eSecurity! Keeping your Business and Customers SafeMichael McKinnon, Security Advisor

mmckinnon@avg.com.au

Let’s Work Together to Protect Us

• We are an Avalanche Technology Group company, has been operating in Bayside suburbs for many years.

• Our AVG Free Edition product is widely known throughout the world with over 98 Million Users

• What will we be covering tonight?

• How can I protect my business and customers?

• Why is it important to do so?

• Top 10 Practical Tips to Secure your Business

• An exclusive offer for BBN Members, supporting local bayside businesses

A little bit about AVG Australia New Zealand

2

As if running a Business isn’t Hard Enough!

3

As more Businesses take advantage of the booming Internet economy, so too do the criminals, intent on getting what they can... Often at the sacrifice of your Reputation, your Money, or even-worse your entire Business.

The Stakes are Higher Than Ever

4

Distribute I.T. Pty Ltd, started in 2002 and collapsed in June 2011 due to a Hacking Incident...

What are the Threats?

• Vectors:

• Web Pages

• E-mail Attachments

• Pop-Up Windows

• Network Based

• Instant Messaging

• Chat Rooms

• Deception

• Payloads:

• Malware

• Trojan horses

• Worms

• Spyware

• Password Stealers

• Keyboard Loggers

5

Growth of Malicious Computer Code

6

10 Tips to Secure Your Business

1. Use Secure Passwords

2. Control your Internet Connection

3. Secure your Wireless Networks

4. Secure your Mobile Devices

5. Apply all Software Updates on all Computers

6. Prevent Viruses & Malware

7. Reduce Spam

8. Smart settings on your Internet Browsers

9. Secure Internet Banking

10. Be Aware of Scams and Social Engineering Tactics

7

#1 Passwords – Back to Basics

What should be aim for in a password?

• Should be easy to remember

• Should be hard to guess (and “brute-force”)

8

#1 Passwords – World’s Top 10 Most Used

• 123456

• 123456789

• Password

• 12345678

• 654321

• 12345

• Password123

• 1234567

• abc123

• Qwerty

9

Can you guess their password?

10

#1 Passwords – Rank in order of Strength

1. E56#av+Yb!

2. Password123

3. aaaaaAAAAA#####43

4. 123456

5. lucasjames

11

#1 Passwords – Why Size Matters!

Length is moreimportant thanrandomness...

0 – 9 = 10

A – Z = 26

a – z = 26

#$%^ etc. = 10

That’s 72 combinationsfor each letter of yourpassword, for a 10 letter password that’s 72^10

12

#1 Passwords - Summary

• Never, never, ever give your password to someone else!

• Absolute minimum of 10 characters

• Use a mix of UPPER and lowercase; andat least one numeral; andAt least one symbol character

• Remember: Length is always better than Randomness!

• MUST BE EASY TO REMEMBER – so you don’t have to write them down

• Strongly advise separating passwords between all different sites, just needs a few characters different.

13

#2 Control your Internet Connection

• Change the default password on your Routers/Firewalls

• Only allow Outgoing connections for knownservices – generally this means choosingthe highest security level in the Firewall

• Consider turning off the Internet whenit is not being used – i.e. Weekends

• If unsure of the setup or configuration,always consult with an IT Professional andask for them to explain how they are makingit secure.

14

#3 Secure your Wireless Networks

• Amazing how many

• Never use “WEP”, always use “WPA” or “WPA2”

• If you have visitors that want wireless access, have an IT professional setup a “DMZ” wireless network that only provides Internet access only – and not into your internal network

• Exception to our Password Rule here – the wireless encryption key should NOT be easy to remember (it will be too long), and should be written down somewhere safe

15

#4 Securing Mobile Devices for Business

• Use of these devices has grown at an astonishing rate, and attacks are starting to appear

• Always turn-on PIN number locking features

• iPhone users can use Apple’s “Find My iPhone” application to recover a lost/stolen device or remote wipe.

• Android phone users can use AVG Mobilation to recover lost/stolen phone or remote wipe.

16

#5 Always Apply Software Updates

• Why are so many people afraid of Software Updates?

• Rule No. 1 – Always Install the Latest Updates

• Rule No. 2 – Refer to Rule No. 1

• Turn On Automatic Updates

• This applies to updates for EVERYTHING, including:

• Windows or Mac OS-X

• Adobe Flash and PDF Reader

• Java, and Internet Web Browsers (Firefox, Chrome etc.)

17

#6 Prevent Viruses and Malware

• Use an Internet Security solution that includes:

• Scanning of e-mail attachments

• Scanning of web-links that blocks access to pages

• Regular scheduled scanning of files on your computer

• Never, never, ever, use Peer to Peer networks like BitTorrent

• Don’t forget to install anAntivirus software on theoffice File Server!

18

#7 Reduce Spam

• If you don’t know who sent you and e-mail, delete it.

• Far easier to say, much harder to do!

• Need to be vigilant

• Have an Anti-spam software solution in place

• Reduce Spam for others as well by protecting your own business domain

• Implement Sender Policy Framework (SPF) or Domain Keys (DKIM) – speak to an IT professional

• Change your e-mail account passwords regulary(especially POP and IMAP accounts)

19

#8 Use Smart settings on Internet Browsers

• Which Browser do you use?

• Internet Explorer, Firefox, Chrome, Safari…

• Is it up to date? Make sure it is!

• Don’t let the browser remember passwords, because if it gets hacked all your passwords can be stolen!

20

#9 Secure your Bank Accounts

• Know the web address (URL) of your Internet Bankingwebsite – be aware of any misspellingor anything unusual

• Always make sure your InternetBanking website is secured byHTTPS (Secure) – look for padlock

• Insist on “Two-Factor” authenticationfor Business Banking; either a securitytoken or SMS response code is OK

• Contact your bank ASAP if you find anything unusual

21

#10 Be Aware, Be Very Aware

• Latest security newswww.avg.com.au

• Information on Scamswww.scamwatch.org.au

• How to Clean an Infected Computerwww.icode.net.au

• Improving Security at Homewww.cybersmart.gov.au

• Defence Signals Directoratewww.dsd.gov.au/infosec

Great Sources of Information

22

Who needs to know all of this stuff?

• Business Owners

• All Staff

• Temps and Contractors

• Everyone!

• Don’t underestimate the power of some basic IT knowledge when it comes to improving security!

23

What is your Business Risking?

• Data / Information

• Trade Secrets, things you don’t want competitors to know

• Financial Data, could be deleted or tampered with

• Payroll Information, could be shared with staff

• Any number of items!

• Money

• Available through your Internet Bank Accounts

• Credit Card Details

24

Questions?

25

Thank you

And who won the door prize?

Michael McKinnonSecurity Advisor

mmckinnon@avg.com.au