WelcomeScrogginsGrear clients

to

Cybersecurity Education Series

File Encryption & Cloud Security

Presenter: Ray Cool, CEOPBSI Technology Solutions

Webinar will begin at 1:00

WelcomeScrogginsGrear clients to

Cybersecurity Education Series

File Encryption & Cloud Security

Series Goals• Educate listeners how to protect electronic valuables• Improve knowledge about electronic security• Provide practical information about what to change and how to do so

Topic Summaries• Securing Personal Data - Overview recording available• Email Security Practices recording available• File Encryption & Cloud Security today’s topic• Password Management & Public Wi-Fi 4 of 4

2

Agenda

File Encryption & Cloud SecurityProtecting Important Personal Information

• When and why file encryption is important• Protecting important files “at rest”• Protecting confidential information during transmission• Using the cloud securely

3

PBSI Technology Solutions

“IT Security Specialists”

4

Who is PBSI? Technology Services provider for hundreds of clients in the tri-state Experienced – 75% of staff have 10+ years experience w/PBSI Proactive IT security monitoring for healthcare, business and professionals

Protecting (Encrypting) Files “at rest”

What is file encryption and why is it important?• Encryption is a term describing data that can’t be read without a private “key” (password)• Encrypted data is garbled so that if opened it can’t be easily read or interpreted• Encryption security varies based on technology used AND based on length of “key” (the password)• Long or complex passwords are encouraged. Length is the enemy of hacker decryption software

Encrypting sensitive files “at rest”• Why? From whom are you protecting info? Future hackers – If hacked, what could they learn & how would you know?• Which files should be encrypted? Any/all that contain Personally Identifiable Information (PII) or Protected Health Info (PHI) • Protected information includes SS#s, CC#s, DOBs, Account#s, DL#s, PP#s, medical information

Demonstration

Know what files need encrypting - Risk Intelligence Scanning How to Encrypt a file “at rest”

Protecting (Encrypting) Files During TransmissionWhy are we required to encrypt sensitive files during transmission? - Email traffic can be easily intercepted

How to encrypt sensitive files during transmission (Email) – 3 Choices• Encrypt the email – Requires purchase of an email encryption tool• Encrypt attachment(s) - and provide the password to the recipient – using different medium (text or voice)• Use a secure file sharing portal – like ScrogginsGrear’s ShareFile

Demonstration

How to Encrypt an Email in Transit

Encryption – Office 365 Azure Information Protection (AIP)• Includes Office 365 Message Encryption - ability to encrypt emails• Provides “Do not forward” option• $ 2 per month per user

Recipient sees• General external recipient (gmail, yahoo, etc.)

• 1-time passcode, or• Login with “gmail”. Once chosen, setting on future emails is remembered

• Inside same Domain – no prompt to open, but other restrictions apply (i.e.: “Do not forward”)

Using Cloud Storage Securely

Benefits & risks - When and why consider cloud storage?

When to consider cloud storage?•Multi-location access - Home and other locations•Multi-device access (PC /laptop /iPhone /iPad) •Critical need for availability (when my work network connection is down or unavailable)•Concerned about local PC backup •Concerned about reliability – Remove files from uncertain IT environment

Which Vendor?•Most of us: Microsoft SharePoint or Google Drive•If you wish: Dropbox, Box, Apple iCloud, Amazon, Adobe, others

Do I need to encrypt cloud files?•Files with PII or PHI – Strongly recommended•If you store important documents in Cloud – use a long complex (#!@%) password

Managing Location of Files and FoldersIf you use cloud storage – plan in advance

Process for setup of Shared Folders in a typical office: Establish policy “No organization documents on C:\ drives”Establish “Policies and Guidelines for Shared Folder Use” – Publish and train before first “share” dayCRITICAL: “Move” – Do NOT “Copy” – Multiple locations for same files is a disaster waiting to happenSetup shared drive(s) on a secure internal or web-hosted location, (“E”: is an example)Map the shared drives and folders(s) on each employee’s PC (security-specific permissions per employee)Customize MS Office apps on each PC to default “save” location to a shared folder

Keep documents with PHI or PII (Personally Identifiable Information) in separate folder(s)•To setup a sub-folder – right click, add “folder”; name the folder (i.e.: Documents \ Tax Information)

Summary of Today’s Webinar – File Encryption & Cloud Security

Document Security Principles• Encrypt files “at rest” that include protected information (SS#s, CC#s, DOBs, Account#s, DL#s) • Encrypt files during transmission that contain PII or PHI

Use the Cloud securely• Don’t send, receive or ACCESS protected information on public Wi-Fi – unless using a VPN• Don’t store protected information in the cloud - unless the file is encrypted

Summary - Essentials of Securing Personal InformationSecure your Desktops, Laptops & Phones

• Antivirus & Malware protection – auto updated without manual intervention, daily vulnerability scanning• Desktop Patch Management - Security issues frequently related to un-updated software patches• No unapproved downloads on PCs – Malware comes from somewhere….. Downloads are a BIG culprit• Backup (preferably encrypted) on an automated schedule – inexpensive protection

Email Security – Train all staff• Evaluate emails carefully – Ensure that all staff learn the caution steps• Consider Office 365 w/ Advanced Threat Protection ($2/mo)

Encrypt sensitive information• Encrypt all emails containing protected information PHI or PII• Encrypt protected information at “rest” – one malware and ransomware infestation can create BIG risks

Manage passwords carefully• Do NOT re-use passwords on sensitive sites• Consider a password manager – life can be simpler, and risks can be avoided

Know if your PCs are safe• Online security monitoring – inexpensive and very worthwhile

Be an active leaner - Encourage every staff member and family member to learn secure behavior• Training is inexpensive. Mistakes are not.

Webinar Summary

Thank you for your attendance – and thank you to our friends at ScrogginsGrear

Handout will be provided “MS Office and pdf File Encryption”

How can PBSI help you? - All new client pricing will be discounted for ScrogginsGrear clientsScrogginsGrear Discount - 25% for individuals - 10% for organizations

Contact PBSI for free quotes Discounted SG Cost• Online Security Monitoring - Antivirus, Patch Management, Vulnerability Scans $3 - $6 /mo for SG clients• Risk Intelligence Scanning $2 - $3 /mo for SG clients• Online Backup with Ransomware protection• Concierge Security Services – Your own security advisor for a low fixed fee per year

Webinar Follow-upCall or email questions, or free quotation (513) 772-2255 itservices@pbsinet.com Speaker contact Ray Cool, CEO (513) 924-3915 rayc@pbsinet.com

Upcoming Webinars (you can still register – need to register individually for each webinar)

Securing Personal Information recording available on requestEmail Security Practices recording available on requestFile Encryption & Cloud Security today’s topicPassword Management & Public Wi-Fi Thursday, Nov 15, 2018 1:00