Your Cybersecurity Survival Guide: Tactics to Protect Yourself from the Latest Attacks
Key Family Wealth National Call July 28, 2021 – 3:00 p.m. ET Agenda
I. Speaker Introductions – Gary Poth, Executive Managing Director, Head of Key Family Wealth
II. Personal Best Practices – Rockie Brockway, Practice Lead, Office of the CSO, TrustedSec and Tammy Gedetsis, Sr Information Security Manager • Level 1 – The Basics • Level 2 – Password Managers • Level 3 – Multi-factor authentication
III. Social Engineering Tactics – Rockie Brockway, Practice Lead, Office of the CSO, TrustedSec and Tammy Gedetsis, Sr Information Security Manager
IV. Threat Actor Motivations – Rockie Brockway, Practice Lead, Office of the CSO, TrustedSec and Tammy Gedetsis, Sr Information Security Manager
V. Final Words
VI. Questions
2 Speaker Introductions
Gary Poth, Executive Managing Director, Head of Family Wealth
3 Today’s speakers
Gary Poth Rockie Brockway Tammy Gedetsis Executive Practice Lead, Office Sr. Information Managing Director, of the CSO Security Manager Head of Family TrustedSec KeyBank Wealth
4 Submitting a question
To submit a question:
• The Q&A section is automatically open for your use in the bottom right section of the screen • Type your question to All Panelists and select Send
We will answer as many of your questions as we can.
If we do not get to your question, please follow up with your Key Family Wealth advisor.
5 Best Practices for Your Home
6 Best Practices for Your Home
Three Levels for Your Home Online Protection
Multi-factor The Basics Password Managers (General Best Practices) Authentication
7 Best Practices for Your Home Level 1 – The Basics
8 Best Practices for Your Home
1. Protect Your Family
• Never open attachments unless you EXPECT IT AND TRUST THE SENDER • Be overly cautious when clicking links in social media • Use URL reputational tool • Be very suspicious of popups and people asking you to install things • Avoid banking and/or shopping from public computers • Use HTTPS when connected to WiFi hotspots when checking email, social media and sharing applications (Dropbox, Evernote, etc.) • Configure home WiFi with strong authentication and require a unique password to access it • Change all default passwords on “Internet of Things” devices (cams, etc.) • Look for the green HTTPS browser bar and “trust” marks
9 Best Practices for Your Home
1. Protect Your Family
• Firewalls On • Brave Browser • Anti-Virus Updated and Using • Browser Protections/Addon Latest Signatures Plugins • Apps updated • uBlock Origin/Adblock Plus • Browsers • Privacy Badger • Java • HTTPS Everywhere • Adobe Flash • Web of Trust • Adobe Reader • Advanced Endpoint Security • MS Office Solutions • Microsoft’s EMET (Win10)
10 Best Practices for Your Home
1. Protect Your Family
11 Best Practices for Your Home
2. Web of Trust
12 Best Practices for Your Home
3. Install uBlock Origin, HTTPS Everywhere and Privacy Badger Browser Add-Ons
13 Best Practices for Your Home
3. How to Install Plug-ins and Add-ons in Firefox
14 Best Practices for Your Home
3. (Optional) Install Brave Browser
15 Best Practices for Your Home
4. Validate the SSL Certificate
16 Best Practices for Your Home
5. Freeze Your Credit
Equifax • https://www.equifax.com/personal/credit-report- services/credit-freeze/ • 800.685.1111 Experian • https://Experian.com/freeze • 888.397.3742 TransUnion • https://www.transunion.com/credit-freeze • 888.909.8872
17 Best Practices for Your Home
6. Enable Credit Card Usage Alerts
18 Best Practices for Your Home
7. Passwords
19 Best Practices for Your Home
8. Use Passphrases as Opposed to Passwords
Typical Passwords • Combination of Passphrases symbols & letters • Longer in length (15 • Usually doesn’t or more characters) Why should you use exceed 10 characters • Comprised of spaces passphrases instead of • Can be a string of in between words, passwords? symbols at random, a and can contain dictionary word, or a • Easier to remember and type than symbols combination of both random symbols and letters • Do not have to be • Satisfies complex rules & grammatically correct Example requirements easily - the use of or make logical sense “B&fse$$D”, “CuPcakE”, punctuation, upper or “C@st!e” & lower case Example • Hard to crack. Most highly-efficient “Food is the KEY to my password cracking tools break heart!!” down at ~10 characters
20 Best Practices for Your Home Level 2 – Password Managers
21 Best Practices for Your Home
Password Managers
• Email • Social Media • Banking • News • Sports • Entertainment • Credit Card • SSN • Medical • Commerce • Corporate • Client One central repository of all your passwords/sensitive data • PII protected by one (VERY STRONG) passphrase • PHI
22 Best Practices for Your Home
Password Managers
One Phrase to Rule Them All There are many password managers out there, but to keep things short and simple we’re going to use KeePass as our example (it’s free and open-source!).
https://keepass.info/ https://keeweb.info/ (PC) (Cloud/Mobile/Mac)
23 Best Practices for Your Home
Password Managers
When you first create a password entry, KeePass will auto-generate a random 20- character password by default
You can add the website’s URL for auto entry
You can use the comment field to add things like additional security questions.
ProTip: Never answer security questions with true answers
24 Best Practices for Your Home
Password Managers
You never have to remember any other password/phrase again
When you navigate to a website that requires a login, simply bring that website login page up and click Perform Auto- Type in KeePass
25 Best Practices for Your Home Level 3 – Multi-factor Authentication
26 Best Practices for Your Home
Multi-factor Authentication
What Comprises Authentication?
27 Best Practices for Your Home
Multi-factor Authentication
What is Multi-Factor Authentication?
Two factor authentication is when you require a combination of two of the three types of authentication.
For example: • Your ATM card • You need to HAVE your card and KNOW your PIN
28 Best Practices for Your Home
Multi-factor Authentication
Multi-factor Authentication Examples
29 Best Practices for Your Home
Multi-factor Authentication
Multi-factor Authentication Examples
Another available method of cyber multi-factor authentication:
Google Authenticator
30 Best Practices for Your Home
Multi-factor Authentication
Sites that Support Multi-factor Authentication
Here is a sample list of websites that support MFA with either Google Authenticator or SMS texted codes:
Google/Gmail Steam SmartBox LastPass Microsoft/Azure Basecamp Apple Yahoo! Skype Facebook Amazon Web BitCoin Central Twitter Services Github Dropbox LinkedIN GoDaddy Evernote Wordpress Etrade PayPal DreamHost KickStarter Ebay Box Tumblr OneDrive Check https://twofactorauth.org for the most recent site list
31 Social Engineering Tactics
32 Common Social Engineering Tactics
It is human nature to tend to want to help others.
• Urgency • Familiarity/Trust • Authority • Reciprocity • Needing Assistance
33 Pop Quiz
Tech support scams – social media account posing as tech support.
34 Pop Quiz
Tech support scams – You have money! With an attachment!
35 Pop Quiz
Tech support scams – Urgency from your boss?
36 Pop Quiz
HR Scams – Urgency from an employee?
37 Phishing Outcomes
38 Top Ransomware Delivery Methods
39 Threat Actor Motivations
40 Threat Actor Motivations
2019 United States Top Internet Activities 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
41 Threat Actor Motivations
42 Threat Actor Motivations
Adversary Return On Investment (ROI)
43 Threat Actor Motivations
Most Common Financially Motivated Attacks
Ransomware Business Email Compromise (BEC)
Typically, a phishing attack where an attacker A sophisticated phishing attack where an attacker encrypts personal or corporate data, rendering gains access to a corporate email account and spoofs it unusable, which is held for ransom until the the owner’s identity to defraud the company victim pays the ransom in the form of employees, customers, or vendors into wiring funds to cryptocurrency. an unauthorized account.
44 Final Words
45 Your Checklist to Protect Yourself
Use password best practices : Longer and stronger passwords (at least 15 characters). A passphrase is a good way to achieve this complexity. Change passwords regularly. Don’t reuse passwords across various sites or applications. Consider a password manager . Set up multifactor authentication (MFA) anywhere you can – especially on financial accounts. Monitor your accounts daily & setup alerts. Update software on all devices and applications. Evaluate the need for cyber insurance policy. Verify access rights & authorized users regularly – especially for online banking and money movement activities such as credit cards approvers, payroll information, vendor invoice payments, etc. Use dual authorization for money movement. Create an incident response plan & practice it regularly – consider using 3rd party providers for assistance Develop procedures/policies around vendor payments/invoice management – such as how to establish a new vendor, update their payment information and what to do if a primary approver is out of the office. Then, practice these processes. Train employees, test, repeat…
46 Questions
47 Submitting a question
To submit a question:
• The Q&A section is automatically open for your use in the bottom right section of the screen • Type your question to All Panelists and select Send
We will answer as many of your questions as we can.
If we do not get to your question, please follow up with your Key Family Wealth advisor.
48 Questions
Gary Poth Rockie Brockway Tammy Gedetsis Executive Managing Practice Lead, Sr. Information Director, Head of Office of the CSO Security Manager Family Wealth TrustedSec KeyBank
49 Learn more
The Key Family Wealth team and the Key Wealth Institute continuously provides timely analysis and financial strategies. For more information contact your Key Family Wealth advisor.
Subscribe to Key Wealth Insights by visiting key.com/kpb and clicking the "subscribe" button.
Provides access to:
• Weekly Key Questions Series • Monthly Investment Perspectives • Monthly Wealth Insights eNewsletter • Our whitepapers, articles, and future Market Minutes Briefings
Follow Key Private Bank on LinkedIn at: linkedin.com/company/keyprivatebank
50 Disclosures
Opinions, projections or recommendations contained herein are subject to change without notice and are not intended as individual investment advice. This material is presented for informational purposes only and should not be construed as individual tax or financial advice. KeyBank does not provide legal advice.
Investment products are:
NOT FDIC INSURED • NOT BANK GUARANTEED • MAY LOSE VALUE • NOT A DEPOSIT • NOT INSURED BY ANY STATE OR FEDERAL AGENCY.
©2021 KeyCorp. 210722-1155228
51