Security Practices & File Encryption

Transcription

1 Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1

2 Series Goals Series Goals Inform and educate - how to protect your electronic valuables Improve knowledge about electronic security Provide practical information about what to change and how to do so Topic Summaries Securing Personal Data - Overview Security Practices & File Encryption Password Management & Public Wi-Fi Security previous webinar recording available today s webinar Wed, Jan 30, 10:00 am Note: You need to register separately for each webinar. If unsure if you ve registered, itservices@pbsinet.com Page 2

3 Agenda Security Practices & File Encryption Fundamentals of security How to spot dangerous s File Encryption - at rest and During Transmission Demonstration of Office 365 security Page 3

4 PBSI Technology Solutions IT Security Specialists Who is PBSI? Technology Services provider for hundreds of clients large and small Experienced 75% of staff have 10+ years experience w/pbsi Proactive IT security for businesses and individuals Not affiliated with Mariner Wealth Advisors Page 4

5 Why do we need protection? The Internet Today is a Dangerous Place Increasingly, PCs are being infected with malware that steals passwords and copies data New key logging & phishing attacks change constantly Bad guys are motivated and relentless Victims are NOT notified Keystroke-logging malware may be active on millions of PCs Addresses and Passwords Are For Sale 3.1 Billion s are available for sale on the Darkweb 1.2 Billion of them include exposed, cracked passwords LinkedIn, Yahoo, Gmail, DocuSign, Adobe, Dropbox, Tumblr, MySpace and 30 others Recent hacks: Marriott, Dell breaches continue unabated MUST prepare in advance List of biggest breaches can be found at: Secure Dark Web Exposed Password Check. Page 5

6 Fundamentals of Security How to evaluate dangerous s Safety principle # 1 - Unsolicited vs. Solicited Unsolicited means unrequested and unexpected even from a known source Even if you know the sender, is anything unusual about THIS ? Caution: Brief s from known persons Why? Malware frequently delivered from familiar name, short to list & single link Safety Principle # 2 - Antenna up! Does anything seem amiss? STOP Do you need to click this now? Evaluate address (hover), time of day, recipient list, brief content, out-of-character - why would this person send this content? Any misspellings? Grammar mistakes? Unusual phrasing? Unusual colors? Formatting? Font variations? Page 6

7 Fundamentals of Security How to evaluate dangerous s Safety Principle # 3 - Don t get your news from Beware current events/product releases (Tax time, disasters, holiday messages, celebrity news, Apple/Tesla product releases) Beware Social media Popular sites are rife with phishing scams Don t believe your friends are foolproof Does anything seem too good to be true? Does the content make you curious? (Ask yourself, who wants to make you curious?) Safety Principle # 4 Careful with Unsubscribe DON T: Use Unsubscribe unless you are CERTAIN the source is credible. Instead, choose Junk, then Block Sender Scammers use unsubscribe to 1) confirm your address is real, and/or 2) initiate an attack Antenna up! Scammers are very intentional in creating elaborate ruses think twice and be very cautious Page 7

8 Other Caution Steps Other caution steps Hover over links, check spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) Never respond if asked to click link for confirmation or reset, even if they know last 4 of CC#, last 4 of SS# If you think a request may be legit instead of clicking link, go to vendor site and login (no copy/paste) Always think twice if uncertain, forward the to a trusted IT person/company - scanurl.net Beware common hacker spoofs Don t act without careful consideration Get ready! Tax season is coming - Login to confirm your IRS account now; Reset your IRS Pin#; Problem with your W-2 Apple (gmail, Microsoft) account needs renewal/reset; Resume attached - Word attachments = Ransomware Text alerts You receive text Google has detected unusual activity reset your password Don t! If you have ANY concern you ve made a mistake change your password Page 8

9 Incoming Fax - Example of Ransomware Page 9

10 Security Warning or Alert s Security alert login limit reached Spectre/Meltdown Page 10

11 Shipping Confirmation s Page 11

12 Fake News s Current event Actual fake news This never happened! Page 12

13 Banking s Good (Tells me to login, no link) Bad (Link to website) Page 13

14 s from Trusted Sources Current event donation request Taking advantage of likely account Page 14

15 s requesting a click esignature request Free credit info or fix your credit Page 15

16 File Encryption - at rest and During Transmission What is file encryption and why is it important? Encryption is a term describing data that can t be read without a private key (password) Encrypted data is garbled so that if opened it can t be easily read or interpreted Encryption security varies based on technology used AND based on length of key (the password) Long or complex passwords are encouraged. Length is the enemy of hacker decryption software Encrypting sensitive files at rest Why? From whom are you protecting info? Future hackers If hacked, what could they learn & how would you know? Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI) Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information How to encrypt sensitive files during transmission ( ) 3 Choices Encrypt the Requires purchase of an encryption tool Encrypt attachment(s) - and provide the password to the recipient using different medium (text or voice) Use a secure file sharing portal like Mariner s ShareFile Page 18

17 Demonstration protection tools in Office 365 Protection Office 365 Advanced Threat Protection (ATP) Sandbox safe detonation of links and attachments Significant protection for inevitable mistakes $ 2 per month per user Encryption - Azure Information Protection for Office 365 (AIP) Includes Office 365 Message Encryption - ability to encrypt s Provides Do not forward option Recipient sees option for 1-time passcode, or Login with your-carrier. Settings are remembered for future s $ 2 per month per user How to Encrypt a file at rest Using Microsoft Office to encrypt a file Page 19

18 Summary of Today s Webinar - Security & Encryption Security safety principle # 1 - Unsolicited vs. Solicited Be VERY cautious with all unsolicited . safety principle # 2 - Antenna up! Is there anything unusual about THIS ? (time of day, recipient list, out-of-context) safety principle # 3 - Don t get your news from Go to a news source directly not through a link safety principle # 4 - Careful with Unsubscribe - Unsubscribe ONLY with known, credible sources. Use Block sender caution steps Do NOT click on links without running through all the caution steps Hover over link, checking spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) Never respond if asked to click link for confirmation or reset, even if they know last 4 of CC#, last 4 of SS# If you think a request may be legit instead of clicking link, go to vendor site and login (no copy/paste) Always think twice if uncertain, forward the to a trusted IT person/company Encryption Encrypt protected information at rest Never send protected info via unless encrypted Consider PBSI Risk Intelligence scan to identify at risk data Consider Office 365 Advanced Threat Protection (ATP) and Azure Information Protection (AIP) Page 20

19 Overall Summary Essentials of Securing Personal Secure your Desktops, Laptops & Phones Information Antivirus & Malware protection auto updated without manual intervention, daily vulnerability scanning Desktop Patch Management - Security issues frequently related to un-updated software patches Vulnerability Scanning Every PC should employ a tool that does a vulnerability scan, every night. Understand alerts No unapproved downloads on PCs Malware comes from somewhere.. Downloads are a BIG culprit Encrypt sensitive information Important protection against a successful hacking event Backup on an automated schedule Don t let lack of knowledge or attention put you at risk. Use an encrypted backup as a ransom ware protection Know if your PCs are safe Online security monitoring inexpensive and very worthwhile Other Security Issues Internet of Things No default passwords check every device Phone calls never give secure information by phone Be an active learner - Encourage every staff and family member to learn secure behavior Training is inexpensive. Mistakes are not. Page 21

20 Webinar Summary Thank you for your attendance and thank you to our friends at Mariner Wealth Advisors Handouts for this webinar How to evaluate dangerous s and How to encrypt Office and pdf files Request a free quote for ongoing services Online Security Monitoring - Antivirus, Patch Management, Vulnerability Scans Risk Intelligence Scanning find unencrypted data Concierge Security Services Your own security advisor for a low fixed fee per year Online Backup with Ransomware protection Mariner Wealth Advisors clients receive a 25% discount for individuals and 10% for institutions Contact Information Call or questions, or free quotation (513) x1 itservices@pbsinet.com Speaker contact Ray Cool, CEO (513) rayc@pbsinet.com Cost for Mariner clients $ 4 - $ 7 /mo $ 2 - $ 3 /mo included Webinar Schedule Securing Personal Information Security Practices & File Encryption recording is available today s topic Password Management & Public Wi-Fi Security Wednesday, Jan 30 10:00 am (you can still register) Page 22