Adam Harling, Netitude - Online security basics and safety tips

ONLINE SECURITY BASICS: CONDUCTING BANKING AND ACCOUNTING ONLINE SAFELY

PRESENTATION BY ADAM HARLING – MANAGING DIRECTOR, NETITUDE LTD

15 MINUTE WONDERS FOR BUSINESS GROWTH – 27TH NOVEMBER 2014

AGENDA

Brief overview of Netitude Ltd

How this presentation relates to online Banking & Accounting

Technology Basics

Relevant Threats

Being Safe & Secure

Questions and follow-up

2 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk

Fully managed IT

services; data backup,

security & anti-virus

Clients get direct access

to experienced

& skilled engineers

24 hour service; 365 days of year

We support clients in a variety of industry

sectors in Southern UK

NETITUDE LTD: AN OVERVIEW


A trusted provider of managed IT services since 2001

Established & proven IT services provider

Microsoft accredited Engineers

Pro-active monitoring 24/7/ 365

Success built upon client referrals

Frome HQ, with Bristol & Melksham offices

How this presentation relates to online Banking & Accounting

Online accounting has around 200,000 paying users (some £40milliion in revenue)

Online & cloud accounting will be the future accepted norm for small businesses

The barriers to entry & cloud migration are very low, aiding rapid adoption

Currently 40 to 50 vendors of online or cloud based accounting packages

Around 40% small businesses now using online or cloud accounting

Adopting this means knowing its strengths and weaknesses to best protect you and your business from attack or vulnerability


TECHNOLOGY BASICS: ENCRYPTION

Encryption technology and what it means…

Encryption is converting electronic data into another format

Purpose is to protect the confidentiality of digital data

Modern encryption algorithms play a vital role in the security of IT systems

Authentication: the origin of a message can be verified

Integrity: proof that the contents of a message have not been changed since it was sent

Non-repudiation: the sender of a message cannot deny sending the message

Encryption standards enable you to safely use online banking and accounting


TECHNOLOGY BASICS: HTTP / HTTPS

What does HTTP and HTTPS mean… HTTP - Hyper Text Transfer Protocol

HTTP is the protocol used to transmit web pages

All data sent via HTTP is in plain text- not protected or encrypted

HTTPS - Hyper Text Transfer Protocol Secure

HTTPS is the protocol used to send encrypted data via the internet

To send encrypted data the website must have an SSL certificate

Data sent via HTTPS is in an encrypted stream, usually to a standard that it is practically “un-crackable”



Identifying HTTPS Websites – which one is not secure below?




Verifying HTTPS Websites – Do the facts match?

RELEVANT THREATS: PHISHING SCAMS

Phishing: “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”

The most common Phishing scams are via email

Often appear from Banking organisations, or even HMRC (more recently)

These scams are easy to spot if you know what you are looking for:

Spelling mistakes or poor English

Slightly different or poor quality logos

The best way to check is by “hovering” the mouse cursor over the link –

does it really go to https://www.barclays.com or does it go to https://www.barclays.com.banksafe.ru?


RELEVANT THREATS: MAN IN THE MIDDLE ATTACKS

‘Man in the Middle’ attacks – how to protect yourself:

Growing threat due to more mobile access

Your data is more vulnerable when using public Wi-Fi services

SSL still largely secure. So, do double check!

Use mobile banking apps and secure authentication methods

2 step authentication and Secure ID tokens wherever possible


KNOWN THREATS: HARMFUL VIRUSES & MALWARE

What are the harmful viruses to be aware of and protect yourself from… Recent statistics show that 46% of the infected machines are owned by small businesses

Crypto Locker Virus & other “ransom ware”

Infects via infected or hacked websites and payload emails (with attachments)

Encrypts your data and holds you to ransom to gain access

New variants being released all the time

BAD USB

Recent exploits have found weaknesses in the USB standard,

Makes it almost impossible to protect your computer from a USB device infected or designed with BAD USB

“BOT NET”s

Viruses allowing a remote attacker to use your computers as a remote control “drone”

New Variants being released daily


RELEVANT THREATS: ARE YOU OR YOUR USERS A THREAT?

Why you or your users are the biggest threat to security…

Humans are vulnerable to “social hacking” - the technique of talking you into giving away your security information

Most attacks come from inside the network - staff with grudges, guests on network

PASSWORDS are the NUMBER 1 security flaw in most networks


PROTECTING YOURSELF: SETTING GOOD PASSWORDS


Brute-Force attacks work best against short passwords

The longer the password the longer it takes to crack

Cloud computing has given attackers more power than ever before

Change your password regularly

Don’t use “dictionary” words

PROTECTING YOURSELF: ANTI-VIRUS & ANTI-MALWARE

Anti-Virus & Anti-Malware

Not all Anti-Virus and Anti-Malware software is business grade

Smaller businesses now the target of Virus and Malware writers

Large corporates have better protection in place – small businesses need to catch up

Corporate grade Anti-Virus software is now available and affordable

Corporate grade gateway scanning is now also affordable to the SME market


Always log into the genuine website for online banking and accounting

You now have the knowledge to verify the websites you are communicating with

XERO / SAGE / QuickBooks Etc. online accounting systems will always use HTTPS

Set strong passwords for all your online activities and change them regularly

Be aware of the risk using public Wi-Fi

Keep Anti-Virus software up to date and always use quality “business grade” products

Consider investing in “corporate strength” gateway firewalls with advanced security features to fully protect your business from attack


HOW THIS RELATES TO ONLINE BANKING & ACCOUNTING

ONLINE SECURITY BASICS: USEFUL ARTICLES & WEBSITES FOR REFERENCE

http://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/

http://www.nytimes.com/interactive/2014/08/05/technology/what-you-need-to-know-with-russian-hack.html

http://thehackernews.com/2014/09/hacking-ebay-accounts.html

http://www.wired.co.uk/news/archive/2013-05/28/password-cracking/viewall

http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked-a-day-how-do-you-host-yours/

http://www.nationalcybersecurityinstitute.org/

https://www.cyberstreetwise.com/blog/three-quarters-britons-risking-online-safety
























































































THANK YOU… ARE THERE ANY QUESTIONS?

A COPY OF THIS PRESENTATION IS AVAILABLE

PLEASE CONTACT US TO FIND OUT MORE, OR TO ARRANGE A FREE IT CHECK-UP


Adam Harling – Managing Director Netitude Ltd e: [email protected] t: 08453 670114

mailto:[email protected]