Welcome Clients of Mariner Wealth Advisors Cybersecurity Education - - PowerPoint PPT Presentation

welcome
SMART_READER_LITE
LIVE PREVIEW

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education - - PowerPoint PPT Presentation

Feb 23, 2023 344 likes •551 views

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1 Series Goals

slide-1
SLIDE 1

Page 1

Clients of Mariner Wealth Advisors Cybersecurity Education Series

Email Security Practices & File Encryption

Content provided by

Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00

Welcome

slide-2
SLIDE 2

Page 2

Series Goals

  • Inform and educate - how to protect your electronic valuables
  • Improve knowledge about electronic security
  • Provide practical information about what to change and how to do so

Topic Summaries

  • Securing Personal Data - Overview

previous webinar – recording available

  • Email Security Practices & File Encryption

today’s webinar

  • Password Management & Public Wi-Fi Security

Wed, Jan 30, 10:00 am

Note: You need to register separately for each webinar. If unsure if you’ve registered, email itservices@pbsinet.com

Series Goals

slide-3
SLIDE 3

Page 3

Email Security Practices & File Encryption

Fundamentals of email security How to spot “dangerous” emails File Encryption - “at rest” and During Transmission Demonstration of Office 365 email security

Agenda

slide-4
SLIDE 4

Page 4

PBSI Technology Solutions

IT Security Specialists

Who is PBSI?

Technology Services provider for hundreds of clients large and small Experienced – 75% of staff have 10+ years experience w/PBSI Proactive IT security for businesses and individuals

Not affiliated with Mariner Wealth Advisors

slide-5
SLIDE 5

Page 5

Why do we need protection?

The Internet Today is a Dangerous Place

  • Increasingly, PCs are being infected with malware that steals passwords and copies data
  • New key logging & phishing attacks change constantly – Bad guys are motivated and relentless
  • Victims are NOT notified – Keystroke-logging malware may be active on millions of PCs

Email Addresses and Passwords Are For Sale

  • 3.1 Billion emails are available for sale on the Darkweb
  • 1.2 Billion of them include exposed, cracked passwords
  • LinkedIn, Yahoo, Gmail, DocuSign, Adobe, Dropbox, Tumblr, MySpace and 30 others
  • Recent hacks: Marriott, Dell – breaches continue unabated – MUST prepare in advance
  • List of biggest breaches can be found at: https://haveibeenpwned.com

Secure Dark Web Exposed Password Check.

slide-6
SLIDE 6

Page 6

Fundamentals of Email Security

How to evaluate “dangerous” emails

Safety principle # 1 - Unsolicited vs. Solicited

  • Unsolicited means unrequested and unexpected – even from a known source
  • Even if you know the sender, is anything unusual about THIS email?
  • Caution: Brief emails from “known” persons – Why? Malware frequently delivered from familiar name, short “to” list & single link

Safety Principle # 2 - Antenna up!

  • Does anything seem amiss? STOP – Do you need to click this now?
  • Evaluate email address (hover), time of day, recipient list, brief content, out-of-character - why would this person send this content?
  • Any misspellings? Grammar mistakes? Unusual phrasing? Unusual colors? Formatting? Font variations?
slide-7
SLIDE 7

Page 7

Fundamentals of Email Security

How to evaluate “dangerous” emails

Safety Principle # 3 - Don’t get your news from email

  • Beware current events/product releases (Tax time, disasters, holiday messages, celebrity news, Apple/Tesla product releases)
  • Beware Social media – Popular sites are rife with phishing scams – Don’t believe your friends are foolproof
  • Does anything seem “too good to be true?” Does the content make you curious? (Ask yourself, who wants to make you curious?)

Safety Principle # 4 – Careful with Unsubscribe

  • DON’T: Use “Unsubscribe” unless you are CERTAIN the source is credible. Instead, choose “Junk”, then “Block Sender”
  • Scammers use “unsubscribe” to 1) confirm your email address is real, and/or 2) initiate an attack
  • Antenna up! Scammers are very intentional in creating elaborate ruses – think twice and be very cautious
slide-8
SLIDE 8

Page 8

Other Email Caution Steps

Other email caution steps

  • Hover over links, check spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com)
  • Never respond if asked to click link for “confirmation” or “reset”, even if they know last 4 of CC#, last 4 of SS#
  • If you think a request may be legit – instead of clicking link, go to vendor site and login (no copy/paste)
  • Always think twice – if uncertain, forward the email to a trusted IT person/company - scanURL.net

Beware common hacker spoofs

  • Get ready! Tax season is coming - Login to confirm your IRS account now; Reset your IRS Pin#; Problem with your W-2
  • Apple (gmail, Microsoft) account needs renewal/reset; Resume attached - Word attachments = Ransomware
  • Text alerts – You receive text “Google has detected unusual activity” – reset your password – Don’t!
  • If you have ANY concern you’ve made a mistake – change your password

Don’t act without careful consideration

slide-9
SLIDE 9

Page 9

Incoming Fax - Example of Ransomware

slide-10
SLIDE 10

Page 10

Security alert – login limit reached Spectre/Meltdown email

Security “Warning” or “Alert” Emails

slide-11
SLIDE 11

Page 11

Shipping Confirmation Emails

slide-12
SLIDE 12

Page 12

Fake News Emails

Current event – Actual “fake” news This never happened!

slide-13
SLIDE 13

Page 13

“Good” email (Tells me to login, no link) “Bad” email (Link to website)

Banking Emails

slide-14
SLIDE 14

Page 14

Current event donation request Taking advantage of “likely” account

Emails from “Trusted” Sources

slide-15
SLIDE 15

Page 15

eSignature request Free credit info – or “fix” your credit

Emails requesting a click

slide-16
SLIDE 16

Page 18

File Encryption - “at rest” and During Transmission

What is file encryption and why is it important?

  • Encryption is a term describing data that can’t be read without a private “key” (password)
  • Encrypted data is garbled so that if opened it can’t be easily read or interpreted
  • Encryption security varies based on technology used AND based on length of “key” (the password)
  • Long or complex passwords are encouraged. Length is the enemy of hacker decryption software

Encrypting sensitive files “at rest”

  • Why? From whom are you protecting info? Future hackers – If hacked, what could they learn & how would you know?
  • Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI)
  • Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information

How to encrypt sensitive files during transmission (Email) – 3 Choices

  • Encrypt the email – Requires purchase of an email encryption tool
  • Encrypt attachment(s) - and provide the password to the recipient – using different medium (text or voice)
  • Use a secure file sharing portal – like Mariner’s ShareFile
slide-17
SLIDE 17

Page 19

Demonstration

Protection – Office 365 Advanced Threat Protection (ATP)

  • Sandbox safe detonation of links and attachments
  • Significant protection for inevitable mistakes
  • $ 2 per month per user

Encryption - Azure Information Protection for Office 365 (AIP)

  • Includes Office 365 Message Encryption - ability to encrypt emails
  • Provides “Do not forward” option
  • Recipient sees option for 1-time passcode, or “Login with “your-carrier”. Settings are remembered for future emails
  • $ 2 per month per user

How to Encrypt a file “at rest”

  • Using Microsoft Office to encrypt a file

Email protection tools in Office 365

slide-18
SLIDE 18

Page 20

Summary of Today’s Webinar - Email Security & Encryption

Email Security

  • Email safety principle # 1 - Unsolicited vs. Solicited – Be VERY cautious with all unsolicited email.
  • Email safety principle # 2 - Antenna up! Is there anything unusual about THIS email? (time of day, recipient list, out-of-context)
  • Email safety principle # 3 - Don’t get your news from email – Go to a news source directly – not through a link
  • Email safety principle # 4 - Careful with Unsubscribe - Unsubscribe ONLY with known, credible email sources. Use Block sender

Email caution steps

  • Do NOT click on links without running through all the “caution” steps
  • Hover over link, checking spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com)
  • Never respond if asked to click link for “confirmation” or “reset”, even if they know last 4 of CC#, last 4 of SS#
  • If you think a request may be legit – instead of clicking link, go to vendor site and login (no copy/paste)
  • Always think twice – if uncertain, forward the email to a trusted IT person/company

Encryption

  • Encrypt protected information at rest
  • Never send protected info via email unless encrypted
  • Consider PBSI Risk Intelligence scan to identify “at risk” data
  • Consider Office 365 Advanced Threat Protection (ATP) and Azure Information Protection (AIP)
slide-19
SLIDE 19

Page 21

Overall Summary – Essentials of Securing Personal Information

Secure your Desktops, Laptops & Phones

  • Antivirus & Malware protection – auto updated without manual intervention, daily vulnerability scanning
  • Desktop Patch Management - Security issues frequently related to un-updated software patches
  • Vulnerability Scanning – Every PC should employ a tool that does a vulnerability scan, every night. Understand alerts
  • No unapproved downloads on PCs – Malware comes from somewhere….. Downloads are a BIG culprit

Encrypt sensitive information

  • Important protection against a successful hacking event

Backup on an automated schedule

  • Don’t let lack of knowledge or attention put you at risk. Use an encrypted backup as a ransom ware protection

Know if your PCs are safe

  • Online security monitoring – inexpensive and very worthwhile

Other Security Issues

  • Internet of Things – No default passwords – check every device
  • Phone calls – never give secure information by phone

Be an active learner - Encourage every staff and family member to learn secure behavior

  • Training is inexpensive. Mistakes are not.
slide-20
SLIDE 20

Page 22

Webinar Summary

Thank you for your attendance – and thank you to our friends at Mariner Wealth Advisors

Handouts for this webinar 

“How to evaluate ‘dangerous’ emails” and “How to encrypt Office and pdf files”

Request a free quote for ongoing services

Cost for Mariner clients Online Security Monitoring - Antivirus, Patch Management, Vulnerability Scans $ 4 - $ 7 /mo Risk Intelligence Scanning – find unencrypted data $ 2 - $ 3 /mo Concierge Security Services – Your own security advisor for a low fixed fee per year included Online Backup with Ransomware protection

Mariner Wealth Advisors clients receive a 25% discount for individuals and 10% for institutions

Contact Information

Call or email questions, or free quotation (513) 772-2255 x1 itservices@pbsinet.com Speaker contact Ray Cool, CEO (513) 924-3915 rayc@pbsinet.com

Webinar Schedule

Securing Personal Information recording is available Email Security Practices & File Encryption today’s topic

Password Management & Public Wi-Fi Security

Wednesday, Jan 30 10:00 am (you can still register)