SlideShare a Scribd company logo
1 of 39
What your personal security score means
to you and your family
Cyber Week #3: Cybersecurity in Our Personal Lives / Cybersecurity on the Move
Evan Francen, CISSP CISM
CEO SecurityStudio
Introduction
Today’s Agenda
• Introduction
• The Role People Play in Security
• Security @Home
• The S²Me Assessment
• Our S²Me Scores & Questions
• Security @Home & Security @Work
• Now what?
Thank you to everyone who
participated!
Agenda
I do a lot of security stuff…
• Co-founder and CEO of FRSecure
• Co-founder and CEO of SecurityStudio
• Co-inventor of SecurityStudio®, S²Org, S²3P, and
S²Me/S²Team
• 25+ years of practical information security experience
(started as a Cisco Engineer in the early 90s)
• Worked as CISO and vCISO for hundreds of companies.
• Developed the FRSecure Mentor Program; six students in
2010/500+ in 2019
• Advised legal counsel in very public breaches (Target,
Blue Cross/Blue Shield, etc.)Nickname: “Truth”
Agenda
Are you a reader?
• Published UNSECURITY: Information Security Is Failing.
Breaches Are Epidemic. How Can We Fix This Broken
Industry? in January, 2019
• Three more books in the works.
Are you a listener?
Co-host of the UNSECURITY Podcast with Brad Nigh.
Are you a social networker?
Follow me on Twitter; @evanfrancen
“Information security isn’t about information or security as much as it is
about people.”
The Role People Play in Security
First, some truth. SIMPLE is your friend.
Complexity is the enemy of information security.
The Role People Play in Security
More truth.
• The most significant risk is people.
• Information security is not a technical (or IT) issue.
Information security is a people issue.
• Cybersecurity != Information Security
• There are two types of people; information security pros
(~800,000 in U.S.) and information security amateurs
(~320,000,000 in U.S.).
• 350,000+ job openings.
• One analyst group predicts 3,500,000 openings by 2021.
7
United States population
Pro
s
The Role People Play in Security
More truth.
• Don’t expect the professionals to protect you; we/they
can’t.
• We need to help each other, and we need to work
together.
• You need to do your part, and we need to do ours.
But, what’s your
part?Inconvenient truth: nobody cares about
your security like you should
The Role People Play in Security
Theory
People are creatures of habit.
A person at home is the same person at work.
People want to do the right thing.
Therefore, create good habits.
Therefore, create good habits at home.
71% of Americans want to protect their
information, but most don’t know how.
10
Security @Home
Traditional training and awareness programs fail to
motivate because they don’t resonate.
• There’s a difference between protecting someone else’s
information versus protecting your own.
• @Home, there are (at least) three distinct motivators for
building good security habits:
1. Financial security.
2. Personal privacy.
3. Online safety.
Security
• “We collected more than 1.4 million fraud reports, and people said they lost money to the fraud in 25% of
those reports. People reported losing $1.48 billion (with a ‘b’) to fraud last year – an increase of 38% over
2017.” – FTC
• “Younger people reported losing money to fraud more often than older people. Let that sink in. It’s what
the data have been telling us for a while, but it’s hard for people to grasp. Last year, of those people who
reported fraud and their age, 43% of people in their 20s reported a loss to that fraud, while only 15% of
people in their 70s did.” – FTC
• The top reports in 2018 were: imposter scams, debt collection, and identity theft. - FTC
Privacy
• 16.7 million annual victims of identity fraud
• 95% of Americans are concerned about businesses collecting and selling personal information
Safety
• 54% of teens report that if parents knew what actually happened on social media, they’d be a lot more
worried about it.
• At least one in four teens are receiving sexually explicit texts and emails, and at least one in seven are
sending sexts.
• Children are accessing pornography via mobile devices. PornHub said its users watched 4.6 billion
hours of pornography in 2016, 61% via smartphone and 11% via tablet.
Security @Home
12
The S²Me Assessment
We built the assessment to help people at home.
• There are no “standards” defined for information
security at home like there are for information security
within an organization.
• There are ten (10) topics in the assessment, one for
each primary area of concern.
• Everything is scored, to give people context and to
create an environment of goal setting (maybe some
herd manipulation).
The S²Me Assessment
We built the assessment to help people at home.
Scores are plotted in a range between 300 – 850, not unlike a
credit score (a language that people already understand).
Yes, this is my score.
The S²Me Assessment
We built the assessment to help people at home.
The ten (10) Topics…
The S²Me Assessment
We built the assessment to help people at home.
The ten (10) Topics…
The S²Me Assessment
We built the assessment to help people at home.
The ten (10) Topics…
The S²Me Assessment
We built the assessment to help people at home.
The ten (10) Topics…
18
The S²Me Assessment
We built the assessment to help people at home.
• Completing an assessment is one thing, doing something
about it is another.
• Risk management vs. Risk elimination; you have choices.
• Get help, if you need it.
Our S²Me Scores & Questions
Nobody knows your score but you.
We only have the metadata (data about data)
Overall, this is impressive!
Our S²Me Scores & Questions
Nobody knows your score but you.
We only have the metadata (data about data)
Our S²Me Scores & Questions
Weakest areas. - #1
I maintain a list (inventory) of all systems and
devices and associated information;
manufacturer, model number, serial number,
support information, logins, etc.
RISK: Your systems and devices are more at risk of
compromise if you can’t account for them. We can’t
effectively protect the things we don’t know we have
(and the things we’ve forgotten we have).
Our S²Me Scores & Questions
Weakest areas. - #2
I have a documented personal information
security incident response plan that I can follow
when I become aware of different types of
breaches affect me.
RISK: You are more likely to miss important response
steps and potentially suffer more damage from an
information security and/or privacy incident.
Our S²Me Scores & Questions
Weakest areas. - #3
Where I must use passwords, I use a reputable
password manager application (e.g. LastPass,
KeePass, Keeper) to keep them organized and
secure.
RISK: Reputable password manager programs are a
good place to store your account passwords, and
usually they are better than some alternatives; writing
them down, storing them in a word processor program,
etc. Storing passwords insecurely increases the
likelihood that they’ll be disclosed to an attacker.
Our S²Me Scores & Questions
Weakest areas. - #3
Where I must use passwords, I use a reputable
password manager application (e.g. LastPass,
KeePass, Keeper) to keep them organized and
secure.
RISK: Reputable password manager programs are a
good place to store your account passwords, and
usually they are better than some alternatives; writing
them down, storing them in a word processor program,
etc. Storing passwords insecurely increases the
likelihood that they’ll be disclosed to an attacker.
Our S²Me Scores & Questions
Weakest areas. - #4
I change all of my passwords regularly (e.g.
quarterly or semi-annually), even if I'm not forced
to.
RISK: The longer a password exists, the more prone it
becomes to compromise through accidental disclosure,
brute force, and/or password guessing. Once a
password is compromised, the account and all the
information it protects is also compromised.
Our S²Me Scores & Questions
Weakest areas. - #5
I have placed a security freeze on my credit
report with all three credit reporting agencies
(Experian, Equifax, and TransUnion).
RISK: Unauthorized changes to your credit report are
more likely.
Our S²Me Scores & Questions
Weakest areas. - #5
I have placed a security freeze on my credit
report with all three credit reporting agencies
(Experian, Equifax, and TransUnion).
RISK: Unauthorized changes to your credit report are
more likely.
https://www.consumer.ftc.gov/articles/0497-
credit-freeze-faqs
Our S²Me Scores & Questions
Weakest areas. - #6
I have a home security/alarm system that is
armed when I'm not home.
RISK: Not using an alarm system will increase the risk
of a break-in occurring, a break-in going undetected,
and a break-in not being responded to promptly.
Our S²Me Scores & Questions
Weakest areas. - #6
I have a home security/alarm system that is
armed when I'm not home.
RISK: Not using an alarm system will increase the risk
of a break-in occurring, a break-in going undetected,
and a break-in not being responded to promptly.
Our S²Me Scores & Questions
Weakest areas. - #7
I have created a separate wireless network for
guests and visitors so I don't share my secure
wireless password with them.
RISK: Sharing your WiFi connection password with
others will increase the likelihood that it becomes known
to a malicious user/attacker.
Our S²Me Scores & Questions
Weakest areas. - #8
Separate, dedicated systems are used for sensitive
financial transactions and access to private
information. The same systems aren't used for
checking email, browsing the Internet, or entertainment
(e.g. gaming, movies, gambling sites, etc.).
RISK: The more functions that a computer system performs,
the more opportunity there is for compromise. For instance, if
you use the same computer for financial transactions and
checking email, an attacker is more likely to be successful in
compromising your financial accounts through a phishing
attack or by tricking you into installing a malicious program.
Our S²Me Scores & Questions
Weakest areas. - #9
I do not use the same password for multiple
accounts.
RISK: The use of a password on multiple accounts
could expose a password on one account through an
inadvertent compromise of a separate account. For
instance, if you use the same password for your online
banking account that you do on your social networking
site, a compromise of the social networking site could
lead to a compromise of your online banking account.
Our S²Me Scores & Questions
Weakest areas. - #10
I do not allow web sites to "remember my
password" when logging in.
RISK: When you allow a website to “remember” your
password, you’re allowing your password to be stored
on your computer by your browser. This password
storage could expose your password to another user of
your system or malicious software that inadvertently
gets installed on your system.
Our S²Me Scores & Questions
Discussion, Feedback, Scores…
What can we do to make this better?
Security@Home/Security@Work
Overall, this group score very well!
Conclusions:
• Password management is a pain point.
• People generally don’t think that bad things will
happen to them (Backing up Data/Breach and
Incident Response).
• Give users easy solutions for password
management; a password manager, biometrics, etc.
• Spend more time on incident scenarios and
associated responses.
Next Steps - IMPORTANT
Suggested Next Steps Include:
• If you haven’t taken your assessment yet, you should. It’s
free and it’s safe.
• Share the assessment with everyone you know, and see
how their score compares to yours.
• Go here: https://s2me.io and create an account, no
promo code needed.
• Your spouse/partner.
• Other family members.
• Neighbors and friends.
• The more feedback and data we get, the more valuable the
tool becomes.
Next Steps - IMPORTANT
Suggested Next Steps Include:
• Apply what you’ve learned learned, and stick with it. We’re
trying to build habits.
• Look for version 2.0 of S2Me in the near future.
• Based upon your feedback.
• We’ll notify you, if you used your email address to
signup.
• We’ll be developing an S2Teen in the future, but don’t wait
before starting discussions about online safety with kids.
• https://www.parenting.com/child/keeping-your-child-
safe-on-the-internet/
• https://www.commonsensemedia.org/
Next Steps - IMPORTANT
Suggested Next Steps Include:
• Apply what you’ve learned learned, and stick with it. We’re
trying to build habits.
• Look for version 2.0 of S2Me.
• Based upon your feedback.
• We’ll notify you, if you used your email address to
signup.
• We’ll be developing an S2Teen in the future, but don’t wait
before starting discussions about online safety with kids.
• https://www.parenting.com/child/keeping-your-child-
safe-on-the-internet/
• https://www.commonsensemedia.org/
Next Steps
Open Q&A
Evan Francen
@evanfrancen
https://evanfrancen.com

More Related Content

More from Evan Francen

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

More from Evan Francen (15)

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

What your personal security score means to you and your family

  • 1. What your personal security score means to you and your family Cyber Week #3: Cybersecurity in Our Personal Lives / Cybersecurity on the Move Evan Francen, CISSP CISM CEO SecurityStudio
  • 2. Introduction Today’s Agenda • Introduction • The Role People Play in Security • Security @Home • The S²Me Assessment • Our S²Me Scores & Questions • Security @Home & Security @Work • Now what? Thank you to everyone who participated!
  • 3. Agenda I do a lot of security stuff… • Co-founder and CEO of FRSecure • Co-founder and CEO of SecurityStudio • Co-inventor of SecurityStudio®, S²Org, S²3P, and S²Me/S²Team • 25+ years of practical information security experience (started as a Cisco Engineer in the early 90s) • Worked as CISO and vCISO for hundreds of companies. • Developed the FRSecure Mentor Program; six students in 2010/500+ in 2019 • Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield, etc.)Nickname: “Truth”
  • 4. Agenda Are you a reader? • Published UNSECURITY: Information Security Is Failing. Breaches Are Epidemic. How Can We Fix This Broken Industry? in January, 2019 • Three more books in the works. Are you a listener? Co-host of the UNSECURITY Podcast with Brad Nigh. Are you a social networker? Follow me on Twitter; @evanfrancen “Information security isn’t about information or security as much as it is about people.”
  • 5. The Role People Play in Security First, some truth. SIMPLE is your friend. Complexity is the enemy of information security.
  • 6. The Role People Play in Security More truth. • The most significant risk is people. • Information security is not a technical (or IT) issue. Information security is a people issue. • Cybersecurity != Information Security • There are two types of people; information security pros (~800,000 in U.S.) and information security amateurs (~320,000,000 in U.S.). • 350,000+ job openings. • One analyst group predicts 3,500,000 openings by 2021.
  • 8. The Role People Play in Security More truth. • Don’t expect the professionals to protect you; we/they can’t. • We need to help each other, and we need to work together. • You need to do your part, and we need to do ours. But, what’s your part?Inconvenient truth: nobody cares about your security like you should
  • 9. The Role People Play in Security Theory People are creatures of habit. A person at home is the same person at work. People want to do the right thing. Therefore, create good habits. Therefore, create good habits at home. 71% of Americans want to protect their information, but most don’t know how.
  • 10. 10 Security @Home Traditional training and awareness programs fail to motivate because they don’t resonate. • There’s a difference between protecting someone else’s information versus protecting your own. • @Home, there are (at least) three distinct motivators for building good security habits: 1. Financial security. 2. Personal privacy. 3. Online safety.
  • 11. Security • “We collected more than 1.4 million fraud reports, and people said they lost money to the fraud in 25% of those reports. People reported losing $1.48 billion (with a ‘b’) to fraud last year – an increase of 38% over 2017.” – FTC • “Younger people reported losing money to fraud more often than older people. Let that sink in. It’s what the data have been telling us for a while, but it’s hard for people to grasp. Last year, of those people who reported fraud and their age, 43% of people in their 20s reported a loss to that fraud, while only 15% of people in their 70s did.” – FTC • The top reports in 2018 were: imposter scams, debt collection, and identity theft. - FTC Privacy • 16.7 million annual victims of identity fraud • 95% of Americans are concerned about businesses collecting and selling personal information Safety • 54% of teens report that if parents knew what actually happened on social media, they’d be a lot more worried about it. • At least one in four teens are receiving sexually explicit texts and emails, and at least one in seven are sending sexts. • Children are accessing pornography via mobile devices. PornHub said its users watched 4.6 billion hours of pornography in 2016, 61% via smartphone and 11% via tablet. Security @Home
  • 12. 12 The S²Me Assessment We built the assessment to help people at home. • There are no “standards” defined for information security at home like there are for information security within an organization. • There are ten (10) topics in the assessment, one for each primary area of concern. • Everything is scored, to give people context and to create an environment of goal setting (maybe some herd manipulation).
  • 13. The S²Me Assessment We built the assessment to help people at home. Scores are plotted in a range between 300 – 850, not unlike a credit score (a language that people already understand). Yes, this is my score.
  • 14. The S²Me Assessment We built the assessment to help people at home. The ten (10) Topics…
  • 15. The S²Me Assessment We built the assessment to help people at home. The ten (10) Topics…
  • 16. The S²Me Assessment We built the assessment to help people at home. The ten (10) Topics…
  • 17. The S²Me Assessment We built the assessment to help people at home. The ten (10) Topics…
  • 18. 18 The S²Me Assessment We built the assessment to help people at home. • Completing an assessment is one thing, doing something about it is another. • Risk management vs. Risk elimination; you have choices. • Get help, if you need it.
  • 19. Our S²Me Scores & Questions Nobody knows your score but you. We only have the metadata (data about data) Overall, this is impressive!
  • 20. Our S²Me Scores & Questions Nobody knows your score but you. We only have the metadata (data about data)
  • 21. Our S²Me Scores & Questions Weakest areas. - #1 I maintain a list (inventory) of all systems and devices and associated information; manufacturer, model number, serial number, support information, logins, etc. RISK: Your systems and devices are more at risk of compromise if you can’t account for them. We can’t effectively protect the things we don’t know we have (and the things we’ve forgotten we have).
  • 22. Our S²Me Scores & Questions Weakest areas. - #2 I have a documented personal information security incident response plan that I can follow when I become aware of different types of breaches affect me. RISK: You are more likely to miss important response steps and potentially suffer more damage from an information security and/or privacy incident.
  • 23. Our S²Me Scores & Questions Weakest areas. - #3 Where I must use passwords, I use a reputable password manager application (e.g. LastPass, KeePass, Keeper) to keep them organized and secure. RISK: Reputable password manager programs are a good place to store your account passwords, and usually they are better than some alternatives; writing them down, storing them in a word processor program, etc. Storing passwords insecurely increases the likelihood that they’ll be disclosed to an attacker.
  • 24. Our S²Me Scores & Questions Weakest areas. - #3 Where I must use passwords, I use a reputable password manager application (e.g. LastPass, KeePass, Keeper) to keep them organized and secure. RISK: Reputable password manager programs are a good place to store your account passwords, and usually they are better than some alternatives; writing them down, storing them in a word processor program, etc. Storing passwords insecurely increases the likelihood that they’ll be disclosed to an attacker.
  • 25. Our S²Me Scores & Questions Weakest areas. - #4 I change all of my passwords regularly (e.g. quarterly or semi-annually), even if I'm not forced to. RISK: The longer a password exists, the more prone it becomes to compromise through accidental disclosure, brute force, and/or password guessing. Once a password is compromised, the account and all the information it protects is also compromised.
  • 26. Our S²Me Scores & Questions Weakest areas. - #5 I have placed a security freeze on my credit report with all three credit reporting agencies (Experian, Equifax, and TransUnion). RISK: Unauthorized changes to your credit report are more likely.
  • 27. Our S²Me Scores & Questions Weakest areas. - #5 I have placed a security freeze on my credit report with all three credit reporting agencies (Experian, Equifax, and TransUnion). RISK: Unauthorized changes to your credit report are more likely. https://www.consumer.ftc.gov/articles/0497- credit-freeze-faqs
  • 28. Our S²Me Scores & Questions Weakest areas. - #6 I have a home security/alarm system that is armed when I'm not home. RISK: Not using an alarm system will increase the risk of a break-in occurring, a break-in going undetected, and a break-in not being responded to promptly.
  • 29. Our S²Me Scores & Questions Weakest areas. - #6 I have a home security/alarm system that is armed when I'm not home. RISK: Not using an alarm system will increase the risk of a break-in occurring, a break-in going undetected, and a break-in not being responded to promptly.
  • 30. Our S²Me Scores & Questions Weakest areas. - #7 I have created a separate wireless network for guests and visitors so I don't share my secure wireless password with them. RISK: Sharing your WiFi connection password with others will increase the likelihood that it becomes known to a malicious user/attacker.
  • 31. Our S²Me Scores & Questions Weakest areas. - #8 Separate, dedicated systems are used for sensitive financial transactions and access to private information. The same systems aren't used for checking email, browsing the Internet, or entertainment (e.g. gaming, movies, gambling sites, etc.). RISK: The more functions that a computer system performs, the more opportunity there is for compromise. For instance, if you use the same computer for financial transactions and checking email, an attacker is more likely to be successful in compromising your financial accounts through a phishing attack or by tricking you into installing a malicious program.
  • 32. Our S²Me Scores & Questions Weakest areas. - #9 I do not use the same password for multiple accounts. RISK: The use of a password on multiple accounts could expose a password on one account through an inadvertent compromise of a separate account. For instance, if you use the same password for your online banking account that you do on your social networking site, a compromise of the social networking site could lead to a compromise of your online banking account.
  • 33. Our S²Me Scores & Questions Weakest areas. - #10 I do not allow web sites to "remember my password" when logging in. RISK: When you allow a website to “remember” your password, you’re allowing your password to be stored on your computer by your browser. This password storage could expose your password to another user of your system or malicious software that inadvertently gets installed on your system.
  • 34. Our S²Me Scores & Questions Discussion, Feedback, Scores… What can we do to make this better?
  • 35. Security@Home/Security@Work Overall, this group score very well! Conclusions: • Password management is a pain point. • People generally don’t think that bad things will happen to them (Backing up Data/Breach and Incident Response). • Give users easy solutions for password management; a password manager, biometrics, etc. • Spend more time on incident scenarios and associated responses.
  • 36. Next Steps - IMPORTANT Suggested Next Steps Include: • If you haven’t taken your assessment yet, you should. It’s free and it’s safe. • Share the assessment with everyone you know, and see how their score compares to yours. • Go here: https://s2me.io and create an account, no promo code needed. • Your spouse/partner. • Other family members. • Neighbors and friends. • The more feedback and data we get, the more valuable the tool becomes.
  • 37. Next Steps - IMPORTANT Suggested Next Steps Include: • Apply what you’ve learned learned, and stick with it. We’re trying to build habits. • Look for version 2.0 of S2Me in the near future. • Based upon your feedback. • We’ll notify you, if you used your email address to signup. • We’ll be developing an S2Teen in the future, but don’t wait before starting discussions about online safety with kids. • https://www.parenting.com/child/keeping-your-child- safe-on-the-internet/ • https://www.commonsensemedia.org/
  • 38. Next Steps - IMPORTANT Suggested Next Steps Include: • Apply what you’ve learned learned, and stick with it. We’re trying to build habits. • Look for version 2.0 of S2Me. • Based upon your feedback. • We’ll notify you, if you used your email address to signup. • We’ll be developing an S2Teen in the future, but don’t wait before starting discussions about online safety with kids. • https://www.parenting.com/child/keeping-your-child- safe-on-the-internet/ • https://www.commonsensemedia.org/
  • 39. Next Steps Open Q&A Evan Francen @evanfrancen https://evanfrancen.com