SLIDE 1
Personal CyberSecurity
Protecting Yourself from the Evils of the Internet
Steve McEvoy March 6th, 2020 Austin, TX
Personal CyberSecurity Protecting Yourself from the Evils of the - - PowerPoint PPT Presentation
Personal CyberSecurity Protecting Yourself from the Evils of the - - PowerPoint PPT Presentation
Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX The Internet has some scary s**t going on This is a self defense course Goals What is the #1 Security Risk to your
SLIDE 2
SLIDE 3
Goals
SLIDE 4
What is the #1 Security Risk to your Practice?
SLIDE 5
Holiday Ransomware Attacks
SLIDE 6
SLIDE 7
Title
SLIDE 8
SLIDE 9
The Dental Record
SLIDE 10
How did it Happen?
Dental Office
Backup Vault in Percsoft Office Your In Office File Server with your Data
SLIDE 11
How did it Happen?
Un- Dental Office Over 400 !!
Opened the Vault and Deleted Everyones Backups, Then Sent a Ransomware commend to each clients server Server was then encrypted and all your files locked up and held for Ransom
SLIDE 12
Discovered Monday Aug 26th
SLIDE 13
9 Days Later – Sept 3rd
SLIDE 14
17 Days Later – Sept 11th
SLIDE 15
Thanksgiving Weekend
SLIDE 16
Christmas Eve
SLIDE 17
- Have your own LOCAL backup strategy in
addition to a Cloud based backup
- Talk about this to your IT Person and ask
them if this can happen to them/you
- Care about this!
What Should You Do?
SLIDE 18
- Stop and Think Hard about their own
security measures
- Store your passwords in a secure
database
- Require any form of remote
access/control of your computers needs 2 factor authentication
- Train their staff on phishing scams and
good security Practices
What Should They Do?
SLIDE 19
What about your Phone?
SLIDE 20
Always Update Your Phone
SLIDE 21
How can you know if your username & password have been leaked into the wild?
SLIDE 22
- Security Expert from Microsoft
- Searched the Dark Web
- Compiled a list of ~8 Billion hacked
accounts
- Created “Have I been pwned?” website
– ‘Pwned’ is a slang term
- Securely check if your username and
passwords has been stolen
Troy Hunt
SLIDE 23
www.HaveIBeenPwned.com
SLIDE 24
Have I Been Pwned?
SLIDE 25
Is your Password Pwn’d?
(starwars)
SLIDE 26
Pre-check your new passwords
(MyReallyHardPassword)
SLIDE 27
- Get notified if your email(s) show up in
the future
Get Notified of pwnage
SLIDE 28
I was Notified of pwnage
SLIDE 29
How long will it take for a Hacker to break through my password?
SLIDE 30
www.howsecureismypassword.net
(starwars)
SLIDE 31
What makes a GOOD Password??
SLIDE 32
- Recently updated their recommended
digital identity standard (SP 800-63)
- Troy Hunt canvased NIST and others to
derive what the collective wisdom is thinking
SLIDE 33
- 12 or more characters
- We can use short dictionary words
- 3 or 4 random words
Length Matters
SLIDE 34
dog beer hat red tree bill head
SLIDE 35
Nothing Personal
spouse kids food movie birthday address date pets phone
SLIDE 36
dog beer hat red tree bill head
3 or 4 Short Random Words
doghatbeerhead
SLIDE 37
Make ‘em Memorable
- Think up something about the site
- i.e. Wells Fargo
– dumb wagon horses – ripping off clients – stashing my cash
SLIDE 38
- dumbwagonhorses
– 15 characters – 3 random words – dumbwagonhorses is better than Sj7$qq#56
But what is wrong with this?
SLIDE 39
- They ‘Evolve’
- Websites, banks, etc. will need to learn
and adopt these standards
- dumbwagonhorses wouldn’t meet their
current ‘complexity checker’
Standards Don’t Change Overnight
SLIDE 40
Starting TODAY! (2020 and on)
– Three or Four unassociated dictionary words – At LEAST 12 characters in length – Capitalize First Letters – Add a 2 digit year to the end (reminder)
Steve’s Recommendation (Simple Complexity)
DumbWagonHorses20
SLIDE 41
- DumbWagonHorses20
– 2 Trillion Years to Hack – Should meet the Banks requirements – Much easier to remember
Simple Complexity Works
SLIDE 42
Where to Save Passwords?
SLIDE 43
Bad Ideas
My Passwords Bank … Starbucks … Credit Cards ….
SLIDE 44
Password Manager App
SLIDE 45
- Available Everywhere we are:
– Phones (iOS and Android) – Computer (Windows, Mac, Web)
- Sync’d across all my devices
– Means linked to Cloud
Features for a Password Manager
SLIDE 46
- Secure!
– Especially if Cloud! – Encrypted – Smart Company – Reliable Company
- Free! ?
– Free is bad – Affordable is good.
Features for a Password Manager
SLIDE 47
SLIDE 48
- Personal
- Family
- Teams
1Password.com Versions
SLIDE 49
- “Vaults” hold your passwords
- You control who has access to a specific
vault
Vaults
SLIDE 50
- Three Keys to access
– Username – Password – Encryption Key
- 2 Factor Authentication
- Notifications of Access
1Password Security
SLIDE 51
- They cannot see your data - ever
– Encrypted blob on their servers
- Travel Mode
– Prevents border inspection access to your private data
1Password Security
SLIDE 52
- $3 per month
- 1 Vault
- Unlimited items
1Password Personal
SLIDE 53
- $5 per month for whole family
- Up to 5 Family Members included
– More Kids? $1 extra per month
- Private and Shared Vaults
1Password Family
SLIDE 54
Shared Vaults
Shared
Netflix Amazon Spotify WiFi Code Bike Lock Code
Private (only you can see contents)
SLIDE 55
- $4 per month per user
- Up to 5 Guest Accounts
– A guest can only access one vault
- Unlimited Vaults
1Password Teams
SLIDE 56
Using Teams
HR
Payroll Services Indeed Job Postings
Private Finance
QuickBooks Banks
Clinical
Invisalign Patient Reward Hub
Shared
WiFi Netflix PM Login Windows Login
SLIDE 57
Demo
SLIDE 58
- iPhones and iPads
- Android Phones and Tablets
- Windows PCs
- Mac’s
Apps for Everything
SLIDE 59
- Talk to your IT people about the possibility of
them being the weak link.
- Update your Phones when prompted
- Check if you’ve been Pwned
- Use new Simple Complexity Passwords
- Use a Password Manager
Take Aways…..
SLIDE 60
Thank You!
steve@mmeconsulting.com
Presentation online at