protom cyber hygiene
TRANSCRIPT
Cyber Security Hygiene
LP3 and Protecting Tomorrow are driven to provide educational insights to empower individuals to prepare and respond to cyber attackers
Hackers are getting more
Sophisticated… and more
Effective!“Stay secure my
friends!”
• Cyber Security is a individual problem, not a technical problem – you have to solve it as one
• Hackers run successful international enterprises, leveraging an agile and adaptable business model
• They benefit from your lack of attention to cyber security and poor investment in protecting your data – the statistics say it’s working for them – and not for us
• They train to hack you for a living – that’s all they do and they’re very good at it
• You train in running your lifestyle and not in protecting it – they win
Agenda• Do I need to worry about cyber security?
• The Conscientious Employee
• Safe Computing at Home
• Access On The Go
Map of the InternetNo borders
Who’s laws apply?
Where is that web server?
Where did that email come from?
Cyber Criminals – No Rules!• Steady increase in cyber crime – collection/exploitation/theft• Many nations refuse to investigate and prosecute • Hackers and governments can access your unprotected data • Damage from cyber crime rising dramatically• Ransom-ware increased by 300% in 2015 – because it works!
HITECH (Health Information Technology for Economic and Clinical Health Act)Purpose Makes massive changes
to privacy and security laws
Breach Notification requirements (Patient, Department of Health and Human Services, and Media)
Applies to covered health care entities and business associates.
Creates a nationwide electronic health record
Increases penalties for privacy and security violations
Criminal PenaltiesCriminal provisions
• Executives: up to 10 years in prison
• Fines started at $100 and could reach up to $25,000 for all identical violations of the same provision
HITECH - Harsher Financial Penalties
• Tiers established for civil penalties• Maximum penalty of $1.5 Million • The higher the level of
culpability, the higher the penalty
Healthcare information is
extremely valuable!
ABA Formal Op 08-451• Model Rule 5.3: “A lawyer who associates with a non-
lawyer must make reasonable efforts to ensure the third party’s conduct is compatible with lawyer’s professional obligations”
• Model Rule 1.6: “…prevent…unauthorized disclosure…”
“When you upload…you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works…communicate, publish, publically perform, publically display, and distribute…”
HACKERS use “Brute-Force”
Password Crackers
Passwords – Why?• Bad passwords easily
guessed by a computer program
•Dictionary•Names•Addresses
• Good passwords have special characters and numbers
•~#^&*•489•Make NO sense
• Cracked 2700 “bad” passwords in 30 seconds
• Crack Program ran for 48 hours more and did not crack the 250 remaining “good” passwords
Good and Bad PasswordsBAD:Password1LincolnTr@fficJ@m
OK: 1n33dmyAlbut3r0!
BEST:•6g3gCH&#NduU]W5nS•gtMZJYt%HCtQ|5PH•4sH*^qjwkzLW!Kzsc$ Reduce your risk:
Use two-factor authentication
Use a Password Manager:Last Pass 3.0Dashlane 3Intuitive Password 2.9
How do hackers get in?• “click here” emails
Personal Associate Connections Social Engineering: “Urgent Game Change! Please see Tommy's new soccer schedule!! Download the .pdf!”
• From: Tanja R. Brown <[email protected]>• To: Cecelia• Subject: PTO Recalculation and Adjustment
• Cecelia,• The team just finished a financial audit and discovered that we improperly calculated your PTO
balance from the beginning of this fiscal year. Our third party auditors suggested that we redistribute the 5.5 days additional PTO due to you within this accounting period to avoid financial penalties.
• Please click here to confirm receipt to accept the PTO change automatically. • The updated balance will appear in your next pay period statement. If you have any questions
please email or call HR and we will be glad to answer them.
• Tanja
• Tanja R. Brown• Operations Manager• Wealth Strategies Group• 2099 Gaither Road, Suite 110, Rockville, MD 20850• (301) 990-4395 Fax: (301) 990-8746• Web site: www.wsgmd.com• Securities and advisory services offered through NATIONAL PLANNING
CORPORATION (NPC), member FINRA/SIPC and a Registered Investment Adviser. Wealth Strategies Group and NPC are separate and unrelated companies.
Would you click here?
Web Surfing at Work•What can go wrong?
Link from Facebook or Twitter “READ THIS!”
Link to HACKER site
Malicious Software
Private Information
Phishing is a Real Threat
JP Morgan Chase hacker got customer emails – “76 million households” and “7 million small businesses”
Chase Instructions to Clients the week after:1. Change online and mobile app passwords 2. Watch accounts like a hawk…use text alerts.3. If you notice unusual activity, contact bank immediately and
request new debit or credit card.4. You’re likely to get email supposedly coming from Chase. If
you get any email that asks you to click a link or download a file, it's a scam just delete it.
Spear Phishing• Fake emails seeking to get credentials
• Financial assets: 76% of targets
• Targeted by individual name
• Just at Work????
Red Flag Words: account locked, suspended, verification required, suspicious transaction, protect your computer, funds due to you
Source: Symantec study 2007
Countermeasure: • Don’t click on emailed links
and attachments • ONE careless person can
compromise the whole family
• Keep a careful eye on the email address, look for swapped letters
• Pay attention to misspellings in the email body – could be an indicator
• Don’t remove visible extensions in settings
• Pass – code or 2 factor verification before clicking or sending a link
Thumb Drives – The Truth• Key family risks • Can carry large volume of private info very easily • Carry in malicious code bypassing firewalls, content
filtering, anti-virus scanning• Encrypted USB – still have same security issues• Best to not use them• Teach your kids!
Home Networks - Neighbors
• Service Set Identification (SSID) • Encryption
Q7BS8linksysciscoHP-PrintLP292Valarie’s Guest Network<none>
Bad Neighbors
Home WPA2And MAC address filteringCheck to see who is connected
Bad 1•Connects to your wireless network•Consumes your bandwidth
Bad 2•Connects to your wireless network•Watches your network traffic •Sniffs passwords when possible
Safe Computing at Home
• User vs Admin accounts• Online shopping• IoT devices• Smart TV’s• Gaming Consoles • Proxies• VPN• Default Configurations
Only 63% of polled Americans maintain updated Anti-Virus and Firewall settings at homeannual Travelers Consumer Risk Index
Safe Computing at Home
• Child Safety Online “Who are you talking to?”
Net NannyWebWatcherMcAfee Safe Eyes
Countermeasure: • Supervision• Filtering Software• Managed user accounts• GET THEM INVOLVED
Social Media Postings• Are you letting people know when you’re away?• Once posted, always posted• Your online reputation can be a good thing• Future employers will likely check your profiles• Cyber Bullies are real• See more at:
http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/social-networks#sthash.Vqz2nUSd.dpuf
Countermeasure: • Use an online profile vs a real
life profile• Take time to configure –
avoid defaults• Check “Location”
permissions• Keep personal information
personal• Be aware of PII surveys and
posts• Know what action to take if
you see abuse• Know who your friends are
and manage your friends list• Be honest if you’re
uncomfortable
Online Concerns • It's not the next hurricane, a distracted
driver, or food poisoning that Americans are most worried about these days: cyber threats are now only second to financial concerns and risks as the biggest worries to US consumers.
• 1 in 4 US consumers have been a victim of a data breach or cyberattack
• Cyber security risk concerns were ranked at number five in last year's index
• Consumers biggest cyber-worry: that their bank account gets hacked, with 62% polled saying so
Countermeasure: • Use a pre-paid cc for online
purchases• Check for https• PayPal??• Careful consideration during
high traffic shopping days
Computing On the GoWhat can go wrong?
“Starbucks”“Free-airport-wifi”
Rogue Hotspot Hacker intercepts your data
Recent FBI / InfraGard briefingprovided strong insights into “Free Wifi” spots in San Diego County!
Safer Computing on the GoCountermeasure: • Use cell phone network for
sensitive data• 3g, 4g, LTE• Make sure to turn BT and
WiFi off when not needed!
Bad now – what still to come?• Get your stuff together now because there is more to come• The Internet of Things is going to explode – it’s already
started and devices are coming into the market place with no security and many products are not securable by architecture – who is wearing a smart watch?
• New cyber security solutions pop up every day – • How do you know they’re good or not good? – it can be expensive
to find out• New cyber security companies pop up every day – cyber
security is a booming business and everyone is jumping in – • How do you know who these companies are and if they’re good or
not? It can be very expensive and painful to find out• What do you know about the personal integrity of their staff and
should you trust them to handle your most valuable data and company treasures? For example, each of our security engineers has a background check by the FBI
Thank you!Questions?
www.ProtectingTomorrow.org
“Striking the critical balance between protection and performance”