Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

ISBN: 978-973-0-33645-0 U.S. Embassy in Romania Romanian Association for Inform

ISBN: 978-973-0-33645-0 U.S. Embassy in Romania Romanian Association for Information Security Assurance (RAISA) National Association for Information Systems Security (ANSSI) Romanian National Computer Security Incident Response Team (CERT-RO) CYBERSECURITY GUIDE PROGRAM TITLE: Enhance Cyber Capacity Building in Romania for Preventing and Combating the Cybercrime Phenomenon PURPOSE OF THE PROGRAM: The program goal is to strengthen the cyber capacity in Romania by raising cybersecurity awareness and improve the skills of criminal justice authorities and private sector in fighting cybercrime. U.S. Embassy in Romania Romanian Association for Information Security Assurance (RAISA) A project developed by the Romanian Association for Information Security Assurance (RAISA). This project was funded in part by a grant from the United States Department of State. The opinions, findings and conclusions stated herein are those of the author[s] and do not necessarily reflect those of the United States Department of State. eBook: Cybersecurity Guide Authors: Iulian ALECU, Costel CIUCHI, Toma CÎMPEANU, Iulian COMAN, Larisa GĂBUDEANU, Ioan-Cosmin MIHAI, Cosmina MOGHIOR, Nelu MUNTEANU, Gabriel PETRICĂ, Ionuț STOICA, Cătălin ZETU Version: 1.1 Website: www.cyberlearning.ro/cybersecurity-guide/ ISBN: 978-973-0-33645-0 DOI: 10.19107/CYBERSEC.2021.EN CONTENTS About This Guide ….. 3 Secure Your PC / Laptop ….. 4 Secure Your Mobile Device ….. 5 Secure Your Network ….. 6 Malware ….. 7 E-mail Based Attacks ….. 8 Web-Based Attacks ….. 9 DoS and DDoS Attacks ….. 10 Web Application Attacks ….. 11 Social Media Scams ….. 12 Security of Online Transactions ….. 13 Security of Debit / Credit Card ….. 14 Identity Theft ….. 15 Insider Threats ….. 16 Data Protection Request from Individuals ….. 17 Data Protection Compliance for SMEs ….. 18 Transparency of Personal Data Processing ….. 19 NIS Directive ….. 20 Incident Reporting ….. 21 References ….. 22 Acronyms ….. 22 Authors ….. 23 3 CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN ABOUT THIS GUIDE DAN CÎMPEAN General Director of the Romanian National Computer Security Incident Response Team (CERT-RO) We play a sometimes-involuntary role in an unrivaled, accelerated digital transformation on a personal, social and economic level. Subsequently, we perceive that each individual is urged to acquire new skills, to expand their knowledge, to shift their cultural perspective. Just as, during our childhoods, we learned the alphabet with our first-grade teachers’ assistance and broadened our horizons of knowledge, facilitated by the love and dedication of educators, today we will have to resume the accumulation of a new elementary set of learnings. This time we’ll be guided by cybersecurity experts towards the acquisition of a complex, sophisticated, exciting body of knowledge, deeply technological yet indispensable for the 21st century. It is imperative to have active promoters for cybersecurity concepts, education programs and awareness. It is essential to be able to find practical and effective ways of comprehensively promoting "cyber hygiene" and additional preventive measures at the national level, that should be transmitted to and regularly applied by citizens, organizations, and economic operators, in order to minimize their exposure to cyber-risks. And now we have good news to share... Written in the form of a concise and pragmatic cybersecurity guide, this superb work epitomizes, in just a few dozen pages, over a century of concrete experience from its 11 authors. Basic concepts such as confidentiality, integrity, availability, personal data protection, but also specific elements from European or Romanian legislation related to the cybersecurity field, are transmitted in a clear, simple, but not simplified form. I dare say that this guide is one of the much-needed publications for all of us, today. Moreover, I am convinced that it will contribute concretely and effectively to educating the general public, in order to improve the overall status of cybersecurity in Romania and the protection of Internet users’ personal data, through the invaluable help it offers readers with understanding, preventing and countering risks, threats and vulnerabilities in cyberspace, or those related to technologies we use on a daily basis. On behalf of the countless people, experienced or otherwise, who will make use of this guide's recommendations in practice, I would like to share with our authors, in recognition of their educational and awareness work, a short message used in the world of ethical hackers: RESPEKT! 4 CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN HOW TO PROTECT SECURE YOUR PC / LAPTOP Securing workstations (PCs, laptops) and other devices connected to wired or wireless networks is an essential condition both for ensuring the confidentiality and authenticity of sensitive data, but also for carrying out normal activities at the level of regular users. SECURITY TOOLS AND SUITES It is recommended to install anti-malware applications or high-performance security suites to ensure protection against the latest types of cyber threats (e.g. ransomware or trojans). Permanently updating the database with malware signatures is a mandatory condition for detecting the latest types of threats. SENSITIVE DATA ENCRYPTION It is recommended to use third-party applications or operating systems that have implemented facilities for encrypting sensitive data (within files, folders, or an entire drive). SECURE OPERATING SYSTEM It is achieved both by fixing security breaches and software bugs in all components of the operating system (by applying available updates, automatic or manual) and by controlling user access to computer resources (permissions, access to files, services, and applications). UPDATE APPLICATIONS It is a necessary action because it prevents some cyber-attacks and costly data leaks, helping to keep safe sensitive data. Users must activate the automatic update function of any essential application (within the operating system or antivirus, firewall, and IDPS). BACKUP DATA Data must be periodically saved on reliable magneto-optical media, stored in secure locations and (possible) encrypted to prevent unauthorized access. These copies must be kept in multiple physical locations to avoid both natural disasters and internal threats within the company. PASSWORD MANAGEMENT Sometimes it may be advisable to use passwords manager tools to store unique, computer-generated passwords. The passwords have to be strong (many alphanumeric characters and special symbols), not reused on multiple accounts and changed periodically. TWO-FACTOR AUTHENTICATION Using two-factor authentication is a very effective and modern method, which uses an additional device (such as a security token or smartphone) to confirm in a further step the identity of the person authenticating. Also, authentication based on biometric data must be considered. USE RESTRICTED ACCOUNTS The use of accounts with limited access rights instead of an administrator account will deny access to sensitive areas of the operating system and will naturally block the attacks against OS services, files, or libraries. 5 CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN HOW TO PROTECT SECURE YOUR MOBILE DEVICE In the last decade, mobile equipment (smartphones, tablets) has experienced an exponential degree of development and use. In this context, ensuring the security of this equipment, essential in communication and online services, is a key objective. ACTIVATE ANTI-THEFT PROTECTION FUNCTIONS Some useful functions can be activated:  Facial or fingerprint recognition.  Unlock device by patterns or by PIN.  Equipment localization.  Blocking access or deleting data remotely. SYNCHRONIZE DATA Synchronizing data with other equipment or using cloud services allows important information (contacts, SMS, documents, or pictures) to be available when the equipment is lost or stolen. UPDATE THE APPLICATIONS The operating system and applications need to be constantly updated to fix security breaches and use the latest features. DISABLE UNUSED CONNECTIONS Is recommended to disable infrared, Bluetooth, or Wi-Fi connection if it is not in use, to block an unauthorized access. USE SAFE APPLICATIONS Is recommended to download applications only from official sources and to disable the option regarding the download of unsafe applications. USE CLEAN STORAGE MEDIA Before connecting to mobile device, the removable storage media must be scanned with antimalware tools. SHARE PERSONAL INFORMATION Sharing personal information such as real- time geographical location (using GPS or wireless networks) can allow third parties to monitor the usual routes and daily activities. USE QR CODES CAREFULLY QR (Quick Response) codes may contain links to malicious web pages with various harmful effects regarding data security: activation of the camera/microphone, extraction of geo location, access to files, contacts, or SMS, sending unwanted messages via e-mail, SMS, or chat applications, launching DoS packages, or identity theft. APPLICATION PERMISSIONS Use Permission Manager to set application access to various resources (camera, microphone, location, storage, etc.). EXTRA SECURITY FOR BUSINESS DEVICES The equipment provided by organizations and used during travels must be secured regarding the encryption of data, wireless connections (Bluetooth, Wi-Fi) or removable media (USB drives, CDs / DVDs external hard disks, etc.). USE SECURE DATA CONNECTIONS It's recommended to avoid public Wi-Fi hotspots for connecting to Internet and use instead mobile data whenever is possible. 6 CYBERSECURITY GUIDE, ISBN: 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN HOW TO PROTECT SECURE YOUR NETWORK An effective security of your home network can be achieved by implementing the following recommendations regarding technical aspects, security policies, employees training, or awareness activities. PHYSICAL SECURITY It refers to access control in the areas protected by video surveillance, security personnel, or blocking access (barriers, locks, doors), securing the servers and cable trays. FIREWALL, INTERNET PREVENTION AND DETECTION SYSTEMS Are useful components of the IT infrastructure in any organization, for monitoring uploads/Litterature/ cybersecurity-guide-u-s-embassy-in-romania.pdf