CyberSense video

< Previous episode - Index

CyberSense episode 8: Recap

Download (right-click > Save As) MP4 (28Mb) or OGV (28Mb)

Read script

CyberSense episode 8 'Recap' script

  1. NARRATOR - How could Shaun and his team have prevented the series of events that compromised their data security, ultimately leading to the infiltration of their computers and potentially the entire departmental network?
  2. Let’s look at Shaun’s first mistake. At the airport, he allowed a stranger to plug a foreign device into his laptop. Without realising it, while Shaun was chatting to his new friend, confidential data was being downloaded to the iPod. Never allow unauthorised access to your computer.
  3. GRAPHIC 1: Never allow unauthorised access to your computer.
  4. NARRATOR - Next, at the conference, Shaun connected to an insecure wireless network in a public place, allowing a sensitive conversation to be overheard and intercepted.
  5. Do not discuss sensitive or classified matters over a public communications network. Public wireless networks are inappropriate for work communications.
  6. GRAPHIC 2: Do not discuss sensitive or classified matters over a public communications network. Public wireless networks are inappropriate for work communications.
  7. NARRATOR - Later at the conference, Shaun left his work laptop unattended to take a call. It was just for a minute but that's all it takes. And in this case, unfortunately for Shaun, it was stolen.
  8. GRAPHIC 3: Never leave your laptop unattended.
  9. NARRATOR - After his laptop was stolen, Shaun resorted to using an internet café to check his emails. He thought he was being clever by checking he had a secure connection. But little did he know that a keylogger was recording his every keystroke, giving away his user name and password details, and enabling others to access all his emails, attachments and address book.
  10. GRAPHIC 4: Only log in to your departmental network from approved computers.
  11. NARRATOR - When Shaun returns to the office, he brings with him a seemingly harmless USB key. But unbeknownst to him, the charming promo girl who handed it to him just happened to be Anushka, the attacker who also stole Shaun's laptop to gain access to the department's information.
  12. GRAPHIC 5: Only use media issued by your department or another trusted authority, and only after it has been checked by your IT security team.
  13. NARRATOR - The least of Kim’s problems is dodging a football. She thinks she’s on top of email scams when she deletes a Nigerian phishing email. But she naively enters personal details into a malicious fake banking web site, inadvertently giving the attackers control over her computer, including access to departmental funds.
  14. GRAPHIC 6: Never follow links from unsolicited emails. Always type in the website address manually from your own records.
  15. NARRATOR - The final nail in the coffin is the fake conference feedback form. Shaun has no idea that malicious code hidden in the feedback form is busy scanning his computer and sending sensitive files back to the attackers. Shaun would certainly be aware that he should never open attachments from unsolicited emails. But unfortunately all the data the attackers had previously collected about Shaun facilitated a targeted socially-engineered email attack. So at this stage it is too late – Shaun is just a sitting target. So remember:
    • Never allow unauthorised access to your computer.
    • Do not discuss sensitive or classified matters over a public communications network. Public wireless networks are inappropriate for work communications.
    • Never leave your laptop unattended.
    • Only log in to your departmental network from approved computers.
    • Only use media issued by your department or another trusted authority, and only after it has been checked by your IT security team.
    • Never follow links from unsolicited emails. Always type in the website address manually from your own records.
  16. GRAPHIC 7:
    • Never allow unauthorised access to your computer.
    • Do not discuss sensitive or classified matters over a public communications network. Public wireless networks are inappropriate for work communications.
    • Never leave your laptop unattended.
    • Only log in to your departmental network from approved computers.
    • Only use media issued by your department or another trusted authority, and only after it has been checked by your IT security team.
    • Never follow links from unsolicited emails. Always type in the website address manually from your own records.