restech user security - d1cqrq366w3ike.cloudfront.net€¦ · account takeover - lack of validation...
TRANSCRIPT
![Page 1: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/1.jpg)
Restech
User SecurityAVOIDING LOSS – GAINING CONFIDENCE IN THE FACE OF
TODAY’S THREATS
![Page 2: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/2.jpg)
Your presenter:
Vince Gremillion, CISSP
30+ years technical and customer service experience
Founder/Co-Owner RESTECH Information Services
2013 Louisiana Small Business Person of the Year
Implemented ISO 27001 security protocol
Implement and manage ALTA/TRID regulation
2
![Page 3: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/3.jpg)
What to Expect?
3
As an USER, OWNER, MANAGER or EXECUTIVE
Understand the CRITICAL INFORMATION ASSETS and threats against them
Learn the basics of an EFFECTIVE SECURITY PROGRAM
Data security is everyone's responsibility – not just IT
You as the Data Handler – The most critical part of any security plan
Learn the habits of security
It’s not about hackers – it’s about you!
Users leak and lose more data than hackers ever steal.
Poor data handling habits area leading cause – data sprawl,
![Page 4: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/4.jpg)
4
![Page 5: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/5.jpg)
Current news/threats
5
PHISHING &SOCIAL ENG.
INTERNAL THREATS
LOST / STOLENDEVICES
RANSOMWARE
![Page 6: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/6.jpg)
More likely threats?
6
Weak security of others who handle your data – Equifax, Yahoo et al
Non-Profit groups, churches, sports, associations are soft targets
Account takeover - Lack of validation for password resets (IRS, PayPal and
many others)
Using the same password across many accounts
Banks take email to authorize wires
Know how your vendors can pose a risk
Entire supply chain is at risk - software libraries, firmware, Chinese mfg.
USB thumb drives
![Page 7: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/7.jpg)
7
![Page 8: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/8.jpg)
Change default passwords immediately on any connected device ( if you can*)
8
Passwordsof confirmed data breaches
leverage a weak, default,
or stolen password.Source: 2016 Data Breach Investigations Report from Verizon
63%and Account Security
www.insecam.org
![Page 9: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/9.jpg)
Change default passwords immediately on any connected device
Use more than UPPER / lower case and numbers
9
Passwordsof confirmed data breaches
leverage a weak, default,
or stolen password.Source: 2016 Data Breach Investigations Report from Verizon
63%
52 UPPER & lower charactersin the alphabet
+10 Numbers
+30 Special characters such as[ ] / < > , . % ^ % $ # @ ! ? ~
92 Possible characters
BASEEXPONENT
Possible charactersLength of password
and Account Security
![Page 10: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/10.jpg)
Change default passwords immediately on any connected device
Use more than UPPER / lower case and numbers
Passwords should be replaced with long pass phrases greater than 10 characters
10
Passwordsof confirmed data breaches
leverage a weak, default,
or stolen password.Source: 2016 Data Breach Investigations Report from Verizon
63%
i-L0v3-this_te@m!
and Account Security
L0ze*>15#Bye2018
![Page 11: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/11.jpg)
Get and use a Password Vault or Single Sign On product
Couple it with 2 Factor Authentication
11
Passwordsof confirmed data breaches
leverage a weak, default,
or stolen password.Source: 2016 Data Breach Investigations Report from Verizon
63%and Account Security
![Page 12: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/12.jpg)
Change default passwords immediately on any connected device
Use more than UPPER / lower case and numbers
Passwords should be replaced with long pass phrases greater than 10 characters
Consider a password manager for daily use protected by a super complex passphrase
If one site is hacked and you share passwords, all sites need to be changed
Activate 2FA (2 Factor Authentication)
NEVER have passwords written on paper around
your desk!!!! Can be store securely somewhere else.
HAVE I BEEN PWNED? www.haveibeenpwned.com
12
Passwordsof confirmed data breaches
leverage a weak, default,
or stolen password.Source: 2016 Data Breach Investigations Report from Verizon
63%and Account Security
![Page 13: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/13.jpg)
Patches and Updates
“Zero day” exploits attack flaws in most software
Apply patches ASAP
Don’t expose systems directly
to the internet
13
• Flash
• Adobe
• Windows
• Java
• Firmware in hardware
- Cameras
- TVs
- IOT (internet of things) – anything
connected to Internet: home
automation, entertainment, security,
cars, toys, etc
![Page 14: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/14.jpg)
Data Protection – a reputation and liability issue
14
The data on your systems is often more valuable
than the system or business itself
![Page 15: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/15.jpg)
Data Protection – a reputation and liability issue
15
What is the required TIME TO RECOVER your lost data?
Backed up locally and offsite + encrypted
Contains many versions
Recovers data or systems fast
A GOOD DATA PROTECTION SYSTEM:
Attached disks and NAS are vulnerable
![Page 16: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/16.jpg)
Permissions
16
Users Roles PermissionsYOUR PEOPLE THE FUNCTIONS
OF YOUR USERSAPPROVED
AUTHORIZATIONS FOR EACH USER
![Page 17: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/17.jpg)
How Do You Secure Your House?
17
PROTECTION DETECTION RESPONSE
![Page 18: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/18.jpg)
Physical Security
Locked doors
Lighting
Access control
Badges
Employee screening
Personal Security
18
Anticipate avenues of attack and prepare
Logs
Cameras
WIFI
Open ports
Documents on desk, in
car
![Page 19: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/19.jpg)
Awareness
Owners, Executives, and Managers have to lead by example
Awareness training is a cultural shift
Nearly all breaches can be traced to a human exploit
The value of the data is far greater than the equipment it is on.
The exposure to liability and loss of reputation are the greatest
risks to handling data.
19
Everything depends on this
![Page 20: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/20.jpg)
Awareness
Don’t click links from unsolicited Email
Type them into browser or use your Bookmarks
Hover mouse over a link to confirm
Verify the sender – but not by replying to that email.
Be careful of Outlook autofill addresses
Disposing of data – secure deletion, not in MY DOCUMENTS
Develop and work within a policy/procedure framework
20
Everything depends on this
![Page 21: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/21.jpg)
Awareness – threats are following you
21
More Vulnerabilities than Ever!
“SMART”
devices
Smart Phone
Online everything
Cloud services
Conveniences
Everything Always ON
always connected
Cameras
Digital records everywhere
META Data
Social Media
![Page 22: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/22.jpg)
Awareness – spot phishing email
22
Unsolicited – When in doubt – DELETE!
![Page 23: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/23.jpg)
Malware Protection
Do not jeopardize the security of your business by
relying on “free” virus protection
Improper configuration and lack of updates will make
any product useless
Better products detect known and unknown threats
–it’s worth the expense
23
Don’t “cheap out” here
![Page 24: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/24.jpg)
Email & Web Security
Email and Internet – main avenue of cyber attacks and misuse of data
Active filtering firewall – limit egress
Email spam protection
Accurate SPF records to reduce spoofing
You need reporting to see what is being
used by who
Prevent accidental access
24
Protect the ENTRY and EXIT points
![Page 25: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/25.jpg)
Business Continuity
25
Planning for the unexpected
Anticipate what can happen and
what affect it can have
Ultimate deliverable for your
IT service provider
Downtime costs much more
than hourly service savings
![Page 26: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/26.jpg)
Protecting Yourself Activate alerts on your accounts
Activate Two Factor Login
Use Positive Pay services
Freeze your credit accounts
Reconcile your own accounts
Dual Signature where you can
Do not use PC/email to authorize wire transfers
Limit exposure of personal data on social media
Avoid Public WIFI without a VPN service
Change your passwords
Delete old accounts26
![Page 27: Restech User Security - d1cqrq366w3ike.cloudfront.net€¦ · Account takeover - Lack of validation for password resets (IRS, PayPal and many others) Using the same password across](https://reader035.vdocuments.mx/reader035/viewer/2022062603/5f06f14c7e708231d41a8190/html5/thumbnails/27.jpg)
CALL TO ACTION
Phishing test
Network assessment
Cybersecurity consultation
Contact RESTECH to schedule:
(504) 733-5633 www.restech.netEMAIL: [email protected]