Upload
southwestfd
View
69
Download
5
Tags:
Embed Size (px)
Citation preview
ONLINE SECURITY BASICS: CONDUCTING BANKING AND ACCOUNTING ONLINE SAFELY
PRESENTATION BY ADAM HARLING – MANAGING DIRECTOR, NETITUDE LTD
15 MINUTE WONDERS FOR BUSINESS GROWTH – 27TH NOVEMBER 2014
AGENDA
Brief overview of Netitude Ltd
How this presentation relates to online Banking & Accounting
Technology Basics
Relevant Threats
Being Safe & Secure
Questions and follow-up
2 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
Fully managed IT
services; data backup,
security & anti-virus
Clients get direct access
to experienced
& skilled engineers
24 hour service; 365 days of year
We support clients in a variety of industry
sectors in Southern UK
NETITUDE LTD: AN OVERVIEW
3 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
A trusted provider of managed IT services since 2001
Established & proven IT services provider
Microsoft accredited Engineers
Pro-active monitoring 24/7/ 365
Success built upon client referrals
Frome HQ, with Bristol & Melksham offices
How this presentation relates to online Banking & Accounting
Online accounting has around 200,000 paying users (some £40milliion in revenue)
Online & cloud accounting will be the future accepted norm for small businesses
The barriers to entry & cloud migration are very low, aiding rapid adoption
Currently 40 to 50 vendors of online or cloud based accounting packages
Around 40% small businesses now using online or cloud accounting
Adopting this means knowing its strengths and weaknesses to best protect you and your business from attack or vulnerability
4 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
TECHNOLOGY BASICS: ENCRYPTION
Encryption technology and what it means…
Encryption is converting electronic data into another format
Purpose is to protect the confidentiality of digital data
Modern encryption algorithms play a vital role in the security of IT systems
Authentication: the origin of a message can be verified
Integrity: proof that the contents of a message have not been changed since it was sent
Non-repudiation: the sender of a message cannot deny sending the message
Encryption standards enable you to safely use online banking and accounting
5 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
TECHNOLOGY BASICS: HTTP / HTTPS
What does HTTP and HTTPS mean… HTTP - Hyper Text Transfer Protocol
HTTP is the protocol used to transmit web pages
All data sent via HTTP is in plain text- not protected or encrypted
HTTPS - Hyper Text Transfer Protocol Secure
HTTPS is the protocol used to send encrypted data via the internet
To send encrypted data the website must have an SSL certificate
Data sent via HTTPS is in an encrypted stream, usually to a standard that it is practically “un-crackable”
6 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
TECHNOLOGY BASICS: HTTP / HTTPS
Identifying HTTPS Websites – which one is not secure below?
7 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
TECHNOLOGY BASICS: HTTP / HTTPS
8 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
Verifying HTTPS Websites – Do the facts match?
RELEVANT THREATS: PHISHING SCAMS
Phishing: “the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”
The most common Phishing scams are via email
Often appear from Banking organisations, or even HMRC (more recently)
These scams are easy to spot if you know what you are looking for:
Spelling mistakes or poor English
Slightly different or poor quality logos
The best way to check is by “hovering” the mouse cursor over the link –
does it really go to https://www.barclays.com or does it go to https://www.barclays.com.banksafe.ru?
9 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
RELEVANT THREATS: MAN IN THE MIDDLE ATTACKS
‘Man in the Middle’ attacks – how to protect yourself:
Growing threat due to more mobile access
Your data is more vulnerable when using public Wi-Fi services
SSL still largely secure. So, do double check!
Use mobile banking apps and secure authentication methods
2 step authentication and Secure ID tokens wherever possible
10 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
KNOWN THREATS: HARMFUL VIRUSES & MALWARE
What are the harmful viruses to be aware of and protect yourself from… Recent statistics show that 46% of the infected machines are owned by small businesses
Crypto Locker Virus & other “ransom ware”
Infects via infected or hacked websites and payload emails (with attachments)
Encrypts your data and holds you to ransom to gain access
New variants being released all the time
BAD USB
Recent exploits have found weaknesses in the USB standard,
Makes it almost impossible to protect your computer from a USB device infected or designed with BAD USB
“BOT NET”s
Viruses allowing a remote attacker to use your computers as a remote control “drone”
New Variants being released daily
11 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
RELEVANT THREATS: ARE YOU OR YOUR USERS A THREAT?
Why you or your users are the biggest threat to security…
Humans are vulnerable to “social hacking” - the technique of talking you into giving away your security information
Most attacks come from inside the network - staff with grudges, guests on network
PASSWORDS are the NUMBER 1 security flaw in most networks
12 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
PROTECTING YOURSELF: SETTING GOOD PASSWORDS
13 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
Brute-Force attacks work best against short passwords
The longer the password the longer it takes to crack
Cloud computing has given attackers more power than ever before
Change your password regularly
Don’t use “dictionary” words
PROTECTING YOURSELF: ANTI-VIRUS & ANTI-MALWARE
Anti-Virus & Anti-Malware
Not all Anti-Virus and Anti-Malware software is business grade
Smaller businesses now the target of Virus and Malware writers
Large corporates have better protection in place – small businesses need to catch up
Corporate grade Anti-Virus software is now available and affordable
Corporate grade gateway scanning is now also affordable to the SME market
14 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
Always log into the genuine website for online banking and accounting
You now have the knowledge to verify the websites you are communicating with
XERO / SAGE / QuickBooks Etc. online accounting systems will always use HTTPS
Set strong passwords for all your online activities and change them regularly
Be aware of the risk using public Wi-Fi
Keep Anti-Virus software up to date and always use quality “business grade” products
Consider investing in “corporate strength” gateway firewalls with advanced security features to fully protect your business from attack
15 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
HOW THIS RELATES TO ONLINE BANKING & ACCOUNTING
ONLINE SECURITY BASICS: USEFUL ARTICLES & WEBSITES FOR REFERENCE
http://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/
http://www.nytimes.com/interactive/2014/08/05/technology/what-you-need-to-know-with-russian-hack.html
http://thehackernews.com/2014/09/hacking-ebay-accounts.html
http://www.wired.co.uk/news/archive/2013-05/28/password-cracking/viewall
http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-sites-hacked-a-day-how-do-you-host-yours/
http://www.nationalcybersecurityinstitute.org/
https://www.cyberstreetwise.com/blog/three-quarters-britons-risking-online-safety
16 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
THANK YOU… ARE THERE ANY QUESTIONS?
A COPY OF THIS PRESENTATION IS AVAILABLE
PLEASE CONTACT US TO FIND OUT MORE, OR TO ARRANGE A FREE IT CHECK-UP
17 15 Minute Wonders for Business Growth - 27/11/2014 www.netitude.co.uk
Adam Harling – Managing Director Netitude Ltd e: [email protected] t: 08453 670114