Understanding

Cyber Securityand a practical approach to

protecting your environment

May, 2018

Who Is Your Presenter?

Back ground

– Degree in Economics – Western Washington University

– Over 18 years in Information Technology

– Started career supporting software developers

– Moved to Medical IT more than 14 years ago, focusing on EMR

– 6 of last 7 years with BlackPoint-IT Services as a vCTO and consultant

Review of Cyber Threats Identified

• Hackers and Cyber-Criminals, who they are and how their tactics and motivations have evolved

• Exploitation of Trust and Social Engineering

• Rate of increase of occurrence, more than a billion records stolen in 2014

• Cyber Criminal Enterprises explained

• Stolen Information = $$$, PHI specifically valuable

• Credit Fraud

• Medicare/Medicaid Fraud

• Recommendations

Cyber Attacks – A Long History

• 2 teens cause DoS with new electronic phone system

• German Enigma machine is hacked

• Bombe machine is developed to automate encryption

• MIT AI Lab hacks electric trains, dumps passwords form IBM 7094 systems

• Cap’n Crunch/Yippieteaches phreakers how to make free phone calls

• 414 Hack group hacked Los Alamos Lab (1st large scale) WORMS: Christmas Tree, Morris, WANK

• First National Bank of Chicago Hacked for $70M

• Hacker Manifesto• Legion of Doom and Chaos

Computer Club

• ATT DoS, millions with no service

• Citigroup hacked for $10M

• Windows NT security hacked

• Pentagon, USAF, NASA all hacked

• Spam emerges

1870s 1930s 1960/70s 1980s 20161990s 2000s

• Spear phishing of Secretary of Defense

• Cell phone hacks• PlayStation network hacked• Coordinated ATM attacks• Coordianted DoS attacks• Large scale retail and

financial institutions hacked

• Internationally organized cyber crime

• Automated and repeated DDoS attacks

• “How to Attack” tutorials on YouTube

• Hire-a-Hacker • Crypto ransomware

hostage crisis• Sophisticated spear

phishing

Definition

• Cyber AttackA cyber attack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Cyberattack is also known as a computer network attack (CNA).

• Cyber attacks may include the following Identity theft, fraud, extortion

Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses

Stolen hardware, such as laptops or mobile devices

Denial-of-service and distributed denial-of-service attacks

Breach of access

Password sniffing

System infiltration

Website defacement

Private and public Web browser exploits

Instant messaging abuse

Intellectual property (IP) theft or unauthorized access

Cyber Security is most like…

There are different degrees of incidents– Baby on Board! (Health Care)

Don’t live in daily fear

Take it seriously, it happens EVERY day

Not just a matter of Bad Luck

Decisions made long before an accident, dramatically affect the outcome

Case Studies

Spear Phishing

– Malware Tracks Emails• Names

• Titles

– False Request • Looks Real

• Reply re-routes to hacker

– Time Frame: 2 days• Several emails exchanged

What did we learn?

– Attacks are getting sophisticated

– Attacks come from people we know

– Implement a two step verification process

– Anti-Virus needs real time protection

Case Studies

Ransomware

– Personal Email is common entry point

– Open Internet allows Public Key access

– Evades Anti-Virus through “user initiated”

– Encrypts all files user has access to

– Data inaccessible

What did we learn?

– No Personal Email access on company computers

– File Permissions are extremely important

– Internet access should be limited

– Backups are important, but Recovery Plan is essential

Everyone is a Target

Best Practices – Proactive Approach

Firewall

– Check your common ports, who has access?

– Is your firewall current with firmware, updates and intrusion protection?

– Verify older polices and remove any access not necessary

– Do not allow remote management

Patching and Updates

– Have a plan to routinely patch and update systems as vulnerabilities are ANNOUNCED by manufactures

Best Practices – Proactive Approach

Email Scrubbing

– Protect your internal systems by off-loading email protection

– If internal, use firewall zoning methodology (DMZ)

Anti-Virus

– Make sure it does Real-Time scan protection

– Make sure agents are kept current with virus definitions

– Consider solutions that offer alerts that notify you when a virus or malware has occurred to prevent further spread of the infection

Everyone is a Target

Best Practices – Proactive Approach

Password Polices– Implement sophisticated passwords

– Implement a lock-out policy

– Implement password change timetable (HIPAA Required)

Access Permissions– Limit access only to what people need

– Never use accounts with Admin privileges unless doing admin work

Encrypted Connectivity– Encrypt any VPN connection for remote access

– Encrypt all data sharing between partners

Everyone is a Target

Best Practices – Proactive Approach

Internet Limits

– Limit access to only what is needed

– Use tools and services to block internet categories and content (if applicable)

– Use regional blocking whenever possible and appropriate

Dual Layer Authentication

– Dual authentication is required by HIPAA for EMR

– Force dual authentication for remote access

Everyone is a Target

Best Practices – Proactive Approach

End-User Acceptable Use Policy– Non-company email

• Yahoo, Google, Hotmail, etc.

– Social Media• Facebook

– On-Line Shopping

– Never download, especially free, software from the Internet

• Unless approved by your IT support provider

When all else fails…

Backups – Recovery of lost data

– Consider backup intervals

– Consider backup retention

Disaster Recovery – Predetermined plan of action to guide a company back into production after a major IT event

Business Continuity – Disaster Recovery strategy that focuses on minimizing recovery timeframe for continuation of business operations

A Little About BlackPoint

BlackPoint IT Mission and Values

At BlackPoint, we simplify IT for our clients. With more than 30 years of technology and business IT services expertise, we thrive on exceptional service and use technology to further enable the success of our clients.

We take business personally and believe in giving back to our clients and the community.

By working as a team, we align our services and technology solutions with the goals and objectives our clients to deliver business value and service that’s second to none.

Follow BlackPoint

• Facebook & Twitter: @BlackPointITStay up-to-date with our current events, blog articles, fun & informational news articles from the IT world at large

• LinkedIn: @blackpoint-it-servicesCurrent events, blog articles, new product launches, discussions on what really matters to business owners & IT professionals

• Website: @blackpoint-it.comLearn more about our company, our products & solutions, plus you can download white papers & case studies, sign up to follow our blog & newsletter, and more!