Cyber Security

Threat to Email, preventive measures and general security tips

Presented by: Sunu Solomon K. (Software Engineer)

What is Cyber security?

It is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

WHY IS CYBER SECURITY IMPORTANT?

Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.

Common terms associated with Cyber Security

MalwareSoftware that compromises the operation of a system by performing an unauthorized

function or process.

CryptographyThe use of mathematical techniques to provide security services, such as confidentiality,

data integrity, entity authentication and data origin authentication.

PhishingA digital form of social engineering to deceive individuals into providing sensitive

information.

VirusA computer program that can replicate itself, infect a computer without permission or

knowledge of the user and then spread or propagate to another computer.

Understanding Your Email Clients

How do email clients work? Every email address has two basic parts: the user name and the domain

name. When you are sending email to someone else, your domain's server has to communicate with your recipient's domain server.

For example, let's assume that your email address is john@example.com, and the person you are contacting is at jacob@anotherexample.org. In very basic terms, after you hit send, the server hosting your domain (example.com) looks at the email address and then contacts the server hosting the recipient's domain (anotherexample.org) to let it know that it has a message for someone at that domain. Once the connection has been established, the server hosting the recipient's domain (anotherexample.org) then looks at the user name of the email address and routes the message to that account.

Security Threats to Your Email Communications

Eavesdropping Identity Theft Message modification Message Replay

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

Why can email attachments be dangerous?

Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address

book?

Keep software up to date - Install software patches so that attackers can't

take advantage of known problems or vulnerabilities (see Understanding

Patches for more information). Many operating systems offer automatic

updates. If this option is available, you should enable it. Consider creating separate accounts on your computer - Most operating

systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.

Steps to protect yourself and others in your address book

Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

1. Be sure the signatures in your anti-virus software are up to date

2. Save the file to your computer or a disk.

3. Manually scan the file using your anti-virus software.

4. If the file is clean and doesn't seem suspicious, go ahead and open it.

Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.

Steps to protect yourself and others in your address book

Email Security & Privacy

Benefits of BCC

What is BCC?

BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Addresses in the To: field and the CC: (carbon copy) field appear in messages, but users cannot see addresses of anyone you included in the BCC: field.

Why would you want to use BCC?

Privacy - Sometimes it's beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients.

Another point to remember is that if any of the recipients use the "reply to all" feature to reply to your messages, all of the recipients listed in the To: and CC: fields will receive the reply. If there is potential for a response that is not appropriate for all recipients, consider using BCC.

Why would you want to use BCC?

Tracking - Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it.

Respect for your recipients - People often forward email messages without removing the addresses of previous recipients. As a result, messages that are repeatedly sent to many recipients may contain long lists of email addresses. Spammers and email-borne viruses may collect and target those addresses.

Why would you want to use BCC?

To reduce the risk, encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people's inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you're sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message.

How do you BCC an email message?

Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software's documentation.

If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully.

Other methods of securing emails Most free email clients have limited tools when it comes to securing emails

from hacker attacks. However there exist corporate and premium email security service providers that have the necessary measures and tools in place to ensure the safety and confidentiality of emails.

Example of corporate and premium secure email clients. Symantec Endpoint Protection Symantec Mail Security for Microsoft Exchange Microsoft Exchange Server Sophos PureMessage for Microsoft Exchange Websense Email Security

Advantages of using corporate email clients

1. Secure encryption and decryption algorithms for message transfer

2. Protection against spam

3. Protection against data lose

4. Ensure data intergrity

5. They offer encryption for username and passwords over secured socket layer secured connection (SSL) by employing transport layer security protocol

Reducing Spam

What is spam?

Spam is the electronic version of “junk mail.” The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.

How can you reduce the amount of spam?

Check privacy policies – Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you’re asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information

Be aware of options selected by default – When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from those lists as well.

How can you reduce the amount of spam?

Consider opening an additional email account Use privacy settings on social networking sites – Social networking sites

typically allow you to choose who has access to see your email address. Consider hiding your email account or changing the settings so that only a small group of people that you trust are able to see your address.

General Tips

Cyber security Tips

Set secure passwords and don't share them with anyone. Avoid using common words, phrases, or personal information and update regularly.

Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available for free from major companies.

Verify the authenticity of requests from companies or individuals by contacting them directly. If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request.

Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

Cyber security TipsEmail Turn off the option to automatically download attachments. Save and scan any attachments before opening them. If you have to open an attachment

before you can verify the source, take the following steps: Be sure your anti-virus software is up to date. Save the file to your computer or a disk. Run an anti-virus scan using your computer’s software.

Social Media, Video Games, Forums, Chat Sites and more.

Limit the amount of personal information you post. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers.

Take advantage of privacy and security settings. Use site settings to limit the information you share with the general public online.

Cyber security TipsMobile Only access the Internet over a secure network. Maintain the same vigilance you would on

your computer with your mobile device. Be suspicious of unknown links or requests sent through email or text message. Do not click

on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Download only trusted applications from reputable sources or marketplaces.

At Work Restrict access and secure the personal information of employees and customers to prevent

identity theft. Be suspicious of unsolicited contact from individuals seeking internal organizational data or

personal information. Verify a request’s authenticity by contacting the requesting entity or company directly.

Immediately report any suspect data or security breaches to your supervisor and/or authorities.

Beware!!!The is nothing like absolute security

Thank You