Don’t Get Hacked: Steps to Protect Your and Your Organization

TED: Hi! Welcome to the Ohio Arts Council's monthly webinar sessions My name is Ted Hattemer

I'm the IT strategist here at the Ohio Arts Council And today, we'll be talking about 'Don't Get Hacked: Steps to Protect You and Your Organization' Just a little bit of housekeeping, if you're having any technical difficulties, or if you have questions, please use the chat function within the WebEx, and I will answer questions at the end of the session rather than asking them or responding as they come in So with that, if anybody, if everyone has any questions or anything, I'll just jump right into it So, what I want to start with is, getting hacked occurs in many forms, and we'll talk about prevention, but first, we'll talk about the different methods criminals and others used to hack your computing devices

First of all, we have something called malware and that software program performs some sort of malicious task Something like capturing usernames and passwords Most of the time, the antivirus software on your machine will prevent you from opening those types of files But, occasionally, something is brand new, and it'll get past your malware Malware also happens when you're running old operating systems, like if your organization still on Windows XP or Vista or something like that, which is 30 percent of most computers online, you'll be very susceptible to to getting infected with malware

Either vulnerability are public computers computers that are used by the general public in a cafe or something like that Also, another vulnerability is unencrypted Wi-Fi, so at a coffee shop or something like that, you're very vulnerable there Another type of hack that occurs is something called man-in-the-middle Where requests made to a website from your end are filtered through another site without you knowing it That's called man-in-the-middle, where you click on a link and you don't realize that you're not actually on Amazon's site but you're on some other site

Another type of hack that we'll be talking about or that we will try to be preventing is phishing And that's handing over your your credentials to a fake website or a fake contact person via an email solicitation And another vulnerability and something to prevent you from getting hacked is using the same password on many sites So, don't use your banking and email password for an online newspaper or for buying something on someone's website because if they get hacked, then your username, your email account, is then associated with that password depending on how they stored it So, right when I started off, I mentioned criminals and others, and I wanted to just make sure that everyone understood that not all hackers are trying to steal information or money from you

Although the vast majority of them are So, for fun, So, some hackers, some hackers, are doing this for fun, so they make attempts on computers and servers and networks just for the personal gratification And others feel that they need to prove something to their peers or friends, maybe they're a young person in college or in high school, and that's, they're doing that for fun Another reason people hack is, I think I might be, here we go Is to steal your information

And maybe it's to steal information from a company or to steal information from you in order to get to a larger system or to infiltrate your personal information or steal money from you Another reason people hack is to disrupt So some hackers, including hacking groups, target a company to disrupt business, create chaos, or just be a nuisance These groups, they're often trying to make a statement with their hacking to demonstrate security inadequacies or to show a general disapproval for the business itself For example, these hacking groups are like Anonymous or LulzSec

And then the last reason most people find that they've been hacked or succumb to hacking is to discredit So, politics, religious beliefs, social beliefs, can led one group to try to silence another group or intimidate or discredit another group And we largely see this when someone takes over a social media account or takes over a website and replaces the content there or the impersonation of someone So, that being said, those are all the different reasons and ways people get hacked Let's jump right into prevention

So, the number of one thing I want you to take away from this webinar is that you need to stop sending and opening email attachments And this is probably the most difficult message to hear But, if implemented, it would make the most difference in how we view potentially dangerous online situations Most phishing attempts and spreading of viruses, those are the two most common ways people get hacked, and more often than not, it begins when someone clicks on an attachment or a link that they've received an email message from either someone they thought they knew or someone they thought was safe So, imagine if when you received an email attachment, you immediately assumed it was malware or phishing, no matter who it was from

So, even if it was from your boss, if someone sent you an attachment or something that looked like an attachment, you just immediately assumed that it was a phishing attempt And that would go a heck of a long way of preventing hacking So, but email super-useful, but it wasn't designed to be the end-all for workflow situations So that being said, what can we do? So, email attachments, even though they're super easy to use and share and create and everything, and even if you go an extra step and zip up your files, you're still creating problems Sending a zip file, that used to be a great solution

You can take all your files and put them into a zip file and it would be super easy to send it along and that would protect it and indicate to the person you're sending it to that it's a safe file and you can go ahead and open it up and the files that are contained within are the attachment But, anymore, a virus or a piece of malware can be any type of file It can be it can be part of a zip file, it can be a JPEG, it can be an mp3, file it can be absolutely anything else And also, these files can come from someone who appears to be your colleague or maybe it is your colleague So, a lot of times in an organization, one person clicks on a link and it's a virus and it ends up sending email with that same virus to all the other folks with an inviting invitation to click on this Microsoft document

So, another reason that we need to stop sending email attachments is that it's an inefficient use of bandwidth and file storage So, sending an attachment across the Internet, when that happens, what happens behind the scenes is that the attached file has to be encoded so that it could travel with integrity from one server to another server So, the email message that you're sending doesn't go from your computer to the person's computer that you're sending it to Instead, it jumps from your email account to your email service provider and then that service provider forwards the message along to the next email relay, and then it bounces along relays until it eventually finds the server's host for the recipient And then, finally, the recipient downloads the message from his or her email provider

So, on an average, 33 percent increase in file size is necessary to encode the average attached file So, when you do the math, you can immediately see the inefficiencies Each email message creates unique copies of the shared file as well, so each person on the recipients list gets a unique copy Then this ends up eating valuable mail server space and bandwidth And then here's the kicker

It also is that email becomes a really lousy project management tool When multiple copies of files are distributed, knowing which version of which file is most current or accurate becomes next to impossible So, hackers are getting more sophisticated with subject lines and fake email addresses, and HTML-formatted email messages in order to deliver the malware So, what is your business to do in order to stay on top of this and how do you stay working with other people? You know, if you're not supposed to use email to share files, how are you supposed to work collaboratively with the rest of your organization? So, first off, creating a purposeful space to share work documents helps on two fronts First, people stop sending email attachments and second, the work becomes more accessible, discoverable, and shareable

OneDrive and OneNote, Microsoft's solution for this, work together to provide sort of a whiteboard, smartboard-type experience Pages, the basic element of a OneNote, are collected into larger sections and shared within a team notebook Secure, collaborative software and cloud storage servers and chat tools are gaining a lot of users across the Internet While email will never fully be replaced anytime soon, its position as the primary means of sharing internal company data is being recognized for how unsecure it is And email is actually on the decline, ever so slightly though

So, here's an example of a team notebook and an example of how one might share files rather than sending them as email attachments Files stored on OneDrive, they can be inserted directly into the OneNote And OneNote provides meta information around the work product in addition to the file name and file type Meta information is really useful to have when there are multiple versions of the same file and multiple files within a project Often, when you're looking for a file on a file server or on someone's hard drive, it's difficult to find that exact version or file name

But when meta information surrounds the document, it becomes very discoverable and the relevance of the project or the file becomes very easy to understand And instead of sending this PDF, the PDF that I just had on the previous slide, instead of sending that file as an attachment, what we end up sending is a link from the OneNote So that way, there's only one copy of the file It remains on the Cloud Drive, where it's getting backed up, and multiple people can comment and suggest improvements for a work product within the whiteboard environment or project management environment So, if you're not on the Microsoft platform, Google provides a similar service

This was originally developed as a personal application suite rather than a full-fledged collaboration platform But Google's pretty much ubiquitous, and you'd be hard-pressed to find somebody who wouldn't be able to share a Google Doc with you So, collaboration comes pretty easy to this platform The way Google handles this is that they use an internal way of sharing files Selecting files and folders to share with your contacts is a simple way to collaborate

When you share a file file or folder, Google sends the link to your colleague's Google inbox They also have a robust list of applications to develop content Sheets, slides, drawings, and forms are all easily created and then shared within the Google platform Downloading the desktop or mobile app gives you access to your files in a familiar file explorer kind of way, and it also gives you online access when you don't have, offline access, when you don't have an internet connection Another tool if you're not using either Microsoft or Google is Box

Box is a good contender to OneNote OneDrive It has sharing capabilities within for almost every Microsoft product And the free version although, it's not as robust as the paid version, is pretty intuitive to use and pretty and easy to get up and running with Box also creates a collaborative environment Each of the files shared within Box can access previous versions of the file, lists of people who have viewed or downloaded the file, and a section for collaborators to leave comments about all the files that are being shared

Box, like Google Drive, both sync to your hard drive and have mobile apps as well And Box, from internal Microsoft Office documents, Box can be launched or Box can launch Microsoft Office documents within its internal interface, and so the integration between the two platforms becomes pretty easy to get back and forth And, finally, there's Dropbox, which is very ubiquitous A lot of people use Dropbox And they just began to roll out what's called Paper, which is their online collaboration tool in addition to the file storage

So that they allow you to upload and share files, but then provide a brainstorming and collaboration space where you can generate ideas and leave comments on other people's files So, there are a bunch of free and reduced cost services out there for nonprofits, but if you're not aware of this one, this is called TechSoup, and it's a great resource It's tremendously discounted software that's available on the site, and signing up is pretty straightforward Microsoft, for example, is $40 per user through TechSoup So, if you need upgrades, you're not on Microsoft 2016, on the Office365, check out TechSoup before you go anywhere else and see if you can get some savings there

And then, if you're ready to take the next step, there's another complete other higher level than what I just went over And those are the true project management platforms Beyond Google Drive and Box and OneNote OneDrive These platforms, such as Basecamp JIRA, Microsoft Project, Asana, and others, they provide things like the ability to create Gantt charts and document flow, timeline, project resource timeline, deadlines notices, people on certain discussions, archiving discussions over a long period of time in order to create documentation about the project So, if you're ready to take that next step, you've got a lot to choose from

Basecamp is probably the easiest to start with, and if you're if you're interested in just true communication collaboration, check out Slack So, that's all about stop sending email The next tip that we have is encrypt your hard drive If you're not doing this, this is pretty simple to do, and whether you're on PC or Mac, you can accomplish this pretty easily What it does is it encrypts, it protects your hard drive by creating a username and a password, and without that username and your password, none of the information would ever be accessible to anyone

Basically, the hard drive would just have to be reformatted in order to to access it So, if your laptop or stolen or somebody gained access to your laptop, if they don't have your username and password, they'd never be able to get to any of your information So, for the PC it's called BitLocker, and it's found in your system preferences On the Mac side, it's called File Vault, and it's in the security and privacy section on under system preferences as well Pretty easy to turn on, kind of a no-brainer, we use here at the Ohio Arts Council

Another thing that you'd want to do in order to decrease your vulnerability for getting hacked is manage your passwords in a in a better way A simple tool for that is called LastPass LastPass is a browser plug-in It's for both Chrome and for Firefox And it manages your passwords by storing them under a central password

So, you can pick really complicated passwords for the sites that you visit often So, here are a bunch of sites that I visit often, and my very complex passwords are being stored within these buckets, and LastPass has my the one password that I have to remember day in and day out

So, if I can access LastPass, that I can get to all of these other services which have super-complex, you know, 14, 17, 18-character long passwords S,o these sites end up becoming super secure for me because they're none of them are sharing a password, and all of the passwords are very, very strong

Another thing you want to consider is turning on two-factor authentication with the services that you're using A two-factor authentication is combining the traditional username and password that we're all familiar with with something you either know, have, or are So, things that you know are the city you were born in and the last four digits of your social security number Things that you have are a cell phone, so, when enabled, for a site, two-factor will text you a code that you can use logging in for additional information above and beyond your username and password And things that you are are like your thumbprint or your iris or even your face for facial recognition software

So, two-factor creates a bit of a hassle when logging in to some of these sites you use frequently, but it also ensures that no one is ever logging in to the site that you use without your knowledge So, if you forget your password for Facebook, for example Facebook automatically uses two-factor, and won't let you change your password unless you can authenticate, not only through Facebook, but also through giving them a code that's linked to your cellphone Google and Microsoft and Apple, a lot of banks, use this Some have it on by default and others like Google require you to turn it on yourself

It's, uh, truly a great thing to turn on, and it does create a little bit of a hassle sometimes, but it's well worth the hassle to know that no one can gain access to some of these very sensitive accounts that are under your name Another browser plug-in is called HTTPS Everywhere, and so I'm going to get a little geeky for the next couple of slides, but bear with me and we'll all learn something So, HTTP is hyper, it stands for hyper text transfer protocol And the way it works is it uses a once and done approach to communicating between the browser and the server It's what's called a stateless protocol

Meaning that your browser makes a request and the server responds And then, between server and the browser, it's as if you've never communicated before You make another request, and you're a brand new connection all over again So every image, every element, every script, every file are separate requests when serving up a web page Enabling HTTPS, or hyper text transfer protocol security, creates an encryption tunnel between the browser and the server

So, when you do online banking without HTTPS, your username and password would move between the server and the browser in plain text With the encrypted tunnel created, there's encryption between your browser and the server while you're communicating, while they're sending that one-off communication of, like, here's my password It's not sent as plain text, but as encrypted data Not all web sites use HTTPS, including our website here at the Ohio Arts Council But if you have a website, it's recommended that you turn it on

It's pretty easy and straightforward to turn on, and most web hosting providers can help you do this A free certificate for turning on your website security is called Let's Encrypt So, if you contact your web hosting provider, ask them to check out Let's Encrypt because it's free, and it will provide you with that extra HTTPS protocol to secure your website That's very useful when you log in to change the content of your website so that that username and password are not going over the Internet free and clear as text, but rather as an encrypted data Additionally, the major search engines like Bing and Google improve your rankings on their results page if you're using HTTPS instead of just straight HTTP

So, that's a side benefit to turning encryption on for your website So here I just wanted to show you that there's quite a bit going on behind the scenes when you connect to the Internet and start making requests between two or more computers A tool like Wireshark, which is available for both Mac and PC, can monitor traffic and analyze the traffic for signs of hacking So this is really far into the weeds, but I just wanted to give you a feel for how much is going on in the background when you connect Firefox to your online bank account All of these are transactions that are happening within loading one web page, and they're all separate requests

And there's a lot going on, so there's a lot of information here that hackers could use And I just wanted to give you that sense of that there's a lot going on that you need to protect So, just a tip never log into your most sensitive accounts while on free public Wi-Fi A hacker could be running software like this on that free public Wi-Fi and watch you log in to your banking site And the connection between your computer and the Wi-Fi is not encrypted

So they would just see your username and password coming across as free text and be able to grab it Another tip that you want to do is when you're not using your webcam, to put a piece of sticky note or tape up there and cover the camera This doesn't happen very often, but it has happened And people like Mark Zuckerberg, the owner the CEO of Facebook, puts a piece of tape over his webcam So, you can tell that it's, uh, it's something that other people are doing, so you might want to consider doing it as well

What happens is that somebody can, if your computer is compromised, somebody could then take over your camera without your knowledge, understand some of your habits, and then be able to place a phone call to you or something like that and gain access to other information because of things they've learned by watching you Other tools that you might want to consider are things like a browsing extension called MyWOT, or web of trust This is another layer that exists between a requested URL and serving up a website So that this service goes out and just make sure that the site that you're accessing is actually the site that you're trying to access and it hasn't been hacked And another one in that same vein is called WebAdvisor, and it's the browsing companion that's got your back

It's a free download, and it'll alert you to when when websites aren't who they say they are or they are infected with malware So, one of the things that we're recommending is that your office have a we got hacked plan If you don't have a what you should do after you get hacked, you should start on that today by asking yourself and answering the following questions What has been affected? So, you feel like you've been hacked, but what has actually happened What services have been compromised? After we take this hacked resource offline, how will that affect our business? Can we wipe clean an infected machine, or do we need to resurrect the data on it? The following steps should be taken if you feel you've been hacked

You need to shut system's down quickly Pull them off of the Internet That is basically shutting them down You don't need to turn off a machine, but eliminate its connection to the Internet And then work with either a security firm or your IT person and determine how intruders got in and fix that first

So, if there was an update to Windows and it wasn't applied, then that's probably how the intruders got in, and you need to fix that first You need to understand where your data is being backed up, and how quickly it can be restored And then, you also need to alert the FBI and the local police It is a federal crime to hack into somebody else's computer, and if it's not reported, then the authorities don't have all of the best information about how many computers in our area are being hacked and what the local threat is and what the regional threat is And then you also need to have a backup work plan, exactly how you're going to get business done without these systems that you rely on

Here a couple of resources that you might want to become familiar with One is staystafeonlineorg There are a lot of tips there And the other is a consumerFTC

gov Those are both sort of tip collection resources that you can use in order to stay safe online And, so, sort of to close this out, I wanted to just address that being safe online is really a trade-off between security and convenience And the more you're willing to slow down a bit, jump through a couple of extra hoops, work in a slightly different way, the safer you'll be in the long run Nothing can completely protect you online, but being aware of the most basic hacks will keep you relatively safe

And that's about as most much as we can hope for in this new digital world So, that's my presentation for today I appreciate you attending And I was wondering if there were any questions, I could answer them now through the chat forum Well, if there are no other questions, I thank you for attending today, and just letting you know that these webinars are on the third Thursday of each month at 2:00

We will be sending out an email message as far as the topic of the next one If you have an idea for a topic, feel free to send that to me via email, to the address on the screen, and do not include an attachment Thanks for your time today, and talk to you soon Thank you!

Free Email Updates
We respect your privacy.

affiliate marketing programs

affiliate marketing