Password Practices for Small Busines IT Security from Adivi
•Descargar como PPTX, PDF•
2 recomendaciones•135 vistas
Just how did my small business email system get hacked? How did my network get exposed? Maybe you or your employees were careless your password selection and use. Why owners and employees need to be careful about their company's data, and what are the current best practices for choosing and implementing passwords.
Recomendados
Recomendados
Más contenido relacionado
Destacado
Destacado (9)
Último
Último (16)
Password Practices for Small Busines IT Security from Adivi
- 1. DEFENDING YOUR Small Business IT SECURITY Best Practices: PASSWORDS 10/27/2016
- 2. Small Business Are a Target! 10/27/2016 Adivi Corporation
- 3. Why should Employees Care? • Company Damage: – Reputation – Fines • Lost Business • Lost Revenue • YOUR Income • YOUR Job 10/27/2016 Revenue Loss: -46% Adivi Corporation
- 4. Why should Employees Care? • Personal Impact – Identity theft • Name • Address • Social Security – Banking – Health Information 10/27/2016 Adivi Corporation
- 5. What Did I Do? You Fell For The Wrong Phish … beware the sweet talking email spear-phisher! Careless Wi-Fi Connection … don’t just connect to any-old wi-fi you meet! Improper Protection … using passwords poorly is like not using no password at all! 10/27/2016 Adivi Corporation
- 6. When You Hide In Obvious Ways, You Become A Tasty Treat! 10/27/2016 Password Fido (pets) 123456 2468101214 987654321 Ford2014 qwerty dragon Baseball (sports) letmein monkey (sexual or anatomical references) 1111111 abc123 mustang master shadow 7 dirty words reference welcome 1qazwsx login starwars princess passw0rd Football (sports) Adivi Corporation
- 7. Public Information is a Recipe for Disaster! 10/27/2016 Joshua (child name) michael/jennifer anniversary birthdates license plate number home address How to check if you’re email/password has been compromised: https://haveibeenpwned.com Adivi Corporation
- 8. We Are Depending on YOU! 10/27/2016 Adivi Corporation
- 9. Passwords: You Don’t Need to Be A Genius! PASSWORD Best Practice • LONG passwords (12-15 ++ characters) • Avoid whole words/phrases • Spread Symbols and Numbers Throughout • Unique password for each important site (never use twice!) e-commerce, bank. • Change Infrequently • Should be different than username • Never use email password on another site. – Email is frequently used as user name for logins. • 2-factor authentication for important data. • DON’T SHARE PASSWORDS! • IF you write them down, secure that list! OR use hints only YOU would know. • Passwords stored in browsers are visible (Chrome, Firefox, Internet Explorer) 10/27/2016 Adivi Corporation
- 10. Two Can Play this Game! • Think of a unusual sentence: “The Chicago Blackhawks Should Play In Green 81 I Love Marian Hossa” (Tcbspig81ilMH) • Three Word Model: – Ex: Object, Place, Color • - Symbol to separate • - Capitalize ONE word • - Add a number • Vowels into numbers: Tcb@mft81, Tcb@mft8!, Cthr11cbaugn03 • Remove Vowels: Tcbspg81lmh! • Build around a base: – Tcbsp1g81ilMHFaceBook – Tcbsp1g81ilMHMyBank – Tcbsp1g81ilMHTarget 10/27/2016 Adivi Corporation
- 11. The Master Knows All… 10/27/2016 Adivi Corporation
- 12. What do you need? • Considerations: – 2-Factor Authentication – Automatic Password Capture – Web Form Auto Fill – Password Strength Assistance – Application Password Capability – Browser Plugin 10/27/2016 Adivi Corporation
- 13. Password Security is no joke… It is always a serious story. 10/27/2016 Adivi Corporation
- 14. Password Resources • LockDownYourLogin.com • StopThinkConnect.org • TwoFacatorAuth.org • Turnon2fa.com (Turn On Two-Factor Authorization) • National Cyber Security Alliance 10/27/2016 Adivi Corporation
- 15. Thank You Adivi Corporation 1332 W Lake Street Chicago, IL 60607 (312) 676-2400 10/27/2016 This was not a test of the Adivi Managed Services monitoring system. In the event of an actual emergency, Adivi engineers would have executed preventative measures to ensure continuity in your normal business operations. Again, this was not a test of the Adivi Managed Services monitoring system. Adivi Corporation
Notas del editor
- We all know technology is upending every aspect of the businesses operate. I just had someone today tell me that if had the technology today when he started his own business 10 years ago, his company would be in a completely different place. Because technology has become such a large part of our normal business activity, it is important that every one of your employees understands how important it is to ensure they approach their use of technology with good, healthy, proactive IT practices. The purpose of this presentation is to highlight why small business owners and employees should care about IT security, with a special focus on password do and don’ts as well as some creative methods for creating passwords, as well as a quick review of password applications.
- Symantec 2016 Internet Security Threat Report Cybersecurity Firm According to Symantec 2016 Internet Security Threat Report small businesses account for more attacks than ever before. 43% of all attacks in 2015 were against small businesses (defined as sized less than 250 people), up from only 18% of attacks as recently as 2011. WSJ reports 34,529 known computer incidents EVERY DAY (source: Microsoft Cybersecurity WhitePaper)… 62% of data breaches against SMBs. Some hackers are trophy hunters, who pick on the easiest prey. Small Business do not have as many resources – they are outsized and under-equipped – to deal with threats. Other hackers are looking to be a wolf in sheep’s clothing, hoping to disguise themselves in their quest for bigger prey … such as…
- Reputation: CSO 1/7/16, prsa.org 7/22/16 Target sales fell by 46% YOY Q4 2013 after data breach – Can Your Small Business Survive That? UK Research OnePoll – 86.55% of respondents were “Not at All Likely” or Not Very Likely” to continue doing business with an organization that had a data breach for credit/debit cards. Lower for HH/Email address loss Government Fines Lawsuits Target downfall was a sub-contractor. So you may not be the target. You may not even be aware of the danger your hacked system can pose to your customers/clients. It is vitally important, especially those who are Owners, have financial titles, or who handle payments, are very careful about what they do – they are the biggest targets.
- Don’t wreck your reputation! US Department of Justice – 17.6M individuals experience some form of ID theft Think about what personal information your company has about you…. Direct Financial Loss: Bank Accounts/Money Indirect Financial Loss: ID Theft = legal fees/overdraft fees Average Loss: $1,343. Credit Score – Negative Impact Credit Cards Auto Loans Home Loans Insurance Rates Jobs Personal Health – Stress/Sleep
- There are many activities that can lead to your company’s account being hacked. Click on a bad email Connect to the spoof wi-fi Poos passwords… Today we will talk about passwords.
- Splashdash.com The Telegraph UK – Do You have one of the most common passwords? Mar 23, 2016 Computerworld, Jan 20, 2016 Worst, most common passwords for last 5 years.
- Using personally identifiable information is risky … provides another nugget of information about you that is associated with the username/password. Makes it easier to tie more elements about your personal life together.
- You don’t have to be a hero! The average joe can make a big impact!
- And you don’t have to be genius…. Just be deliberate in choosing. Here are the key elements of good password selection. 1. Email/iCloud/Google Passwords – journalist iCloud password on website, bot verified, lost password – wipe my device. 2. Data Storage: Dropbox, Lockbox Two Factor – reroute SMS outside the US ….duplicate SMS to If you ever get 2-factor request and you didn’t request, means that your account is hacked. CERN: is you type your password in your user name by accident – CHANGE – shows up in system logs. Jim Fenton, security researcher with NIST, quoted in NakedSecurity.com/2016/8/18 Make security user friendly, verifier more Moving toward – no real length restriction, phrases will be OK, all symbols/emojis, no more hints, stupid questions, no expiration
- Think like you are defending vital information – because you are! Outwit those cybercriminals…. They can move on down the line and eliminate someone else! Three Words with a couple characters Object in front of you, where you were, favorite color – Separate with a character Capitalize one of the words – capitalize the WHOLE word add a number – not tied to personal number. No space – because it’s the obvious break… Maybe a test? Trick is Complex – stronger than simple that are changed all the time.
- Pcmag review: Sept 23, 2016 Computerworld, Jan 20, 2016 list of password keepers Bitium, Okta, OneLogin are corporate password keepers. Password Keeper is encrypted. No one can, not the company, not federal authorities can see what the data is. Your Masterpassword – MUST BE SECURE! Same rules Password Manager can also manage two factor code… text messages or code generator – code on the screen (mobile = QR code) SAFER because there is no SMS, or security breach.
- What are you looking for in a password keeper? Can it handle two-factor authentication Most will automatically capture passwords Do you fill out a lot of forms? Auto Fill will help Are you unsure about how strong a password is? Some will help Applications – things like Facebook, LinkedIn, CBS Sports, Company Apps – will the password keeper save those? Is there a browser plug-in for the PK?
- Seriously – be careful about selecting passwords.
- Resources about passwords, 2-factor authentications.
- Thank You!