Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Personal CyberSecurityProtecting Yourself from the Evils of the Internet
Steve McEvoyMarch 6th, 2020
Austin, TX
The Internet has some scary s**t going on
This is a self defense course
Goals
What is the #1 Security Risk to your Practice?
Holiday Ransomware Attacks
Title
The Dental Record
How did it Happen?
Dental Office
Backup Vault in PercsoftOffice
Your In Office File Server with your Data
How did it Happen?Un-
Dental OfficeOver 400 !!
Opened the Vault and Deleted EveryonesBackups, Then Sent a Ransomware commend to each clients server
Server was then encrypted and all your files locked up and held for Ransom
Discovered Monday Aug 26th
9 Days Later – Sept 3rd
17 Days Later – Sept 11th
Thanksgiving Weekend
Christmas Eve
• Have your own LOCAL backup strategy in addition to a Cloud based backup
• Talk about this to your IT Person and ask them if this can happen to them/you
• Care about this!
What Should You Do?
• Stop and Think Hard about their own security measures
• Store your passwords in a secure database
• Require any form of remote access/control of your computers needs 2 factor authentication
• Train their staff on phishing scams and good security Practices
What Should They Do?
What about your Phone?
Always Update Your Phone
How can you knowif your username & password have been
leaked into the wild?
• Security Expert from Microsoft• Searched the Dark Web• Compiled a list of ~8 Billion hacked
accounts
• Created “Have I been pwned?” website– ‘Pwned’ is a slang term
• Securely check if your username and passwords has been stolen
Troy Hunt
www.HaveIBeenPwned.com
Have I Been Pwned?
Is your Password Pwn’d?
(starwars)
Pre-check your new passwords
(MyReallyHardPassword)
• Get notified if your email(s) show up in the future
Get Notified of pwnage
I was Notified of pwnage
How long will it take for a Hacker to
break through my password?
www.howsecureismypassword.net
(starwars)
What makes a GOOD Password??
• Recently updated their recommended digital identity standard (SP 800-63)
• Troy Hunt canvased NIST and others to derive what the collective wisdom is thinking
• 12 or more characters
• We can use short dictionary words
• 3 or 4 random words
Length Matters
dog
beerhat
red
tree
bill
head
Nothing Personal
spouse
kidsfood
movie
birthday
address
date
petsphone
dog
beerhat
red
tree
bill
head
3 or 4 Short Random Words
doghatbeerhead
Make ‘em Memorable• Think up something about the site• i.e. Wells Fargo
– dumb wagon horses– ripping off clients– stashing my cash
• dumbwagonhorses– 15 characters– 3 random words– dumbwagonhorses is better than Sj7$qq#56
But what is wrong with this?
• They ‘Evolve’
• Websites, banks, etc. will need to learn and adopt these standards
• dumbwagonhorses wouldn’t meet their current ‘complexity checker’
Standards Don’t Change Overnight
Starting TODAY! (2020 and on)– Three or Four unassociated dictionary words– At LEAST 12 characters in length– Capitalize First Letters– Add a 2 digit year to the end (reminder)
Steve’s Recommendation(Simple Complexity)
DumbWagonHorses20
• DumbWagonHorses20– 2 Trillion Years to Hack
– Should meet the Banks requirements– Much easier to remember
Simple Complexity Works
Where to Save Passwords?
Bad IdeasMy Passwords
Bank …Starbucks …Credit Cards ….
PasswordManager App
• Available Everywhere we are:– Phones (iOS and Android)– Computer (Windows, Mac, Web)
• Sync’d across all my devices– Means linked to Cloud
Features for a Password Manager
• Secure!– Especially if Cloud!– Encrypted– Smart Company– Reliable Company
• Free! ?– Free is bad– Affordable is good.
Features for a Password Manager
• Personal
• Family
• Teams
1Password.com Versions
• “Vaults” hold your passwords• You control who has access to a specific
vault
Vaults
• Three Keys to access– Username– Password– Encryption Key
• 2 Factor Authentication
• Notifications of Access
1Password Security
• They cannot see your data - ever– Encrypted blob on their servers
• Travel Mode– Prevents border inspection access to your
private data
1Password Security
• $3 per month
• 1 Vault
• Unlimited items
1Password Personal
• $5 per month for whole family
• Up to 5 Family Members included– More Kids? $1 extra per month
• Private and Shared Vaults
1Password Family
Shared Vaults
Shared
NetflixAmazonSpotifyWiFi CodeBike Lock Code
Private(only you can see contents)
• $4 per month per user
• Up to 5 Guest Accounts– A guest can only access one vault
• Unlimited Vaults
1Password Teams
Using Teams
HR
Payroll ServicesIndeed Job Postings
Private
Finance
QuickBooksBanks
Clinical
InvisalignPatient Reward HubShared
WiFiNetflix
PM LoginWindows Login
Demo
• iPhones and iPads
• Android Phones and Tablets
• Windows PCs
• Mac’s
Apps for Everything
• Talk to your IT people about the possibility of them being the weak link.
• Update your Phones when prompted
• Check if you’ve been Pwned• Use new Simple Complexity Passwords• Use a Password Manager
Take Aways…..