Technology Considerations 2021
Jason Reljac Agenda • Staying secure • Staying connected • Staying resilient • Pro tips
Some of what we will discuss today may relate to the COVID-19 situation, but COVID-19 may have changed things for the long term… Staying secure Passwords What NOT to do
• Sticky notes under your keyboard
• Keeping the same password forever
• Same password over and over and over again
• Passwords that relate to you in any way – If I troll your facebook or linkedin account, can I find information that is a part of your password? What TO do
While it can be a pain, be diligent about your passwords
This applies to your personal accounts as well Struggles
• Having a complex password for each asset that requires a password is difficult
• Typing passwords over and over again is just a pain
• Knowing when assets that you use get hacked is difficult Solution: PW Manager
Password managers can help make the password process sane.
• Keep all your passwords secure with one password – One is easier to remember than a bazillion
• Auto fill details
• Tell you when sites are hacked Options
• LastPass • Dashlane • Bitwarden Premium • 1Password • Keeper Password Manager & Digital Vault Vendors
• LastPass • Dashlane • Bitwarden Premium • 1Password • Keeper Password Manager & Digital Vault 1Password
• Works on computer, phone and tablet
• Can sync the “vault” between all devices
• Works well with 2fa (more on that shortly)
• Can store files along with passwords
• Has a Team/Family option – Allows password sharing
• Watchtower – Alerts you of hacked sites
Considerations
• Website passwords
• Door codes
• Credit cards – Include CVV, dates, contact info
• Driver license & passport details Two Factor Authentication What is it?
Two-factor authentication (2fa) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information
In general, this includes a password and a one time use code provided to you Example one time use
• A code sent to you outside of the website to a known resource – SMS or txt message to your cell phone
– A phone call to your home or work phone number that the vendor knows Example one time use
• A code provided via an authenticator application Example one time use
• A device you plug into • A physical device that your computer provides an ever- changing code When do I need it?
Always
If it is available, set it up If it’s not available, ask if/when it can be When do I need it?
Do I really always need it?
Ok, if it is a website that knows nothing about you it is not necessary but always think about what information someone could gather about you OR how they could impersonate you if they were to log in as you Staying connected Scenario
Thanks to stupid COVID-19, you are working from home and it’s time to complete payroll and transfer things to the bank.
You are using your work provided laptop finishing up payroll review when… Your Internet goes offline Your power goes out Or both… Scenario
You call your internet provider or electric company and ask what’s up and they tell you a pole is down but not to worry; things will be back online tomorrow.
What are your options? Options
1. Go to a local coffee shop/Panera, etc to finish
2. Go to the Library
3. Go to a family member’s house
4. Go into the office to finish Options
1. Go to a local coffee shop/Panera, etc to finish
2. Go to the Library
3. Go to a family member’s house
4. Go into the office to finish Quick solution
Use your phone as a hotspot to get connected to the internet and finish payroll
Does your phone have good connectivity in your house? Is it fully charged, or do you have an external battery? Better solution
Have a Mifi on standby for people that have roles that require connectivity – Payroll – IT
They are inexpensive and can be setup to be billed on a as used basis Better solution
Get a reasonable sized uninterruptable power supply (UPS)
This provides you a place to plug in your laptop/phone/MiFi/internet modem/WiFi gear to keep things running when the power goes out Staying resilient Backups Backups
What would happen to you if you went back to the office today and found out that you lost all the work you had done from the last 7 days? Gone like the wind Backups
Then you found out it was not backed up… So, it’s gone for good Backups
• While IT may be responsible for backups, it’s your data so be involved – Ask questions – Be sure they are confident
• Using the cloud does not mean you can forget about backups
• Do they follow the 3-2-1 strategy? 3 – 2 – 1
• Keep 3 copies of any important file – 1 primary/working copy – 2 backup copies
• Keep the files on 2 different media types to protect against different types of hazards
• Store 1 copy offsite – Outside your business facility or home Do you backup your digital family photos? Backups
It is your data so be responsible for it
Some questions you should be asking… Backups
• Ask your cloud vendor(s) – What is their backup process? – What is their testing process? – What is their restore process? – What is their redundancy option? – Where do backups go? (cloud, off site?) – Are backups encrypted? Backups
• Ask your cloud vendor(s) – What is their backup process? – What is their testing process? – What is their restore process? – What is their redundancy option? – Where do backups go? (cloud, off site?) – Are backups encrypted? Backups
• Ask your IT group – What is their backup process? – What is their testing process? – What is their restore process? – What is their redundancy option? – Where do backups go? (cloud, off site?) – Are backups encrypted? Backups
• Ask your IT group – What is their backup process? – What is their testing process? – What is their restore process? – What is their redundancy option? – Where do backups go? (Cloud, off site?) – Are backups encrypted? Ransomware Ransomware
What would happen to you if you went back to the office today and found out that all of your payroll files had been changed in such a way that you could no longer open and read them? Not good Backups
Then you found out that the last backup contains only encrypted files
And the one before that failed And the one before that failed And the one before that failed Testing and alerting isn’t working Really not good Ransomware
What happened?
You were hit with Ransomware This is going to stink Ransomware
What is it?
Ransomware is a form of malware that encrypts your files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Ransomware
This really happens, more often than you think
Several clients have been hit with ransomware in the last year and in each case, it cost them thousands of dollars in ransom payments and even more in lost time Ransomware
But my stuff is in the cloud, it’s safe there…right? Ransomware
But my stuff is in the cloud, it’s safe there…right?
You need to trust and count on your vendor. Somehow, you need to know they are doing all things necessary to prevent this from happening to your data. SOC Reports Boring but important stuff SOC Reports
What is a SOC Report?
A service organization controls (SOC) report is a way to verify that an organization is following some specific best practices before you outsource a business function to that organization. SOC Reports
What does a SOC Report tell me about a vendor? – Security – Availability – Processing Integrity – Confidentiality – Privacy – Controls related to financial reporting – Controls related to Cybersecurity SOC Reports
Two things worth reading
https://bit.ly/3eGcSYk
https://bit.ly/3ebGbmQ SOC Reports
Why ask for a SOC Report? Lots of reasons but two important ones…
1. Do they have a good backup process in place? 2. Do they have strong security controls in place? To prevent ransomware and the like… Pro Tips #1
Ctrl + F is your friend
• Use this in Excel, Word, Your Web Browser to quickly find text in a long document • Typically, you can hit
Ctrl + C, X, V, Z and T are nifty as well
• Copy • Cut • Paste • Undo • New tab (in your browser) #3
Printing to PDF
• Perfect way to send documents, articles from web pages, invoices in a browser, etc… • Allows you to save and search later on • Readable on most anything by anyone #4
Duck Duck Go in place of google
• If you are concerned about how much google knows about you consider trying Duck Duck Go as a search engine https://duckduckgo.com/