Personal CyberSecurity Protecting Yourself from the Evils of the - PowerPoint PPT Presentation

Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX

The Internet has some scary s**t going on This is a self defense course

Goals

What is the #1 Security Risk to your Practice?

Holiday Ransomware Attacks

Title

The Dental Record

How did it Happen? Backup Vault in Percsoft Office Dental Office Your In Office File Server with your Data

How did it Happen? Opened the Vault and Deleted Everyones Un- Backups, Then Sent a Ransomware commend to each clients server Over 400 !! Dental Office Server was then encrypted and all your files locked up and held for Ransom

Discovered Monday Aug 26th

9 Days Later – Sept 3rd

17 Days Later – Sept 11th

Thanksgiving Weekend

Christmas Eve

What Should You Do? • Have your own LOCAL backup strategy in addition to a Cloud based backup • Talk about this to your IT Person and ask them if this can happen to them/you • Care about this!

What Should They Do? • Stop and Think Hard about their own security measures • Store your passwords in a secure database • Require any form of remote access/control of your computers needs 2 factor authentication • Train their staff on phishing scams and good security Practices

What about your Phone?

Always Update Your Phone

How can you know if your username & password have been leaked into the wild?

Troy Hunt • Security Expert from Microsoft • Searched the Dark Web • Compiled a list of ~8 B illion hacked accounts • Created “Have I been pwned?” website – ‘Pwned’ is a slang term • Securely check if your username and passwords has been stolen

www.HaveIBeenPwned.com

Have I Been Pwned?

Is your Password Pwn’d? (starwars)

Pre-check your new passwords (MyReallyHardPassword)

Get Notified of pwnage • Get notified if your email(s) show up in the future

I was Notified of pwnage

How long will it take for a Hacker to break through my password?

www.howsecureismypassword.net (starwars)

What makes a GOOD Password??

• Recently updated their recommended digital identity standard (SP 800-63) • Troy Hunt canvased NIST and others to derive what the collective wisdom is thinking

Length Matters • 12 or more characters • We can use short dictionary words • 3 or 4 random words

dog bill red beer hat tree head

Nothing Personal address spouse movie food kids date birthday phone pets

3 or 4 Short Random Words bill dog red beer hat tree head doghatbeerhead

Make ‘em Memorable • Think up something about the site • i.e. Wells Fargo – dumb wagon horses – ripping off clients – stashing my cash

But what is wrong with this? • dumbwagonhorses – 15 characters – 3 random words – dumbwagonhorses is better than Sj7$qq#56

Standards Don’t Change Overnight • They ‘Evolve’ • Websites, banks, etc. will need to learn and adopt these standards • dumbwagonhorses wouldn’t meet their current ‘complexity checker’

Steve’s Recommendation (Simple Complexity) Starting TODAY! (2020 and on) – Three or Four unassociated dictionary words – At LEAST 12 characters in length – Capitalize First Letters – Add a 2 digit year to the end (reminder) DumbWagonHorses20

Simple Complexity Works • DumbWagonHorses20 – 2 Trillion Years to Hack – Should meet the Banks requirements – Much easier to remember

Where to Save Passwords?

Bad Ideas My Passwords Bank … Starbucks … Credit Cards ….

Password Manager App

Features for a Password Manager • Available Everywhere we are: – Phones (iOS and Android) – Computer (Windows, Mac, Web) • Sync’d across all my devices – Means linked to Cloud

Features for a Password Manager • Secure! – Especially if Cloud! – Encrypted – Smart Company – Reliable Company • Free! ? – Free is bad – Affordable is good.

1Password.com Versions • Personal • Family • Teams

Vaults • “Vaults” hold your passwords • You control who has access to a specific vault

1Password Security • Three Keys to access – Username – Password – Encryption Key • 2 Factor Authentication • Notifications of Access

1Password Security • They cannot see your data - ever – Encrypted blob on their servers • Travel Mode – Prevents border inspection access to your private data

1Password Personal • $3 per month • 1 Vault • Unlimited items

1Password Family • $5 per month for whole family • Up to 5 Family Members included – More Kids? $1 extra per month • Private and Shared Vaults

Shared Vaults Netflix Amazon Spotify WiFi Code Bike Lock Code Shared Private (only you can see contents)

1Password Teams • $4 per month per user • Up to 5 Guest Accounts – A guest can only access one vault • Unlimited Vaults

Using Teams PM Login Payroll Services Windows Indeed Job Postings Login HR Private QuickBooks Banks WiFi Finance Netflix Invisalign Patient Reward Hub Shared Clinical

Demo

Apps for Everything • iPhones and iPads • Android Phones and Tablets • Windows PCs • Mac’s

Take Aways….. • Talk to your IT people about the possibility of them being the weak link. • Update your Phones when prompted • Check if you’ve been Pwned • Use new Simple Complexity Passwords • Use a Password Manager

Thank You! Presentation online at www.mmeconsulting.com/Presentations steve@mmeconsulting.com