2. ABOUT THE CHAMBER OF COMMERCE
• INDEPENDENT AND NOT-FOR-PROFIT ORGANISATION
• LINKS TO OVER 5,000 LOCAL BUSINESSES FROM FTSE 100
COMPANIES TO BUSINESS CONSULTANTS.
• FACILITATE BROAD RANGE OF MONTHLY EVENTS; E.G.
• BUSINESS BREAKFASTS, CONFERENCES, MASTERCLASSES
• MEMBERSHIP INCLUDES 12 HOURS FREE ONE-TO-ONE
BUSINESS MENTORING
• ADVERTISING AND SPONSORSHIP OPPORTUNITIES
3. Jeremy Quadri
- Director of Quadri Consulting Ltd
- Director of TopDevCentral Ltd
- BEng (Hons) Degree - Electrical & Electronics Engineerv1992
- IT Security Professional at Cable&Wireless Since 1998
- CISSP Certified (372063)
- Certified Ethical Hacker Certification
- Offensive Security Certified Professional certification (OSCP)
- CompTIA SY0-301 Security+
- InfoSec Institute Web Application Security Certified
- OWASP - Testing Secure Web Applications
4. TopDevCentral Ltd
Custom Software Development
Team augmentation
Data Warehousing/Big Data
BI Development
Project Rescue
Quadri Consulting
Ltd
Vulnerability Scanning
Penetration Testing
Professional Services
Threat Management
Awareness Training
BI Development
Services
5. Why Are We Here?
What is Cybersecurity?
Who’s responsibility is it to keep cyber safe?
The Government or the private sector ?
Why YOU may become the next victim?
Who is doing the attacking?
What do they attack?
Why do they attack?
How to protect yourself, your family, and your
business!
6. WHY THIS IS
IMPORTANT
~ A LITTLE HISTORY~
90% of large organisation and 74% of small businesses reported some form
of data breach
Online attacks have grown by 66% since 2009.
Cyber crime costs the UK economy £27bn a year
158 new malware created EVERY MINUTE : PandaLabs
One for each one of us
• Facebook Sees 600,000 Compromised Logins Per Day :TechCrunch
8. Hackers Don't Have Rules, Regulations
They Don’t Have To Meet Compliance Such
as PCI, Data Protection, ISO 27001 Etc...
9. COMMON FALSE RATIONALES?
• There’s Nothing A Hacker Would Want On My PC.
• I Don’t Store Sensitive Information On My PC.
• I Only Use It For Checking E-mails.
• My Company Isn’t Big Enough To Worry About
Hackers?
• Online Stores Will Keep Our Details Safe
11. Websites & Blogs
WordPress is used by 60.9% of all the websites.
1. Use the latest version of core and plugins.
2. Use strong passwords. For more security
enable a 2-factor plugin
3. Get DDOS protection?
14. Your data has been encrypted by ransomware
malware/virus?
15. What is Bitcoin?
Bitcoin vs USD chart statistics
Your data has been encrypted by ransomware
malware/virus?
16. HELPFUL TIP #6: WHAT TO DO IF
BREACHED
1. Reboot your computer, choose
safe mode. (Can someone tell me
how to boot into safe mode —
(press & hold the F8 key)
2. Install a Good Anti-virus
3. Run a Scan With Anti-Virus
4. Bios infected seek professional help
17. DARK WEB
1.ORIGINAL UK PASSPORTS : HTTP://VFQND6MIECCQYIIT.ONION/
2.RENT A HACKER: HTTP://2OGMRLFZDTHNWKEZ.ONION/
3.ASSASSIN FOR HIRE IN EUROPE: HTTP://YBP4OEZFHK24HXMB.ONION/
4.EUROPEAN BASED ARMS-DEALER: HTTP://2KKA4F23PCXGQKPV.ONION/
5.EU DRUG SALE: HTTP://S5Q54HFWW56OV2XC.ONION/
6.COUNTERFEITS CURRENCY: HTTP://Y3FPIEIEZY2SIN4A.ONION/,
HTTP://SLA2TCYPJZ774DNO.ONION/
7.BUY A PAYPAL ACCOUNT & CLONED CARDS :
What sort of things can you find on the deep
web
18. HELPFUL TIP #1: BACKUP YOUR
DATA
1. Run Daily Backups of Critical Data
2. Automated Offsite BackupsAre
Invaluable
3. Check / Test Your Data Backups
Monthly (Minimum)
50% of SMB’s Have No Backup & Disaster Recovery Plan
Only 28% Have Tested Their Plan
20. Why is Payment card data an attractive
target to hackers
21. HELPFUL TIP #2: BANK CARD
RULES
• LOOKOUT FOR THE HTTPS LOCK ICON
• AVOID SHOPPING OVER OPEN WI-FI
• SECURE YOUR HOME NETWORK
• DISABLE PHONE WI-FI & BLUETOOTH WHEN NOT IN USE
• STICK TO REPUTABLE RETAILERS ONLY
23. REAL VALUE?
One prominent credential seller
in the underground reported:
• iTunes accounts for $8
• Fedex.com, Continental.com and
United.com accounts for USD $6
• Groupon.com accounts fetch $5
• $4 buys hacked credentials at registrar and
hosting provider Godaddy.com, as well as
wireless providers Att.com, Sprint.com,
Verizonwireless.com, and Tmobile.com
• Active accounts at Facebook and Twitter
retail for just $2.50 each
93% of companies that lose their data - file for
bankruptcy within 1 year [National Archives]
26. HELPFUL TIP #3: MULTIPLE BANK
ACCOUNTS
One Account for Payroll and Taxes
– NO DEBIT OR CREDIT CARDS
ASSOCIATED WITH THIS ACCOUNT
2.
3.
4.
Check for padlock when
shopping online
5.
Place your hand over the keyboard
when entering your pin
One Account for Operations &
Expenses
Don't let your card's out
of your site when shopping
29. HELPFUL TIP #4: PASSWORD RULES
1. DON’T SHARE PASSWORDS
– This includes your “IT Guy”
– Type your password for them
One Password Per Account
2.
3. No Password POST-IT NOTES!
4. Change Your Password Every 60 Days
5. Use a phrase with numbers and characters:
“I Only Have Eyes For You”
”!0hE4uAug”
6. Use a password manager
30. HELPFUL TIP #5: WINDOWS FIREWALL &
UAC
1. Re-Enable Windows Firewall
2. Install CurrentAntiVirus Software
(and keep it current please)
3. Enable UserAccess Control (UAC)
-- We know it is considered obnoxious,
but it really does work to help prevent
attacks against your workstation
>> Control Panel> UserAccounts
4. Seek professional help to secure your
business network
31. HELPFUL TIP #7: WORK SMARTER
1. Name
2. Address
3. Phone
4. DOB?
5. Education (College/High School)
6. Mother’s Maiden Name?
7. Mothers fathers name
8. Friends names
9. Children’s names
10. Children's school
11. Children's DOB
12. Pets name
13. Browsing habits (websites, services,
hobbies, likes, etc…
14. Don't include passport photograph's
on social media
32. SOCIAL MEDIA AND
PHISHING
1. Know who is authorized to add
content
2. Type of content allowed
3. Who has access
4. Who has login info
5. Which sites are used
6. Employee Termination Policy
According to a Microsoft study, phishing via social
Networks grew from 8.3% in 2010 to 84.5% in
2011 (increasing steadily since then)
Find out what percentage of your employees are Phish-
prone™ with our free test
https://www.knowbe4.com/phishing-security-test-offer
34. If You Allow Users To Access
• Corporate E-mail
• Corporate Data
• Remote Access To Corp Network
Then You MUST have Mobile Device
Management and use a policy to
ensure You Can Wipe Your Corporate
Data If The Device Is Lost Or Stolen.
35. -Install Tracker application on your smartphone, it could help trace
your device if stolen
-London: Most Of Crimes Reported Are Phone Theft
36. Where Do Employees Leave Your Corporate
Data And Email?
Put A
Lock On
Your
Phone
TODAY!
37. PERKELE: ANDROID MALWARE KIT
1. Can Help Defeat Multi-factor
Authentication Used By Many Banks
2. Interacts With A Wide Variety Of
Malware Already Resident On A
Victim’s PC
3. WhenA Victim Visits His Bank’s Web
Site, The Trojan Injects Malicious Code
Prompting The User To Enter His
Mobile Information, Including Phone
Number And OS Type
When the bank sends an SMS with a one-time code,
Perkele intercepts that code and sends it to the
attacker’s control server. Then the malicious script
completes an unauthorized transaction.
38. THE MOST SECURE WAY TO
COMMUNICATE
1. A LETTER SENT THROUGH SNAIL MAIL. (BY CONVENTIONAL POSTAL DELIVERY
SERVICES)
2. OVERNIGHT PACKAGE SUCH AS FEDEX OR UPS.
3. A CALL MADE FROM ONE PREVIOUSLY UNUSED CELL PHONE TO ANOTHER
PREVIOUSLY UNUSED CELL PHONE.
1. Tor
2. Red Phone Free, Worldwide, Encrypted Phone Calls everything
is end-to-end encrypted
3. Signal Desktop [https://whispersystems.org/blog/signal-
desktop/]
Modern secure privacy tools
Traditional
39. TOP 6 BEST ANTIVIRUS FOR
ANDROID
Anti-theft, lost phone check
1.Avast Mobile Security & Antivirus FREE
2. 360 Security – Antivirus FREE
4. CM Security Antivirus Applock by Cheetah Mobile — FREE
5. AVG Anti-Virus Security – FREE
6. Kaspersky -
40. Train Staff On Social Engineering!
Know The Source
Limit Telephone Information Sharing
Physical Security
Wireless “Hot Spots” & Hotel Internet
Your Equipment @ Offsite Locations
including Starbucks & Conferences
Ability To Disable The Device If It’s Lost Or
Stolen (LoJack, Encryption, Etc.)
HELPFUL TIP #8: COMMON SENSE SECURITY
41. Use Malware protection
Encrypt Your Hard Drive
Use Email Hygiene Provider / Service
Use Server Based Group Policies
Use MSP to Manage Company Firewall(s)
Establish Company-wide Data Policies
HELPFUL TIP #9: ADVANCED SECURITY TIPS
42. All You Needed In The 80’s
Tape Backup
A Good Mullet
An Afro
43. Patch Management
Force Password Changes
Implement Password Policies
SecureALL Mobile Devices
Review Workstation Security
Review Network Security
Enforce Content Filtering
HELPFUL TIP #10: PATCHES, UPDATES, & YOUR
NETWORK
44. WHAT’S NEXT ON CYBERCRIMINALS
AGENDA?
1. WebsiteAccounts: Twitter,
Facebook, Pinterest,
YOUR WEBSITE
2. Home Automation
Systems
3. Video Conferencing
Systems
4. Video Surveillance
Systems
5. Refrigerator and Other Network
Appliances
6. HVAC Systems
7.
8.
Automobiles, Phones, &
Televisions
All IOT ( internet of things )
** Recent Paid Test Results In Disabled Brakes**
45. What’s Next on YOUR Agenda?
Network Security Audit
1. Fill Out The Audit Contact Form
2. Business Development Will Schedule
An On-site Pre-Audit Meeting
3. Engineer Will Be Scheduled For On-
site Visit
4. Engineer and Business Development
Will Discuss The Findings Of The Audit
5. Follow Up Client Meeting To Discuss
RecommendationsAnd Findings Of
The Audit
46. WHAT HAPPENS NEXT?
ONE OF TWO THINGS HAPPENS
1. Do You have a security plan ?
Can you implement it in house ?
3. Can you to outsource it ?
2.
Analyse
Plan
Design
Implement
Operate
Optimize
51. RECAP ON THE QUADRI CONSULTING
LTD
• NEXT WORKSHOP WILL BE MARCH 2016 ON THE SAME
SUBJECT WITH MORE HACKING
• BEERS, CONFERENCES, MASTERCLASSES
• INCLUDES 1 HOUR FREE HACKING MENTORING
• ADVERTISING AND SPONSORSHIP OPPORTUNITIES