the Internet if you don’t have too.)
Questions to help make a decision
Do I have to be on the Internet everyday?
Do you do online banking? (Including just checking your balance)
Do you keep your backup on the system you use daily to connect to the Internet?
6. Where should I store my personal/important data?
A. On a device that is only connected your system when you do a backup.
7. Who should I give my SSN too?
A. Only to a financial institution that needs to verify your credit for a loan.
B. The government, military and your CPA/tax preparer.
Real Estate company’s do not need and should not be asking for your SSN.
Merchants, grocery stores, hardware stores should not be asking for your SSN.
A company (restaurant) that processes your credit card should not be asking for your SSN.
A hospital might need it to bill Medicare or an insurance company (these should have an account number).
See the PCI DSS (Payment Card Industry Data Security Standard) site
https://www.pcisecuritystandards.org/
These are the standards every business in the US that processes a credit card must comply with.
8. Questions to answer before installing new software
1) Will this code enable new vulnerabilities in my system?
2) Does the company provide security patches?
3) Are there reviews that show other users have been hacked because of this software?
4) Has this software been hacked?
E: Open to Audience Questions