Personal CyberSecurity Protecting Yourself from the Evils of the Internet Steve McEvoy March 6 th , 2020 Austin, TX
The Internet has some scary s**t going on This is a self defense course
Goals
What is the #1 Security Risk to your Practice?
Holiday Ransomware Attacks
Title
The Dental Record
How did it Happen? Backup Vault in Percsoft Office Dental Office Your In Office File Server with your Data
How did it Happen? Opened the Vault and Deleted Everyones Un- Backups, Then Sent a Ransomware commend to each clients server Over 400 !! Dental Office Server was then encrypted and all your files locked up and held for Ransom
Discovered Monday Aug 26th
9 Days Later – Sept 3rd
17 Days Later – Sept 11th
Thanksgiving Weekend
Christmas Eve
What Should You Do? • Have your own LOCAL backup strategy in addition to a Cloud based backup • Talk about this to your IT Person and ask them if this can happen to them/you • Care about this!
What Should They Do? • Stop and Think Hard about their own security measures • Store your passwords in a secure database • Require any form of remote access/control of your computers needs 2 factor authentication • Train their staff on phishing scams and good security Practices
What about your Phone?
Always Update Your Phone
How can you know if your username & password have been leaked into the wild?
Troy Hunt • Security Expert from Microsoft • Searched the Dark Web • Compiled a list of ~8 B illion hacked accounts • Created “Have I been pwned?” website – ‘Pwned’ is a slang term • Securely check if your username and passwords has been stolen
www.HaveIBeenPwned.com
Have I Been Pwned?
Is your Password Pwn’d? (starwars)
Pre-check your new passwords (MyReallyHardPassword)
Get Notified of pwnage • Get notified if your email(s) show up in the future
I was Notified of pwnage
How long will it take for a Hacker to break through my password?
www.howsecureismypassword.net (starwars)
What makes a GOOD Password??
• Recently updated their recommended digital identity standard (SP 800-63) • Troy Hunt canvased NIST and others to derive what the collective wisdom is thinking
Length Matters • 12 or more characters • We can use short dictionary words • 3 or 4 random words
dog bill red beer hat tree head
Nothing Personal address spouse movie food kids date birthday phone pets
3 or 4 Short Random Words bill dog red beer hat tree head doghatbeerhead
Make ‘em Memorable • Think up something about the site • i.e. Wells Fargo – dumb wagon horses – ripping off clients – stashing my cash
But what is wrong with this? • dumbwagonhorses – 15 characters – 3 random words – dumbwagonhorses is better than Sj7$qq#56
Standards Don’t Change Overnight • They ‘Evolve’ • Websites, banks, etc. will need to learn and adopt these standards • dumbwagonhorses wouldn’t meet their current ‘complexity checker’
Steve’s Recommendation (Simple Complexity) Starting TODAY! (2020 and on) – Three or Four unassociated dictionary words – At LEAST 12 characters in length – Capitalize First Letters – Add a 2 digit year to the end (reminder) DumbWagonHorses20
Simple Complexity Works • DumbWagonHorses20 – 2 Trillion Years to Hack – Should meet the Banks requirements – Much easier to remember
Where to Save Passwords?
Bad Ideas My Passwords Bank … Starbucks … Credit Cards ….
Password Manager App
Features for a Password Manager • Available Everywhere we are: – Phones (iOS and Android) – Computer (Windows, Mac, Web) • Sync’d across all my devices – Means linked to Cloud
Features for a Password Manager • Secure! – Especially if Cloud! – Encrypted – Smart Company – Reliable Company • Free! ? – Free is bad – Affordable is good.
1Password.com Versions • Personal • Family • Teams
Vaults • “Vaults” hold your passwords • You control who has access to a specific vault
1Password Security • Three Keys to access – Username – Password – Encryption Key • 2 Factor Authentication • Notifications of Access
1Password Security • They cannot see your data - ever – Encrypted blob on their servers • Travel Mode – Prevents border inspection access to your private data
1Password Personal • $3 per month • 1 Vault • Unlimited items
1Password Family • $5 per month for whole family • Up to 5 Family Members included – More Kids? $1 extra per month • Private and Shared Vaults
Shared Vaults Netflix Amazon Spotify WiFi Code Bike Lock Code Shared Private (only you can see contents)
1Password Teams • $4 per month per user • Up to 5 Guest Accounts – A guest can only access one vault • Unlimited Vaults
Using Teams PM Login Payroll Services Windows Indeed Job Postings Login HR Private QuickBooks Banks WiFi Finance Netflix Invisalign Patient Reward Hub Shared Clinical
Demo
Apps for Everything • iPhones and iPads • Android Phones and Tablets • Windows PCs • Mac’s
Take Aways….. • Talk to your IT people about the possibility of them being the weak link. • Update your Phones when prompted • Check if you’ve been Pwned • Use new Simple Complexity Passwords • Use a Password Manager
Thank You! Presentation online at www.mmeconsulting.com/Presentations steve@mmeconsulting.com
Recommend
More recommend
