Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
WelcomeScrogginsGrear clients
to
Cybersecurity Education Series
File Encryption & Cloud Security
Presenter: Ray Cool, CEOPBSI Technology Solutions
Webinar will begin at 1:00
WelcomeScrogginsGrear clients to
Cybersecurity Education Series
File Encryption & Cloud Security
Series Goals• Educate listeners how to protect electronic valuables• Improve knowledge about electronic security• Provide practical information about what to change and how to do so
Topic Summaries• Securing Personal Data - Overview recording available• Email Security Practices recording available• File Encryption & Cloud Security today’s topic• Password Management & Public Wi-Fi 4 of 4
2
Agenda
File Encryption & Cloud SecurityProtecting Important Personal Information
• When and why file encryption is important• Protecting important files “at rest”• Protecting confidential information during transmission• Using the cloud securely
3
PBSI Technology Solutions
“IT Security Specialists”
4
Who is PBSI? Technology Services provider for hundreds of clients in the tri-state Experienced – 75% of staff have 10+ years experience w/PBSI Proactive IT security monitoring for healthcare, business and professionals
Protecting (Encrypting) Files “at rest”
What is file encryption and why is it important?• Encryption is a term describing data that can’t be read without a private “key” (password)• Encrypted data is garbled so that if opened it can’t be easily read or interpreted• Encryption security varies based on technology used AND based on length of “key” (the password)• Long or complex passwords are encouraged. Length is the enemy of hacker decryption software
Encrypting sensitive files “at rest”• Why? From whom are you protecting info? Future hackers – If hacked, what could they learn & how would you know?• Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI) • Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information
Demonstration
Know what files need encrypting - Risk Intelligence Scanning How to Encrypt a file “at rest”
Protecting (Encrypting) Files During TransmissionWhy are we required to encrypt sensitive files during transmission? - Email traffic can be easily intercepted
How to encrypt sensitive files during transmission (Email) – 3 Choices• Encrypt the email – Requires purchase of an email encryption tool• Encrypt attachment(s) - and provide the password to the recipient – using different medium (text or voice)• Use a secure file sharing portal – like ScrogginsGrear’s ShareFile
Demonstration
How to Encrypt an Email in Transit
Encryption – Office 365 Azure Information Protection (AIP)• Includes Office 365 Message Encryption - ability to encrypt emails• Provides “Do not forward” option• $ 2 per month per user
Recipient sees• General external recipient (gmail, yahoo, etc.)
• 1-time passcode, or• Login with “gmail”. Once chosen, setting on future emails is remembered
• Inside same Domain – no prompt to open, but other restrictions apply (i.e.: “Do not forward”)
Using Cloud Storage Securely
Benefits & risks - When and why consider cloud storage?
When to consider cloud storage?•Multi-location access - Home and other locations•Multi-device access (PC /laptop /iPhone /iPad) •Critical need for availability (when my work network connection is down or unavailable)•Concerned about local PC backup •Concerned about reliability – Remove files from uncertain IT environment
Which Vendor?•Most of us: Microsoft SharePoint or Google Drive•If you wish: Dropbox, Box, Apple iCloud, Amazon, Adobe, others
Do I need to encrypt cloud files?•Files with PII or PHI – Strongly recommended•If you store important documents in Cloud – use a long complex (#!@%) password
Managing Location of Files and FoldersIf you use cloud storage – plan in advance
Process for setup of Shared Folders in a typical office: Establish policy “No organization documents on C:\ drives”Establish “Policies and Guidelines for Shared Folder Use” – Publish and train before first “share” dayCRITICAL: “Move” – Do NOT “Copy” – Multiple locations for same files is a disaster waiting to happenSetup shared drive(s) on a secure internal or web-hosted location, (“E”: is an example)Map the shared drives and folders(s) on each employee’s PC (security-specific permissions per employee)Customize MS Office apps on each PC to default “save” location to a shared folder
Keep documents with PHI or PII (Personally Identifiable Information) in separate folder(s)•To setup a sub-folder – right click, add “folder”; name the folder (i.e.: Documents \ Tax Information)
Summary of Today’s Webinar – File Encryption & Cloud Security
Document Security Principles• Encrypt files “at rest” that include protected information (SS#s, CC#s, DOBs, Account#s, DL#s) • Encrypt files during transmission that contain PII or PHI
Use the Cloud securely• Don’t send, receive or ACCESS protected information on public Wi-Fi – unless using a VPN• Don’t store protected information in the cloud - unless the file is encrypted
Summary - Essentials of Securing Personal InformationSecure your Desktops, Laptops & Phones
• Antivirus & Malware protection – auto updated without manual intervention, daily vulnerability scanning• Desktop Patch Management - Security issues frequently related to un-updated software patches• No unapproved downloads on PCs – Malware comes from somewhere….. Downloads are a BIG culprit• Backup (preferably encrypted) on an automated schedule – inexpensive protection
Email Security – Train all staff• Evaluate emails carefully – Ensure that all staff learn the caution steps• Consider Office 365 w/ Advanced Threat Protection ($2/mo)
Encrypt sensitive information• Encrypt all emails containing protected information PHI or PII• Encrypt protected information at “rest” – one malware and ransomware infestation can create BIG risks
Manage passwords carefully• Do NOT re-use passwords on sensitive sites• Consider a password manager – life can be simpler, and risks can be avoided
Know if your PCs are safe• Online security monitoring – inexpensive and very worthwhile
Be an active leaner - Encourage every staff member and family member to learn secure behavior• Training is inexpensive. Mistakes are not.
Webinar Summary
Thank you for your attendance – and thank you to our friends at ScrogginsGrear
Handout will be provided “MS Office and pdf File Encryption”
How can PBSI help you? - All new client pricing will be discounted for ScrogginsGrear clientsScrogginsGrear Discount - 25% for individuals - 10% for organizations
Contact PBSI for free quotes Discounted SG Cost• Online Security Monitoring - Antivirus, Patch Management, Vulnerability Scans $3 - $6 /mo for SG clients• Risk Intelligence Scanning $2 - $3 /mo for SG clients• Online Backup with Ransomware protection• Concierge Security Services – Your own security advisor for a low fixed fee per year
Webinar Follow-upCall or email questions, or free quotation (513) 772-2255 [email protected] Speaker contact Ray Cool, CEO (513) 924-3915 [email protected]
Upcoming Webinars (you can still register – need to register individually for each webinar)
Securing Personal Information recording available on requestEmail Security Practices recording available on requestFile Encryption & Cloud Security today’s topicPassword Management & Public Wi-Fi Thursday, Nov 15, 2018 1:00