50
Are You Secure? (No You’re Not)
Cybersecurity & the Hospitality Professional
Jim SpellosMeetings Today Webinar
February 24, 2016
In The News…Privacy & SecurityIs It a Simple Choice?
Also In The News…Ransomware
$17,000 ~ 40 bitcoins
Also In The News...Mobile Payment Security
MasterCard announces “Selfie Pay” security checks for cardholders.
What’s the Difference? Privacy vs Security
Privacy
•Web sites you visit
•Purchases
•Content of your personal communications
Security
•Bank account
•Organization database
•Corporate secrets.
How information about you and your behaviors is stored
and shared online
Protecting yourself from theft and malicious misuse of your data, money or information.
Who Is The Weakest Link In Your Organization’s Security?
Hint…remember the mantra from the game show
At Least I’m Safe Here at My Conference!
• Encryption – SSL & Apps
• Bluetooth & Beacons
• Evil Twins.
When you have some time, view Pablos Holman’s TED talk on security.
The Conference Internet Security Conundrum
•Is the hotel/CC connectivity always more secure than a private network?
•Who’s responsibility is it for internet security? – Attendees, Hotel, Planner?
•Planner question – Are you willing to pay more money for guaranteed security?
Privacy
Issues
•Government snooping
•Retargeting…
What You Can Do
Privacy – Retargeting
Privacy
Issues
•Government snooping
•Retargeting
•“Customized” pricing
•Spooky targeting
What You Can Do
Target’s Spooky Targeting
Privacy
Issues
•Government snooping
•Retargeting
•“Customized” pricing..
•Spooky targeting.
What You Can Do
•Browse in “Incognito” mode
•Personal VPN
•Be careful.
Who Knows This Company?
Just The Stats, Ma’am: Ashley Madison
•Public knowledge – July 19, 2015
•28 million email addresses leaked
•13,000 from .mil and .gov domains
•3 using Vatican.com
•1/3 of all email accounts were found to be invalid.
Security
Techniques
•Man In The Middle…
What You Can Do
Security
Techniques
•Man In The Middle
•Phishing…
What You Can Do
Think Before You Click!
Security
Techniques
•Man In The Middle
•Phishing
•Spearphishing
•Dictionary Attacks
•Password re-use attack
•Keystroke logger
What You Can Do
•Vigilance
•Auto Updates
• Insist on SSL
•Personal VPN
•Two-factor authentication
•Password Manager
Just The Stats, Ma’am: Premera Blue Cross
•Announced to public March 18, 2015
•11 million records stolen, potentially including:
•Social security numbers
•Bank information
•Medical information
•Email & physical addresses.
Have You Ever Been Hacked?
What’s a Packet Sniffer?
Just The Stats, Ma’am: Target
•Hacking took place November 27 – December 15, 2013
•40 million credit cards stolen
•70 million records (including physical & email addresses)
•$200 million cost to credit unions (for re-issuing ~22 million cards)
•46% decrease in profit (4Q 2013 vs 4Q 2012).
Something You Have…Something You Know… Something You Are - Authentication
•One factor
•Two step – Password + PIN
•Two factor – Password + Something you have/are.
Two Factor… Is the Inconvenience Worth the Effort? You bet it is!
Your Security Essentials…What Do YouUse & Why?
•Firewalls
•Anti-virus
•Anti-malware
•VPN
•Password Manager
•Common Sense.
Do You Use a Password Manager?
I (Probably) Know Your Home Router Password
2015’s Most Popular Passwords
•123456
•password
•12345678
•qwerty
•12345
•123456789
•football
•1234
•1234567
•baseball
•welcome
•1234567890
•abc123
•111111
•1qaz2wsx
•dragon
• master
• monkey
• letmein
• login
• princess
• qwertyuiop
• solo
• starwars
Your Privacy Sweep… More You Can Do
•“Social” Security – Facebook Privacy
•Google 2 Step Authentication
•Private browsing.
This Really Doesn’t Fit In Here, But…
•Cloud based premium
•Freemium tools
•Niche backup
•External drive.
Are you backing up your mobile devices as well?
What App Permissions Are in Your Organization/Conference App?
Revoking App Permissions
iOS
•Settings
•Go to app
•Privacy tab.
Android
•Prior to 6.0 (Marshmallow), only with rooted phone
•ApOps App.
Your Security Scorecard
Security Question Points
Do you have an anti-virus product installed & always running?
Do you have an anti-malware solution installed & always running?
Do you always use a personal VPN when on public Wi-Fi?
Do you always have your auto-updates on?
Do you only use Apple products?
Do you use a password manager?
Do you only download apps from official app stores?
Do you only click on an email link if you’re 100% certain it’s authentic
Do you have the most updated version of your browser
Do you use two step authentication whenever possible?
Does nobody else ever use your computer?
Your Security Scorecard
Security Question Points
Do you have an anti-virus product installed & always running? 10
Do you have an anti-malware solution installed & always running? 10
Do you always use a personal VPN when on public Wi-Fi? 15
Do you always have your auto-updates on? 15
Do you only use Apple products? 0
Do you use a password manager? 10
Do you only download apps from official app stores? 10
Do you only click on an email link if you’re 100% certain it’s authentic 10
Do you have the most updated version of your browser 5
Do you use two step authentication whenever possible? 10
Does nobody else ever use your computer? 5
We’re Not Done Yet…Bonus Points (sort of)
Security Question Points
Do you have lots of common sense? 0
Do you use Internet Explorer -10
Do any kids under 21 use your computer? -25
Do your parents use your computer -25
Do both your kids & parents use your computer?** -100
**Note – You should get a computer just for yourself
The 4-A Program to Becoming Digitally (More) Secure
Activate - Auto updates & anti-virus/malware
Always - Use a password manager & VPN
Ask – All vendors about PCI compliance & encryption
Authentication – Always two ways, whenever possible.
Thanks!
James Spellos
094-XX-XXXX
You didn’t think I’d give you my Social
Security Number, did you?
////////////////
Also thanks to my good friend, Jordan Schwartz of Pathable.com for all his security knowledge & wisdom.
•
•
