As if running a business isn't hard enough!
AVG (AU/NZ)'s Security Advisor, Michael McKinnon, presents 10 simple tips to secure your business from online threats.
eSecurity! Keeping your Business and Customers Safe
1. eSecurity! Keeping your Business and
Customers Safe
Michael McKinnon, Security Advisor
mmckinnon@avg.com.au
2. Let’s Work Together to Protect Us
A little bit about AVG Australia New Zealand
• We are an Avalanche Technology Group company, has
been operating in Bayside suburbs for many years.
• Our AVG Free Edition product is widely known
throughout the world with over 98 Million Users
• What will we be covering tonight?
• How can I protect my business and customers?
• Why is it important to do so?
• Top 10 Practical Tips to Secure your Business
• An exclusive offer for BBN Members, supporting local
bayside businesses
2
3. As if running a Business isn’t Hard Enough!
As more Businesses take advantage of the booming Internet
economy, so too do the criminals, intent on getting what they
can... Often at the sacrifice of your Reputation, your Money, or
even-worse your entire Business.
3
4. The Stakes are Higher Than Ever
Distribute I.T. Pty
Ltd, started in 2002 and
collapsed in June 2011 due
to a Hacking Incident...
4
5. What are the Threats?
• Vectors: • Payloads:
• Web Pages • Malware
• E-mail Attachments • Trojan horses
• Pop-Up Windows • Worms
• Network Based • Spyware
• Instant Messaging • Password Stealers
• Chat Rooms • Keyboard Loggers
• Deception
5
7. 10 Tips to Secure Your Business
1. Use Secure Passwords
2. Control your Internet Connection
3. Secure your Wireless Networks
4. Secure your Mobile Devices
5. Apply all Software Updates on all Computers
6. Prevent Viruses & Malware
7. Reduce Spam
8. Smart settings on your Internet Browsers
9. Secure Internet Banking
10. Be Aware of Scams and Social Engineering Tactics
7
8. #1 Passwords – Back to Basics
What should be aim for in a password?
• Should be easy to remember
• Should be hard to guess (and “brute-force”)
8
9. #1 Passwords – World’s Top 10 Most Used
• 123456 • 12345
• 123456789 • Password123
• Password • 1234567
• 12345678 • abc123
• 654321 • Qwerty
9
11. #1 Passwords – Rank in order of Strength
1. E56#av+Yb!
2. Password123
3. aaaaaAAAAA#####43
4. 123456
5. lucasjames
11
12. #1 Passwords – Why Size Matters!
Length is more
important than
randomness...
0 – 9 = 10
A – Z = 26
a – z = 26
#$%^ etc. = 10
That’s 72 combinations
for each letter of your
password, for a 10 letter password that’s 72^10
12
13. #1 Passwords - Summary
• Never, never, ever give your password to someone else!
• Absolute minimum of 10 characters
• Use a mix of UPPER and lowercase; and
at least one numeral; and
At least one symbol character
• Remember: Length is always better than Randomness!
• MUST BE EASY TO REMEMBER – so you don’t have to
write them down
• Strongly advise separating passwords between all
different sites, just needs a few characters different.
13
14. #2 Control your Internet Connection
• Change the default password on your Routers/Firewalls
• Only allow Outgoing connections for known
services – generally this means choosing
the highest security level in the Firewall
• Consider turning off the Internet when
it is not being used – i.e. Weekends
• If unsure of the setup or configuration,
always consult with an IT Professional and
ask for them to explain how they are making
it secure.
14
15. #3 Secure your Wireless Networks
• Amazing how many
• Never use “WEP”, always use “WPA” or “WPA2”
• If you have visitors that want wireless access, have an
IT professional setup a “DMZ” wireless network that
only provides Internet access only – and not into your
internal network
• Exception to our Password Rule here – the wireless
encryption key should NOT be easy to remember (it will
be too long), and should be written down somewhere
safe
15
16. #4 Securing Mobile Devices for Business
• Use of these devices has grown at an astonishing
rate, and attacks are starting to appear
• Always turn-on PIN number locking features
• iPhone users can use Apple’s “Find My iPhone”
application to recover a lost/stolen device or remote
wipe.
• Android phone users can use AVG Mobilation to recover
lost/stolen phone or remote wipe.
16
17. #5 Always Apply Software Updates
• Why are so many people afraid of Software Updates?
• Rule No. 1 – Always Install the Latest Updates
• Rule No. 2 – Refer to Rule No. 1
• Turn On Automatic Updates
• This applies to updates for EVERYTHING, including:
• Windows or Mac OS-X
• Adobe Flash and PDF Reader
• Java, and Internet Web Browsers (Firefox, Chrome etc.)
17
18. #6 Prevent Viruses and Malware
• Use an Internet Security solution that includes:
• Scanning of e-mail attachments
• Scanning of web-links that blocks access to pages
• Regular scheduled scanning of files on your computer
• Never, never, ever, use Peer to Peer networks like
BitTorrent
• Don’t forget to install an
Antivirus software on the
office File Server!
18
19. #7 Reduce Spam
• If you don’t know who sent you and e-mail, delete it.
• Far easier to say, much harder to do!
• Need to be vigilant
• Have an Anti-spam software solution in place
• Reduce Spam for others as well by protecting your own
business domain
• Implement Sender Policy Framework (SPF) or Domain
Keys (DKIM) – speak to an IT professional
• Change your e-mail account passwords regulary
(especially POP and IMAP accounts)
19
20. #8 Use Smart settings on Internet Browsers
• Which Browser do you use?
• Internet Explorer, Firefox, Chrome, Safari…
• Is it up to date? Make sure it is!
• Don’t let the browser remember passwords, because if
it gets hacked all your passwords can be stolen!
20
21. #9 Secure your Bank Accounts
• Know the web address (URL) of your Internet Banking
website – be aware of any misspelling
or anything unusual
• Always make sure your Internet
Banking website is secured by
HTTPS (Secure) – look for padlock
• Insist on “Two-Factor” authentication
for Business Banking; either a security
token or SMS response code is OK
• Contact your bank ASAP if you find anything unusual
21
22. #10 Be Aware, Be Very Aware
Great Sources of Information
• Latest security news
www.avg.com.au
• Information on Scams
www.scamwatch.org.au
• How to Clean an Infected Computer
www.icode.net.au
• Improving Security at Home
www.cybersmart.gov.au
• Defence Signals Directorate
www.dsd.gov.au/infosec
22
23. Who needs to know all of this stuff?
• Business Owners
• All Staff
• Temps and Contractors
• Everyone!
• Don’t underestimate the power of some basic IT
knowledge when it comes to improving security!
23
24. What is your Business Risking?
• Data / Information
• Trade Secrets, things you don’t want competitors to know
• Financial Data, could be deleted or tampered with
• Payroll Information, could be shared with staff
• Any number of items!
• Money
• Available through your Internet Bank Accounts
• Credit Card Details
24
25. Questions?
Thank you
And who won the door prize?
Michael McKinnon
Security Advisor
mmckinnon@avg.com.au
25