Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Email Security Practices & File Encryption Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1
Series Goals Series Goals • Inform and educate - how to protect your electronic valuables • Improve knowledge about electronic security • Provide practical information about what to change and how to do so Topic Summaries • Securing Personal Data - Overview previous webinar – recording available • Email Security Practices & File Encryption today’s webinar • Password Management & Public Wi-Fi Security Wed, Jan 30, 10:00 am Note: You need to register separately for each webinar. If unsure if you’ve registered, email itservices@pbsinet.com Page 2
Agenda Email Security Practices & File Encryption Fundamentals of email security How to spot “dangerous” emails File Encryption - “at rest” and During Transmission Demonstration of Office 365 email security Page 3
PBSI Technology Solutions IT Security Specialists Who is PBSI? Technology Services provider for hundreds of clients large and small Experienced – 75% of staff have 10+ years experience w/PBSI Proactive IT security for businesses and individuals Not affiliated with Mariner Wealth Advisors Page 4
Why do we need protection? The Internet Today is a Dangerous Place Increasingly, PCs are being infected with malware that steals passwords and copies data New key logging & phishing attacks change constantly – Bad guys are motivated and relentless Victims are NOT notified – Keystroke-logging malware may be active on millions of PCs Email Addresses and Passwords Are For Sale • 3.1 Billion emails are available for sale on the Darkweb • 1.2 Billion of them include exposed, cracked passwords • LinkedIn, Yahoo, Gmail, DocuSign, Adobe, Dropbox, Tumblr, MySpace and 30 others • Recent hacks: Marriott, Dell – breaches continue unabated – MUST prepare in advance • List of biggest breaches can be found at: https:// haveibeenpwned.com Secure Dark Web Exposed Password Check. Page 5
Fundamentals of Email Security How to evaluate “dangerous” emails Safety principle # 1 - Unsolicited vs. Solicited • Unsolicited means unrequested and unexpected – even from a known source • Even if you know the sender, is anything unusual about THIS email? • Caution: Brief emails from “known” persons – Why? Malware frequently delivered from familiar name, short “to” list & single link Safety Principle # 2 - Antenna up ! • Does anything seem amiss? STOP – Do you need to click this now? • Evaluate email address (hover), time of day, recipient list, brief content, out-of-character - why would this person send this content? • Any misspellings? Grammar mistakes? Unusual phrasing? Unusual colors? Formatting ? Font variations ? Page 6
Fundamentals of Email Security How to evaluate “dangerous” emails Safety Principle # 3 - Don’t get your news from email • Beware current events/product releases (Tax time, disasters, holiday messages, celebrity news, Apple/Tesla product releases) • Beware Social media – Popular sites are rife with phishing scams – Don’t believe your friends are foolproof • Does anything seem “too good to be true?” Does the content make you curious? (Ask yourself, who wants to make you curious?) Safety Principle # 4 – Careful with Unsubscribe • DON’T: Use “Unsubscribe” unless you are CERTAIN the source is credible. Instead, choose “Junk”, then “Block Sender” • Scammers use “unsubscribe” to 1) confirm your email address is real, and/or 2) initiate an attack • Antenna up! Scammers are very intentional in creating elaborate ruses – think twice and be very cautious Page 7
Other Email Caution Steps Don’t act without careful consideration Other email caution steps • Hover over links, check spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) • Never respond if asked to click link for “confirmation” or “reset”, even if they know last 4 of CC#, last 4 of SS# • If you think a request may be legit – instead of clicking link, go to vendor site and login (no copy/paste) • Always think twice – if uncertain, forward the email to a trusted IT person/company - scanURL.net Beware common hacker spoofs • Get ready! Tax season is coming - Login to confirm your IRS account now; Reset your IRS Pin#; Problem with your W-2 • Apple (gmail, Microsoft) account needs renewal/reset; Resume attached - Word attachments = Ransomware • Text alerts – You receive text “Google has detected unusual activity” – reset your password – Don’t! • If you have ANY concern you’ve made a mistake – change your password Page 8
Incoming Fax - Example of Ransomware Page 9
Security “Warning” or “Alert” Emails Security alert – login limit reached Spectre/Meltdown email Page 10
Shipping Confirmation Emails Page 11
Fake News Emails Current event – Actual “fake” news This never happened! Page 12
Banking Emails “Good” email (Tells me to login, no link) “Bad” email (Link to website) Page 13
Emails from “Trusted” Sources Current event donation request Taking advantage of “likely” account Page 14
Emails requesting a click eSignature request Free credit info – or “fix” your credit Page 15
File Encryption - “at rest” and During Transmission What is file encryption and why is it important? • Encryption is a term describing data that can’t be read without a private “key” (password) • Encrypted data is garbled so that if opened it can’t be easily read or interpreted • Encryption security varies based on technology used AND based on length of “key” (the password) • Long or complex passwords are encouraged. Length is the enemy of hacker decryption software Encrypting sensitive files “at rest” • Why? From whom are you protecting info? Future hackers – If hacked, what could they learn & how would you know? • Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI) • Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information How to encrypt sensitive files during transmission (Email) – 3 Choices • Encrypt the email – Requires purchase of an email encryption tool • Encrypt attachment(s) - and provide the password to the recipient – using different medium (text or voice) • Use a secure file sharing portal – like Mariner’s ShareFile Page 18
Demonstration Email protection tools in Office 365 Protection – Office 365 Advanced Threat Protection (ATP) • Sandbox safe detonation of links and attachments • Significant protection for inevitable mistakes • $ 2 per month per user Encryption - Azure Information Protection for Office 365 (AIP) • Includes Office 365 Message Encryption - ability to encrypt emails • Provides “Do not forward” option • Recipient sees option for 1-time passcode, or “Login with “your-carrier”. Settings are remembered for future emails • $ 2 per month per user How to Encrypt a file “at rest” • Using Microsoft Office to encrypt a file Page 19
Summary of Today’s Webinar - Email Security & Encryption Email Security • Email safety principle # 1 - Unsolicited vs. Solicited – Be VERY cautious with all unsolicited email. • Email safety principle # 2 - Antenna up! Is there anything unusual about THIS email? (time of day, recipient list, out-of-context) • Email safety principle # 3 - Don’t get your news from email – Go to a news source directly – not through a link • Email safety principle # 4 - Careful with Unsubscribe - Unsubscribe ONLY with known, credible email sources. Use Block sender Email caution steps • Do NOT click on links without running through all the “caution” steps • Hover over link, checking spellings, unexpected content, added extensions (amex.us.com) (ups.pickup.com) • Never respond if asked to click link for “confirmation” or “reset”, even if they know last 4 of CC#, last 4 of SS# • If you think a request may be legit – instead of clicking link, go to vendor site and login (no copy/paste) • Always think twice – if uncertain, forward the email to a trusted IT person/company Encryption • Encrypt protected information at rest • Never send protected info via email unless encrypted • Consider PBSI Risk Intelligence scan to identify “at risk” data • Consider Office 365 Advanced Threat Protection (ATP) and Azure Information Protection (AIP) Page 20
Recommend
More recommend