Security Cyber Awareness

THEMA :

Mengamankan Data,
Identitas dan Perangkat
Kerja

PAUL PETER SOSELISA

Agenda

• Latar Belakang
• Melindungi Data
• Melindungi Identity
• Melindungi Perangkat
• Q&A
Elemen-elemen Security

PEOPLE
Staff &
management

PROCESSES
Business activities

TECHNOLOGY

IT (Computer server,
data storage, Voip
phones, pens dll )
How did it start?
What is Happening?
A primary goal of
cybercriminals is to gain
access to corporate and
customer data to commit
further criminal activity.
Storing and sharing your files
Ada banyak cara untuk menyimpan and berbagi files di Office 365, dengan
Click to learn more:
menggunakan SharePoint, Microsoft Teams, dan OneDrive for Business.
SharePoint
Ada 2 factor yang menentukan dalam menggunakan tools yang sharing files. Yaitu : 1.
Siapa yang membutuhkan akses dan 2. Berapa lama files tersebut dijinkan di akses dan
diedit
Microsoft Teams
• Save and set file permissions on SharePoint for your team and beyond. Share it securely.

• Starting a project? Use Microsoft Teams to discuss content and make it readily available
to anyone on the project team. Own it together by storing files on the SharePoint site OneDrive
associated with each team.
for Business
• Store your work on OneDrive for Business. Your files are always with you and ready to
share when you decide.
Mencegah sharing yang berlebihan dengan mengatur siapa yang
boleh dan siapa yang tidak melihat document anda . Click three
dots disudut kanan bawah , and kemudian “ Who can see this?”
Untuk lebih jelas mengenai siapa yang bisa melihat dokumen
silahkan, click tautan ini Microsoft Support article.

Tandai di kalender untik mengingat secara teratur check your

OneDrive for Business and SharePoint sites yang anda miliki
dan silahkan hapus pengguna yang tidak memerlukan akses.
Oversharing basics
Sharing is fun and can help others : Tetapi tidak semua Informasi harus d- isharing,
sekalipun Informasi yang terkait dengan pekerjaan, apalagi Informasi pribadi Berikut ini
beberapa tip untuk mencegah sharing yang berlebihan :

Tips to avoid oversharing

• Don't share personal • Never leave confidential work

information online.
• Set high privacy settings and
know who can see what you've
posted online.
• Do not add strangers to your
social media accounts.
• Don't discuss or share product
launch dates or project details
that are not yours.
data unattended.
• Always use appropriate file-
sharing services.
• Do not provide or enter your
account information to
external websites.
• Avoid using public or
unsecured Wi-Fi connections.
Phishing, oversharing,
having weak passwords—
there are so many actions
that compromise our
identities.
Jangan dibodohi oleh phishing
Phishing (SERAPAN pronounced "fishing") atau MENGELABUI dengan cara MEMANCING PERHATIAN
adalah pencurian identitas pribadi. Dilakukan dengan menggunakan email, phone calls, texts, and
fraudulent websites that are yang didisain untuk mencuri personal data or information misalnyacredit
card numbers, passwords, account data, atau other information.
Signs you may have received a phishing email
• Hover over links to uncover the URL. Always check a URL
before you click on the link, bad links are embedded into an
email as a way to trick the reader.
Steps you can take to protect
• Never click on links or open attachments from unverified
senders. If you receive an email requesting that you click on a yourself from all types of phishing
link or open an attachment, be wary. attempts (i.e.: emails, texts and
phone calls)
• Check for poor grammar and spelling errors. Companies • Treat any unsolicited emails, texts or
rarely send out messages without proofreading content. phone calls with caution.
• Pay close attention to the email address of the sender. An • Slow down.
attacker may use an email address that appears similar to • Always use a secure network.
Think you may either one of our executives or one of our domains.
have received • Turn on multi-factor authentication
Threats or too-good-to-be-true offers may signal a (MFA).
phish? •
malicious email. Cybercriminals use a variety of techniques • Make sure your security software is
Use the Report to manipulate the natural human tendency of trust, fear, and up to date.
Message button in curiosity. • Be aware of your children's online
Outlook to quickly activity.
submit an incident
• Report any incident to IT
report.

PHISHING
 Phishing is kendaraan utama bagi Ransomeware
● Phishing, SMiSing, Vishing, Quishing
● Don’t Take the Bait: Recognize and Avoid Phishing
Attacks
● The 7 red flags of Phishing
SESUATU MUNGKIN “PHISHY”
JIKA :
1. Anda tidak mengenal nama
pengirim, email address atau no
telepon or HP
2. Kalimat yang digunakan penuh
dengan kesalah tilis format tidak
baku, kesalahan grammar/spelling
3. Sender meminta personal atau
confidential information
4. Sender mendesak dengan
penekanan deadline atau expired
date
5. Penawaran terdengar realistis dan
“benar”
6. Website tidak menggunakan
protocol https.
Password is Not Strong Enough
“99.9% of credential theft could be eliminated with MFA” How could this have been avoided?
- VP of CSG Ann Johnson Multi-Factor Authentication

81%
MFA Credentials

Multi-factor
authentication
of breaches prevents 99.9%
leverage stolen or Windows
Hello
FIDO2
Security key
Microsoft
Authenticator
OATH Hard
Tokens
SMS,
Voice
of identity attacks
weak passwords
What is Multi-Factor Authentication (MFA)

John@outlook.com

**********


Something you know Something you have Something you are

A password or PIN A phone, credit card, or hardware token A fingerprint, retinal scan or other biometric
Microsoft Authenticator

Overview
• Standards based MFA
• Supports TOTP, Push Approvals,
Biometrics + Number Match
 You create, keep, and share
lots of data on lots of devices.

Lindungi Devices Weak device can be the entry

point of an attack.
Keep your devices updated
Dapatkan updates terbaru and security patches
Install updates for Windows 10
• Selalu gunakan operating system dan software yang original
juga driver terbaru untuk hardware di computer anda. Demikian
juga untuk mobile devices.
• On most devices you can search on settings to find out if you need
an update
• Install Microsoft Office updates from any Office app on your PC

Install updates for

Microsoft Office
Prevent malware infection
Malware is software jahat yang didisign untuk masuk kedalam system anda dan mengumpulkan
Informasi untuk tujuan criminal, commercial atau destructive . Metode umum yang digunakan adalah
menginfeksi dengan metode phishing.
The most common types of
malware
• Ransomware: restricts access to data by
encrypting files or locking computer screens. It
then attempts to extort money from victims in
exchange for access to data.
• Spyware: monitors your activities online and
on the infected device.
• Bots/Botnets: are programs that allow
attackers to infect and take control of
computers.
• Trojans: is malicious code masquerading as a
legitimate program or file. It can delete data,
compromise security, relay spam, etc.
• Virus: a virus injects a malicious code into valid
files in order to hide and spread through
machines and networks. Viruses corrupt the
files they infect, which lead to system crashes
• Worms: A worm is a malicious code that is
self-replicating and doesn’t need user
interaction to spread.
Steps to reduce risk of malware
infection
• Don't get fooled by phishing. Never click links
or open attachments in email without first
verifying the source. Use email security features.
• Be safe online. Visit only reputable and trusted
sites. Verify the website you are visiting is secure
- web address starts with https and has a closed
padlock icon beside it.
• Only download apps from official app stores.
A popular app will have a million downloads, so
be wary if you see one that only has a few
hundred, this could be a malicious app.
• Never use key generating ("keygen")
programs. Software cracking programs that
activate software outside licensing agreements
pose one of the biggest risks to computer
security worldwide.
• Make sure your security software is up to date
on all devices, including work computers,
phones, tablets, and gaming devices.
PLEASE REPORT A CYBER
INCIDENT

Incident Reporting Portal:

https://helpdesk.Waskita.co.id

cyberincident@cyber.gc.ca
contact@cyber.gc.ca
 Terima Kasih.

© Copyright Microsoft Corporation. All rights reserved.