Basic Cybersecurity for End Users

Cyber Security Essentials for Everyone - Protecting Our Business Together

Slide 1: Title Slide

Title: Cyber Security Essentials for Everyone
Subtitle: Protecting Our Business Together
Presented by: Maarten Schaap, CyberSecurity inferstruture Consultant

Slide 2: Why Cybersecurity Matters

  • Cyber attacks are increasing

  • End users are the first line of defence

  • A breach can cost time, money, and trust

Slide 3: Our Environment

  • Remote Staff: 22 computers on home networks behind basic firewalls

  • Office Staff: 10 computers secured by Fortinet

  • Reality: Threats exist both at home and at work

Slide 4: Common Cyber Threats

  • Phishing emails

  • Malware and ransomware

  • Weak or reused passwords

  • Unpatched software

Slide 5: Remote Work Risks

  • Public Wi-Fi use

  • Personal devices

  • Unsecured home routers

  • Lack of endpoint protection

Slide 6: Office Risks (Even with Fortinet)

  • Human error (e.g. clicking bad links)

  • Internal threats

  • USB drives and unauthorized devices

Slide 7: Passwords and Authentication

  • Use strong, unique passwords

  • Enable multi-factor authentication (MFA)

  • Use password managers

Slide 8: Phishing Awareness

  • Think before clicking

  • Check email addresses carefully

  • Report suspicious emails

Slide 9: Device Hygiene

  • Lock your screen when away

  • Don’t install unauthorized software

  • Keep antivirus and software up to date

Slide 10: Safe Remote Work Habits

  • Use company VPN if available

  • Avoid public Wi-Fi or use a mobile hotspot

  • Keep work and personal activities separate

Slide 11: Your Role in Security

  • Stay alert

  • Ask when unsure

  • Report anything suspicious immediately

Slide 12: What We’re Doing (Company Measures)

  • Fortinet firewall protections in office

  • Endpoint protection software

  • Regular updates and patches

  • Security awareness training (this session!)

Slide 13: What to Do If You Suspect a Breach

  • Unplug from the internet (if necessary)

  • Contact IT support immediately

  • Do not try to fix it yourself

Slide 14: Quick Tips Recap

  • Think before you click

  • Lock your device

  • Use strong passwords

  • Stay updated

  • Report issues

Slide 15: Questions & Answers

  • Invite questions

  • Share a contact email or helpdesk link

Download-Cybersecurity_EndUser_Presentation.pptx

As of 2025, the most common cybersecurity attacks targeting businesses

As of 2025, the most common cybersecurity attacks targeting businesses—especially those with remote work setups or basic protections—are:

1. Phishing (Still #1)

  • What it is: Fake emails or messages tricking users into clicking malicious links or giving away credentials.

  • Why it’s common: It’s cheap, scalable, and still highly effective—especially against distracted or untrained users.

  • Variants: Business Email Compromise (BEC), SMS phishing (smishing), and voice phishing (vishing).

  • Active action:

    Phishing

    • Fake emails or messages that trick you into clicking a link, downloading a file, or entering your password

    • Often looks like it’s from a trusted source (e.g. your boss, bank, or IT)

    • Requires you to take action—click, reply, download, or enter credentials

    • Common forms:

      • Email phishing (with fake login pages)

      • Smishing (phishing via SMS)

      • Vishing (phone-based scams)

    • Red Flags: Urgency, poor grammar, unusual sender, strange links

    • Your defense: Slow down, verify, and never click unless you’re sure

2. Ransomware

  • What it is: Malware that encrypts files and demands payment for decryption.

  • Common delivery methods: Phishing emails, remote desktop protocol (RDP) attacks, malicious downloads.

  • Targets: Small to medium businesses are increasingly targeted because they often lack proper backups or endpoint defenses.

  • – Fake emails/messages trick users into clicking links or entering info
  • – Looks like trusted sources (boss, IT, bank)
  •  
  • **Your Active Role:**
  • – Think before clicking
  • – Verify sender addresses
  • – Report anything suspicious

3. Credential Stuffing / Password Attacks

  • What it is: Using stolen username/password combinations from past breaches to access accounts.

  • Why it works: Many people reuse passwords across services.

  • Fix: Use unique passwords + enable MFA.

  • Active action: 
  • – Uses stolen passwords from other breaches
  • – Works when users reuse passwords
  •  
  • **Your Active Role:**
  • – Use unique passwords
  • – Enable MFA
  • – Use a password manager

4. Malware (Trojan Horses, Spyware, Keyloggers)

  • What it is: Malicious software that installs itself via downloads, USBs, or email attachments.

  • Purpose: Data theft, spying, remote control of devices.

  • Defense: Endpoint protection and strict software control.

  • Active action:
  • – Malicious software installs from links, attachments, USBs
  • – Can spy, steal data, or damage files
  •  
  • **Your Active Role:**
  • – Don’t install unknown software
  • – Avoid suspicious downloads
  • – Keep antivirus updated

5. Man-in-the-Middle (MitM) Attacks

  • What it is: Attackers intercept communication between two parties—common over public Wi-Fi.

  • Impact: Stolen credentials, data, or injection of malicious content.

  • Mitigation: VPN usage, encrypted connections (HTTPS), and not using public Wi-Fi for work.

  • Active action:
  • – Attacker intercepts communications on unsecured networks
  • – Common on public Wi-Fi
  •  
  • **You
  • Active Role:
  • – Don’t use public Wi-Fi for work
  • – Use a VPN or zero trust connections like tail scale or twingate if required
  • – Always check for HTTPS in websites

6. Supply Chain Attacks

  • What it is: Targeting software vendors or service providers to compromise many customers at once.

  • Recent example: The SolarWinds and MOVEit attacks.

  • Challenge: Hard to detect—requires vendor vetting and monitoring.

  • Active actions:
  • – Attackers compromise trusted vendors or software
  • – Hard to detect directly as a user
  •  
  • **Your Active Role:**
  • – Only install software approved by IT
  • – Report anything strange after updates
  • – Stay informed of alerts

7. Social Engineering

  • What it is: Manipulating people into giving up confidential info—via calls, in-person, or online.

  • Example: An attacker calls pretending to be from IT and asks for your password.

  • Defense: Awareness and verification procedures.

  • Active actions:
  • Manipulates people into revealing info
  • – Often poses as IT, management, or other trusted people
  •  
  • **Your Active Role:**
  • – Always verify requests for credentials
  • – Be skeptical of urgency or threats
  • – Report suspicious interactions

8. Exploiting Unpatched Software

  • What it is: Hackers use known vulnerabilities in outdated software to gain access.

  • Common targets: Browsers, plugins (e.g., Java, Flash), old OS versions.

  • Fix: Regular updates and patch management.

  • Active actions:
  • – Exploits known vulnerabilities in outdated apps or systems
  • – Often automated and widespread
  •  
  • **Your Active Role:**
  • – Don’t delay updates
  • – Reboot your device after updates
  • – Notify IT if something fails to update
Download-Cybersecurity_EndUser_Presentation_Most_Common_Threats
Download-Cybersecurity_EndUser_ActiveActionDeck (1)