Personal CyberSecurity How to Better Protect Yourself Online Steve McEvoy September 14 th , 2019 Fort Lauderdale, FL
The Internet has some scary s**t going on This is a self defense course
Poll Results - Ransomware
Title
The Dental Record
How did it Happen? Dental Office
How did it Happen? Over 400 !! Dental Office
Discovered Monday Aug 26th
9 Days Later – Sept 3rd
17 Days Later – Sept 11th
What Should You Do? • Have your own LOCAL backup strategy in addition to a Cloud based backup • Talk about this to your IT Person and ask them if this can happen to them/you • Care about this!
Windows 7 End of Life
Why Would You Care?
WannaCry Ransomware
WannaCry Ransomware
Windows XP was full of Security Holes • Microsoft Discontinued Support of Windows XP in April 2014 • No Windows Updates after that time • WannaCry Ransomware deliberately exploited a newly found weakness built into Windows XP (May 2017) • NHS had opted to just keep using XP
Why Would You Care?
Windows 7 will be full of security holes Risk Time
Your Options • Ignore it – Eventually the PCs will be replaced • “In Place” Upgrade to Windows 10 – For a while they had been giving it away • Upgrade to Windows 10 – Reload your existing PCs from scratch • Replace the PC – The new one will come with Windows 10
In Place Upgrade • Windows 10 installs Overtop Windows 7 • Generally a BAD idea – Seen this go sideways many times – All your Applications and Drivers must be Windows 10 Compatible • Software like Dolphin, Carestream, Ortho2, etc. • Scanners, Printers, and other hardware • X-ray machine applications • Leaves behind a mess
Fresh Install of Windows 10 • Updating your Existing PCs Fresh • Deletes everything and Installs Windows 10 from scratch (Clean install) • You have to setup everything again (just like if you had got a new PC) • If a computer is less than 4 years old you might consider this • If a computer is 5+, don’t waste the $$$
New PC • Windows 10 has been out for 4 years • If your PC still runs Windows 7 it is likely 4+ years old. • Replace the old PC that probably has ‘personality’ with a new, much faster PC.
Pay for Updates? • Microsoft is offering Extended Support Updates (ESU) for a fee • You can Pay for Windows Updates for the next 1, 2 or 3 years • The Fees double each year: – $50 year 1 – $100 year 2 – $200 year 3
When ESU Makes Sense • For X-Ray PCs that cannot be upgraded to Windows 10 • Maybe for Mid-Life PCs (3-4 years old) that you want to stretch for 1 more year – It doesn’t make sense to dump $450 into an already 4 year old PC to try and make it live to 7 years old when a new PC is $600
More Motivation…. • Software companies like Carestream, Dolphin, Ortho2, etc. will Stop Supporting their applications on Windows 7 – Ultimately this is reasonable • They usually transition over the first few months – Windows 7 will become “Not Recommended” – After a few months will be “Not Supported”
What to do Next • Talk to your IT Person – Review your network can come up with a plan • Do this ASAP! – They are already super busy helping others that got started sooner than you.
What about your Phone?
Always Update Your Phone
Help! Ransomw are
Email Phishing Attacks
Via email attachments
What Should You Do? Best Practices for Emails: • Never click on a link in an email that you aren’t 100% sure of the sender and where its taking you • Never open an attachment on an email if you weren’t 100% expecting it • When in doubt, open on a cell phone • When in doubt, check with the sender
Phishing Ransomw are
Phishing Ransomw are Bitcoin
Phishing Ransomw are Bitcoin
Corporate Data Breaches
Bulk Hacking • Hacking peoples accounts one at a time is a slow, resource intensive process • Hacking the websites full of user names AND passwords yields bulk results • They never targeted you personally, but the result is they have your information
How can you know if your username & password have been leaked into the wild?
Troy Hunt • Security Expert from Microsoft • Searched the Dark Web • Compiled a list of 5 ~Billion hacked accounts • Created “Have I been pwned?” website – ‘Pwned’ is a slang term • Securely check if your username and passwords has been stolen
www.HaveIBeenPwned.com
Is your Password Pwn’d? (starwars)
Pre-check your new passwords (MyReallyHardPassword)
Get Notified of pwnage • Get notified if your email(s) show up in the future
I was Notified of pwnage
How long will it take for a Hacker to break through my password?
www.howsecureismypassword.net
What makes a GOOD Password??
• Recently updated their recommended digital identity standard (SP 800-63) • Troy Hunt canvased NIST and others to derive what the collective wisdom is thinking
Length Matters • 12 or more characters • We can use short dictionary words • 3 or 4 random words
dog bill red beer hat tree head
Nothing Personal address spouse movie food kids date birthday phone pets
3 or 4 Short Random Words bill dog red beer hat tree head doghatbeerhead
Make ‘em Memorable • Think up something about the site • i.e. Wells Fargo – dumb wagon horses – ripping off clients – stashing my cash
But what is wrong with this? • dumbwagonhorses – 15 characters – 3 random words – dumbwagonhorses is better than Sj7$qq#56
Standards Don’t Change Overnight • They ‘Evolve’ • Websites, banks, etc. will need to learn and adopt these standards • dumbwagonhorses wouldn’t meet their current ‘complexity checker’
Steve’s Recommendation (Simple Complexity) Starting TODAY! (2019 and on) – Three or Four unassociated dictionary words – At LEAST 12 characters in length – Capitalize First Letters – Add a 2 digit year to the end (reminder) DumbWagonHorses19
Simple Complexity Works • DumbWagonHorses19 – 2 Trillion Years to Hack – Should meet the Banks requirements – Much easier to remember
(Public WiFi in Particular)
Up Close and Personal • To hack you while on WiFi the hacker needs to be within range
The Good Guy Hacker • White Hat Hackers that you hire to ‘PenTest’ your own business to find the weaknesses • Toolkits are available online to purchase • Of course, who are the biggest customers?
Hak5
Hak5
Hacker Hobbiest • You don’t need to be an expert • Anyone with a Hobbyist level of computer skills can use these tools effectively • (and get into trouble fast)
Where do we use WiFi? Typical places we rely on WiFi include: • Home • Office • Coffee Shops • Hotels • Conferences ….
Remembered Connections • The convenience of our devices is their undoing • It can be set to remember WiFi’s its been connected to and automatically reconnect • They are constantly ‘beaconing’ out looking for those memorized zones
Hello?? Home WiFi Zone Named “ Steve’s WiFi ” are you there??
Why Yes I am! “ Steve’s WiFi ” is ready to connect, please do Thanks! All Connected
Phishing you with a Freebie • Fool you into connecting to a ‘Open’ Free WiFi zone • They advertise a convincing name: – Starbucks Free WiFi – Detroit Airport Free WiFi – UofM Free WiFi
Cool! They Free WiFi! Come and arranged get your Free WiFi Free WiFi for the ‘ AAO Free WiFi ’ meeting
Secure Surfing • HTTP vs. HTTP S – http://www.google.com is unsecure – http S ://www.google.com is encrypted • HTTP web surfing is like shouting across a room - ANYONE can listen in
Secure Surfing • HTTP S web surfing is an encrypted connection • When you access the website they hand you an encryption key • Your device goes through a process to verify the key is legitimate through a 3 rd party verification • If it checks out you see a Lock symbol
Where would you expect it? • Banks • Retailers • Any place you have to ‘Login’ – They should be in HTTPS mode by the time you are on the login page.
Pay Attention to the Lock • This is your key defense to knowing if you are potentially being hacked • An HTTP S website with a BROKEN lock symbol means you are at risk
Have you ever seen this?
Have you ever just Continued?
Hackers count on our Reaction • “Damn computer is acting up again. I just need to get my work done” • … and you click on Proceed Anyway …
What to do? • Do not proceed* • Close your Browser session and try again SOMEWHERE else safer • Ask your IT person if it persists
Recommend
More recommend
