Think Cyber - How to stay safe in an online world | May Brooks-Kempler | TEDxSavyon

I think I know you do you have a Facebook account how about LinkedIn Instagram so you probably like online shopping in Amazon or Ebay are you looking for recipes or plan your next vacation using Pinterest if you answered yes to even one of these questions then you're enjoying the incredible things that the Internet has to offer but I was right I do know you and so do other social engineers which means you're at risk I have three children they are born into the internet age and as a cyber security professional with almost 20 years of

experience I have the skills to protect myself and them online but you don't have to be a master hacker or a security expert to be safe online my goal here today is to share some of the tools and techniques I use so that you too will be able to protect yourself your families and your business and use the internet without fear until the 1920s when someone wanted to cross the road they had to simply walk across to the other side that changed with the increase in automobiles and the introduction of pedestrian crossing to law crossing

the road safely is a basic life skill that every parent teaches their kids I believe that cyber skills are the 21st century equivalent of road safety in the 20th century if we look at our homes even if you install the best security mechanisms such as alarms CCTV cameras sophisticated locks all will fail if someone tricks us to giving them the keys the same is true for home and office networks we can use the best security technologies out there anti viruses firewalls IPS is deal piece I can throw on and on but it's not going to

help us if we give away our keys for example give someone else our passwords social engineering is the art of manipulation getting someone to do something they're not supposed to do a social engineer exploits basic human traits such as fear and greed curiosity and urgency a social engineer uses these traits to get you to click a link download the file give someone else your password or pay an extortionist today over 80% of all security incidents involve the human factor us that's true both for organizations and home users so let's go from being the weakest link

into being the strongest link on the fall of 2015 21 year-old Jake met a girl online they started texting each other flirting things heated up and Jake said his girlfriend and intimate photo at that moment everything changed his girlfriend demanded he pay her ransom or she'd sent his photo to his friends and family at first Jake thought it was a joke but it wasn't Jake paid his extortionist but the story did not end there the extorter demanded more and more money pushing Jake to take his own life unfortunately this is not an isolated incident numerous

people were driven to commit suicide after falling victim to sextortion sextortion is an extortion attempt based on threats to publish intimate photos and videos of the victim sextortion targets everyone from twelve-year-old children to any citizens over 80 people online are not always who they claim to be have you ever searched your name online try it I bet you don't even remember that post from 2014 just like an elephant the Internet's never forgets what girls online stays online a sophisticated attacker can build a phishing email the targets used specifically for example if you're a runner they

might send you a special form running shoes such attacks use data extracted from social media accounts of the victim but the threat is not limited to the cyber realm when we share an Instagram story while abroad we're basically inviting a burglar to break into our empty houses so think before you share your social media accounts can be used against you review your privacy settings and never upload something that might be used against you now or in the future how fun is it to get a message like this if I click I can definitely win a

free flight and also this might happen that is exactly what happened to a friend of mine she's a videographer specializing in creating family documentaries a couple of years ago she called me after sing a weird-looking message on her computer screen she had a deadline submitting a documentary she spent three months making so I came over as soon as I entered his studio I knew she had a serious problem the weird looking message was ransomware all her files were encrypted and she couldn't access them I immediately asked her do you have a backup to my dread

she said she did not my heart sank at that point there were only two options pay the ransom and hope to get the decryption key or lose the work having your computer affected by ransomware is usually a result of clicking a link or downloading a file in a phishing email many phishing emails are designed as a security alert or important message and impersonate well-known services such as Facebook Amazon Google or Microsoft so please think before you click Amazon eBay PayPal all know me by name they would never call me dear customer so beware of non

personalized messages and unknown senders hover over the links and never download attachments from unknown sources the best way to protect yourself against ransomware is simply backing up your important data you can use cloud backup or external storage devices or if you're paranoid like me both it won't prevent the attack but it will minimize its effect on your life think ahead and backup trying to technically hack a company is difficult their layers of security that protect the network but hackers are smart they go for the weakest link the end user while random non-personalized phishing attacks are

still very common in many cases the attacker will do his or her homework an attacker can search a company on social media and look for known employees then start digging into an employee social media account to help build a targeted attack the attacker then creates a phishing email that will load the user to verify their credentials using the stolen credentials the attacker can auto forward all emails received by the user thus gain foreknowledge of everything that goes on in that users life and workplace a few months ago I was contacted by a CFO in a

large financial company they almost fell victim to million-dollar scam my team and I ran a few tests and found that an attacker used phishing to gain access to an email account of one of the executives in the company the attacker followed email exchange at the company and when an interesting deal came along he made his move forging an email from the executive asking that an upcoming bank transfer will be made to a new bank account the company got lucky and identified the attack on time but other companies were not that lucky Facebook and Google reported

losing over a hundred million dollars due to such scams a Belgium bank lost over seventy five million dollars and many more so again think before you click we just reviewed three examples of online threats extortion ransomware and spear phishing personalized attacks obviously this talk is not nearly long enough to go through all existing online threats but to be honest it almost always comes down to the same thing social engineering security awareness is an ongoing process the attackers grow in sophistication every day so if you feel someone is trying to manipulate you get you to do

something now tap into your innermost fears or pixel curiosity be vigilant review emails online ads text messages with a grain of salt look for red flags like non personalized emails unknown senders or suspicious-looking links and if something that doesn't feel right don't ignore your instincts and consult a professional when you go home today I urge you to remember three things think before you share before posting on social media think if this is something that you should share with the world think before you click look for phishing warning signs and think ahead and back up your

important data I am confident that by using the tools and techniques I shared with you today you can use the Internet while keeping yourselves and your loved ones safe online now and forever thank you