1 / 29

Protect Your Personal Data: Pro Tips Webinar

Join our webinar with guest speaker Glenn A. Stout, Ph.D., Chief Information Security Officer at HALOCK Security Labs. Learn best practices for protecting your personal data and how to defend yourself against bad actor attacks, including social media, social engineering, phishing, and WiFi threats.

nfletcher
Télécharger la présentation

Protect Your Personal Data: Pro Tips Webinar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WELCOME Pro Tips for YOU to Protect Your Personal Data Webinar May 2019

  2. GUEST SPEAKER Glenn A. Stout, Ph.D. Managing Consultant, HALOCK Security Labs Serves as RPB’s Chief Information Security Officer

  3. AGENDA • What data are you protecting? • Best practices for passwords • Bad actor attacks and what YOU should do: - Social Media- Social Engineering- Phishing - WiFi

  4. Bad Actors* versus You! What do Bad Actors want? What is their goal? What do they want you to do? Knowing the Bad Actor’s goals helps you know what YOU should do INSTEAD! *Anyone that means us harm is a Bad Actor

  5. What Data are You Protecting? • Work/Employment Accounts • PII (Personally Identified Information) • Protected Health Information or PHI (ePHI) • Work email, other work data • SSN, Driver’s License Number, etc. • Your personal medical data, including payments • Your “online” medical portal • Financial Account Data • Other Data You Want Secure • Bank, Credit Cards, Investments, 401k • Awards programs (e.g., airline, hotel), Education

  6. Overall Goals of the Bad Actor

  7. What YOU Should Do There are many recommendations to protect your data, but overall: • Limit the amount of sensitive information you collect, use or share • Store sensitive information only in known secure systems • Do not keep sensitive information longer than necessary • Securely archive or destroy information when it is no longer needed Would you walk into a dark alley with a bunch of cash? Only keep what you need!

  8. AGENDA • What data are you protecting? • Best practices for passwords • Bad actor attacks and what YOU should do: - Social Media- Social Engineering- Phishing - WiFi

  9. Passwords – Multi-Factor Authentication Dual-factor or multi-factor authentication is a way prove who you are with more than one of the following: Something you KNOW – a password, pin, answer to security question, etc. Something you HAVE – a key card, a phone, “token”, etc. Something you ARE – your picture, fingerprint scan, eye scan, etc. Where you are LOCATED – your location, or system you are using EXAMPLES After you key in a password (#1), then you send a code to your phone (#2) and type in the code. Remember gas stations when you just needed your credit card? (#2) – now you need to type in a zip code (#1) When you log into certain websites, it makes you authenticate again because it doesn’t recognize where you ARE (#4)

  10. Passwords – Stats 56% reuse passwords for personal and corporate apps 1 in 7 would re-sell their password to a third party for as little as $150 20% share passwords for team members 20% would stop doing business with a company that put their data at risk; 50% would tell friends and families to do the same When is the last time you changed your bank password? How many sites do YOU have where you use the same password? Is one of those your bank or financial website? Are those unique? Be honest with yourself! SOURCES: SailPoint’s 2018 Market Pulse Survey CordCutting.com https://www.marketingtechnews.net

  11. Passwords – Bad Actors want YOU to: Use a password equal to a word from the dictionary Use the same password for multiple online accounts Not change your password—especially for sensitive sites Change your password by adding a number to it; then increase the number each time you’re required to change it (MyPassword1, MyPassword2, MyPassword3) Include information about you that can be found online (name, child’s name, birthdate, etc.) Use adjacent keyboard combinations, e.g., 12345 or qwerty. Use a password found on this list of bad passwords: https://www.symantec.com/connect/blogs/top-500-worst-passwords-all-time

  12. Passwords – What YOU Should Do Always Use long passwords or passphrases; the longer the better. Use upper/lower case, numbers and special characters– even if not required! Use a password storing application/vault. Use two-factor authentication, or two-step verification where you need more than your password to log in (or change your password), such as codes sent to your smartphone Delete or disable accounts you are no longer using Never Share passwords with anyone Write your passwords down or store passwords in an unsecured file Let your browser store passwords Use your work email as the email/user name for personal use websites Use public computers, such as those at hotels or libraries, to log in to a work or bank account

  13. AGENDA • What data are you protecting • Best practices for passwords • Bad actor attacks and what YOU should do regarding: - Social Media- Social Engineering- Phishing - WiFi

  14. Social Media – Definition Social networking sites, personal web pages, and blogs are notorious public sources of personal information Once you post something online, it is practically impossible to take it back, even with maximum privacy settings Seemingly innocent information about interests, family, or history could be used for identity theft, or by social engineers.

  15. Social Media – Bad Actors Want You To: Share your personal, private data, including: • Your birth date and year • Your child’s full name and birth date • When you’re going on vacation Comment on your company business and names of people you work with To be “public” so that anyone can see your posts, not just family and friends you select

  16. Social Media – What YOU Should Do Only post information you would write on a banner displayed in a public place Set social media privacy settings to the maximum “safe/private” configuration (children, family members) Don’t provide status updates on you or your family members whereabouts. Post vacation pictures AFTER you get back! Be aware of 3rd party applications that integrate – use from trusted sites only (“Login with Facebook”) – they may have access to your personal info

  17. AGENDA • What data are you protecting • Best practices for passwords • Bad actor attacks and what YOU should do regarding: - Social Media- Social Engineering- Phishing - WiFi

  18. Social Engineering – Definition Bad Actors love to have information handed to them – they will try to “con” you out of the data they are looking for! Bad Actors use social engineering techniques to take advantage of people with regard to trust, fear, politeness, and helpfulness, rather than technical vulnerabilities in computer programs

  19. Social Engineering – Bad Actors Bad Actors trick you to give them data—that you have access tooutright, or access to it so they can get it themselves—so you will: Do something that will make you DEVIATE from your normal, established, secure, procedures “This is the help desk, can you confirm your password?” • Respond to a fake email (more on this later) • Tell them secret information if they ask for it. • Fall for “Baiting”—they leave malware infected CD, DVD, or USB flash drive in a location sure to be found—YOU happily plug it in! • Fall for an Internet hoax—designed to encourage you to forward malicious emails (“Support The Troops – look at this picture!”) • They may also tell you your computer is “infected”—and offer to have you buy a product to “fix” it

  20. Social Engineering – What YOU Should Do Be skeptical of anything unusual Always be 100% on guard for this type of attack Verify the identity of those who ask for information (YOU initiate the phone call). Don’t give out personal information when someone calls you—again, they will act as this is URGENT—be vigilant If you think you’re the target of social engineering: • Ask for the person's name and contact information (“Let me call you back”) • Capture caller ID information • Block fraud callers and revert bad emails to automatically hit the spam folder • Call authorities

  21. AGENDA • What data are you protecting • Best practices for passwords • Bad actor attacks and what YOU should do regarding: - Social Media- Social Engineering- Phishing- WiFi

  22. Anatomy of a Phishing e-Mail Date in odd format – European format. Return email address has dashes or something odd – e.g., .biz While sometimes personalized, most of the time it says ‘Dear Customer’ The “threat” – says your account is limited or disabled “until you do something” Looks like they are “doing you a favor” There is always a link to log into your account to “correct” the situation

  23. More Phishing Examples “Irregular activity” “Limited your account” “Account disabled” “In order to regain access” “Verify your account” “Click here to get back your account”

  24. More Phishing Examples In this case, the email is saying that there is an issue with the American Express Card User ID – and to click to “be protected” You can reveal the link by ‘hovering’ over it AND NOT CLICK IT – you can see that the URL has nothing to do with American Express

  25. Phishing – What YOU Should Do Do Not click on links in unsolicited email/text messages If you think the request is legitimate - always go to the website DIRECTLY – do not click the link to get there Do not open an attachment unless you’re sure it’s valid If an email or text from a friend or colleague seems suspicious, call them and ask if the email is legitimate Be wary of email that threatens your account will be closed unless you “validate account details”

  26. AGENDA • What data are you protecting • Best practices for passwords • Bad actor attacks and what YOU should do regarding: - Social Media- Social Engineering- Phishing - WiFi

  27. Outside the Office/Travel – Definition When travelling, people are forced to use networks (mostly Wi-Fi) they’re generally not familiar with Most coffee shop/hotel/airport wireless networks are not encrypted, so it’s important to know some tips to help in this area

  28. Outside the Office/Travel – Goals of the Bad Actor They want to expose your device to the Wi-Fi network in an unsecured manner. They want YOU to: • Log in to their “rogue” Wi-Fi network which they set up disguised as a legitimate network. OR • Send sensitive materials using the legitimate unsecured network, not using additional encryption—because they’re eavesdropping on the network already!

  29. Outside the Office/Travel – What YOU Should Do If available, use company-provided “personal hotspot” Do not use “free/unsecured” networks when working with sensitive information If you must use a free network for non-sensitive data: • ALWAYS log in to your company’s or Personal VPN (if you have one) – so all of your activities will be encrypted • Ensure you’re using the official network that is provided; don’t just pick the one that “looks right” • If your browser shows an alert that it cannot verify the domain certificate, stop using the free Wi-Fi

More Related