Professional Documents
Culture Documents
Cyber Security Awareneness 8-11-2022 - Bank
Cyber Security Awareneness 8-11-2022 - Bank
AWARENESS
Ajay M. Nikumb
Founder & CEO – Soc Shashwat Pvt Ltd.
Director – SOC Analyst Pvt. Ltd.
• All Participant.
• Shashwat Solutions.
Audits
Consultancy
Security
Solution
Training
AUDITS
• Publications
1) Cloud Security – Prerequisite of New Era
• Published in National Conference by SKN Sinhgad school of Business Management. Pune.
• ISBN: 978-93-5097-389-9
• 2) A Study of Human Excellence and its Effects on Life.
• Published By International Journal of Business, Management and Social Sciences.
• ISSN-2249-7463
• 3) Education In The Vision of Swami Vivekananda.
• Published in National Conference by SKN Sinhgad school of Business Management. Pune.
• ISBN 978-93-5097-389-9
• 4) Information Security - Book in Marathi – ISBN -978-81-933308-8-3
• 5) Information Security Policy for Co.Op Banks ( RBI guidelines)
• 6) Cyber security Policy for Co.Op. Banks ( As per RBI and CERT guidelines
PROFESSIONAL MEMBERSHIPS
• Be Positive.
• Be Interactive.
• Use Available time effectively.
• No questions is silly questions, So do not hesitate to ask questions .
CYBER SECURITY
AWARENESS
Ajay M. Nikumb
WHAT IS SECURITY AWARENESS TRAINING?
•
• #cybersecurity #databreaches #datasecurity #informationsecurity
• https://www-cshub-com.cdn.ampproject.org/c/s/www.cshub.com/attacks/articles/the-biggest-data-breac
hes-and-leaks-of-2022/amp
• 76% Location
• 76% Camera
• 57% Microphone
• 43% Contact
• 32% SMS
• 25% Fingerprints
• RBI/2018-19/63
DCBS.CO.PCB.Cir.No.1/18.01.000/2018-19 October 19, 2018
• RBI Circular - 31-12-2019
HACKERS
• Asset – Asset is something that has value to organizations , Its operation and continuity
INFORMATION SECURITY
• Written
• Oral
• Stored
• Printed
• Audio Visual
• Coded – Un coded
INFORMATION ASSEMBLY
• From Social Networking ( FB, Twitter, WhatsApp, LinkedIn, Organization Website.. Etc.)
• KYC Documents ( PAN card, Adhar Card…Etc)
• Bank Statements……………
• Information Gathering
INFORMATION ASSEMBLY
• MOBILE RECHARGE SHOP
• DEBIT CARD CLONING
• KEYLOGGER
• SMS SPOOFING
• CALL SPOOFING
• RANSOMWARE
• CYBER NUISANCE
• PICTURE MORPHING
• PROFILE HACKING
• ONLINE GAMES
• JOB CALL LETTER
• DATING WEBSITE
INFORMATION SECURITY CHARACTERISTICS
• Confidentiality – Ensure that information is available only to those authorized to have access
INFORMATION SECURITY CHARACTERISTICS
Integrity
Safeguarding the accuracy and completeness of information and processing method.
INFORMATION SECURITY CHARACTERISTICS
• Availability
• Ensure that authorized user have access to information and associated asset when required
INFORMATION SECURITY CHARACTERISTICS
• Confidentiality
• Integrity
• Availability
RISK
• Direct or Indirect loss resulting from inadequate or Failed internal Process, People and
Technology or from external events.
RISK CHARACTERISTICS
• 1) Avoid
• 2) Accept
• 3) Mitigate
• 4) Transfer
INFORMATION SECURITY BREACH – COVID 19
1. Top Management ?
2. CEO ?
3. IT Head / IT Dept. ?
4. User ?
5. What RBI Says - ?
6. Who will suffer - ?
7 Types of Phishing Scams You Should Know About
45
Email Phishing Scams
Scams
7 characters 1 minute
8 characters 1 hour
9 characters 3-4 days
10 characters 7 months
11 characters 40 year
12 characters 2000 years
● I am a devotee of Sw@miji
58
HOWEVER….
It’s when you’re tricked into wiring money to a fraudulent bank account. For example:
An urgent request to wire money from a criminal who impersonates your CEO
through hacking your CEO’s email account.
They hacked one of your vendors and sent you an invoice with fake
bank information.
If you’re tricked into wiring money to a fraudulent bank account, the bank may not be there to
help you. After all, it’s you who transferred the money, not the criminal.
ATM MACHIN
• Reconciliation
CCTV
• CCTV – Location.
• Display – Location.
• Date –Time.
• Recording 90 Days.
• Sing board.
• DVR Location.
NETWORK DEVICES – DEFAULT USERNAME
• Public IP.
• Firewall.
• Router.
• Switches ( Username / Password ).
• Wi- Fi Router.
HACK YOUR SELF
• https://shop.hak5.org/
• Risk :
Most malware use security vulnerabilities in your internet browser or internet plug-
ins to infect your machine
• Precaution :
Turn on Automatic Updates for your software as your operating system
Use web browsers such as Chrome or Firefox that receive frequent, automatic
security updates
Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.
TIP # 2 : UPDATE YOUR OPERATING SYSTEM
• Risk :
No operating system is perfect, and all of them, if not fully patched, are at risk of
being exploited by hackers and viruses
• Precaution :
Hit the windows key on your keyboard and search for “Check for Updates”
Click "Advanced Options".
Select Automatic (recommended) in the drop down menu and close the window
TIP # 3 : DON’T SHARE ACCESS TO YOUR COMPUTER
• Risk :
The ability to share files can be used to infect your computer with a virus or
compromise your identity.
• Precaution :
Deny all file share and folders by restricting or having a strong password with
complexity
If need arise to give access then enable the user rights for particular user of
group of user thru a policy defined by the organisation
Do not allow an hardware devices in network like USB or External HDD
without scanning the devices thru Antivirus or any encryption mechanism
TIP # 4 : NEVER LEAVE DEVICE UNATTENDED
• Risk :
The physical security of your devices is just as important as their technical
security
• Precaution :
If you need to leave your laptop, phone, or tablet for any length of time - lock
it up so no one else can use it.
If you keep sensitive information on a flash drive or external hard drive, make
sure to keep these locked as well.
For desktop computers, shut-down the system when not in use - or lock your
screen.
TIP # 5 : PROTECT SENSITIVE DATA
• Risk :
Be aware of sensitive data that you come into contact with, and associated
restrictions
• Precaution :
Keep sensitive data (e.g., SSN's, credit card information, student records,
health information, etc.) off of your workstation, laptop, or mobile devices.
Securely remove sensitive data files from your system when they are no
longer needed.
Always use encryption when storing or transmitting sensitive data.
TIP # 6 : USE MOBILE DEVICES SAFELY
• Risk :
How much we rely on our mobile devices, and how susceptible they are to
attack, you'll want to make sure you are protected
Precaution :
Lock your device with a PIN or password - and never leave it unprotected in
public
Only install apps from trusted sources.
Keep your device's operating system updated.
Avoid transmitting or storing personal information on the device.
Most handheld devices are capable of employing data encryption - consult
your device's documentation for available options.
TIP # 7 : INSTALL ANTI-VIRUS PROTECTION
• Risk :
Downloading software from a non-credible source may potentially infect your
computer with viruses and may make your computer vulnerable to security
threats.
• Precaution :
Only install an anti-virus program from a known and trusted source.
An updated anti-virus program will alert you when a potential threatening file
is being downloaded onto your computer.
Keep virus definitions, engines and software up to date to ensure your anti-
virus program remains effective.
TIP # 8 : BACKUP YOUR DATA
• Risk :
HDD Crash, Virus effecting the data , Data Corruption
• Precaution :
Get a External Hard drive to back up your data daily
Use Backup software and tapes to backup data and keep it in geographical
location for safety and availability of the data at DR Site
Cloud backup services are available for data backup
TIP # 9 : BEWARE OF SUSPICIOUS EMAIL AND PHONE CALL
• Risk :
Phishing scam are a constant threat using various social engineering, cyber
criminals to trick you
• Precaution :
Be suspicious of any official-looking email message or phone call that asks
for personal or financial information.
Be skeptical of any email that you aren't expecting. Password thieves may
insist that immediate action is necessary and may pretend to be your friend
or some other trusted entity.
Never send password , bank account numbers, Aadhar number , driver
license number via email . Decline such request even if asked thru Email
TIP # 10 : PRACTICE GOOD PASSWORD MANAGEMENT
• Risk :
We all have too many passwords to manage - and it's easy to take short-
cuts, like reusing the same password
• Precaution :
Use long passwords – 8 to 20 characters or more is recommended.
Use a strong mix of characters, and never use the same password for
multiple sites
Don't share your passwords and don't write them down (especially not on a
post-it note attached to your monitor).
Update your passwords periodically, at least once every 6 months (90 days is
better).
Soc Shashwat Pvt Ltd., Pune
IT TEAM
• Q & A.