Cyber Security Hygiene

Cyber Con 2016

Cyber Security Hygiene

LP3 and Protecting Tomorrow are driven to provide educational insights to empower individuals to prepare and respond to cyber attackers

Hackers are getting more

Sophisticated… and more

Effective!“Stay secure my

friends!”

• Cyber Security is a individual problem, not a technical problem – you have to solve it as one

• Hackers run successful international enterprises, leveraging an agile and adaptable business model

• They benefit from your lack of attention to cyber security and poor investment in protecting your data – the statistics say it’s working for them – and not for us

• They train to hack you for a living – that’s all they do and they’re very good at it

• You train in running your lifestyle and not in protecting it – they win

Agenda• Do I need to worry about cyber security?

• The Conscientious Employee

• Safe Computing at Home

• Access On The Go

Map of the InternetNo borders

Who’s laws apply?

Where is that web server?

Where did that email come from?

Cyber Criminals – No Rules!• Steady increase in cyber crime – collection/exploitation/theft• Many nations refuse to investigate and prosecute • Hackers and governments can access your unprotected data • Damage from cyber crime rising dramatically• Ransom-ware increased by 300% in 2015 – because it works!

HITECH (Health Information Technology for Economic and Clinical Health Act)Purpose Makes massive changes

to privacy and security laws

Breach Notification requirements (Patient, Department of Health and Human Services, and Media)

Applies to covered health care entities and business associates.

Creates a nationwide electronic health record

Increases penalties for privacy and security violations

Criminal PenaltiesCriminal provisions

• Executives: up to 10 years in prison

• Fines started at $100 and could reach up to $25,000 for all identical violations of the same provision

HITECH - Harsher Financial Penalties

• Tiers established for civil penalties• Maximum penalty of $1.5 Million • The higher the level of

culpability, the higher the penalty

Healthcare information is

extremely valuable!

The Conscientious Employee

• Where are my files?

• Passwords • Web surfing• Phishing• Thumb drives

ABA Formal Op 08-451• Model Rule 5.3: “A lawyer who associates with a non-

lawyer must make reasonable efforts to ensure the third party’s conduct is compatible with lawyer’s professional obligations”

• Model Rule 1.6: “…prevent…unauthorized disclosure…”

“When you upload…you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works…communicate, publish, publically perform, publically display, and distribute…”

HACKERS use “Brute-Force”

Password Crackers

Passwords – Why?• Bad passwords easily

guessed by a computer program

•Dictionary•Names•Addresses

• Good passwords have special characters and numbers

•~#^&*•489•Make NO sense

• Cracked 2700 “bad” passwords in 30 seconds

• Crack Program ran for 48 hours more and did not crack the 250 remaining “good” passwords

Good and Bad PasswordsBAD:Password1LincolnTr@fficJ@m

OK: 1n33dmyAlbut3r0!

BEST:•6g3gCH&#NduU]W5nS•gtMZJYt%HCtQ|5PH•4sH*^qjwkzLW!Kzsc$ Reduce your risk:

Use two-factor authentication

Use a Password Manager:Last Pass 3.0Dashlane 3Intuitive Password 2.9

How do hackers get in?• “click here” emails

Personal Associate Connections Social Engineering: “Urgent Game Change! Please see Tommy's new soccer schedule!! Download the .pdf!”

• From: Tanja R. Brown <tanja.brown@wsgmd.com>• To: Cecelia• Subject: PTO Recalculation and Adjustment

• Cecelia,• The team just finished a financial audit and discovered that we improperly calculated your PTO

balance from the beginning of this fiscal year. Our third party auditors suggested that we redistribute the 5.5 days additional PTO due to you within this accounting period to avoid financial penalties.

• Please click here to confirm receipt to accept the PTO change automatically. • The updated balance will appear in your next pay period statement. If you have any questions

please email or call HR and we will be glad to answer them.

• Tanja

• Tanja R. Brown• Operations Manager• Wealth Strategies Group• 2099 Gaither Road, Suite 110, Rockville, MD  20850• (301) 990-4395   Fax:  (301) 990-8746• Web site: www.wsgmd.com• Securities and advisory services offered through NATIONAL PLANNING

CORPORATION (NPC), member FINRA/SIPC and a Registered Investment Adviser.  Wealth Strategies Group and NPC are separate and unrelated companies.

Would you click here?

Web Surfing•How it works

Web Surfing at Work•What can go wrong?

Link from Facebook or Twitter “READ THIS!”

Link to HACKER site

Malicious Software

Private Information

Email Phishing Examples

Phishing is a Real Threat

JP Morgan Chase hacker got customer emails – “76 million households” and “7 million small businesses”

Chase Instructions to Clients the week after:1. Change online and mobile app passwords 2. Watch accounts like a hawk…use text alerts.3. If you notice unusual activity, contact bank immediately and

request new debit or credit card.4. You’re likely to get email supposedly coming from Chase. If

you get any email that asks you to click a link or download a file, it's a scam just delete it.

Spear Phishing• Fake emails seeking to get credentials

• Financial assets: 76% of targets

• Targeted by individual name

• Just at Work????

Red Flag Words: account locked, suspended, verification required, suspicious transaction, protect your computer, funds due to you

Source: Symantec study 2007

Countermeasure: • Don’t click on emailed links

and attachments • ONE careless person can

compromise the whole family

• Keep a careful eye on the email address, look for swapped letters

• Pay attention to misspellings in the email body – could be an indicator

• Don’t remove visible extensions in settings

• Pass – code or 2 factor verification before clicking or sending a link

Thumb Drives – The Truth• Key family risks • Can carry large volume of private info very easily • Carry in malicious code bypassing firewalls, content

filtering, anti-virus scanning• Encrypted USB – still have same security issues• Best to not use them• Teach your kids!

Safe Computing at Home

• Neighbors• Children• Social media• Online Concerns

Home Networks - Neighbors

• Service Set Identification (SSID) • Encryption

Q7BS8linksysciscoHP-PrintLP292Valarie’s Guest Network<none>

Bad Neighbors

Home WPA2And MAC address filteringCheck to see who is connected

Bad 1•Connects to your wireless network•Consumes your bandwidth

Bad 2•Connects to your wireless network•Watches your network traffic •Sniffs passwords when possible

Safe Computing at Home

• User vs Admin accounts• Online shopping• IoT devices• Smart TV’s• Gaming Consoles • Proxies• VPN• Default Configurations

Only 63% of polled Americans maintain updated Anti-Virus and Firewall settings at homeannual Travelers Consumer Risk Index

Safe Computing at Home

• Child Safety Online “Who are you talking to?”

Net NannyWebWatcherMcAfee Safe Eyes

Countermeasure: • Supervision• Filtering Software• Managed user accounts• GET THEM INVOLVED

Social Media Postings• Are you letting people know when you’re away?• Once posted, always posted• Your online reputation can be a good thing• Future employers will likely check your profiles• Cyber Bullies are real• See more at:

http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/social-networks#sthash.Vqz2nUSd.dpuf

Countermeasure: • Use an online profile vs a real

life profile• Take time to configure –

avoid defaults• Check “Location”

permissions• Keep personal information

personal• Be aware of PII surveys and

posts• Know what action to take if

you see abuse• Know who your friends are

and manage your friends list• Be honest if you’re

uncomfortable

Online Concerns • It's not the next hurricane, a distracted

driver, or food poisoning that Americans are most worried about these days: cyber threats are now only second to financial concerns and risks as the biggest worries to US consumers.

• 1 in 4 US consumers have been a victim of a data breach or cyberattack

• Cyber security risk concerns were ranked at number five in last year's index

• Consumers biggest cyber-worry: that their bank account gets hacked, with 62% polled saying so

Countermeasure: • Use a pre-paid cc for online

purchases• Check for https• PayPal??• Careful consideration during

high traffic shopping days

Computing On the GoFree wifi is cool!

Computing On the GoWhat can go wrong?

“Starbucks”“Free-airport-wifi”

Rogue Hotspot Hacker intercepts your data

Recent FBI / InfraGard briefingprovided strong insights into “Free Wifi” spots in San Diego County!

Safer Computing on the GoCountermeasure: • Use cell phone network for

sensitive data• 3g, 4g, LTE• Make sure to turn BT and

WiFi off when not needed!

Bad now – what still to come?• Get your stuff together now because there is more to come• The Internet of Things is going to explode – it’s already

started and devices are coming into the market place with no security and many products are not securable by architecture – who is wearing a smart watch?

• New cyber security solutions pop up every day – • How do you know they’re good or not good? – it can be expensive

to find out• New cyber security companies pop up every day – cyber

security is a booming business and everyone is jumping in – • How do you know who these companies are and if they’re good or

not? It can be very expensive and painful to find out• What do you know about the personal integrity of their staff and

should you trust them to handle your most valuable data and company treasures? For example, each of our security engineers has a background check by the FBI

Thank you!Questions?

Sales@LP3.comwww.LP3-SecurIT.com

www.ProtectingTomorrow.org

“Striking the critical balance between protection and performance”

Thank you!

• From the LP3 family of companies and divisions!