Help Me With Sign Maryland Banking Moving Checklist

Help me with industry sign banking maryland moving checklist

good morning and welcome to today's webinar my name is david newson and i'm a partner at bos and also the host of our perspectives podcast today marks the 342nd day of working from home and it is ever present on my mind that we are social beings i miss my colleagues i miss my friends i miss seeing others with shared visions of a better future through my nonprofit work i know i speak for all of us at bos when i say we miss seeing all of you too i would like to express our collective gratitude to the clients of the firm attending today gratitude for the opportunity to serve you your families and those you care about remains at the center of everything that we do thank you please take a moment and read the disclosures on the slide i'm about to put up associated with today's presentation um okay it is no secret that as technology permeates virtually every aspect of our lives incredible amounts of personal data are collected and analyzed most of the time to make our lives easier there is also a world of hackers seeking that very information for personal financial gain we need not look further than the recent headlines to read about the apple and solar winds breaches to remind us to be vigilant it is in this spirit that we are hosting this program as mentioned in the invite this webinar and q a session is the first part of a two-part bos webinar series designed to cover the basics of personal cyber security and will cover risks associated with passwords email wi-fi and endpoints texting and social media think of this as a 100 level course or math for english majors our next webinar will be more advanced stay tuned for the date also just as a housekeeping note um we will be using the q a feature in zoom so as we move through the presentation if you would like to submit your questions at the lower uh part of your zoom window you should see q a click on that and submit your questions leading today's discussion will be my fellow partner carol bens carol is the firm's president and chief operating officer and oversees many strategic areas of the firm including human capital legal and compliance as well as our technology stack please welcome carol benz thank you so much david it's pleasure to be here today the threat of cyber attacks as you mentioned is indeed real and it does affect each of us many of you may have watched sunday's 60 minutes segment on the solar winds breach and seeing your stress level rise a notch or two it is easy to feel vulnerable under these circumstances so we recommend separating what you can control from what you cannot control today you'll learn some practical information about how to develop a cyber security program in those areas you can control needless to say we strongly emphasize security at bos we have adopted a three-pronged approach to security that focuses on partnerships controls and culture first in delivering services to our clients we work with established and proven industry partner organizations and each partner is carefully vetted prior to our engaging them second we have established controls that provide a nearly 360 degree view of our technology infrastructure which regularly monitor our processes and are set up to alert us of potential issues we use tools such as firewalls anti-virus and anti-malware software spam filtering and others to name just a few and we periodically review and audit those controls third and finally we strive to build a culture of transparency and awareness through which our team members are educated about threats threats and are encouraged to ask questions and spot potential issues we recognize harvard that it is impossible to be absolutely fail safe breaches are in fact even more likely to happen at the personal level in personal email accounts through the phones we use every day at our homes and by way of our online transactions so our guest expert today will address those four areas dr tanya neil is a computer scientist and an entrepreneur a self-proclaimed geek she earned a bachelor's in mathematics and computer science from emory a master's in computer science from the university of maryland and a phd in computer engineering from northwestern she began her career as an applied scientist for the national security agency and went on to serve as chief technology officer for private client resources and then investnet prior to founding infograde and information technology consulting company where she currently serves as the ceo and speaking of tanya i've been struck by the juxtaposition of her deep technical knowledge and her calm pragmatic demeanor she's an experienced hands-on programmer a technology expert and a visionary with a heavy focus in wealth management cyber security i think she definitely has the skills to be a hacker but she instead uses her extensive talent to help people and companies so it's a pleasure to welcome tonya tonya i'll start off by saying it's virtually impossible to function in today's world without email so i'd love to know where our email is most vulnerable and how we can protect ourselves in that area sure thank you so much for having me today and thank you everybody for joining yes email is um very very common and phishing um which is them sending emails that impersonate or make you believe that it's interesting to capture your credentials is the most important part we've seen in kovid that there's been a 300 increase in reported email scams so that is going up dramatically and those scams um are impersonating apple netflix paypal your bank microsoft amazon etc so they obviously don't look like the ones that you would expect if you looked in your spam filter you may see ones that are more predictable where urls or the word prescription or um or cd sites are immediately captured but then there are many sites that you wouldn't um you know notice that would seem normal in your email to get an email from a netflix or paypal or facebook or what have you and those are sometimes real and sometimes not and obviously that's the trick so we've seen an increase in the number of scams and they're using those different um emails to hopefully either one uh have an attachment um a document an executable that will actually go down to your computer and deliver malware onto your computer malware is the virus that sits on your computer and most of the time email is trying to actually get this malware down to your computer that is a significant place where the majority of your viruses come from um and 80 um of all attacks are fishing attacks so when you look at phishing most people think of email phishing it is the most common type of um attack there's the generic email fishing and that's just a statistics game in that case the hacker is literally um just blasting out they've downloaded they've got and they've bought millions of email addresses and they're just sending them out hoping that you'll click on them they're you know they can be really obvious and they can be less obvious like i said impersonating apple or netflix or hulu but then there are more cd ones where you may have a linkedin profile and with a linkedin profile they can tell where you work they can tell who might be your boss they can tell who might be your partner and they use that type of information to quickly generate emails that are more thoughtful and actually reference somebody else that you may know um there are other ones um where they have links um and they say maybe it's carol um sending an email and it says well this is carol we're updating our cyber security here at bos please re-enter your credentials for your email and it looks good because carol obviously works at bos and that makes sense and cyber security is very important so people may click into that email and enter their username and credentials thinking that that was part of their job those are very very effective ones and the ones that most people fall for is when they're referencing somebody that you know so whether it's facebook or linkedin or some other social media site maybe you've entered a race you're a runner you had a 5k time you know um you know the other 5k times and members maybe they'll send you a note from the race people are using that kind of public information maybe you bought a piece of art maybe you were at a charity events pre-covet obviously and there and they have a picture of you and who you are standing within the photo caption and they can use those names to then send you a more personal one um the whaling um is a specific type of fishing where if you have a c in your title right if you're a c-suite person or perhaps you're um you know you start with doctor those are good ways for them to figure out that you're probably worth attacking and so they use that information again your title um your degrees and so forth to figure out if it's actually worth it so they'll spend more time on a whaling attack than they will on a common phishing attack because statistically doctors are great targets they make a lot of money don't have a lot of time um and so with just a couple clicks of information around what hospital you may work at or where you're affiliated in charities they can capture interesting information about your uh fellow colleagues and send your personal uh attempt those are much more tricky to figure out so the thing to do is when you get the email if you are suspicious there's a name that appears in the top of your email that's just the display name so that could be my name it could be the person that you were running the 5k with it could be the picture it could be the name of the person that you were just photographed with at that charity event but that's not actually their email address and so you actually have to hover over that to determine if that is actually their email address so you want to not fall for the display name you want to actually look and see the email address and many times they'll even do an email address that might be close um so you actually have to really pay attention is it gmail or is it gmails um they may throw an s on they may put something in front of it you have to definitely check the actual email address if you're clicking on a link similarly in the text of the email it may say well click here to you know enter your username and credentials to make sure that your uh email has not been hacked and it may say click here and the little word here is the text again that's just the display text that doesn't mean anything you actually have to hover over it to see where the heck they are sending you and again they may set up a site that looks exactly like what you're expecting but there'll be a couple words spelt wrong in the url or in the site so you have to actually hover over the display name and you have to hover over the text of where they're expecting you to click before you go there and click in so if you're staying at a hotel and you're trying to connect to their wi-fi you're staying at the four seasons it'll click here and it'll look just like a four seasons website only it's the fourth season it's not the four seasons and the url is just slightly off so you really have to pay attention to these small details when you're clicking into an email or trying to log in many people don't know the difference between malware and spam and you can think of it as sunscreen and after screen care so spam is going to actually check before the email comes through that this looks legitimate um and again if it's you know there are a number of obvious ones your spam filter is probably capturing tons of emails that are very fake but the ones that get through are still going to be spammed spam will get through to you and obviously that means it's harder to detect so that's the spam filter that is checking your email for the known obvious spam that doesn't mean that it catches all spam and then the second thing is the malware and that's going to protect your system should anything try to be downloaded that isn't warranted so that's what is actually sitting on your computer to steal from your computer or siphon off items on your computer so you need both if you happen to click on spam it doesn't mean that you're getting malware oftentimes it does but it may actually steal your credentials um in which case you know the malware isn't necessary it's actually going out to use your credentials um so why is email um so good if you look at many of the other websites you'll see something forget password and you can click that and it's going to send your email a password change and so while i may not find anything particularly interesting in your email by actually getting into your email i can go change your password to lots of other places so we consider it the back door forget password on a website then make sure it compromises your email it makes your email more valuable so you really need to pay attention to that forget password um there's not much you can do about it other than be very cognizant but that is actually why sometimes your email is so valuable is because it's basically the gateway to many other passwords um so we do turn on um you know two factor on your email because of that forget password in which case if someone's trying to send a email change through to your email you'll know about it because you would have to factor into your email in order to get to it so two factoring um for those who don't know you have a password that lets you get into your email that password is good until you set it change it don't you know reset it um and a two factor is a second set of credentials that are typically sent to your phone with a with a couple of digits five six seven characters that basically change and are sent every time you want to log in it sends you this seven digit code to your phone so that you can get into your email there are particular things around conditional two-factor or remembering devices that are really helpful it is annoying um almost impossible to have two factor turned on your phone on your email all the time because the number of times we check email to be just you know astronomical if you had to factor in if you're two factoring in you can remember the device or you can um remember the browser or you can set it for a certain number of days that's acceptable um device memory is very good um but many people think that if they turn two factor on then they can go and send whatever they want in their email so they can send their social security number or their credit card to the travel agent um booking the reservations or send their social security number over to their attorney etc just because you have two factor turned on doesn't mean that you should send confidential information in your email so that email is transmitted it's sitting in somebody else's email your attorney may or may not have two factor turned on maybe they're reading it on their phone maybe they don't have all the phone credentials set up that is not something you want to just let a piece of paper fall on the ground that is essentially what is happening you do not know where it is going and what the criteria are on the other side so i do not say just because you have two factors turned on you can afford to just send social security numbers and credit card numbers um around it is also saved in your sense on your phone and so if i were to get into your phone it would still be sitting there on your phone i don't actually need to log into your email it's actually downloaded onto the drive so i could read through that text so please do not send social security numbers or credit cards even if you have two factor turned on however if you do have two factor turned on you can relax the standards of how often you have to change your password so if you don't have two factor turned on please change your passwords more frequently particularly your email password if you could change it every at least every year best practices is to change it every 90 days if you don't have two-factor turning on complex passwords passwords with the uppercase the lowercase special characters numbers very helpful but you don't want to just change your password to one past your last password so oftentimes people will say um help me one and then they'll say help me two help me three help me four or their mother's name one their mother's name two or t e year these things are able to detect and once your password has been stolen then they can figure out the pattern of that so one thing you want to do is make sure if you don't have two pacter turned on because it's too annoying please change your password more frequently and increase the complexity of your password um so that it's actually harder to to leverage um so the last one is um just checking that your password has not been compromised many of you may be using gmail or apple and they have ways to actually check if your password has been compromised so that's you know that's a good starting place is to double check that um and in the notes on the screen there you'll see if you collect these materials you can figure out how to get to the password checkup or go into settings and detect compromised passwords within your apple um those are good ones thanks so much obviously much of your email and other things are on your phone um so your phones are the next place that you really want to protect most people um actually get their phones taken in secure locations that they feel comfortable and relaxed so they may be at work or they may be at the starbucks uh you know right below from their office that they go to all the time they may be at school it's much more likely that your phone is going to get picked up in a place where you're relaxed and comfortable than in a place where you may have your phone more closely guarded so i think people underestimate that it's actually at places like work um where someone may be walking through and pick up your phone or at school or some common lobby that's shared the the phone password um i do suggest you put on the password but you know many people including my kids think i you know sit in my uh dark trough hacking away and most of the time um my basic hacking skills are just the fact that i'm a great google expert and i can just google a youtube video on how to get the fingerprint off your phone um and there's a fabulous video out there of this um you know younger man in his early 20s maybe he's a teenager using a gummy bear um to quickly figure out how to get your pat your fingerprint off your phone so that they can quickly get it back onto your phone literally it takes about one minute i take your phone i get the gummy bear i've got it i'm in and out it's no problem i'm not some massive crazy awesome hacker from the nsa i'm simply watching them um use a very cheap gummy bear to steal it um so you do need to protect your phone um and the camera uh is one place where if you've noticed if you're on an apple phone they've now indicated green if your microphone or camera are active or orange that's a new status to indicate if your camera and microphone are in use so that's very helpful um in in terms of security obviously apple just had their breach um you know with three vulnerabilities in that last patch so you always need to keep your your phone up to date in terms of how to protect your phone i've got a checklist here of the items um for you the the pin and the face um you know the voice are the most important so when you pick up your phone you should have your face recognition or a pin in order to get into your phone that is first and foremost the second thing is that if you put down your phone and you're not using it it should time out and go back to having your pin so what is an appropriate timeout if you are using this for work um typically we would say at work it should be you know less than three minutes when you put your phone down one minute is best um if you're at home um and maybe more relaxed you could set it for five to ten minutes but i would definitely set it no longer than 10 minutes um because like i said it's very easy um to get in so please set your timeouts for less than 10 minutes and if there's any work on there it should be less than three minutes once they've got your phone the thing they'll try to do is try to get in using the pin um so there should be your ability to know that your phone has been taken and you want to be able to wipe that phone clean um so you don't want to sit around and wonder hmm well it'll turn up i've only been at work so it's gotta turn up and you wait 24 hours to wipe your phone we typically don't wait 24 hours to wipe our phone um you know there's there's no point most of that data should be stored in the cloud wipe your phone early in that process if you've backed it up recovering from a backup now is no problem so please make sure that you have the ability to actually wipe your phone and if you don't know how to do that certainly get somebody's help doing that so that's your third the other one is the locked attempts those are ranks three and four locked attempts means that when they're trying pins on your phone after 10 failed attempts your phone will automatically be blocked and no longer allow any more attempts to get into your phone so you want your locked attempts to be less than 10 in order to get into your phone that means they can't sit there and go through the algorithm to actually find all options on your phone the next one is password vaults um i think password vaults are amazing many people think well if i'm putting all my passwords in one place doesn't that make it a really great place to to breach um it's true that having all of your passwords in one place does make it a good place to breach but it's a much harder place to breach and so they'll typically go for your email use the forget password there are far better cheaper easier ways to go than to try to breach a password vault so many people say well what's your favorite password vault dashlane which comes with most of the apples the lastpass and one login are three of my top password vaults so a password vault is different and it's it it may be hard to detect when you're actually saving your password in your browser versus saving it in your password vault so many times when you're using chrome or firefox in your inner browser it'll say do you want to save this password and you say yes or do i want to save my credit card credentials and you say yes that is not necessarily in your password vault and you need to make sure that you're going into your password vault and not saving it in your browser that is the worst place to save a password um it is saved in clear text right on your phone on your computer and that's the first thing people go look for so you do not want to save passwords in browsers you want to save them in the password vault um and the password vault will typically have a little pop-up and say the name of your vault and it's something that you have to install as a plug-in on your browsers so that it's slightly different the browser natively may pop it up and say hey do you want to do this you actually have to install a specific password vault so please make sure you recognize the distinction that you may feel like you're using a vault but you are not you are actually saving them and clear text means i can just open up the file and read the password right out um so that is very important um to be on your phone to be on your laptop they synchronize so if i change my password on my phone or i access something on my um my vault it will all be accessible to me geo fencing and location services it's a mixed blessing location services are used in many apps so if you're using your uber app um or you're trying to get door dash it'll try to figure out where you are and say hey do you want your food delivered here do you want your car picked up here um that can be helpful but there are settings that say only use my location when i'm actually using that app as opposed to using that location when i'm not using the app so you want to be very specific about when you have location services turned on and that you only use them when you're in that application and that that application actually requires it so for example facebook probably doesn't need to know your location services uber yes you do need location services turned on while in the app so you should set that but it can also be helpful um so there's something called geofencing and you can say hey look if my phone is within 100 yards of my house or 30 yards of my house then it's safe to use um so they actually have to steal it and take it away from there and you can use that geo fencing for alarms for security cameras for your phone and so sometimes geofencing can actually be used as a protective thing that they say hey i know you're farther away from where you're saying and you're not in a safe spot and that's good and then at other times you have to make sure that they aren't tracing you to say hey i know you're away from your house i see you in your awesome four seasons in cabo let's go attack your house so it's a mixed blessing and you can kind of just intellectually sit back and say does this make sense do i need this if there's no reason you need it turn it off if you don't know how to use it turn it off do not assume the best case assume the worst case the other thing is when you have your your pin on your phone there are certain things on your phone that you can do before you get into the pin so many people want to access siri or access their camera or access their their um there's their camera light so that they can see in the dark you need to make sure that those notifications maybe you want to get a little pop-up that says your email has arrived or that you got a text so you don't have to log in to see that you've got a text those pop-ups and those things that appear on your phone before you log in are actually the greatest place for most hackers to go so in each version of apple going back there's always been a little back door where i could access your camera and take a picture of a qr code or take a picture a particular thing to enable me to bypass your actual pin um people can send certain texts to you and you click on that text and it may be able to actually pop in again not having to go through your face or not having to go through your pin so those services that you enable and those notifications that you enable on your phone before you actually log in should be very thoughtful and again if you're not using it turn it off it's just an open door um those are very unsafe so you want to make sure the reason you put the pin on is to put the stuff behind it and then people then put the pin on sam safe and then have their emails flow through onto the front alerting them of all their emails if you're getting more advanced you start to want a vpn on your phone a vpn make sure that all of your traffic is encrypted so if you're sitting at starbucks and you're on the starbucks wi-fi please get off but if you're on at starbucks and you're on their wi-fi or you're at their hotel and there's no sell signal because you're in this awesome remote hotel got to use the wi-fi there the vpn is a great way to ensure that all the traffic going out is encrypted and so that's when a vpn really helps there are specific tools that you can have um i list some of them and you can follow up and get them that are vpns vpns can get annoying i understand that if you're watching netflix and you're at your hotel in your awesome remote location and you want to watch the show it may degrade the quality of the show it's true you can turn that off but turn it back on um and if you can't remember to turn it on and off then leave it on and this is more advanced but it is a great protection because it is making sure that anybody that's on that network can actually make sure so as you'll see in a in a subsequent slide you know places where it's more congested um you can walk by and actually be in the next room at a hotel or in starbucks or in a city are more likely because they can actually see if you're on the network and what networks you're on i can actually just download a free app walk into starbucks and see everybody and every device that's easily on that network so you want to make sure that's where the vpn helps you is to make sure that if you're on an unsafe network or a network that you cannot trust that everybody you know on there is safe then a vpn is very helpful um the voice assistant um not so helpful i don't know if it's um a feeling of help or maybe you guys have better voices the voice assistant has yet to understand the thing i say anyway um she constantly thinks i'm doing other things i don't know what vocabulary words i tend to use but she thinks that i must have a potty mouth or something um please unless you have a really crisp voice the the voice assistant isn't as helpful as you think turn the voice assistant off because again that's a great way for people to capture your voice and record important information so generally speaking we turn the voice assistant off on the phone um and then the other thing that people do is um if you've ever seen air drop oh so send me your pictures we're on the ski trip together can you send me your pictures and you turn it on so that someone can send you pictures or someone can send you the document without having that is not the safest thing to leave on so yes you may want to turn it on when you're both at home and your spouse took pictures and you want to grab them or your child took pictures that's fine but if you're at a hotel at a ski chalet and you want the pictures from your friend and you're in a scheme turn that off and just wait have them send you the pictures another way that wireless direct link the air drop is not a safe thing to just be leaving on many people just leave that on so that's those are kind of your top 10 um ways to protect your phone and make sure that you know again we're going for statistics of the way that people get into your phones tanya can you talk a little bit about our homes where we live and the devices there like routers and cameras and alarms they certainly create vulnerability too so what can we do to keep our homes safe from the cyber crisis yeah great um unfortunately this area is going to get a little trickier because we have that much less control over it so we have two pieces here one is going to require kind of trained professionals and one is going to require a leap of faith and it is very difficult there's not much you can do about your tesla um in terms of securing it there are things within the tesla but ultimately these things these internet of things your fitbit your tesla your alexa device your security cameras they are a little bit of a leap of faith and i do have to say at some level you're going to have to trust the brand that you're working with and make sure that you're doing you know that that brand is using it protecting you the router is a different story that is within your control and the router and the cameras are the largest target so they account for about 90 of the home uh cyber issues um connected cameras have increased a great deal in terms of that they're watching um they're watching to make sure if you're home they're watching to see if they can watch you enter your password the same way at the atms they watched people enter their pin numbers um when they actually entered their their you know atm card um so the you know they're 83 billion different internet of things uh basically by yeah it's just an astronomical huge number but if you actually look you know 5 000 being breached a month it's a relatively small percentage so you know there are a lot of them they are getting breached it is the expected uh potential of the future um today this is not statistically the best place to breach your router is a great place to breach your camera is your second big best place to breach then your alexa the other ones are popular um but less likely to be breached so you know some of it is going to be a leap of faith um at your home one of the things you want to do at your house is make sure you do get it protected and that means getting a home provider and so how do you go about getting that home provider um what kind of questions do you ask and and you know how do you find them many people feel like if they get the one onesie person shop and it's joe and i know joe and joe's been coming over here and i can let joe into my house when i'm not home because i've been using joe for three years that that must mean that joe is great um and joe may be trust orthy um but joe may not have the right processes set up so security is not a one-time thing i don't go get it set up it's a maintenance program um it's like because i ate a salad doesn't mean that i'm healthy i actually have to eat my vegetables almost every single meal in order to be healthy and security is very much that same kind of concept i cannot just get it one time set up or eat a salad once a month and be good to go and so though you may trust joe joe may not have the best processes so when you talk to hiring about hiring that person you need to make sure they have the maintenance program involved and so is a big company that much better you're like i'm a small tiny little house here what are they really going to want with me you do want to have a provider that takes care of homes they're very different than taking care of um an office and so you want to provide i'm not saying that joe you're one person you know roaming you know security person isn't great but in either case whether you choose to go with the company or you choose to go with the onesie twozie shop you want to make sure that maintenance uh program is put in place so the questions that you ask are around that maintenance pro what's your process for maintaining and patching my devices um they actually have to patch them on a recurring basis that doesn't even mean they have to be in your house um on a monthly basis but that does need mean that they have to have systems going in and patching your desktops your laptops and so forth on a recurring basis um you want to ask about on-site time versus off that's a good question to ask if you are going with a larger company and they are bringing someone on site you want to make sure how is it that they vetted that person do you get the same person each time so that's where the smaller company is better but the larger company is going to have the better processes and patching tools so it's really focused around this maintenance um you want to also ask what firewalls they like you may not know the answer that's okay doesn't mean you don't ask the question what firewalls what are their expertise do they have a different person that manages firewalls than manages your desktops that's a good one if they have a dedicated person that manages firewalls that's going to be slightly better than if they have one person that just does um everything um because your firewall does need to be maintained just like your desktop or your laptop does um and then the other one is just like the os and any of your other service providers they should provide you reports what's my warranty when did you last patch can you please show me that all of my patches are up to date and so you can ask them for reports the same way you ask your advisors for reports and if they don't have reports then they probably don't have the process and so those reports are a way of maintaining and making sure you may look at that report and not know what to do with it that's okay the fact that they produce reports and that they can step through it with you is a good sign of a maintenance program so that's a great question to ask the other questions are you know how do they background check their employees great great questions um do they do it once or do they do it recurring um again i you know just because they do background checks doesn't mean and even if they do them on a recurring basis doesn't mean that that's a fail safe but that's a good best practice the other thing to do is to not assume that they've done a good job it doesn't make you a bad person but you want to trust but verify so there are third parties that will just go and check from the outside can i get in it's called an external penetration test or a vulnerability threat assessment or the acronym is vta and you want to actually cost a thousand dollars you can do it once a year just make sure that your actual home is protected and when you ask your provider hey do you mind if i just get a dta or a vulnerability threat assessment or external penetration test once a year if they say yes that's a great idea and they're behind you then that's a good sign if they say no we'll take care of that for you um i would definitely think twice about it you like independence of that check you don't want the you know people checking themselves if they say that's overkill you don't need to worry about that then probably go to a different provider um many people ask is it safe for them to remote into my computer so if you call apple or you call optimum or your verizon and they say hey let me jump on your computer don't do it if it's your trusted provider that you've thoroughly vetted and you know has the maintenance package it is safe for them to remote into your computer they should be remoting into your computer on a recurring basis at least once a month to actually do that catching so it is okay for a vetted provider to remote in your optimum and your verizon not do not let them on to troubleshoot the router they will set reset that if you have to please have your home provider work through it with them and then they can sweep up behind them and make sure that all the passwords are are changed because most likely the verizon and the optimum router that you have some weird box you don't remember where it is it's in your house does something that password probably is the default password that's really easy to get in there um and that's where most of the things happen so please have your home provider sweep through um and double check that everything has been changed but try not to let verizon optimum apple into your computer only have your home provider do it um with you and for you but they can get in technology to eating your vegetables uh at every meal because it is much like your health you this is such an ongoing everyday maintenance program and so important to to find the right team to help support you in making it possible so that's a great analogy i'll think of i'll think of my security every time i'm eating my salads well the thing is it's it's tough we're busy people and we don't have the time to do it so when you get to that person or that team you want to make sure that they're good at maintenance many time the programmers want to go into the latest and greatest and tinker and get you on the cool stuff and that's not really what you want to do you want the person that's a steady eddie that's going to put you on a maintenance program and make sure that you are eating your vegetables every day and that you don't have to worry about it your vegetables are served up for you and they taste so good you don't even mind perfect perfect well speaking of vegetables many people would not be surviving this pandemic without the ability to order their vegetables and their food and other essentials online online banking and online payments and apple pay and online transactions are just um how we live our lives these days they make definitely make our lives easier but tell us a little bit about how safe they are and what we can do to protect ourselves now yeah sure so um i always find this slide so interesting you know the all of these things are currency we think of bitcoins and dollars and quarters and stuff but these things have a whole currency on onto themselves um and as you'll see your medical records are your best one your insurance card is your best um piece so sometimes people have that stored in their fitbit um that's a great place to get stuff so you kind of want to just use this um little you know uh currency exchange to determine what you want to keep safer and what you need to protect so your passports your medical records a little bit more um than other things people are always so worried about their social security number it's actually not actually traded for that much um these other things are traded um far higher numbers um when you are transacting again you'll see that the places that are more congested the cities or the coasts tend to be uh more commonly uh hit for identity theft um so you know just be more cognizant that if you're in a city or if you live along the coast you are a greater target for identity theft and you may be young and you may not be that old you know if you're in that sweet spot great the younger people aren't paying that much attention they're clicking through lots of ads in their games and so forth they're hit but they're not getting stolen that much even children who are very young five six most people don't think that they that those kids are going to get targeted because they don't have much money that's true but most people aren't paying as much attention to their social security number or to their bank accounts um and so you want to make sure that if you have kids or grandchildren that those kids are being protected because no one's watching them and then by the same token you know the older you get the more the more you've accumulated and so you are a greater target there because actually they can actually take more from you so you do need to check above 70. multi-factor and conditional isn't is a you know a hard yeah a hard thing here you need to have two factor turn on to your banking apps um into any place where you're moving cash so um you want to make sure in this case the conditional two factor that i talked about your email so it's condition like i'm in my house or i'm on this device that's acceptable for your email not acceptable when you're talking about your money you actually want a hard two factor every single time so no lenience on the two factoring every time two factor turned on you want to make sure that your credit cards aren't being stored on the sites or in your browsers so you need to make sure that you're not storing that information can you store your information at amazon yes you can store your information in amazon do you need to store it uh you know at your random fitness place no do you need to store it at your random juice bar no do you need to store it in many of these places no so you know you can use things like paypal apple pay instead of actually storing your credentials and your credit card information and all these sites so i greatly prefer that you don't store your credit card information but instead you use a gateway like a paypal the same way a password vault is right you can have your password in your password vault those things the security is much tighter on it than if you just store your credit cards in 10 different places so if you store it you can use paypal that's much better than storing it at the gap or lululemon or brooks brothers or ferragamo um so use paypal instead of storing the credit card apple pay and google pay are better than using a credit card so if you're out and you're buying something in a fresh market or whole foods or wherever it is prefer to use your apple pay and your google pay over your credit cards but if you flip back one more layer and you're actually transacting online it is better to actually use a credit card than a debit card um credit cards have far more protections than your debit card so if you're shopping online i do recommend that when you're shopping online you use a specific credit card just for shopping online it's not used for anything else so typically i i recommend three credit cards your recurring credit card that only has recurring charges so your cr maybe your gym membership your newspaper membership your um you know mortgage whatever is recurring um you can put on the recurring credit card then your online ad hoc purchases or any information when that's the credit card you can store actually out there you're going to watch that one far differently and then you can have your one that you use for when you're out and about although i prefer you put that credit card in and use the apple pay or the google pay instead of using that but that that's your third credit card and all of those credit cards you should definitely have turned off for outside the united states and then you have to alert them when you're going outside the united states so that's really helpful because there's no reason that your online purchasing credit card needs to go outside the united states there's no reason you're recurring credit card needs to go outside the united states so if you're one credit card you have to alert them when you travel outside the united states the rest of them would not be enabled for outside the united states um you want to make sure that when you are transacting that you are definitely on a secure network if i said do you know every single person on this network and that they are safe if you cannot say yes you should not be transacting on that even if you have a vpn or people say oh https the little s in the url it must mean it's safe yes you want the s on your url but please be there's no reason you need to buy your shoes at starbucks on the starbucks wi-fi just wait till you get home there's absolutely no reason to do that so please make sure that you're completely on a safe network um and then you know back to that password vault if anything were to happen to you or someone in your family those password vaults are very helpful if someone is injured and you need to shut them down my mom passed away two years ago i didn't change her amazon password i was alerted that her amazon had been actually accessed from her house in um her same town so you do want to make sure that you use that password fault not just for yourself but in the event of any emergency those password balls can be very helpful um i think that's pretty close do we want to turn it over for questions i know we're running time tanya thank you so much for this informative uh presentation i think the word that i comes to mind the most is vigilance you just have to be vigilant every single day and everything you do across the board but you've given us so many insightful comments um and and action items we can take to control those areas that we can control so thank you for that and yes i'll turn it back to david for the q a thank you carol and dr neil for today's presentation before we transition to the q a session i would like to share that this webinar is being recorded and will be made available to you soon we will send an email with a link to the video please feel free to share this presentation with those who you think might also benefit from watching it as well so let's get into some questions dr neil does yahoo have a password checkup function i don't recommend using yahoo so um it's it's uh it's better than aol if you are on aol please migrate to gmail um and do not use aol um yahoo is the second one it does have two factoring it does have some of these things i do not believe that it has a password checker um there was a link on the page you can go everybody thinks so the dark web um the dark web is not actually that scary or that far away um unfortunately you know it's like being in new york one wrong turn and there you are um and so you do you can actually search so there are google alerts you can turn on so if you are just in google you can see google alerts and i do recommend that you put an alert on your name and your family and every version of your name so you know it could be um if you're liam or william put them both in there and and that will send you an email every time your name is mentioned out there so you can see if you were in a picture at some charity event you can see if uh you were alerted in the 5k race and you had some time so there's another website that i listed in there that you can go to and actually put in and it will tell you if you've been breached and if you were compromised as part of one of those solar winds compromises or the target way back when if your stuff was actually released you would get notified of that so there are some great alerting mechanisms to say if you've been captured everybody wonders well so that solar winds thing like did that affect me and it's hard to know um and honestly there the number of people that they've had spending trying to recover from the solar winds and the number of factors that were involved in that but many times you can actually determine if you were swept out in that and so if you go to that website and put in your username or your email address you can actually dete mine you know which breaches have affected you excellent thank you um let's see are the physical hardware password vaults that one can purchase from places like the sharper image or other vendors as safe as online password vaults uh that you mentioned previously in the presentation uh yes and no um sorry to give you an ambiguous answer there yes they are um they are as long as your home provider is also many times those aren't encrypting at rest um the information so they can be accessed and then obviously you know being able to expose those out to many devices it's better to use the cloud-based ones because if i'm on my phone and i want to get that password or i'm on my computer and i want to get that password regardless of where i am if i'm using a cloud-based vault i'm positive that i'm going to be able to have it synchronized across all of my devices and i'm not going to be like oh i just signed up i'm at the i'm on vacation i finally have time to sign up for this thing and i forget to put the password in the vault and so it's it is far better to use the cloud-based ones not to say that the home ones aren't uh better than nothing excellent thank you um what do you do if there are already passwords stored in your browser get your home provider to wipe them off um there are directions um and you can actually wipe them off yourself but it's not a one-step set of directions um to clear those things it's about five steps to to clear them you have to clear them off of chrome and firefox and each browser has their own um so it's better to actually have your computer kind of cleaned with your home provider to make sure that those aren't there that should be part of the maintenance program because anybody could easily by accident click into their um you know a kid could a guest could you know you want to make sure that they're wiped out on a recurring basis that's part of that maintenance program many websites allow you to use facial recognition on phone apps is that safe to use yes i do like the facial recognition um and they have gotten it so that you know if their eyes are closed versus open there used to be concerns that when you were sleeping they could have gotten it or that they could use pictures they have enabled it the voice recognition still is the safest of them uh the voice is very difficult to replicate if um the new phishing scam um if you haven't heard is to call and say can you hear me and then you say i'm sorry you know who is this or whatever if someone calls and says can you hear me you hang up the phone that's just a phishing scam on the phone um the voice recognition if you can set it up with your bank that is a great form of uh security it's it's the best one right now is your voice but basically it looks thank you it looks like we are approaching the conclusion of our time with you today thank you so much for attending if you have additional questions please feel free to contact your client service team if you are a vos client and if you are not a bls client and have additional questions you may reach me directly at david david.newson at bosinvest.com from all of us at bos we wish you a healthy start to the new year and for those of you celebrating the lunar new year and spring festival sidney and hall [Laughter] thank you everybody thank you all