Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1
Series Goals Series Goals Inform and educate - how to protect your electronic valuables Improve knowledge about electronic security Provide practical information about what to change and how to do so Topic Summaries Securing Personal Data - Overview Email Security Practices & File Encryption Password Management & Public Wi-Fi Security previous webinar recording available today s webinar Wed, Jan 30, 10:00 am Note: You need to register separately for each webinar. If unsure if you ve registered, email itservices@pbsinet.com Page 2
Agenda Email Security Practices & File Encryption Fundamentals of email security How to spot dangerous emails File Encryption - at rest and During Transmission Demonstration of Office 365 email security Page 3
PBSI Technology Solutions IT Security Specialists Who is PBSI? Technology Services provider for hundreds of clients large and small Experienced 75% of staff have 10+ years experience w/pbsi Proactive IT security for businesses and individuals Not affiliated with Mariner Wealth Advisors Page 4
Why do we need protection? The Internet Today is a Dangerous Place Increasingly, PCs are being infected with malware that steals passwords and copies data New key logging & phishing attacks change constantly Bad guys are motivated and relentless Victims are NOT notified Keystroke-logging malware may be active on millions of PCs Email Addresses and Passwords Are For Sale 3.1 Billion emails are available for sale on the Darkweb 1.2 Billion of them include exposed, cracked passwords LinkedIn, Yahoo, Gmail, DocuSign, Adobe, Dropbox, Tumblr, MySpace and 30 others Recent hacks: Marriott, Dell breaches continue unabated MUST prepare in advance List of biggest breaches can be found at: https://haveibeenpwned.com Secure Dark Web Exposed Password Check. Page 5
Fundamentals of Email Security How to evaluate dangerous emails Safety principle # 1 - Unsolicited vs. Solicited Unsolicited means unrequested and unexpected even from a known source Even if you know the sender, is anything unusual about THIS email? Caution: Brief emails from known persons Why? Malware frequently delivered from familiar name, short to list & single link Safety Principle # 2 - Antenna up! Does anything seem amiss? STOP Do you need to click this now? Evaluate email address (hover), time of day, recipient list, brief content, out-of-character - why would this person send this content? Any misspellings? Grammar mistakes? Unusual phrasing? Unusual colors? Formatting? Font variations? Page 6
Fundamentals of Email Security How to evaluate dangerous emails Safety Principle # 3 - Don t get your news from email Beware current events/product releases (Tax time, disasters, holiday messages, celebrity news, Apple/Tesla product releases) Beware Social media Popular sites are rife with phishing scams Don t believe your friends are foolproof Does anything seem too good to be true? Does the content make you curious? (Ask yourself, who wants to make you curious?) Safety Principle # 4 Careful with Unsubscribe DON T: Use Unsubscribe unless you are CERTAIN the source is credible. Instead, choose Junk, then Block Sender Scammers use unsubscribe to 1) confirm your email address is real, and/or 2) initiate an attack Antenna up! Scammers are very intentional in creating elaborate ruses think twice and be very cautious Page 7
Other Email Caution Steps Other email caution steps Hover over links, check spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) Never respond if asked to click link for confirmation or reset, even if they know last 4 of CC#, last 4 of SS# If you think a request may be legit instead of clicking link, go to vendor site and login (no copy/paste) Always think twice if uncertain, forward the email to a trusted IT person/company - scanurl.net Beware common hacker spoofs Don t act without careful consideration Get ready! Tax season is coming - Login to confirm your IRS account now; Reset your IRS Pin#; Problem with your W-2 Apple (gmail, Microsoft) account needs renewal/reset; Resume attached - Word attachments = Ransomware Text alerts You receive text Google has detected unusual activity reset your password Don t! If you have ANY concern you ve made a mistake change your password Page 8
Incoming Fax - Example of Ransomware Page 9
Security Warning or Alert Emails Security alert login limit reached Spectre/Meltdown email Page 10
Shipping Confirmation Emails Page 11
Fake News Emails Current event Actual fake news This never happened! Page 12
Banking Emails Good email (Tells me to login, no link) Bad email (Link to website) Page 13
Emails from Trusted Sources Current event donation request Taking advantage of likely account Page 14
Emails requesting a click esignature request Free credit info or fix your credit Page 15
File Encryption - at rest and During Transmission What is file encryption and why is it important? Encryption is a term describing data that can t be read without a private key (password) Encrypted data is garbled so that if opened it can t be easily read or interpreted Encryption security varies based on technology used AND based on length of key (the password) Long or complex passwords are encouraged. Length is the enemy of hacker decryption software Encrypting sensitive files at rest Why? From whom are you protecting info? Future hackers If hacked, what could they learn & how would you know? Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI) Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information How to encrypt sensitive files during transmission (Email) 3 Choices Encrypt the email Requires purchase of an email encryption tool Encrypt attachment(s) - and provide the password to the recipient using different medium (text or voice) Use a secure file sharing portal like Mariner s ShareFile Page 18
Demonstration Email protection tools in Office 365 Protection Office 365 Advanced Threat Protection (ATP) Sandbox safe detonation of links and attachments Significant protection for inevitable mistakes $ 2 per month per user Encryption - Azure Information Protection for Office 365 (AIP) Includes Office 365 Message Encryption - ability to encrypt emails Provides Do not forward option Recipient sees option for 1-time passcode, or Login with your-carrier. Settings are remembered for future emails $ 2 per month per user How to Encrypt a file at rest Using Microsoft Office to encrypt a file Page 19
Summary of Today s Webinar - Email Security & Encryption Email Security Email safety principle # 1 - Unsolicited vs. Solicited Be VERY cautious with all unsolicited email. Email safety principle # 2 - Antenna up! Is there anything unusual about THIS email? (time of day, recipient list, out-of-context) Email safety principle # 3 - Don t get your news from email Go to a news source directly not through a link Email safety principle # 4 - Careful with Unsubscribe - Unsubscribe ONLY with known, credible email sources. Use Block sender Email caution steps Do NOT click on links without running through all the caution steps Hover over link, checking spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) Never respond if asked to click link for confirmation or reset, even if they know last 4 of CC#, last 4 of SS# If you think a request may be legit instead of clicking link, go to vendor site and login (no copy/paste) Always think twice if uncertain, forward the email to a trusted IT person/company Encryption Encrypt protected information at rest Never send protected info via email unless encrypted Consider PBSI Risk Intelligence scan to identify at risk data Consider Office 365 Advanced Threat Protection (ATP) and Azure Information Protection (AIP) Page 20
Overall Summary Essentials of Securing Personal Secure your Desktops, Laptops & Phones Information Antivirus & Malware protection auto updated without manual intervention, daily vulnerability scanning Desktop Patch Management - Security issues frequently related to un-updated software patches Vulnerability Scanning Every PC should employ a tool that does a vulnerability scan, every night. Understand alerts No unapproved downloads on PCs Malware comes from somewhere.. Downloads are a BIG culprit Encrypt sensitive information Important protection against a successful hacking event Backup on an automated schedule Don t let lack of knowledge or attention put you at risk. Use an encrypted backup as a ransom ware protection Know if your PCs are safe Online security monitoring inexpensive and very worthwhile Other Security Issues Internet of Things No default passwords check every device Phone calls never give secure information by phone Be an active learner - Encourage every staff and family member to learn secure behavior Training is inexpensive. Mistakes are not. Page 21
Webinar Summary Thank you for your attendance and thank you to our friends at Mariner Wealth Advisors Handouts for this webinar How to evaluate dangerous emails and How to encrypt Office and pdf files Request a free quote for ongoing services Online Security Monitoring - Antivirus, Patch Management, Vulnerability Scans Risk Intelligence Scanning find unencrypted data Concierge Security Services Your own security advisor for a low fixed fee per year Online Backup with Ransomware protection Mariner Wealth Advisors clients receive a 25% discount for individuals and 10% for institutions Contact Information Call or email questions, or free quotation (513) 772-2255 x1 itservices@pbsinet.com Speaker contact Ray Cool, CEO (513) 924-3915 rayc@pbsinet.com Cost for Mariner clients $ 4 - $ 7 /mo $ 2 - $ 3 /mo included Webinar Schedule Securing Personal Information Email Security Practices & File Encryption recording is available today s topic Password Management & Public Wi-Fi Security Wednesday, Jan 30 10:00 am (you can still register) Page 22