Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure...
Transcript of Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure...
![Page 1: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/1.jpg)
1
![Page 2: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/2.jpg)
Cyber Security
January 20, 2020
![Page 3: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/3.jpg)
August NevermanChief Information Officer &
Chief Information Security OfficerBrown County, Technology Services
August joined Brown County Technology Services as the Chief Information Officer and Chief Information Security Officer in May of 2014 and has been an active leader in the Information Technology industry since 1986. He leads the Brown County Information Security public awareness campaign. Previously, he worked for the Medical College of Wisconsin and the Hospital Sisters Health System, at St. Vincent Hospital. He earned his MIS degree from the University of Wisconsin – Superior and served in the Air Force and Air National Guard.
3
![Page 4: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/4.jpg)
Copy of this Presentation available online
• This presentation is located at the Brown County Website https://www.browncountywi.gov
• Select Departments Technology Services• Select Cyber Security on the left• Click on the Cyber Security Presentation• Share the presentation with family and friends
4
![Page 5: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/5.jpg)
Is this Real? Unfortunately YES
Real-time attacks https://threatmap.fortiguard.com
5
![Page 6: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/6.jpg)
1 in 5 will be hacked
this year
6
![Page 7: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/7.jpg)
62% of businesses saw phishing and social engineering attacks in 2018
7
![Page 8: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/8.jpg)
Bad guys use
automated tools to
attack over 100,000 x per hour
8
![Page 9: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/9.jpg)
Example Headlines Jan 13-17, 20201. Georgia Election Server Showed Signs of Tampering
https://www.securityweek.com/expert-georgia-election-server-showed-signs-tampering
2. Renewed Emotet phishing targets UN, government and military users
• https://www.scmagazine.com/home/security-news/phishing/renewed-emotet-phishing-activity-targets-un-government-and-military-users/
• https://www.infosecurity-magazine.com/news/emotet-locked-onto-us-military-and/
3. Critical WordPress Bug Leaves 320,000 Sites Open to Attack https://threatpost.com/wordpress-bug-leaves-sites-open-to-attack/151911/
4. Texas School District Loses $2.3 Million In BEC Scam• https://blog.knowbe4.com/bec-scam-heists-2.3-million-from-texas-school-district• https://www.foxnews.com/tech/texas-school-district-falls-for-email-scam-loses-2-3m
5. Hackers Earn $275,000 for Vulnerabilities in U.S. Army Systems https://www.securityweek.com/hackers-earn-275000-vulnerabilities-us-army-systems
6. Bill for New Orleans Cyber-Attack $7m and Rising https://www.infosecurity-magazine.com/news/bill-for-new-orleans-cyberattack/
7. City of Las Vegas said it successfully avoided devastating cyber-attack https://www.zdnet.com/article/city-of-las-vegas-said-it-successfully-avoided-devastating-cyber-attack/
9
![Page 10: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/10.jpg)
Data Breach Bad News1. In 2018 hackers stole half a billion personal records2. In 2016 hackers stole 57 million Uber riders and
drivers’ information. Uber tried to pay the hackers to delete the stolen data and keep the breach quite.
3. 3 billion Yahoo accounts were stolen in 2016 4. There were 8,854 recorded major data breaches
between January 1, 2005 and April 18, 20185. Over 3 million IP addresses are known to be involved
in Cyber Crime attacks.6. Symantec reports that 73% of Americans have been a
victim of cyber crime.
10
![Page 11: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/11.jpg)
Compromise Timelines Source: Verizon
11
On Average It Takes 206 Days to Detect a Data Breach
![Page 12: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/12.jpg)
Uncommon Hacking Targets Source: FireEye
12
![Page 13: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/13.jpg)
Who is attacking?The ratios change over time but there are basically 3 types of cyber attackers:
• Cyber Criminals is roughly 70% of cyber attacks with intent to get cash or information to sell for cash.
• Espionage is roughly 25% of cyber attacks. (Countries and Businesses)
• Hacktivists & Cyber Warfare are roughly 5% of cyber attacks. This is hacking for social or political reasons. (Governments and Social Groups)
13
![Page 14: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/14.jpg)
Cyber Attack Motivation Source: Verizon
14
![Page 15: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/15.jpg)
Industry Impacts Source: NTTSecurity
15
![Page 16: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/16.jpg)
Where are we vulnerable?
16
PUBLIC
HOME
WORK
Everywhere
![Page 17: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/17.jpg)
How and Why are we Targets?95% of cybersecurity breaches are due to human error• Even if we aren’t “online” we are targets for financial
theft and identity theft.• We are dependent on our technology, so we need to
protect it & we are too trusting.• Credit Cards, Bank Accounts, Taxes and Social Security
are common financial targets• Children are at risk also, so speak with family and
friends about Cyber risk!It is estimated that hackers stole $19B from consumers and $172 billion in total in 2017
7
![Page 18: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/18.jpg)
Why is this my problem?We have hired guns, limited law and limited to no
emergency response. We are basically living in the Digital Wild Wild West.
18
![Page 19: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/19.jpg)
WHAT CAN WE DO?
19
![Page 20: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/20.jpg)
BE AWARE*
BE SUSPICIOUS
*TRUST BUT
VERIFY
20
![Page 21: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/21.jpg)
When in Doubt
GET HELP!
Find Someone you Trust 21
![Page 22: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/22.jpg)
Disconnect a compromised device to stop
data loss & further
compromise
22
22
![Page 23: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/23.jpg)
Never Share Your Passwords. If you must share it, RESET it immediately!
23
![Page 24: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/24.jpg)
Long Passwords Pass Phrases
Use long passwords (sentences) “I like rock & roll!” is a good one, it’s long and easy to remember.
Use different passwords for different systems. One way is to use a prefix relative to the system “XYZBank.Ilike2hunt&fish”
24
![Page 25: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/25.jpg)
Demonstration of why long passwords Matter HowSecureIsMyPassword
25
https://howsecureismypassword.net/
![Page 26: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/26.jpg)
Password ManagementUse password management tools like • Lastpass
• DashLane• 1Password• Keepass (free - local)
Some have “family plan”
26
Never keep an unsecured list of userid’s and passwords anywhere (MSWord/Excel are bad places to keep passwords).
![Page 27: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/27.jpg)
Never Share Your Credit
Card, Bank or Social Security Card Numbers
27
27
![Page 28: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/28.jpg)
Be Careful buying online?Debit CardCredit CardPayPaleCheckCash Card
28
Losses may be passed to you, and there may be no loss limits
Limited or no lossOnly buy from websites you trust and even then be careful!
![Page 29: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/29.jpg)
29
There were 3 million identity
theft and fraud reports received in 2018!
Consider $1mil in identity INSURANCE such as:
• Lifelock• IdentityGuard• IdentityDefence• CompletedID (CostCo)
or any other well reviewed service. Some have family plans.
Note: Some homeowner/renter policies may have optional riders.
![Page 30: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/30.jpg)
30
HAVE A PLAN!
• Who would you call?• Who can help? • What do you do if
you suspect you have been hacked?
![Page 31: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/31.jpg)
Email is your #1 Risk!
1) Be suspicious of poor spelling and wording
2) Don’t Click on ANY Attachments or Links
3) Be suspicious of threatening content
4) Check the FROM address
5) When in doubt DON’T OPEN, JUST DELETE (or at least call the sender to confirm)
31
http://www.albany.edu/its/images/SocialEngineeringRedFlags.pdf
![Page 32: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/32.jpg)
32Source: https://www.myalignedit.com/2019/09/tips-for-detecting-a-phishing-email/
![Page 33: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/33.jpg)
33
![Page 34: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/34.jpg)
34
![Page 35: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/35.jpg)
What else can I do?1. Never share your password or UserID
with anyone via email or phone.
4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass - never keep an unsecured list of userid’s and passwords anywhere (MSWord/Excel are bad places to keep passwords).
5. Use two factor authentication (two-step authentication) Google, Microsoft, LastPass, Facebook, and Authy provide free two factor services. Apps are more secure but even SMS is more secure than just a password.
6. Change Default Passwords. Cameras, TVs, firewalls etc.
Over 50% cyber theft uses a STOLEN userid and password.
35
![Page 36: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/36.jpg)
Use two factor (multi factor / two step) login wherever you can.
Free with:Google MailHotmailYahoo MailFacebookTwitterEtc…
36
![Page 37: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/37.jpg)
Watch out for Unsecure WiFi
37
Avoid unsecure wireless & Never use unsecure WiFi for bankingLook for “lock symbol” and check for WPA2 Enterprise.
Android iPhone Windows10
![Page 38: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/38.jpg)
Be Safe Online
1. Create a separate email for junk, a separate email for social (your main one) and a separate one for financial activity.
2. Watch for fake versions of “friends/family” on Facebook, Twitter and Instagram
3. Don’t put too much information on social media. Telling everyone you are going on vacation might feel good, but it tells potential thieves also. If you put too much out there, the bad guys will know your “challenge questions”. Where were you born? What is your mother’s maiden name?
38
![Page 39: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/39.jpg)
Update EVERYTHING! Shodan is a SCADA database of known vulnerable systems – ANYONE can use it. https://icsmap.shodan.io/So UPDATE your devices and CHANGE DEFAULT PASSWORDS
39
![Page 40: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/40.jpg)
Secure Your DNS (Domain Name Service)
40
OpenDNS https://www.opendns.com/ or
Quad9 https://www.quad9.net/Provide FREE DNS security gateway on your router. Its Free and it will block known bad domains.
![Page 41: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/41.jpg)
BACK UP YOUR DATA!
41 41
Back up your Data!
A USB Drive is a good manual choice because it is physically isolated.
Consider cloud backup services like:Acronis, iDrive, Backblaze, Carboniteor any other well reviewed service. Some have family plans.
Note: Some homeowner/renter policies may have optional riders.
Back up your smartphone and computers. Ransomware, a virus or a fire can take away your access, but a
restore can avoid paying rasom.
![Page 42: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/42.jpg)
Don’t give away your data. Destroy the device or at least WIPE it.
42
NO YES
![Page 43: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/43.jpg)
Secure Your Smartphone
1. Add a Pin or password
2. Get Anti-Virus 3. Choose mobile
apps carefully!4. Remember
CallerID can be FAKED
5. Turn off Geotagging
• iPhone disable location services under privacy
• Android under camera settings disable Geo Tags
43
Smartphones have personal information, passwords, email and banking information on them. Protect them!!
![Page 44: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/44.jpg)
Watch out for Malicious SMS/MMS 44
![Page 45: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/45.jpg)
Reduce Unwanted Calls
45
You can use Google Voice to filter spam calls. 1.Get a new number through Google Voice. 2.Have Google Voice forward calls to your NEW cellphone number. Or any other phone.3.Only share the Google Voice phone number with businesses and other people.
Google will block (quarantine) all at least some telemarketers and phone-spammers.
If you don’t want to use Google Voice (or Google Phone) – Here are some spam phone filtering apps for your smartphone
HiyaTruecallerMr. NumberShould I Answer?
![Page 46: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/46.jpg)
Social Scams (social hacking)
• Spring Break Scam: uses publicly accessible information to get loved ones to give out credit card info.
• Fake “Microsoft” Call Center: sounds like a call center because it is. Claims your computer is infected and asks for access and eventually credit card info.
• Fake Purchase orders and Fake Invoices
• Fake IRS, FBI, Red Cross, and Sheriff calls
• Cyber Stalkers – Cyber assisted physical crime46
![Page 47: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/47.jpg)
Spring Break Scam1. Track down public info on a college student going on spring
break. Using social media (Facebook, Instagram, 2. Track down cellphone # and confirm it.3. Call cell to confirm name.4. Track down Grand Parents of person (home phone) confirm
relationship5. Watch to confirm student is in Mexico or Cancun or other
location.6. Call grandma at 2am using spoofed students cellphone number.7. Identify as a friend (not the person) and claim the person is
injured and unconscious. 8. Claim you will be bringing the person to hospital and all is ok.9. Then have someone slam car doors for effect and have a
person who can fake an accent ask for credit card.10. Then ask grandma for her credit card number to get the
student to the hospital with 80% success rate.ACTION: Tell them you will call the cellphone back in just a minute.
47
![Page 48: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/48.jpg)
12 Step Cyber Cheat Sheet
48
1. Think before you act, think before you click, be suspicious of emails, links, attachments, phone calls & websites
2. Back up your data preferably in multiple locations (USB and/or cloud)3. Use LONG passwords and Never Share your Passwords – use unique passwords for
individual systems, Turn on Two-Step (2 factor) authentication – consider password vault such as LastPass or others
4. Secure your smartphone – add a pin/password and anti-virus, turn off geotagging, only use secure wifi
5. Install Anti-Virus/Anti-Malware on Android devices and PCs6. Protect your Identity – consider $1mil Identity Insurance7. Secure your IRS and Social Security Accounts8. Update & Patch EVERYTHING (TV, cameras, PCs, alexa, phones, refrig etc)9. Don’t trust public WiFi look for WPA210. Avoid sharing personal information- bad guys will use it against you11. Create dedicated email accounts JUST for password resets.12. Destroy or wipe old computers, USB drives, disks & smartphones
Have a plan but don’t wait, start today!
![Page 49: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/49.jpg)
Educate – yourself, your community, your family, friends and business partners.
• Share this document. Help others.• Good Cyber Security Information: https://www.us-
cert.gov/ncas/tips (Email & Communication, Mobile Devices, Privacy, Safe Browsing and Software & Applications)
• Phishing Cheat Sheet: https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf
49
![Page 50: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/50.jpg)
References 1: More Reading• https://www.dhs.gov/publication/stopthinkconnect-older-american-
resources
• https://staysafeonline.org/
• https://www.fbi.gov/news/stories/simple-steps-for-internet-safety?utm_campaign=email-Immediate&utm_medium=email&utm_source=fbi-top-stories&utm_content=591509
• https://www.stopthinkconnect.org/
• FTC Fraud:• http://www.consumer.ftc.gov/articles/0275-place-fraud-alert• http://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-
and-credit-freezes• Set up your IRS Transcript email before hackers do:
http://www.irs.gov/Individuals/Get-Transcript50
![Page 51: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/51.jpg)
References 2: Tools• Password Management
• Lastpass https://lastpass.com/• 1Password https://1password.com/
• Two Step (Two Factor Authentication) • Google https://www.google.com/landing/2step/• Hotmail http://lifehacker.com/add-two-factor-authentication-to-your-microsoft-account-
474939951• Yahoo https://help.yahoo.com/kb/SLN15241.html
• WiFi Security• SecurityKISS, CyberGhost, Disconnect.me & Secure Wireless (apps)• https://securitygladiators.com/2015/03/25/secure-wireless-network/
• Other Tools• Microsoft Security Essentials http://windows.microsoft.com/en-us/windows/security-essentials-
download• OpenDNS https://www.opendns.com/home-internet-security/opendns-ip-addresses/• Virtual encryption http://saferweb.com
• Dashlane https://www.dashlane.com/• Keepass (free) http://keepass.info/
51
![Page 52: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/52.jpg)
References 3: Protect Your Identity• IRS Identity Protection PIN (IP PIN)
• Create an IP PIN so the bad guys can file taxes as you• https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-
protection-pin
• https://www.identitytheft.gov/• Social Security Administration Resources
• https://blog.ssa.gov/protecting-your-social-security/
• Identity Insurance Select any well rated vendor that provides $1million in identity Insurance such as (prices are estimates):
• Vendors• IdenityGuard https://www.identityguard.com/ $5 to 10/mo• Lifelock https://www.lifelock.com/ $30 to $50/mo• IdentityForce https://secure.identityforce.com/ $20/mo
• Make sure you are getting $1mil in Identity Insurance not just Identity Protection • Some of the vendors have plans that will cover an entire family.• Check your homeowners insurance – it may have an option for Identity Insurance
52
![Page 53: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/53.jpg)
How Bad Guys Make Money Part 1
53
Full Identity (Fullz Data). Includes a person's: full name, date of birth, address, phone number, mother's maiden name, Social Security number, and driver's license number. Prices: $30-40 U.S. data, $35-$50 U.K. data, $15-$20 Asia
Malware PPI (Pay per Install). The raw compromised computers are used for: botnets, spam hosts, host malvertising, DDOS, relay use, brute force attacks or other attacks. Price: $60 per 1,000 systems worldwide, $400 per 1,000 U.S.-only
Ransomware as a Service (RaaS) offers up wares to criminals using the same model. Price: As low as $120/month (every 14 seconds)
ATM & PoS Skimmers are hardware and software to steal ATM and Credit Card Info. Price: $700-$1,500 each
Account Checkers. Rented services and software that checks to see if stolen credentials will work on other websites. Price: $60/month for checking 1,000 valid accounts
![Page 54: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/54.jpg)
How Bad Guys Make Money Part 2
54
Stolen Credit Card or Bank Account. The hacker resells the accounts. Price: 10% of the total credit available in stolen account.
Money Mules. A "trusted" criminal who accept funds stolen from hacked accounts into their bank account. The money can then be accessed by the crooked "customer," with the mule taking a percentage cut for providing an account to make the handover. Price: 10% to 20% of the take
EIN and Articles of Incorporation. Money mules use shell corporations as a front to open business bank accounts that can be used to shift around fraudulently acquired funds. Price: $800-$1,600 per “entity”
Laundering Service. Full-service money laundering operation that steals from the compromised accounts and then transfers the “take” to PayPal, a bank account or Western Union. Price: 10% to 12% of “take”.
DDoS Attack Services. Botnets rented out to attack anyone. These rentals can be done by the hour, the day, the week, and even the month for longer-term campaigns. Price: $60/hour, $280/day, $479-$679/week, $2,000/month (varies)
![Page 55: Cyber Security - Brown County, Wisconsin · with anyone via email or phone. 4. Consider a secure password management tool – a tool like LastPass, 1Password, Dashlane or KeePass](https://reader033.fdocuments.in/reader033/viewer/2022042401/5f107a4a7e708231d4494dbb/html5/thumbnails/55.jpg)
QUESTIONS?
55