3 Tips to Stay Safe Online in 2017
For business owners, executives,
and high net worth individuals.
Bret Piatt, CEO & Chairman at Jungle Disk
Currently, as Chief Executive Officer of Jungle Disk, Bret is a hands-on leader
who stays actively involved in product development and customer service.
Prior to Jungle Disk, Bret was the General Manager
of Rackspace Cloud Office, a 300 person SaaS
division of Rackspace (NYSE:RAX) serving over
• Additional roles at Rackspace included Senior Director,
Corporate Strategy & Development and Product Line
Leader for Security & Compliance Services.
Before Rackspace, Bret spent nearly a decade at
AT&T (NYSE:T) as a Network and Security Engineer,
Security Network Operations Center Manager, and
Associate Director – Security Services where he
lead the Managed Premises Firewall business into
the Gartner MSSP Leadership Quadrant.
Speed of Business Takes Us All Online
The Internet has provided a revolution in productivity & risk
1. Instant access to research data
(Google) vs. published paper
periodicals (e.g. The Old Farmer’s
2. Digital documents with legal digital
signatures vs. paper records, filing
cabinets, and wet ink signatures.
3. Online portals or mobile apps
providing 24/7 access to services
with financial or confidential
1. Drive-by-download or fake
website leading to account
hijacking, ransomware, or other
2. Data breaches and broad scale
records disclosures through online
3. Account hijacking and financial
fraud or privacy violations through
spear phishing or man-in-the-
“Productivity is grounded in the PC. How would you
run ‘USA Today’ without PCs? Run a hospital without
– Michael Dell, CEO – Dell Technologies
What is Ransomware?
Malware that kidnaps your files for ransom
Definition from US-CERT:
• Ransomware is a type of malware that infects computer systems, restricting users’ access to the
infected systems. Ransomware variants have been observed for several years and often attempt to
extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s
systems have been locked or that the user’s files have been encrypted. Users are told that unless a
ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but
is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Examples of Ransomware:
How can ransomware affect my
Scared people, eroded customer trust, & direct costs
“CryptoLocker ransomware writers collected $30 million
in a mere 100 days. These figures represent a
conservative estimate of the number of ransoms
collected by the CryptoLocker gang.”
– Dell SecureWorks
“The number of reported
security incidents rose 48%
this year to 42.8 million–the
equivalent of 117,339 attacks
– PwC US, with CIO & CSO Magazine
1. Use a network security
solution that blocks malware
and attack vectors before
they reach your computers.
2. Use host based security built
into the operating system as
a second line of defense (ex.
3. Have a data backup in place if #1 and #2 fail so you can restore – even
paying the ransom isn’t a guarantee your files come back.
Multiple layers of protection are recommended:
Three Steps to Stop Ransomware
Don’t let hackers kidnap your data on your computer
What is a Drive-by download?
Automatic attacks without user action
Definition from Wikipedia:
• Drive-by download means two things, each concerning the
unintended download of computer software from the Internet:
• Downloads which a person authorized but without understanding the consequences (e.g. downloads which install an
unknown or counterfeit executable program, ActiveX component, or Java applet) automatically.
• Any download that happens without a person's knowledge, often a computer virus, spyware, malware, or crimeware.
Examples from ExtremeTech & HBR:
How do I avoid becoming a drive-by
Automatic defense to block automatic attacks
1. Use a network security solution
with content filtering that
includes malware detection.
2. Install an ad blocker in your web
browser (ex. Adblock Plus open
3. Use host based security built
into the operating system as a
second line of defense (ex.
Being “smart” and not clicking on suspicious links is no
Spear Phishing vs. Spear Fishing
Attackers are getting smarter, we have to as well.
Spear Phishing is a highly targeted and context aware social
engineering attack. They tried Jungle Disk in December 2016!
to show full
Why does the
attacker put, “Sent
from my iPad”?
It provides the
person reading it a
reason why the
exactly match your
Catching Spear Phishing Attacks
How do I protect myself from spear
Be aware, don’t hurry on anything you’ll regret
1. Be cautious and use a separate
channel to verify sensitive topics or
2. Setup controls to require multiple
people to authorize access to critical
infrastructure or new payee or to
change wire transfer / account #s on
3. Have a network content filtering and
anti-malware service that blocks
malicious downloads from dangerous
Phishing is no longer just the infamous “419” scams with the
dead prince you’re related to.
Catching Spear Phishing Attacks
1. Turn on operating system updates & security
2. Install an ad-blocker in your web browser
3. Be cautious replying to emails, especially approvals
Bret Piatt, CEO of Jungle