Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational...
Transcript of Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational...
![Page 1: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/1.jpg)
Cybersecurity 101
![Page 2: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/2.jpg)
Scott Stone, MACS
• IT Partner and CIO for ACT• 25 Years in the Industry• Cyber Threat Analyst – From NCFTA• Trained Ethical Hacker – EC Council• Certified in
• Network Security• Emergency Response Planning• Cisco, Sophos, Linux, Novell, etc.
2
![Page 3: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/3.jpg)
Topics to be Covered
• IT Security Trends• Phishing / Ransomware• Protecting Your Organization
• Patching • Firewalls• Antivirus / AntiMalware• Backups• Pen Tests / Vulnerability Scans• Mobile Devices• Other Security Items• Policies and Procedures• Passwords / Managers / Two-Factor Authentication
3
![Page 4: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/4.jpg)
Breached Records – First Half of 2015
4
![Page 5: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/5.jpg)
Breached Records – First Half of 2016
5
![Page 6: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/6.jpg)
Breached Records – First Half of 2017
6
![Page 7: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/7.jpg)
Breached Records – First Half of 2018
7
![Page 8: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/8.jpg)
2017 Breaches by Industry
8
![Page 9: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/9.jpg)
2018 Breaches by Industry
9
![Page 10: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/10.jpg)
Breach Incidents by Type – 2017
10
![Page 11: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/11.jpg)
Breach Incidents by Type – 2018
11
![Page 12: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/12.jpg)
Breach Incidents by Source – 2017
12
![Page 13: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/13.jpg)
Breach Incidents by Source – 2018
13
![Page 14: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/14.jpg)
This Happens Everywhere, Right?
2017
14
![Page 15: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/15.jpg)
This Happens Everywhere, Right?
2018
15
![Page 16: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/16.jpg)
![Page 17: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/17.jpg)
Phishing Attacks
• Phishing uses social engineering, a technique where cyberattackers attempt to fool you into taking an action.
• These attacks often begin with a cyber criminal sendingyou an email pretending to be from someone or somethingyou know or trust, such as a friend, your bank, or yourfavorite online store.
• These emails then entice you into taking an action, such asclicking on a link, opening an attachment, or responding toa message.
• Cyber criminals craft these emails to look convincing.
Still the largest threat IT currently deals with.17
![Page 18: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/18.jpg)
Phishing / Spear Phishing
WAS PRIMARILYCREDENTIALS ANDACCOUNT ACCESS
NOW MORERANSOMWARE / CRYPTOWARE
INCREASE IN THERESEARCH PEOPLE ARE
DOING PRIOR TOSENDING PHISHING
EMAILS
REDUCTION IN THEDUPLICATION OR
COMPLEXITY OF ACTUALEMAILS TO AVOID
LOOKING LIKE SPAM
TARGETEDATTACHMENTS AND
SUBJECTS BASED ONJOB ROLE
CRIMINALS AREPATIENT AND
THOROUGH BECAUSEIT PAYS TO BE
18
![Page 19: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/19.jpg)
Phishing – Three Attack Types
1. Direct Money Theft2. Credential Theft3. Computer / Network InfectionWhat do these have in common?They make piles
of MONEY!19
![Page 20: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/20.jpg)
Phishing Emails – Direct Money Theft
20
![Page 21: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/21.jpg)
Phishing Emails – Credential Theft
21
![Page 22: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/22.jpg)
Phishing Emails – Credential Theft
22
![Page 23: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/23.jpg)
![Page 24: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/24.jpg)
Phishing – Reputational Loss
Good Afternoon All,
This email comes as a warning regarding an email hack that we are experiencing. It has been brought to our attention that our CCO/CFO, Amy Smith, has had her email hacked. Steps are being taken right now to correct the situation.
Should you receive any correspondences from Amy Smith (AS@ABCWealthcom) requesting any kind of information— DO NOT OPEN! Either delete and/or call our office - ask to speak with either Amy or Bob Smith.
We apologize for any inconvenience and are working tirelessly to fix the problem.
Best,Sue JacksonMarketing ManagerABC Wealth Management
24
![Page 25: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/25.jpg)
Phishing Emails – Ransomware Infection
25
![Page 26: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/26.jpg)
Ransomware
Currently Ransomware commonly comes disguised as Email File Attachments:
• Invoice.doc or Invoice.zip
• Fax.doc or Fax.zip• Voicemail.wav or
Voicemail.zip• IRS Notice.zip
Or Download links:• UPS / FEDEX / USPS
notifications• Client files to Box,
Dropbox, Google drive, OneDrive
• Tax documents / Wells Fargo Documents
26
![Page 27: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/27.jpg)
Ransomware
• 60% of Phishing emails we see lead to Ransomware. 20% each to Credential Theft or Direct Theft.
• Ransomware attacks are on the rise.
• FBI estimates Cyber Criminals will make over $11.5 billion in 2019.
• We have consulted on Ransomware infections for organizations from large hospitals to home businesses.
• Only options are to pay or restore from backups.
• Ransomware always results in downtime and lost productivity.
27
![Page 28: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/28.jpg)
Ryuk Ransomware
• Ryuk ransomware banks $3.7 million in five months –Engadget 1/13/19
• Local manufacturer hit with 79 BTC ($282,583) ransom
• Crippled their US, Canadian, and UK sites
• Encrypted files on all their servers and their backups
• Attacked them again two months after initial infection
28
![Page 29: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/29.jpg)
Ryuk Ransomware
• Starts by infecting systems with TrickBot malware (typically through methods like phishing email).
• Uses PowerShell and Remote Desktop Protocol to create backdoors and steal passwords.
• Lets the intruders study their targets to determine the money-making potential.
• They look for the most critical systems and will even pass on launching the Ryuk encryption if the organization isn't large enough.
• They target industries at different times (schools, local government, public housing, manufacturing).
29
![Page 30: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/30.jpg)
Ransomware Distribution Methods
• Files Attached to Email• Common File Transfer Services:
• Dropbox• OneDrive• GoogleDrive• LeapFile• Sharefile
• What are the risks?
30
![Page 31: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/31.jpg)
Protecting Yourself
• Be suspicious of attachments and only open those that youwere expecting.
• Pause and think about emails that impart a sense of urgency.• Just because you got an email from your friend does not mean
they sent it.• DO NOT CLICK ON LINKS IN EMAIL.• Not sure? Forward it to IT.• Train yourself:
• https://www.phishingbox.com/phishing-test• https://www.opendns.com/phishing-quiz/
31
![Page 32: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/32.jpg)
Phishing – Protecting Yourself
Enable Enable two-factor authentication – O365, Google Authenticator, Security Key, SMS.
Train Train your employees and yourself – KnowBe4, Wombat, Sophos.
Use Use a quality email provider – Office365, Gmail, ProtonMail.
32
![Page 33: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/33.jpg)
Patching
What is patching?Why is it important?What do I need to do?
33
![Page 34: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/34.jpg)
Patching
• A Fully Patched Windows 7 or 10 computer was immune to 97% of all active attacks in 2018.
• The software industry is moving to an automatic patching model. Hardware and IOT are going to be slow to adopt this approach.
• Most Firewalls will not fully patch themselves automatically.• A software inventory system is a key component to tracking
unpatched systems. • Microsoft automatic patching is not reliable. (WSUS)• All software is vulnerable--e.g., WinRAR.
34
![Page 35: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/35.jpg)
Firewalls
• Unified Threat Management (UTM) Firewalls at every Internet Connection
• UTM incorporates:• Antivirus Scanning• Country Blocking / Geo IP Filtering• Content Filtering • Intrusion Detection• Intrusion Prevention• Application Control / Blocking
• Internal Firewalls for Finance / EHR / HR35
![Page 36: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/36.jpg)
Antivirus / Antimalware
• Must be centrally managed to be effective• Should automatically alert IT of infections• Heuristic AV clients are better than pattern based• AntiMalware technology can work with your Firewall to limit
access after an infection• Should be layered – Firewall / Server / PC• AI starting to impact this market
36
![Page 37: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/37.jpg)
Backups
• Must include Off-site or Cloud backups.• Need to be disconnected from the network.• Restoration time is a business decision.• Local copies should be part of the strategy.• Needs to be encrypted – Who holds the keys?• Retention should be a primary part of the backup strategy.
37
![Page 38: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/38.jpg)
Pen Test / Vulnerability Scans
• Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit.
• Vulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.
38
![Page 39: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/39.jpg)
Mobile Device Management
• The next target for thieves• SIM jacking is a real threat now• Corporate Assets vs Personal Devices• Security in this space is moving quickly• iPhone vs Android?
39
![Page 40: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/40.jpg)
Mobile Devices – Personal Best Practices
• Keep it updated (IOS / Nexus).• Use a strong Pin / Passcode.• Be careful of the apps you install.• Dispose of old devices properly.• Be cautious of what you plug it into to charge.• Do not open attachments you do not need to
read on your phone.40
![Page 41: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/41.jpg)
Other Security Concerns
• PowerShell on the desktop• VLANs are not real security• Local Admin rights to the computer• IT Staff running as Administrators• VPNS for Vendors (HVAC, Copiers, Security)• Network Managed Services Providers
41
![Page 42: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/42.jpg)
Policies and Procedures
• What should you have?• Risk Analysis / Risk Assessment• Incident Response Plan / Log• Disaster Recovery Plan
• Other items:• Privacy Policy / Assessment• Security Policy / Assessment
42
![Page 43: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/43.jpg)
Passwords and Two-Factor Authentication
Password Best Practices Review
01Password Managers, Haystacking, Passphrases
02Two-Factor –Types, Uses, Limitations, Benefits
03
43
![Page 44: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/44.jpg)
Passwords: Protecting Yourself
Enable Enable Two-Factor Authentication.
Use Use a Password Manager such as LastPass.
Do not reuse Do not reuse Passwords for important sites.
44
![Page 45: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/45.jpg)
Password Managers
A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database.
Examples:• LastPass• 1Password• KeePass• Lenovo Fingerprint Manager• HP Protect Tools 45
![Page 46: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/46.jpg)
Excel as a Password Manager?
• Better than writing them down.
• Must set a strong master password.
• Be careful how you transfer it or store it.
• Backups are an issue.
46
![Page 47: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/47.jpg)
Password Haystacking
• Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search –ultimately trying every possible combination of letters, numbers, and then symbols until the combination you chose is discovered.
• Example: LinkedIn4-=-=-=• Which of the following two passwords is stronger,
more secure, and more difficult to crack?D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
47
![Page 48: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/48.jpg)
Passphrases
• Instead of a Password consider using a Passphrase.• Examples:
• MydogsnameisRex• Securityisnotthathard• Ilove2learn!
• Longer passwords are better passwords.• Use a Password Manager to create long, secure,
unique passwords so you do not need to remember every one.
48
![Page 49: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/49.jpg)
Ways to Stay Safe – Passwords
• Don’t reuse passwords.• Don’t type your password
into a public use machine.• If you do have to – change it
ASAP.
• Use a machine other than your kid’s gaming machine to check mail or log into Firm resources.
• Use a Password Manager.• Use Password Haystacking.
• Use Passphrases instead of Passwords.
• If you hear about a breach –change your password.
• Always be diligent about typing in passwords where people can see you type them in.
• Upgrade your operating system and keep it updated.
49
![Page 50: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/50.jpg)
Two-Factor Authentication / Biometrics
Two-Factor Authentication Means:Something You Know
(Password)+
Something You Have(RFID Badge, SMS Message, Time-Based One-Time password,
Hardware Key-U2F) OR
Something You Are(Fingerprint, Retinal Scan, Palm Scanner, Facial Recognition,
Voice Recognition)50
![Page 51: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/51.jpg)
Two-Factor Authentication / Biometrics
• Two-Factor Authentication aka 2FA or Multifactor Authentication
• Examples:• Pin Texted To Your Cell• Google Authenticator• RSA SecureID• Mobile App Authentication
• Biometrics• Fingerprint Scanner (Laptop,
iPhone, etc.)• Retinal Scanner• Hand Geometry• Facial Recognition
51
![Page 52: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/52.jpg)
Best Apps For Two Factor
Google AuthenticatorDuo MobileMicrosoft AuthenticatorFree OTP
52
![Page 53: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/53.jpg)
What about Security Questions?
Such as:• Mother’s maiden
name• City you were born in• Street you grew up on• Best friend’s name• Father’s middle name
Terrible – Answers available on Social Media
53
![Page 54: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/54.jpg)
Physical Loss of Paper!
• Shredding
• Printing and Faxing
• Copies Sitting Out
• Secure Print & eFax
• Electronic Device Memory (copiers)
Think Low-Tech:27% of Breach incidents were
related to paper!
54
![Page 55: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/55.jpg)
Where are you spending too much?
• Support Contracts – Cisco, Microsoft, Dell, HP• Data / Phone – Have you renegotiated in last 24 months?• Expertise – IT in General, Exchange • EHR – On Premise vs Cloud?• Data Centers – What is actually there?• Hosted Services – Journaling, Portals, etc.
55
![Page 56: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/56.jpg)
CENTRALIZEDANTIVIRUS ON EVERYWORKSTATION AND
SERVER WITHACTIVE IT
NOTIFICATION
PATCH MANAGEMENTFOR EVERY PC AND
SERVER BOTHMICROSOFT AND THIRD
PARTY
FIREWALLPROTECTION WITH ANUP-TO-DATE PRODUCT
GOOD PASSWORDHYGIENE
SOLID BACKUPSINCLUDING CLOUD OR
OFF-SITE STORAGEIT
Security Basics
![Page 57: Cybersecurity 101wphfma.org/wp-content/uploads/2016/04/250-PM-Stone.pdfPhishing – Reputational Loss. Good Afternoon All, This email comes as a warning regarding an email hack that](https://reader035.fdocuments.net/reader035/viewer/2022063006/5fb70b4ae628500f70093120/html5/thumbnails/57.jpg)
QUESTIONS?Scott Stone, MACSPartner – IT Servicesvoice: 724.658.1565 or 800.452.3003e-mail: [email protected]
Connect with ACT:
To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.To help protect your privacy, PowerPoint has blocked automatic download of this picture.