COMPTIA SECURITY+ | DO THESE IF YOU WANT "KENA" HACKED!
Do These If You Want “Kena” Hacked! Let’s know more about CompTIA Security+.
“Media reported that many bank users complained that their bank account saving went missing recently.”
“On 11th August 2022, iPay88 announced that its card data has been compromised.”
With the advancement of internet, cyber security incidents have become a new norm to society today.
How can we better equipped ourself in the ever-changing cyber world?
In the upcoming livetalk, Linus will share with us:
1. Overview of cybersecurity incidents.
2. Do these if you want “kena” hacked!
3. Top 5 security awareness tips
4. Introduction of CompTIA Security+, the first security certification IT professionals should earn!
Why should you attend?
Increase your awareness to the recent cybersecurity incidents and
understand how your behavior contributes toward cybersecurity incidents.
Who should attend?
Anyone who interested to know about cybersecurity especially IT professionals, whoever intends to pursue a career in Cyber Security.
Why should attend?
After the session, participants will get to know more about cyber security in general, and to understand CompTIA Security+ certification availability. And also the training of Security+ is available on 26th September week.
Mr. Linus Lai
Trainer at Infosyte, Double IE – HCIE Storage & HCIE Routing & Switching, LPIC Certified, RHCE (RedHat Certified)
Linus started off his IT career as server administrator, he is so exceptionally passionate with Linux OS that he decided to name himself after this operating system. Other than server solutions, he also expanded his portfolio in a wide variety of IT technology which include network infrastructure design, project consultation, system implementation and integration. He is one of the very few experts who is holding dual Huawei Certified ICT Expert recognition.
Click for Full Video:
This is today’s agenda. First, we’ll provide an overview of the most common cybersecurity incidents that occur nowadays. Then, we’ll move on to the second topic, which discusses a local Malaysian phrase ‘kenal’ which means ‘if you want to get hit’. Next, in topic three, I’ll share the top five tips on cyber security, along with some bonus tips. I’ll provide two perspectives – personal and enterprise – for these tips. Finally, in topic four, I’ll briefly introduce CompTIA Security+ certification, which is intended for IT professionals.
Let’s now move on to our first topic, where we’ll discuss some recent incidents related to cyber security. As you can see from the highlights, one such incident occurred on August 20th. Some may believe that hacking only happens to those who engage in high-value transactions or possess large sums of money. However, even doctors are not immune to such incidents, as one doctor reported a loss of $13,000 due to an unauthorized transaction. I’m not here to comment on the specific incident but rather to highlight that these occurrences are becoming more prevalent in our daily lives. It’s possible that even as we’re having this session, cybersecurity threats are emerging.
Here’s another incident that we captured a few days ago. As you can see from the screenshot, it’s related to a security breach at IP88. For those unfamiliar with IP88, it’s a prominent payment gateway system in Malaysia. Unfortunately, they too have fallen victim to a security breach. This further underscores the fact that cyber security incidents, including hacking and scams, can occur not just to individuals but also to enterprises.
Let’s now turn our attention to the main topic for today – ‘Do This if You Want to Stay Ahead.
Let’s move on to our first point – phishing. Most of us have probably heard of this term before, but it’s not related to actual fishing. Instead, it’s a type of scam where you receive a message, often via social media, WhatsApp, or Viber, that appears to be legitimate. These messages may urge you to take certain actions, such as clicking a link to change your password because your account has been hacked. The sender may even pretend to be a well-known bank or company, using a domain name that looks very similar to the real one. Once you click the link and enter your credentials, you unknowingly provide the scammers with access to your account. This is just one example of how phishing works, and I’ll share more examples later. So, the first step in protecting yourself from this type of scam is to avoid clicking on suspicious links and carefully scrutinize the sender and domain names.
Let’s take a look at point number two. It concerns public Wi-Fi, which is often found in places like shopping malls or restaurants. I’ve noticed that many of us, myself included, ask for the Wi-Fi password as soon as we arrive at these places. The problem with public Wi-Fi is that it’s very easy for hackers to access your accounts. It doesn’t take much to set up a fake network with a name like “McDonald’s Wi-Fi” or “Starbucks Wi-Fi.” All a hacker has to do is create a hotspot with the same name and password as the legitimate network, and wait for unsuspecting people to join. Once you’re on the hacker’s network, they can collect all of the data that passes through your phone. If you want to become a hacker yourself, it’s as simple as setting up a fake Wi-Fi network and waiting for someone to connect. So, if you want to get hacked, go ahead and join any public Wi-Fi network without taking any precautions. That’s point number two.
Let’s move on to point number three, which is insecure browsing. Insecure browsing refers to logging into a website without giving it a second thought. For instance, in the screenshot shown here, the website “something catherine.com” displays an error message that says “Your connection is not private.” While most people would avoid such a page, there may be some who still choose to proceed. If you want to stay ahead, follow the tips that we’ll discuss later. But if you’re not interested in being safe, go ahead and ignore them.
Point number four is about using one password for all your accounts, which may sound familiar. I used to do this myself in the past, creating one password for all my social media accounts, email accounts, and so on. You may belong to the 52% of people who have the same password for some of their accounts but not all, or the 13% who use the same password for all their accounts, including social media platforms like Twitter and Facebook.
Using one password for all your accounts is not a good practice as it makes it easier for hackers to gain access to all your accounts if they manage to crack that one password. Instead, it’s better to use different passwords for different accounts. So, if you want to avoid getting hacked, follow the example of the 52% of people who use different passwords for some of their accounts or the 35% who use different passwords for all their accounts.
I hope this information is helpful to you. Let’s move on to point number five.
Point number five is about performing transactions using public Wi-Fi. As mentioned earlier in point number two, connecting to public Wi-Fi can be risky, and this risk increases when you use public Wi-Fi for performing transactions that involve money. Transactions could include online shopping, purchasing from Lazada or other e-commerce websites, or performing banking transactions.
It’s not advisable to perform transactions using public Wi-Fi as it could potentially compromise your sensitive information, including your banking or credit card details. So, if you want to avoid getting hacked, it’s best to avoid performing transactions using public Wi-Fi.
These are the five points I wanted to share with you today. The main title of this article is “Do this if you’re not going to hack.” I hope you find these tips useful in keeping your online activities secure.
Let’s take a look at the five cybersecurity tips. I’ve split them into five tips for personal and five tips for the enterprise. Let’s begin with the five tips for personal cybersecurity.
Tip number one: Do not click on unexpected emails or links that promise deals that seem too good to be true.
I will show you an example shared by my colleague, Jonice, who is also on the panel. Imagine receiving something from your good friend through WhatsApp or another means, and it seems too good to be true. This link will ask you to click on a TinyURL link that takes you to a page with a couple of simple questions, the last one being a lucky draw with nine different icons to click on. When you click on an icon, it will say congratulations, and you won a mini-fridge. However, it is phishing, and they will start collecting your information, so be careful.
Secondly, when browsing, make sure to connect to websites that have only HTTPS. However, HTTPS does not necessarily mean that the website is trustworthy. Remember, a trustworthy website cannot be judged solely based on HTTPS.
My advice is to not be greedy and be aware of the website you are browsing. Also, use a VPN when browsing in public Wi-Fi places to create a secure channel between your browser and the web server. Do not use one password for all e-commerce platforms. Use a password manager to save your password or a trustworthy third-party website or application. For example, if you use Google Chrome to save your password, be aware that they run in the background.
What about five tips for enterprises? Okay, the first point (number one) is to enable multi-factor authentication. Make sure that all applications used in your organization enforce multiple-factor authentication. For example, if you’re using Google Workspace or Microsoft Office 365, there’s an option as an administrator to enable MFA. This means that when someone logs in with a username and password, they need to supply an additional credential, such as an authenticator app or an SMS for a second password. This is very encouraging, so please ensure that you enable MFA for those applications that don’t already have it. If an application doesn’t support MFA, consider switching to one that does.
Point number two is to back up your data regularly. This is very important because no matter how secure your channel or computer may be, bad things can happen, such as the physical robbery of your equipment. Backing up your data regularly will ensure that you can recover your data in case something goes wrong. You never know when you might get hit by ransomware. So, data backup is absolutely essential.
Point number three is to invest in security upgrades. Many companies use the same firewall or antivirus that they bought several years ago, and they don’t have a centralized security collection to monitor incidents. Please invest in security upgrades, such as firewall upgrades, antivirus engine mechanisms, and a centralized security collection.
Point number four is to use secure file sharing. Do not use email to share files. Sharing files over email is not a good practice and also consumes a lot of capacity. Instead, invest in OneDrive, Google Drive, or Dropbox for better file sharing. Remember, email is not secure and never protects your data integrity.
Point number five is to train your employees. I want to highlight two types of employees: IT employees and non-IT employees. For IT employees, I highly recommend getting certified in security-related fields. Later, I will share with you some of the security certifications from different vendors, and I will also be sharing about CompTIA Security+. For non-IT staff, such as sales teams, it’s important to educate them about cybersecurity. Hacking often happens through the weakest points in an organization, such as reception, the counter, or even the janitor. These are the easiest points for hackers to enter your company. Therefore, make sure that you educate not only IT staff but also non-IT staff on cybersecurity.
That’s all for my five tips for cybersecurity in enterprises and for personal use.
Let me continue with a few more slides on the introduction to CompTIA Security Plus. Again, let me emphasize that this is just a brief overview, and if you would like to learn more, please contact our sales staff. Later on, there will be a survey form, and if you want to learn more about Security Plus, please leave a comment.
Now, I am going to give a brief introduction to Security Plus. Firstly, what is CompTIA? CompTIA is a not-for-profit organization that offers various certifications such as Security Plus, Server Plus, Linux Plus, Pentest Plus, Data Plus, Cloud Plus, and many more. Security Plus is just one of the many certifications offered by CompTIA. For those who do not know about CompTIA, please visit their website comptia.org to learn more about their certifications. This certification is recognized worldwide, and because it is a vendor-neutral certification, it does not focus on specific products such as Cisco, Huawei, Juniper, or Palo Alto.
Later on, I will discuss who might benefit from this Security Plus certification. This is the first certification that IT professionals should consider obtaining.
Let’s discuss the four main points of CompTIA Security Plus and why this certification is necessary. We need this certification to combat emerging cyber threats. As we rely more on the internet, the incidence of hacking increases. Just like in the past, when we used cash, people would rob us for our wallets, but now with e-wallets, cyber hacking is more prevalent. Therefore, we need cyber defense.
The first point of this certification is to learn how to identify attacks and vulnerabilities and mitigate them before they infiltrate the information system. There are various types of attacks, such as denial of service, which brings down the services and causes downtime. This can result in significant losses for companies such as Lazada or airlines like Malaysia Airlines.
The second point is to understand secure virtualization, secure application deployment, and automation. This means making the environment even more secure and learning about the differences between https and non-https websites. Also, how to securely allow staff to work from home and connect to the organization’s information.
The third point is to identify and implement the best protocols and encryption to secure various areas such as surveillance cameras, auto gate systems, and Wi-Fi. We need to prevent unauthorized staff from accessing authorized information and secure the Wi-Fi using protocols such as WEP or WPA.
The fourth point is to understand the importance of compliance with industry and government regulations. Companies must conform to specific requirements and standards to qualify for security audits. This includes ISO standards, country standards, and industry regulations.
In summary, CompTIA Security Plus is essential to combat cyber threats by learning how to identify attacks and vulnerabilities, secure the environment, implement protocols, and comply with regulations.
This blog post compares CompTIA Security Plus certification and what you can learn from it. The exam questions are performance-based and focus on real-world examples, teaching you how to prevent potential security breaches. Unlike other certifications, Security Plus emphasizes performance-based questions, making it an excellent choice for entry-level professionals looking to switch to or start their career in cybersecurity.
In addition to Security Plus, another favorite topic of mine is the Certified Ethical Hacker certification, which CompTIA also offers an equivalent certification for, called the Pen Test Plus. Pen Test Plus is geared towards security assessments and testing a company’s vulnerabilities in-depth.
Other certifications at the same level include GIAC Security Essentials and SSCP, which focus on the skills required for both security and network administrators. Security Plus is designed for both network and security engineers.
It’s worth noting that while someone may know how to perform penetration testing, that doesn’t necessarily mean they know how to defend against it. Another important point is that all the certifications listed here are vendor-neutral.
Overall, this post provides a brief comparison of these cybersecurity certifications.
Alright, this is a comparison between the CompTIA Security+ certification and what you’ll learn and have access to. It’s a performance-based exam, meaning the questions are based on real-world examples, focusing on preventing certain things. Unlike other certifications, Security+ emphasizes performance-based questions. In terms of experience level, Security+ is suitable for entry-level professionals looking to switch to or start their careers in cybersecurity.
Certified Ethical Hacker (CEH) is also an option, with an equivalent level of certification called PenTest+. PenTest+ focuses on security assessments, testing a company’s vulnerability with more in-depth methods. On the other hand, Security+ is designed for two target audiences – network engineers and security professionals.
One good point to note is that all certifications listed are vendor-neutral. In terms of benefits, Security+ is the first security foundation that IT professionals should earn if they wish to pursue a career in cybersecurity or become a network expert with an awareness of security. It’s also worldwide recognized, and job requirements often include Security+.
Another benefit is compliance with ISO 17024, a standard assessment to certify a person, making Security+ compliant with the ISO. This certification can enhance your career and enable you to work in industries that require the ISO standard. Additionally, the Department of Defense (DoD) in the United States and other corporations incorporate best practices and hands-on troubleshooting, making Security+ a comprehensive certification. It’s not just about a learning theory; you’ll also gain hands-on experience in penetration testing and defense.