Protecting Your Digital Identity_ Best Practices in 2025 _ with M_ Usman Ghani _ Mind Byte

Name: Protecting Your Digital Identity_ Best Practices in 2025 _ with M_ Usman Ghani _ Mind Byte
Uploaded: 2025-07-31T14:05:56+00:00
Duration: 1 h 1 min 14 s
Channel: TecMan Academy

TecMan Academy

Mind Byte | TecMan Academy Presents:
Protecting Your Digital Identity: Best Practices in 2025
with
M. Usman Ghani
Chief Security Officer | NodeCypher Inc.

As digital interactions grow, so do the risks of identity theft, fraud, and data misuse. Your digital identity is now a prime target and protecting it requires awareness, vigilance, and modern tools. In this session, we’ll explore the latest trends, threats, and security practices shaping identity protection in 2025.

#Cybersecurity #InformationSecurity #DigitalIdentity #CISO #Governance #Risk #OnlineSafety #GRC #DataProtection #NetworkSecurity #CyberAwareness #CloudSecurity #SecurityTraining #CyberEssentials #PhishingPrevention #ITSecurity #CyberHygiene #SecureYourData #EndpointSecurity #TechSecurity #InfosecBasics #CyberThreats #CyberProtection #CybersecurityTraining #mindbyte #Sessions #tecman #Free #SecurityThreats #PenetrationTesting #Vulnerability #Detection #MDR #XDR #vCISO

Category

🤖

Tech

Transcript

Display full video transcript

00:00:30Hi, everyone, and welcome to the MindBytes series, proudly brought to you by the Techman.

00:00:39So we are super excited to have you join us today for an important and timely session,

00:00:45protecting your digital identity best practices in 2025.

00:00:50So this session is going to be packed with insights, and we are honored to have Mr.

00:00:56Usman Ghani with us, a true expert in the field of cybersecurity, information security and

00:01:02auditing with over 28 years of experience.

00:01:05So a quick shout out to our amazing strategic partners like Autidex Solutions, NodeCypher,

00:01:14RGMC and Delta One. Thank you for your support.

00:01:18Now a little bit about our guest speaker, Mr. Usman Ghani.

00:01:23He holds an MBA in telecommunication from the University of San Francisco.

00:01:29And also he has a CIS SSP certified professional.

00:01:34That's one of the top global certification in the cybersecurity.

00:01:39So over the year, he has worked as an information security consultant for the top organization like the

00:01:46SensCom, C4 Direct Rate, Infotech Private Limited, 4G fertilizer company and the i3 consulting as well.

00:01:56And other than that, he has also served as an ICT consultant with the global names like the GIZ, the German Development Agency, the World Bank.

00:02:07And currently he's the chief security officer and advisor at the NodeCypher Canada.

00:02:15And if you would like to know more about his professional journey, feel free to check out his LinkedIn account.

00:02:23And other than that, stay tuned, grab your notepad and let's dive into how you can better protect your digital identity in 225 and beyond.

00:02:34So let's get a start. Mr. Usman, the stage is where we may proceed with your presentation.

00:02:39Thank you, Mr. Usman. And hello, everyone.

00:02:44Hello, everyone. Welcome back to the second presentation or session in a series of sessions.

00:02:53And today we're going to be talking about how to protect your digital identity in the digital realm, specifically for the modern threats that we encounter in the current scenarios.

00:03:09And interestingly, today's session is mostly going to be targeted towards users or individuals rather than organizations, SMEs or large scale organizations.

00:03:22We're going to discuss more about how you as a person or as a family can secure yourself online.

00:03:30Given the threats that have been emerging over the past few years and are going to emerge in the next few years.

00:03:40So without wasting any more time, let's get into that.

00:03:45First of all, you heard my introduction.

00:03:49My name is Usman Veni and I have been in cybersecurity for the last more than 20 years and working with a lot of large global names and banking, manufacturing, nonprofit and SME sector during that time.

00:04:10And about our session today, the introduction is that, as I mentioned, it's going to be targeted towards individuals and family data that you can secure online and how you can secure against threats and frauds that are, you know, that are very prevalent these days.

00:04:32Moving on, first of all, what is a digital identity?

00:04:37So first we have to define what a digital identity is, how you can know that what you want to secure and what you don't want to secure.

00:04:50So going on the definition side, it's a unique set of verifiable attributes and online activities that represent an individual entity in the digital realm.

00:05:01Two key points here.

00:05:03It's a unique set of verifiable attributes, meaning that it is unique to you, just like your name, just like your address, just like your face, just like your biometrics, just like the number of your kids or the faces of your kids or of your family or what you do that could be of an interest to yourself.

00:05:29But it may not include something of, you know, the color you like or, you know, the color of your car.

00:05:38These kind of things usually do not come under the definition of digital identity because they do not digitally identify.

00:05:47Going on basically the components of the digital identity are the usernames that you use on the internet, the passwords, the email addresses, your social media profiles, the online transactions that you make with the financial institution or with the other organization.

00:06:12All the transactions don't have to be financial.

00:06:15There could be other type of transactions, like creating an account, things like that.

00:06:20Browsing history, biometric data, and your personal information that you share online.

00:06:27So why does it matter that your digital identity is so important?

00:06:35Because it is increasingly intertwined with your real world identity and opportunities, meaning that it's not just that you sort of type your information in a computer and it just goes away.

00:06:50Basically, basically, it actually makes you a person in this real, in this world, a digital world that you go to a website, you create your ID, you create your bank account, you create your name, your account.

00:07:07So it creates a person, a person in that real.

00:07:13So this is why it's your digital identity.

00:07:16And it is intertwined with your real world identity, meaning that, you know, it identifies you.

00:07:22So your biometric identifies you, so your biometric identifies you, nobody else.

00:07:28And it applies to your employment, your financial services, and even your social connections.

00:07:35So why are there attacks to the digital identity?

00:07:40Why are they growing these days?

00:07:43Why are they growing these days?

00:07:51First of all, we have to look at digital identity, what are the pillars of digital identity.

00:08:00Sorry.

00:08:03Going back to the slide, I think there's some hiccups here.

00:08:09So let's move on.

00:08:19So talking about what are the threats to your digital identity.

00:08:25So if you talk about authentication,

00:08:28it could be your data breach,

00:08:34it could be your phishing attacks,

00:08:36it could be malware and spyware.

00:08:38So all these kinds of things are a threat to your digital identity.

00:08:43And what are the pillars of protection that you can do

00:08:47in order to secure yourself?

00:08:49It could be strong authentication,

00:08:51it could be privacy management,

00:08:53it could be data hygiene,

00:08:55and then again the vigilance and awareness,

00:08:58and also the secure browsing and device habits.

00:09:02So talking about the first pillar,

00:09:05passwords.

00:09:08Now, I've identified these five or six areas,

00:09:12which to me create or sort of carry out the most important functions

00:09:20in your daily online life.

00:09:22First of all, it's the strong authentication,

00:09:25and then there are three, four others.

00:09:28So as I mentioned earlier that, you know,

00:09:31when we're starting this discussion,

00:09:33is that these are the basically pillars that are applicable to you as a user

00:09:41when you're doing your personal work or your own family work.

00:09:47Meaning they may or may definitely they do apply to your official work as well.

00:09:53But as an organization, we're not talking about as an organization today.

00:09:58We're talking more about as a person.

00:10:02So when we talk about strong authentication,

00:10:05meaning that you have to look beyond passwords.

00:10:10The authentication means that how you authenticate with a system.

00:10:16Usually in the olden times, there was only your user ID and your passwords.

00:10:22And people used to, you know, create passwords which were easy to remember.

00:10:27And they had this, you know, maybe a same password that they will reuse over different applications.

00:10:35And interestingly, if you remember that five, 10 years ago,

00:10:39you did not have these many passwords to worry about.

00:10:43There was maybe one for your personal email.

00:10:46There was one for maybe you had at that time a Facebook account.

00:10:52And maybe one or two more for your work and a few more.

00:10:58But nowadays with, you know, so many social media platforms,

00:11:03with so many other applications, banking applications becoming online,

00:11:09and also a lot of your work, official work going online.

00:11:14So there has been a lot of need for, you know, creating more and more accounts,

00:11:20and hence more and more passwords.

00:11:22So what to do when you have so many passwords?

00:11:25I mean, the conventional wisdom would be to have, you know,

00:11:30I can't remember a complex password.

00:11:32Can you?

00:11:33I mean, can you remember a complex password with cloud digits,

00:11:38let alone one or two or three of them?

00:11:40So it is mentioned here that you should have a long, complex,

00:11:46and unique password for every account.

00:11:48Yes, this is correct.

00:11:49You should do that.

00:11:50But how do you remember that?

00:11:53You can't write it down because writing it down in a diary is not very secure.

00:11:58It can be lying in your drawer on your table.

00:12:02So anyone can see those passwords.

00:12:04So we use, make use of the password manager.

00:12:08And there are a lot of these password managers that are available out there.

00:12:12LastPass, 1Password, Bitwarden.

00:12:16We also, NodeCypher also has a partnership with 1Password,

00:12:22and I can talk about that, how it can secure you.

00:12:26But the password manager, what they do is they basically keep all your passwords.

00:12:31It's like a password diary.

00:12:33You can keep all your passwords in there, but it is secure.

00:12:36So you can have multi-factor authentication, MFA,

00:12:41applied onto that password manager,

00:12:43meaning that you're securing that one bucket that you're keeping all these passwords in.

00:12:48And since you have all these complex and unique passwords,

00:12:53the risk of getting your password stolen or hacked

00:12:58from any of the websites that you've been using is very minimal.

00:13:03So if something is lost or something is stolen in one of the websites,

00:13:09the organization that you've set up the password with,

00:13:13like last week, you may have heard that the McDonald's,

00:13:18they had a breach and they lost millions of users' data,

00:13:24including their addresses.

00:13:26And it all started with a weak password of an administrator account.

00:13:32Yes.

00:13:33So basically, it wasn't one of the users who was,

00:13:38I mean, you as a user did not lose your password,

00:13:41but the admin kept a weak password at McDonald's

00:13:44and that's how they hacked and got thousands and thousands of passwords.

00:13:47So if in that case, your password gets out in the open,

00:13:51you still have other unique passwords for other websites.

00:13:57And that way you can basically be sure that that one password cannot be used

00:14:04for your other account.

00:14:05So that's the benefit of having a long, complex and unique passwords.

00:14:10And use of password managers for storing that passwords.

00:14:14And again, I just mentioned that avoid reducing the passwords.

00:14:19Meaning do not use passwords at 2 or 2,

00:14:22since you're going to be storing them in password managers anyways.

00:14:26So let the password manager define a unique password tree.

00:14:31Moving on to MFA, multi-factor authentication.

00:14:36The first couple of lines are basically something right out of the cybersecurity book.

00:14:44Is that the multi-factor part of it.

00:14:49Meaning that something you know, something you have, and something you are.

00:14:55So basically this is your identity.

00:14:58Meaning that something you know, that could be a password.

00:15:02And something you have, you can have a phone or a physical token.

00:15:07And something you are.

00:15:09Meaning personally, you are, you have, you are a person with your own fingerprints,

00:15:14with your own facial characteristics.

00:15:19So these three things, any two of these, when you use it, it's called MFA.

00:15:25So for example, that you use your password on your, and you get a token on your phone.

00:15:33Like authenticate wrap you've installed on your phone.

00:15:37And it gives you a soft token on that.

00:15:41So you get two things.

00:15:42You have your phone with the authenticate wrap installed where you get the token.

00:15:47And you have your password that you use to log.

00:15:50And so you are using multi-factor authentication there.

00:15:54And same goes with biometrics, that you can have biometrics and your password.

00:15:58Or biometrics and your phone to have biometrics.

00:16:02And interestingly, these days, a lot of organizations that, especially software,

00:16:12that offer software as a service online, SaaS solutions.

00:16:16They do offer MFA.

00:16:18They are integrated with MFA.

00:16:20And they allow you to use it.

00:16:23Sometimes it's in the form of that you don't want to ask for them.

00:16:27Then it sends a message to you in your email address,

00:16:31which is something you have.

00:16:33You have an email account that sends your password.

00:16:36And there are two ways that it recognizes you from your password and your email account.

00:16:42By sending the password to that.

00:16:44Or your phone.

00:16:45You get an SMS message on your phone when you're doing the banking application.

00:16:49And that's all for MFA.

00:16:54One word of caution.

00:16:55When using biometrics, fingerprint, facial recognition, use it with caution.

00:17:01Because these things do have limitations.

00:17:04A, they are not foolproof.

00:17:07And B, the devices that use, make use of these fingerprint and facial recognition software,

00:17:16or they make use of this functionality, they are not built with the idea of making it 100% secure.

00:17:27They are made with the idea of it being convenient for you.

00:17:32For example, I have my phone here.

00:17:36And it has, I have an Android phone and an iPhone.

00:17:39So the Android phone has a very thin strip on the side that takes your fingerprint.

00:17:44Now, I think that if I have three or four MIS scans, it will lock me out.

00:17:52And that's very frustrating.

00:17:53So it's not very convenient.

00:17:55So in order to sort of take care of that, what they do is they make it a little bit more flexible.

00:18:01Meaning that any part of your finger, if it matches with the database, can log you in.

00:18:07And interestingly, since the strip is very thin, it can mistake some part of your finger with some other part of somebody else's finger.

00:18:18So that does happen in the case of these devices that they are not foolproof.

00:18:26And so is the case with the facial recognition software in the Face ID iPhone that sometimes I've seen that you can trick those.

00:18:35So use those with caution.

00:18:37Always use MFA.

00:18:38Just do not use your fingerprint or facial recognition specifically for making time critical or mission critical transactions.

00:18:50Moving on.

00:18:51So what's privacy management?

00:18:55Privacy management is controlling your footprint, meaning how much do you want to involve yourself or open yourself out to the public?

00:19:10Now, when I go out and I create an account on the social media, any of the platforms, the first thing I do is I go and I review the settings.

00:19:24You may have noticed that LinkedIn or Facebook, they have so many pages, literally pages and pages of hidden settings that you have to actually go into.

00:19:36And you have to first understand exactly what they mean on how to basically fine tune those settings just to make sure that it's not laying out a lot of your personal information out in the open, as well as, you know, giving you visibility on the other side, giving you the visibility to the other people.

00:20:03So in order to limit public information, you have to understand the audience settings, what kind of audience you're trying to reach out to.

00:20:11Is it just your friends?

00:20:13Is it just, you know, you want to reach out just to your friends or just a lot of social media influencers want to reach out to everybody?

00:20:21I mean, that's their bread and butter, their life.

00:20:25They have to open up their whole life to the world.

00:20:29Good for them.

00:20:30But for you as a person, just make sure then is this what you really want?

00:20:35Because the more you open yourself out, you are opening yourself to a more and more texts from the Internet.

00:20:45Same thing with the opt outs.

00:20:48These are the companies that collect and sell your personal data.

00:20:52They're called data brokers.

00:20:54Always opt out from these kind of offers that ask you to share your data for something that they may give you.

00:21:06It could be just a freelance or something.

00:21:09So just do the opt outs.

00:21:11Same thing with email newsletters and subscriptions, newsletter subscriptions.

00:21:17So whenever you go to a site that gives you a free account, they're always looking for something.

00:21:25And that something is your personal information.

00:21:28And, you know, interestingly, what happens is that if you create an account for a free AI image generation service, for example, they create one or two images for you.

00:21:41And then obviously they ask money for the next ones.

00:21:44But just for creating those two images, they have taken your email.

00:21:49And then suddenly the next day you see a newsletter from them saying, hey, we have these offers.

00:21:54Pay us this money and stuff like that.

00:21:56So basically those newsletter subscriptions starts to come in and then they keep on piling up.

00:22:05Even sometimes making it difficult for you to understand what the real information you're looking for in your email inbox.

00:22:12And it's just overrun by all these newsletter subscriptions.

00:22:16So preferably unsubscribe from them, unwanted ones, the ones that you just registered for.

00:22:23Just to check out their service.

00:22:28Public Wi-Fi.

00:22:29When using public Wi-Fi, use VPN.

00:22:32That's a perfect method.

00:22:35If you cannot afford a paid VPN, you can use a free VPN.

00:22:41But do not carry out any financial or sensitive transactions over even a free VPN or a public Wi-Fi.

00:22:52Whenever you go into a cafe, whenever you go into a bus or an airport, do not carry out any sensitive transactions over those public Wi-Fi.

00:23:04I've seen them sort of using the different types of attacks.

00:23:10Maybe men in the middle or maybe spoofing the IP addresses to gather your information.

00:23:18So try not to do that.

00:23:21Unless you just want to browse the internet.

00:23:23I guess that's fine.

00:23:25Think before you share.

00:23:29So before you share your personal information, as I mentioned, your name, your email address, your password.

00:23:36Just think about it.

00:23:38Just do not go out and start sharing with everybody and every website.

00:23:43Just think why do I really need to create this account?

00:23:47Do I really need to give them my credit card information?

00:23:50Do I really need to give them my email address?

00:23:52Do I really need to give them my home address?

00:23:55So these kinds of information, you think that if it is necessary for them to provide you a service that you want, then yes, maybe go ahead.

00:24:05But otherwise, if you think they're just gathering that data just to maybe bug you in the future, stay away from that.

00:24:15Going on to data hygiene.

00:24:17Data hygiene is, again, a part of it we talked about in the previous slides, but here we're going to talk a little bit about what you share and where you should share your data.

00:24:32Data hygiene is keeping your data clean when you share it.

00:24:37So, as I mentioned earlier, first, minimize data sharing.

00:24:40Only provide necessary information.

00:24:43If you think that this information is necessary for them to provide me with a service, maybe you can go ahead.

00:24:50If you are purchasing something from somewhere, and yes, you do need to give them your credit card, then yes.

00:24:57But if you're just giving to them as a piece of getting a free service, think about it.

00:25:06Is it service really necessary or is it a very legitimate website that you're giving time to?

00:25:13Well, this one is a bit tricky.

00:25:16Read privacy policies.

00:25:18A lot of you, and sometimes even myself, we do not have the time to read their privacy policy and understand how the data is going to be used.

00:25:29Most of the time it's in a gray area.

00:25:33But still, I've kept it here just as a word of caution.

00:25:37So, you know, you can just, you should just know that this is something that's there, that if I had time, I should carry it out.

00:25:46Delete all accounts.

00:25:48Definitely.

00:25:49You know, when I started using computers, I maybe had two or three accounts on two or three websites as I mentioned.

00:25:59Most of the stuff wasn't online.

00:26:02We had internal work servers that we had to log into.

00:26:08Web services or web software was not very prevalent.

00:26:13And so now these things have been, you know, they have become very commonplace.

00:26:19So you have a lot of accounts that you'll be seeing.

00:26:25And you would say, okay, you know, how do I know which one are old accounts and how do I delete them?

00:26:31Very interestingly, go to your Chrome or your browser history, and there is a password manager.

00:26:38Mostly in Chrome, there is a password manager.

00:26:40Just go and look through the password manager and you'll see like hundreds of websites that you've never been to in the last maybe foreseeable past.

00:26:50And you'll see that, oh, you know, when did I log into that account?

00:26:54So if you do not remember, just delete that.

00:26:57I mean, if you really have to reuse it someday, you can go there and reset your password with the same email address that you registered with.

00:27:06So no need to keep old accounts.

00:27:09Just go there and delete the account.

00:27:10You can reuse it as a story.

00:27:14Secure document and document sharing.

00:27:16Be it a digital document or a physical document.

00:27:19Just don't delete it.

00:27:20Specifically with your credit card statements, with your financial statements, financial data that you want to discard.

00:27:28Just don't tear them and throw them in trash.

00:27:31These dumpster divers, what we call them, they can just go through your trash and find important information.

00:27:37So prefer to shred the physical documents as well as the digital documents.

00:27:43Just don't delete key.

00:27:45Also remove it from the bin as well.

00:27:49And if it's very, very sensitive data, encrypt your hardest.

00:27:54And so that even those deleted documents can not be recovered if your laptop or if your workstation desktop is stolen.

00:28:08Beware of quizzes and surveys.

00:28:11When you go online, a lot of these organizations, they attempt you with these surveys and quizzes.

00:28:18Which most of the times are data harvesting tools, meaning that they harvest your data and then they sell it to other organizations.

00:28:26And that's how you get all those spam emails.

00:28:39Okay.

00:28:40How do you become aware and how vigilant and how do you recognize those threats?

00:28:48Talking about phishing.

00:28:51In this earlier slide, there was these definitions of these terminologies.

00:28:58Phishing is basically a term that we use where somebody sends you an email phishing for your information.

00:29:06And they just put a ph for this namesake.

00:29:09That they're phishing for your personal information or your secret information.

00:29:15And they send you an email that looks exactly like your official website

00:29:20or that looks like your bank website, exactly like that.

00:29:23And they ask you to click on the link.

00:29:26And there are different types of phishing.

00:29:29Phishing, smishing, vishing, these different things.

00:29:34But phishing specifically relates to the emails that come to your inbox.

00:29:41And they ask you to click on a link.

00:29:44And how do you start phishing?

00:29:48You look for these two things.

00:29:51One is the grammar that you use.

00:29:54Most of the times, if you look at the terminologies used, the English, the grammar, you would feel that it's off.

00:30:06Because trust me, most of the people creating these emails are not very smart or not very English literate.

00:30:17So you will spot some grammatical errors or the kind of tone that they're using is a bit off for your usual emails from that organization.

00:30:29Like your bank, it will feel a bit off.

00:30:32And the other thing is that urgency.

00:30:35And now phishing probably, you know, they try on urgency and your desire to make money.

00:30:44So either they'll say, okay, you know, when $100,000 right now, I have it, you want it, just log into this website.

00:30:51Or they'll say urgency, like they'll scare you by saying that, oh, I'm your boss calling.

00:30:57Please do this right now.

00:30:59And so if you see these buzzwords, these urgency words, then this most probably is phishing intent.

00:31:08So be very, very careful before you click a link.

00:31:12I was just talking about these social engineering tactics, like the urgency of betting you or pretexting, oh, you know, I know you from somewhere, your so-and-so son, or, you know, they know your son's name and they'll say, okay, you know, we have him.

00:31:31We're calling you from the police station.

00:31:33He's been arrested.

00:31:34So come over with this much money and things like that.

00:31:38So this is pretexting, meaning that they have some information that they're using to basically get you to feel that they are, you know, they know you are, there's a sequence of events that has already happened.

00:31:53And then you have to do something as a good pro quo in result of that.

00:32:00So you need to be vigilant about malicious websites in your phishing emails or if you get a link to your SMS or a call that you get.

00:32:13Okay. I think I'm going to just ask the attendees, what is in this link that's there?

00:32:27This is HTTPSR1.mix.org.com, your bank info.

00:32:31What's wrong with this link?

00:32:33Anyone?

00:32:34Okay.

00:32:35I don't know about five more seconds.

00:32:39Okay.

00:32:40Basically.

00:32:41Oh, yeah.

00:32:42Awesome.

00:32:44Got it.

00:32:45So it's a zero instead of an O, microsoft.com.

00:32:49And a piece of information that in links like these, you know, you can see that there's a zero instead of an O, microsoft.com.

00:33:05And a piece of information that in links like these, only this dot, anything that is right next to it on the left side, that's your domain name.

00:33:19So whatever fact that you see here, that does not make any difference.

00:33:24Only thing that makes a difference is what's after .com, .pk, .whatever, .co, .edu, right before this dot, whatever appears, that is your domain name.

00:33:37So that's the real domain where it's coming from.

00:33:40Be very careful when you click on a link to read that.

00:33:44Sometimes they make domain names that sound and look somewhat and exactly like the ones from your known organization that they want you to click on.

00:33:55So be careful of these kind of attacks.

00:33:58And also once in a while, just go out and just a few cybersecurity news resources.

00:34:07Just read about what's new in the market of these new attacks.

00:34:16So you can be staying informed of them.

00:34:19And in the end, trust you with that.

00:34:22If something feels off, it probably is.

00:34:25Meaning that if it looks fishy, if it, you know, you looked at Microsoft, you see that O is a little bit off, it means it's fishy.

00:34:37Just don't go ahead and click on it.

00:34:40Just spend some time investigating more.

00:34:43Maybe, maybe it's the right thing, but spend more time if you feel something is off.

00:34:49Okay, going on to the next one, secure browsing and device habits.

00:34:56This is something that we do all day long.

00:34:59We browse the internet and we use multiple devices in our daily routine.

00:35:05And what you do in that sense.

00:35:08First of all, keep your software updated.

00:35:11The operating systems, the browsers, the applications.

00:35:14Be it your mobile phone or be it your laptop or your desktop.

00:35:19Your operating system, your applications that you've installed on your computer or on your mobile.

00:35:28Keep them updated because they do release these bug fixes very frequently and we should keep them updated.

00:35:42Definitely, definitely have an anti-virus or anti-malware software installed on your endpoint.

00:35:49What is an endpoint?

00:35:51Well, endpoint is basically whatever is the endpoint of that whole chain of information that you're looking at that or accessing that information.

00:36:01Meaning, if you're working on your computer to access a website, the computer is your endpoint.

00:36:08If it's a mobile phone, that's your endpoint.

00:36:11So, endpoint is anything that you use to access these various devices of information.

00:36:20So, have an anti-virus and an anti-malware software installed definitely for your devices.

00:36:29Firewalls.

00:36:30It's a most definite, if you do not have one in your home or in your home office, get one.

00:36:39It could be a hardware firewall or it could be a software firewall on your computer.

00:36:46And now these days, even with NodeCypher, the endpoint software that we offer our customers does have the anti-virus, anti-malware and the firewall built all into one.

00:36:57So, if you do not know much about firewalls or how to configure them, use them with default settings, but not with the default passwords.

00:37:08Use them with the default settings.

00:37:10At least they'll secure you enough to basically, A, hide you from the external attacks and B, secure you from internal attacks as well.

00:37:23We're talking about anti-virus and anti-malware.

00:37:26And specifically, secure your home Wi-Fi.

00:37:29Do not use the same password that your installer who came to your place three years ago and he set up your CP, the equipment for the router on your home internet.

00:37:49He set up a default password.

00:37:52Change it.

00:37:53If you don't know, ask him how to change it once he's left.

00:37:56So, and keep changing it every once in a while, every six months.

00:37:59You keep changing your Wi-Fi password because your neighbors, your servants, your friends, they may have gotten that and they may share it with somebody or they may reuse it for some other purposes.

00:38:16And specifically, do not use the same password that you use on your internet accounts.

00:38:22Don't use that for Wi-Fi.

00:38:24Use WP3 or two encryptions and keep a unique SSID or do not use the same SSID as your neighbors are using.

00:38:35Or if your house number is 218, do not use house 218 as your SSID because that will tell somebody that this is where this Wi-Fi is emanating from.

00:38:48That's again, increase your footprint and increase your attack surface for attacks.

00:39:00Okay.

00:39:01Regular data backups.

00:39:02You should protect against data loss from malware or device failure just in case if something like that happens.

00:39:09And it does happen.

00:39:10It happens to the best of us.

00:39:13For those situations, keep a data backup because data loss can be from malware or device failure or from your incompetence.

00:39:24So it could happen to anyone, data loss.

00:39:28And so that's why I keep a regular data backup.

00:39:31You can keep it off site on the cloud.

00:39:34These days, the cloud storage is pretty cheap.

00:39:40So you can just have an account and keep at least your more sensitive or the necessary work or work home data in the cloud protected from your home.

00:39:57You can have a hard disk, those pen drives for getting data backups.

00:40:03But I tend to go against them because they tend to get lost and you may use the data in the event.

00:40:13Device encryption, encrypt laptops and mobile devices.

00:40:17It's very important.

00:40:18We usually do not do that, but we should because a lot of sensitive data can get out.

00:40:26If your laptop gets stolen, if your device gets stolen.

00:40:31Okay.

00:40:32This is something that I added as an additional slide because I wanted to see.

00:40:42Okay.

00:40:43Okay.

00:40:44So this is an area where I think we need to be more informed about because it's something that happens very often these days.

00:40:58You get a lot of emails and the social engineering calls that you get, SMS messages that you get.

00:41:05So you need to be aware about that.

00:41:07So first of all, as I mentioned, I think I mentioned earlier that be skeptical.

00:41:12Always approach unexpected communication with caution, meaning that if you feel this is from an unknown source and it's asking for some information that's private to you, be skeptical.

00:41:31So let's not go out and start typing out information that they should not be ready to give others.

00:41:38What are the red flags you need to watch for?

00:41:41As I mentioned that social engineering, they pride on two of the main weaknesses, human weaknesses.

00:41:48One is greed, meaning that they tempt you with money or rewards, and the other is fear.

00:41:57So they give you threats or they make you show some urgency, meaning to sort of scare you off.

00:42:06Okay.

00:42:07If this thing does not happen right now, I may miss the claim.

00:42:11So this is showing urgency.

00:42:13They may be demanding immediate action.

00:42:16They'll say, oh, I will close your account, or they'll promise large sums of money.

00:42:21So these are the red flags you need to watch out for, and specifically in the phishing attacks.

00:42:29Again, this I think I just mentioned earlier and discussed that, that email addresses, if they're not matching the sender's name,

00:42:38or there's a slight misspelling, or there's a long strain before the domain name, be wary of that.

00:42:48Unexpected attachments or links.

00:42:51Do not, I would suggest, do not click on a link in any email address, unless, unless if you have just lost your password,

00:43:01you go to a website, and you say reset password, right, then they'll send you an email into your inbox,

00:43:08and you know exactly you have created this, this email reset request, and it is from that same organization.

00:43:18Then, of course, you can go ahead and click on the link.

00:43:21Otherwise, I would suggest to not just go out and keep clicking on the links.

00:43:28And one thing you also can do is, hover your mouse over the URL, and you'll see the actual, the actual link that's going to take you.

00:43:37So there is the link that's showing on the screen.

00:43:40But if you take the mouse, it will show you the actual link it's going to do.

00:43:43They should match, they should match.

00:43:47Okay, again, legitimate organization, they'll never ask you password.

00:43:54You must have gotten this email message from your bank or your financial institution that tells you that, you know,

00:44:04we will never ask you for your password or your pet card information or other sensitive information via email or via phone also.

00:44:13Always, if somebody calls you and say, okay, you know, I'm calling from the bank.

00:44:17I need your card number so I can activate your account.

00:44:20Tell them, I'll call you back.

00:44:23I have your number because it's on the back of my card.

00:44:26I have the bank's number.

00:44:27I'll call the bank and I'll ask them myself because this way you're, you know which number you're dialing.

00:44:33And you will get to that same number that you're calling, meaning that you call your bank and ask them that somebody has called me with this information.

00:44:44Do you need it?

00:44:45And these days, they most probably won't ask you, even when you're calling, they won't ask for your passwords or credit card details.

00:44:54Most of the time they'll ask you only the last four digits of your credit card because they have that information.

00:44:59And if somebody is asking for this information, tell them, we're at my bank.

00:45:03Don't you have this information with you?

00:45:05Don't you have my account information on my credit card?

00:45:07Go look over there.

00:45:08I'm not giving it to you.

00:45:10If you have to ask something, I won't give you my password or my sensitive information.

00:45:16You have my credit card.

00:45:18Go look over there.

00:45:19So that's one way or two more of these kinds of elizitive requests.

00:45:23The last thing, stop, look, think.

00:45:29So first of all, just don't go out and click on the links.

00:45:33Just look carefully what you're looking at, what information you're going to provide.

00:45:38And think carefully.

00:45:40Is it really necessary to provide this information before you click this one or share?

00:45:49As I mentioned earlier, that if you're unsure, independently verify the sender by calling them on a known phone number, not the one given in the email.

00:45:59So if you know your bank phone number from the back of your card, call them using that number, not the one you get in your email.

00:46:10Or if you have any suspicious emails or incidents in your office, inform your IT or security team, they may take some action on that.

00:46:21It's very important.

00:46:23So if you look at your children's digital identity, it's not just about yourself.

00:46:28These days, children, when they grow up to the ages, I think, four or five years ago, even earlier than that, they know how to use a phone.

00:46:38So they are going out and they are putting out their personal information out in the open that can lead to some predators running on these young children, getting their information and then blackmailing them.

00:46:55You must have heard all these stories in the news every day.

00:47:00So this is something that's very important to you as to protect, not just yourself, not just for yourself, but also for your family, specifically for the center.

00:47:13And it starts with an early education, just like you told your child not to put your hand in the fire or put your hand in the door when it's closing.

00:47:26You know, all these all these logical things you teach your children, teach them this responsibility of online behavior as well, that this is something you should do.

00:47:35You should not give out your pictures to strangers, you should not post your pictures on these websites unless you ask me or there's some parental controls in place.

00:47:47Same thing that I just talked about parental controls.

00:47:50You need to set up the privacy settings of your of your computer that the kids are using or of the phones and set up parental controls on that.

00:48:03So, you know, at least what websites they are visiting or what information they are posting online.

00:48:10I'm not just saying that you should spy on them.

00:48:13I'm just saying act as, you know, a parent that who's worried about their children, just like you're worried about them getting a physical harm.

00:48:24This is something that can harm them emotionally if their information gets into their own.

00:48:30Monitor their online activity, again, with age appropriate transparency.

00:48:36I mean, if they're old enough, just tease them and just pry on them as I mentioned earlier.

00:48:41But if they're young enough to do monitor their online activity, because, again, their kids, you need to be a parent and worry about their security and safety as well.

00:48:55Now, this is what I've seen a lot of times on Facebook or social media platforms.

00:49:02Their parents are sharing their children's data, their children's pictures, where they're going.

00:49:08I mean, fine, if you want to show off to your family or friends that, you know, you visited this country and you visited these places.

00:49:18That's fine. It's a personal choice.

00:49:21But be aware that you are sharing data on the internet where possibly the predators and the other people who are looking for this kind of information, it's available to them as well.

00:49:38And they know you are out of town and your home most probably is empty.

00:49:44So they can come to your home and steal something, something like that.

00:49:50Meaning that you are basically giving information that is private to the third person or to the outside person.

00:50:01So, again, get MFA and strong passwords, just inculcate this idea of how to secure their accounts as well.

00:50:13As they get older, they should know all these information that you have.

00:50:18Top five actionable steps for protecting your digital identity.

00:50:24First of all, these are just top five that I think that should be there.

00:50:30First of all, enable multi-factor authentication on every account that offers it.

00:50:36That should be a must.

00:50:39Second, use a password manager and create unique and strong passwords.

00:50:44Regularly review privacy settings on social media and other online services.

00:50:49I would say regularly review because they do change their privacy settings.

00:50:53So, do look for settings that have changed and which ones to open and which ones to keep close.

00:51:01Again, being very skeptical of unsolicited communications, emails, text calls.

00:51:06Be skeptical. Stop, think, and then share.

00:51:10And keep all your devices, your endpoints, devices, and software updated.

00:51:17Okay.

00:51:18So, we're at the end and we have about 10 minutes.

00:51:24I'm just going to have a couple of quizzes and see if we have time.

00:51:28We'll do the case study.

00:51:29If not, I'll just take your questions.

00:51:32First of all, about authentication passwords.

00:51:38Why is MFA effective?

00:51:40Because it requires a long password.

00:51:43You can read through these and just let's see if you can come up with the right answer.

00:51:49Okay.

00:51:50The verification has at least two different categories of pretensions, something or something.

00:52:15So, basically using the multi-factor authentication.

00:52:18Good.

00:52:19Next one.

00:52:20When sharing information on social media, what is the key privacy best practice?

00:52:47Okay.

00:52:48B.

00:52:49Only share information that you're comfortable with.

00:52:50Anyone seeing and regularly review privacy.

00:52:51Very good.

00:52:52Very good.

00:52:53Okay.

00:52:54The next and last one.

00:52:55These are pretty easy ones, but I just put them here.

00:52:56So, just to know that you guys are listening.

00:53:00Which of the following is a strong indicator that email might be a phishing attempt?

00:53:01Might be a phishing attempt.

00:53:02Okay.

00:53:03Okay.

00:53:04C.

00:53:05C.

00:53:06C.

00:53:07C.

00:53:08C.

00:53:09C.

00:53:10C.

00:53:11C.

00:53:12C.

00:53:13C.

00:53:14C.

00:53:15C.

00:53:16C.

00:53:17C.

00:53:18C.

00:53:19C.

00:53:20C.

00:53:21C.

00:53:22C.

00:53:23C.

00:53:24C.

00:53:25C.

00:53:26C.

00:53:27C.

00:53:28C.

00:53:29C.

00:53:30C.

00:53:31C.

00:53:32C.

00:53:33C.

00:53:34C.

00:53:35C.

00:53:36C.

00:53:37C.

00:53:38C.

00:53:39because it's asking for urgent action or personal information,

00:53:43means that it may be efficient.

00:53:47Okay, I had a case study that I wanted to discuss,

00:53:53but I think we are almost out of time.

00:53:58So these, I just want to go through a couple of slides,

00:54:03what is the pathway to personal data security.

00:54:07These are some of our partners at NodeCypher,

00:54:10which we use specifically for endpoint security and password management.

00:54:17We are partners with Bitdefender Checkpoint and ESET

00:54:21and provide one of the best-in-class endpoint security.

00:54:26And we use one password for password management.

00:54:29It could be your individual level passwords,

00:54:32or it could be on an organization level as well.

00:54:35Okay, question and answers.

00:54:43Please.

00:54:49Any questions?

00:55:05Okay, is it really necessary to use a password manager?

00:55:09I can just remember my passwords.

00:55:12Okay.

00:55:14Well, yes, you can remember your passwords.

00:55:18Obviously, if you're, I mean, if you're a great, great, great memory,

00:55:26that you can remember extended 12 character,

00:55:30you know, passwords with characters and digits and numbers, that's good.

00:55:38But still, a password manager is very highly recommended because it creates and securely stores a unique and complex password for your online account.

00:55:49And not only that, it also allows you to generate a random password.

00:55:56So you don't have to think through them, it generates those random passwords and it allows you to use a different password on each of the website.

00:56:08I mean, you don't have to reuse the same password everywhere, which is a major vulnerability.

00:56:14So it's not extremely necessary, but I would say it is, it's very, very, very good to have a password manager.

00:56:24And most of these are free for person use.

00:56:27So I suggest definitely to use any other questions.

00:56:45Okay, how can I check if my Wi-Fi is secure enough?

00:56:54Well, there are, there are a few methods.

00:56:56One is not just knowing how your Wi-Fi is secure, but also doing what to secure your Wi-Fi.

00:57:08In order for checking, you can go and there are some Wi-Fi scanning tools that you can install on your computer.

00:57:16And you can scan your Wi-Fi and see if there are any IPs or any additional computers or any additional devices

00:57:25that are connected to your Wi-Fi that are connected to your Wi-Fi that's one way of checking.

00:57:28And how to secure it to use strong passwords, encrypt your Wi-Fi communication.

00:57:36You can also use WP2 or WPA3, change the default admin credentials, like, as I mentioned, don't use the one that the installer set up.

00:57:47And also, a lot of these devices these days allow for separate password credentials for guest network.

00:57:58So, I mean, earlier days, it was a bit difficult to configure it, we needed technical, you know, know how to do that.

00:58:07But these days, you can set up the guest network and they allow you to just, you know, take you through a series of steps to create a separate guest network.

00:58:21And I suggest you do that.

00:58:25Any other question?

00:58:30Okay, I'm worried about defects and air impersonation.

00:58:41Very, very relevant with these kinds of times that now you see it on the social media that all these defects and the air impersonations.

00:58:56And it's not just videos.

00:58:58And it's not just the social media, they may be used to trick you as a person.

00:59:04It may be just a video of your loved one, you know, sent to you.

00:59:11Or it may be a voice, air-generated voice of a loved one, you know, sent to you over the phone or a message asking for information.

00:59:20So this is, you know, very, very real risk these days.

00:59:25So first of all, I would say that verify the information.

00:59:29Don't just be scared and don't just trust the content solely based on if you hear it from a trusted source or your social media account.

00:59:40If something seems off, if you look at the videos right now, you can tell exactly when the scenes are changing.

00:59:50If the people are moving, you can see that their arms, AI is not yet at least that level where it can mimic the human movements perfectly.

01:00:02So if you look at the videos, AI videos, when they're moving their arms or their faces, they're turning their head, they're running, their legs and arms seem to be way off when they're moving.

01:00:14So that's one way, at least for now, to recognize defect videos.

01:00:20And in terms of calls, if someone is calling you from a known voice, just call them back.

01:00:28Don't have a bit of critical eye in sort of identifying these things.

01:00:34Just do not believe it right from the dead.

01:00:37Okay, so I think we're pretty much to the end.

01:00:44So that's it for today.

01:00:46And I thank you everyone for joining in and hope to see you again for the next session.

01:00:53Sam is from my side.

01:01:07I thank you everyone for joining in.