PERSONAL CYBERSECURITY - PROTECTING YOURSELF FROM THE EVILS OF THE INTERNET - STEVE MCEVOY MARCH 6TH, 2020 - MME CONSULTING
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Personal CyberSecurity
Protecting Yourself from the Evils of the Internet
Steve McEvoy
March 6th, 2020
Austin, TX
The Internet has some
scary s**t going on
This is a self defense
course
Goals
What is the #1 Security Risk to your Practice?
Holiday Ransomware Attacks
Title
The Dental Record
How did it Happen?
Backup
Vault in
Percsoft
Office
Dental Office
Your In
Office File
Server with
your DataHow did it Happen?
Opened the Vault and
Deleted Everyones Un-
Backups, Then Sent a
Ransomware commend to
each clients server
Over 400 !!
Dental Office
Server was then
encrypted and all
your files locked
up and held for
RansomDiscovered Monday Aug 26th
9 Days Later – Sept 3rd
17 Days Later – Sept 11th
Thanksgiving Weekend
Christmas Eve
What Should You Do? • Have your own LOCAL backup strategy in addition to a Cloud based backup • Talk about this to your IT Person and ask them if this can happen to them/you • Care about this!
What Should They Do? • Stop and Think Hard about their own security measures • Store your passwords in a secure database • Require any form of remote access/control of your computers needs 2 factor authentication • Train their staff on phishing scams and good security Practices
What about your Phone?
Always Update Your Phone
How can you know
if your username &
password have been
leaked into the
wild?Troy Hunt • Security Expert from Microsoft • Searched the Dark Web • Compiled a list of ~8 Billion hacked accounts • Created “Have I been pwned?” website – ‘Pwned’ is a slang term • Securely check if your username and passwords has been stolen
www.HaveIBeenPwned.com
Have I Been Pwned?
Is your Password Pwn’d? (starwars)
Pre-check your new passwords
(MyReallyHardPassword)Get Notified of pwnage • Get notified if your email(s) show up in the future
I was Notified of pwnage
How long will it take
for a Hacker to
break through my
password?www.howsecureismypassword.net
(starwars)What makes a GOOD Password??
• Recently updated their recommended digital identity standard (SP 800-63) • Troy Hunt canvased NIST and others to derive what the collective wisdom is thinking
Length Matters • 12 or more characters • We can use short dictionary words • 3 or 4 random words
dog bill
red
beer
hat
tree
headNothing Personal
address
spouse
movie
food
date kids
birthday
phone
pets3 or 4 Short Random Words
dog bill
red
beer
hat
tree
head
doghatbeerheadMake ‘em Memorable • Think up something about the site • i.e. Wells Fargo – dumb wagon horses – ripping off clients – stashing my cash
But what is wrong with this? • dumbwagonhorses – 15 characters – 3 random words – dumbwagonhorses is better than Sj7$qq#56
Standards Don’t Change Overnight • They ‘Evolve’ • Websites, banks, etc. will need to learn and adopt these standards • dumbwagonhorses wouldn’t meet their current ‘complexity checker’
Steve’s Recommendation
(Simple Complexity)
Starting TODAY! (2020 and on)
– Three or Four unassociated dictionary words
– At LEAST 12 characters in length
– Capitalize First Letters
– Add a 2 digit year to the end (reminder)
DumbWagonHorses20Simple Complexity Works • DumbWagonHorses20 – 2 Trillion Years to Hack – Should meet the Banks requirements – Much easier to remember
Where to Save Passwords?
Bad Ideas My Passwords Bank … Starbucks … Credit Cards ….
Password Manager App
Features for a Password Manager • Available Everywhere we are: – Phones (iOS and Android) – Computer (Windows, Mac, Web) • Sync’d across all my devices – Means linked to Cloud
Features for a Password Manager • Secure! – Especially if Cloud! – Encrypted – Smart Company – Reliable Company • Free! ? – Free is bad – Affordable is good.
1Password.com Versions • Personal • Family • Teams
Vaults • “Vaults” hold your passwords • You control who has access to a specific vault
1Password Security • Three Keys to access – Username – Password – Encryption Key • 2 Factor Authentication • Notifications of Access
1Password Security
• They cannot see your data - ever
– Encrypted blob on their servers
• Travel Mode
– Prevents border inspection access to your
private data1Password Personal • $3 per month • 1 Vault • Unlimited items
1Password Family • $5 per month for whole family • Up to 5 Family Members included – More Kids? $1 extra per month • Private and Shared Vaults
Shared Vaults
Netflix
Amazon
Spotify
WiFi Code
Bike Lock Code
Private Shared
(only you can
see contents)1Password Teams • $4 per month per user • Up to 5 Guest Accounts – A guest can only access one vault • Unlimited Vaults
Using Teams
PM Login Payroll Services
Windows Indeed Job Postings
Login HR
Private
QuickBooks
Banks
WiFi
Finance
Netflix
Invisalign
Shared
Patient Reward Hub
ClinicalDemo
Apps for Everything • iPhones and iPads • Android Phones and Tablets • Windows PCs • Mac’s
Take Aways….. • Talk to your IT people about the possibility of them being the weak link. • Update your Phones when prompted • Check if you’ve been Pwned • Use new Simple Complexity Passwords • Use a Password Manager
Thank You!
Presentation online at
www.mmeconsulting.com/Presentations
steve@mmeconsulting.comYou can also read
