Cyber Safety/Security :�Browse Safely,�Responsible Behaviour �& Cyber Hygiene

​

​

​

STAY SAFE, SECURE & RESPONSIBLE IN CYBER SPACE

​

​

PREPARED FOR: KVS ZIET MYSORE

Good Sayings..

Fighting cybercrime is everybody’s business.

​

Think of it as an obligation to do your part in the fight against cybercrime…

​

2

Objective of the session:

• The purpose of Session is to focus the attention on security, creating sensitivity to the threats and vulnerabilities of computer systems/Devices and recognition of the need to protect data, information and systems.
• To prepare a plan, to implement, and monitor cyber security mechanisms to help ensure the protection of information technology assets. that can identify, analyze, and remediate computer security breaches.
• To educate staff about common cyber threats like social engineering scams, phishing, ransomware attacks and other malware designed to steal intellectual property or personal data Protects all categories of data from theft and damage.

3

�Teach Children to Remember the 4 R’s …

• Recognize techniques used by online predators to deceive their victims.

​

• Refuse requests for personal information.

​

• Respond assertively if you are ever in an uncomfortable situation while online. Exit the program, log off or turn off the computer…

​

• Report, to law enforcement authorities, any suspicious or dangerous contact that makes you uncomfortable

​

4

How to keep safe:

• Create a safe environment at school for internet usage.
• Educate parents and assist them with internet safety issues if possible.
• Encourage parents/teachers to be “proactive” not “reactive”.
• Don’t be judgmental.
• Educate our students on internet safety and cyber-bullying.

​

5

Introduction

6

• Security: We must protect our computers and data in the same way that we secure the doors to our homes.
• Cybersafety is the safe and responsible use of information and communication technology
• Digtal Literacy-The ability to use digital technology, communication tools or networks to locate, evaluate, use and create information.Digital Citizens…
• Schools play a key role in promoting internet safety. Schools are primarily responsible for keeping systems / computers / network devices secure and functional.

​

CHALLENGES OF CYBER SECURITY

• Network Security - The networks are not secure enough as there are many unwanted users who can attack and destruct the interventions.
• Application Security- Application of both computer and mobile device need to be updated and tested on regular basis to ensure any kind of attacks.
• Data Security - Securing data on applications and network need second layer of security which is very challenging. One must protect their data very highly by two factor authentication so that no one can easily access it.
• Cloud Security- Protecting data 100 percent on cloud is very challenging as its require large amount of space and online safe environment.
• Computer/Mobile Security- It involves every type of security from login to space, from chat to banking which again require conscious user’s involvement.

​

7

Malware

• Malware:--- Malware means malicious software

​

• It is a computer software that is installed without the knowledge or permission of the victim and performs harmful actions on the computer.

​

• This software may take personal information from the computer and send it to the attacker. Your computer may get infected when you download email attachments or try to install freeware software that you download from the internet

8

Types of Malware

• Virus/worms: A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.
• Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.
• Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.
• Ransomware: Malware which locks down a user’s files and data, with the threat of erasing it unless a ransom is paid.
• Adware: Advertising software which can be used to spread malware.

9

Terms popular in Cyber World

• Cybersecurity threats: are acts performed by individuals with harmful intent, whose goal is to steal data, cause damage to or disrupt computing systems by destroying it. a malicious attack by an individual or organization attempting to gain access to a computer network, corrupt data, or steal confidential information.

​

• Vulnerabilities- Weakness in an information system or its components that could be exploited.

​

10

Terms popular in Cyber World

• Hacker/Scammer/Fraudster- It refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents,

​

• White Hat Hackers –an ( ethical hacker) individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.
• Black Hat Hackers - are criminals who break into computer networks with malicious intent.
• Gray Hat Hackers- is someone who may violate ethical standards or principles, but without the malicious intent ...
• �Ransomware: is a type of malicious software designed to extort money from the user. The attacker locks the victim’s computer system files or blocks access to files or the computer system typically through encryption until the ransom is paid.

11

Terms popular in Cyber World

• Social Engineering-is a social engineering is the term used to convince people to reveal confidential information.( family has lesser inf compare to apps)
• There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-based, and 3) Computer-based
• ex- phishing

12

Terms popular in Cyber World

• Vishing- to extract information Over the phone
• Smishing- By text message/Instant message
• Phishing- It is a technique used to obtain a username, password, and credit card details from other users usually through Email.

​

​

13

Phishing

14

Terms popular in Cyber World

• Typosquatting- employs similar urls for popular websites and depends on the typing errors of users to get traffic to their sites.
• Ex- A well-known example is facebok.com with a single “O”
• Pharming is the technique to redirect a website's traffic to another, fake site. The attackers install malicious code on the victim’s computer. So, when you are trying to visit a website or doing an online search your browser may take you a malicious website.
• Whaling-A Whaling Attack, also known as Whaling Phishing, is a strategic phishing attack, targeted towards high profile executives.

​

15

Terms popular in Cyber World

• Denial-of-service attack -Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to deny services or device unavailable to intended usersIt is an attack in which multiple computers attack website, server, or any network resource .
• Man-in-the-middle attack – It is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network.
• .

​

​

16

Terms popular in Cyber World

• Bullying- A cyber bully can be a known person, friend, relative or even an unknown person whom we met online on social media platform or a chat room, gaming portal, etc. The magnitude of cyber bullying can range from sending rude and hurtful messages, spreading embarrassing rumors to direct threats, stalking, etc. Cyber bullying is one of the common cyber threats being faced by children and young people.
• Stalking-Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization
• Identity Theft -Deliberate use of someone's identity to gain financial advantage.

17

Terms popular in Cyber World

• Botnet-It’s a number of internet-connected devices like servers, mobile devices, IoT devices, andPCs that are infected and controlled by malware.
• Spyware-Spyware is a malware that aims to steal data about the organization or person. Thismalware can damage the organization’s computer system
• An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database

18

Password Stealing techniques…

• Shoulder Surfing: Shoulder surfing is the practice of someone attempting to steal sensitive data by watching over the victim's shoulder/side as they're using a mobile. Ex-such as on public transportation, airplanes
• Brute Force attack: A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly
• Dictionary attack -The premise of a dictionary attack is that by trying every possible combination or words (or tokens), an attacker ultimately will succeed in discovering the desired password.

​

​

19

Passphrases

20

Cyber Crime

• Cyber Crime is a global phenomenon which hampers the privacy and security of a person online. Women are often the soft targets. There are people who are on the lookout for personal information, like passwords, bank details, etc.

​

• Apart from that women are often harassed, stalked and threatened in the virtual world.

​

​

21

Digital Foot Print

• It is the information that exists online about you and your activity.
• Be Careful About -What you share- Where you share- With whom you share
• Safety measures-
• Avoid making Virtual or online friends
• Keep your personal information Private
• Use/Verify privacy setting on social sites pages/accounts
• Protect by privacy setting of Browser.

​

22

Safe Browsing

• Use/Install Most Secure Internet Browser and update
• Customize Your Security Settings
• Use incognito mode
• Keep location off
• Strong Password
• Read Store Reviews Before Buying
• Confirm Site's Security (https vs. http, green colored padlock)
• Beware of clicking links in email or instant messages.
• Carefully evaluate free software and file-sharing applications before downloading them.
• Use Incognito Window or Private Browsing, Block pop-ups, plug-ins and phishing sites

​

23

How to check a website is genuine ?

• Website Reputation Checker :CDAC Free website reputation checker tool to facilitate the detection of fraudulent and malicious websites.
• https://www.urlvoid.com/ - Detect potentially malicious /Fake websites.
• Phish Tank - https://phishtank.org/ - To check the links whether it is malicious.
• Scam Advisor- https://www.scamadviser.com/ - Check ScamAdviser Before You Buy.

​

​

​

​

24

�Chrome Extensions : �

• HTTPS Everywhere / Somewhere: Redirects the http protocol
• Sanchar Sathi- https://www.ceir.gov.in/Home/index.jsp -Help if lost mobile/Device &google my account for find my device .

​

​

​

​

​

​

​

​

25

Cyber Swachhta Kendra: GOI

26

�Develop Protection and Detection Measure�

• Have students and teachers create strong passwords.
• Have a password protocol that specifies strong password guidelines,
• frequent change of passwords, avoid reuse of old passwords.
• Use only verified open source or licensed software and operating systems.
• Ensure that computer systems and labs are accessed only by authorized personnel.
• Discourage use of personal devices on the network, such as personal USBs or hard drives.
• Set up your computer for automatic software and operating system updates.
• Check that antivirus software in each system is regularly updated.
• Consider blocking of file extensions such as .bat, .cmd, .exe, .pif by using content filtering software available .

​

27

�Develop Protection and Detection Measure�

• Read the freeware and shareware license agreement to check if adware and spyware are mentioned, before installing them on systems.
• Use encryption such as SSL or VPN for remote access to office or school lab, through internet.
• Ensure that third-party vendors (who have contract with the school) have strong security measures in place.
• Consider contracting with a trusted / verified third-party vendor to monitor the security of your school’s network.
• Institute two or multi factor authentication for students, teachers and administrators when they log on.

​

28

�Develop Protection and Detection Measure�

• Protect your Wi-Fi Connection with secure password, WEP encryption, etc.
• Encrypt the network traffic.
• Change the administrator’s password from the default password. If the wireless network does not have a default password, create one and use it to protect the network.
• Disable file sharing on computers .
• Turn off the network during extended periods of non-use etc.
• Use "restricted mode", "safesearch", "supervised users" and other similar filters and monitoring systems, so that no child can access harmful content via the school’s IT systems and any concerns can be detected quickly

​

29

Parental Control

• These Application helps to filter and restrict Internet access. Which restrict users/employees from wasting time on unproductive websites and to prevent users from accessing malware.
• K9 Web Protection
• Quostodio (paid)- best for android
• Windows Live Family Safety
• Family Safety parental controls software
• Youtube
• Google

​

30

Best Practices

• Use a full-service internet security suite.
• Keep your software updated and operating systems
• Manage your social media settings
• Strengthen your home network
• Talk to your children about the internet, Keep an eye on the kids
• Know what to do if you become a victim
• Keep up to date on major security breaches
• Take measures to help protect yourself against identity theft, Know that identity theft can happen anywhere
• Updated Antivirus software regularly
• Use Strong Password

​

​

31

Best Practices

• Do not open or Download any files sent by unknown senders.
• Never Sharing A/c Details,CVV,OTP, Pin,Id, Adhar No.,PAN, etc
• Avoid Using Pen drives ( Unknown)
• Avoid clicking Unknown Links
• Never use screen sharing apps ultra viwer, Any desk.
• Never scan any QR code if it asking to enter PIN while receiving money.

​

​

​

​

​

32

Legal Aspects…( Don’ts)

• Copy, share or alter the collected data without permission the individual/ organisation.
• capture, reproduce or transmit the photograph(s) of person without his/ her consent.
• publish or transmit vulgar material in electronic form.
• any objectionable child-abusive materials in electronic form to the concerned authorities.
• send any threatening, abusive or defamatory emails.
• hide/ conceal computer hardware belonging to others.

​

​

33

IT Acts and Laws on Cyber Crime

• Information Technology Act 2000

​

• Information Technology Amendment Act 2008

​

• Cyber crime prevention Act 2012

​

• Data Protection Act 2019

​

• Digital Personal Data Protection Act, 2023

34

Reporting Cyber Crime

​

• CHILDLINE - 1098
• Police(Cyber cell in local police Station) - 112
• Cyber crime Helpline - 1930
• National women helpline -181

​

• Complaint: www.childlineindia.org
• Complaint: cp.ncpcr@nic.inComplaint: cp.ncpcr@nic.in https://www.cybercrime.gov.in/
• complaint-mwcd@gov.in
• Twitter handle: @CYBERDOST

​

​

​

35

References

• www.cyberswachhtakendra.gov.in
• https://ciet.nic.in/safeinternet/mobile/index.html
• http://www.netsmartzkids.org/
• http://mediasmarts.ca
• http://www.commonsensemedia.org
• http://www.spartanpride.org/
• http://IKeepSafe.org
• http://Wiredsafety.org
• https://www.pcmag.com/
• https://www.csk.gov.in/
• https://cybercrime.gov.in/
• https://cybervolunteer.mha.gov.in/webform/Volunteer_AuthoLogin.aspx

​

​

36

37